First Windows Phone 7 makes the iPhone interface look like something from the last decade, now this. Looks like Microsoft have finally hired some decent UI designers. Now if they can just build the things...

Nokia are turning into laggards in all sorts of ways, and seem to be bogged down by an outdated design philosophy coupled with an over-optimistic assessment of the value of their brand. Certainly their handsets look fat, clunky and expensive compared with their rivals. I hope they can turn it around because in many ways they have excellent technology, but the packaging does not seem to be there. Maybe they should admit defeat and begin poaching Apple design staff.

i FUly aGre###

Sent from my Archos 5 using a touch screen.

In France, bribery by companies of foreign officials & companies used to be a tax-deductable expense. How times change.

Arms companies, particularly small ones that don't have contracts with 1st world armed forces like the big boys do, will be getting a large part of their revenue from shaky developing countries, which tend to be shaky in the first place due to things like an endemic bribery culture. Companies that don't play by those rules will never see a contract, and that is not just limited to the arms trade either.

2-D barcodes for ticketing are not new. My rail line, Chiltern, has been using the same system for a couple of years now. Not that I have ever seen anyone use it, but clearly to be useful the technology will be working to very similar performances to the one shown in the video.

The author is missing a huge point about NFC though. 2-D barcodes are just a dumb image to be read, there is no 2-way interaction with the phone to an app or a remote server. NFC allows for a 2-way dialogue which permits a much richer functionality than barcodes could ever hope to achieve. However the big problem for NFC is not the tech, it is establishing the business case. NFC makers are having trouble convincing handset makers to incorporate them onto phone chipsets, because they cost money and telcos want to justify every penny that goes into a handset. At present telcos cannot see a case for spending money on NFC except in small cases like the Orange/Barclays payment card trial. Banks and transport companies don't want to commit because they cannot see an established base of NFC handsets that they can take advantage of. Classic chicken & egg.

I assure you that criminals have been perfectly aware of the advantages of using mobile data for quite some time now. Not for nothing is there now an iPhone botnet.

I run a website that gets about 50k visitors per month, and its fascinating looking at the logs at how tenacious old versions of MS stuff can be. In October, XP is still the biggest OS amongst my visitors with about 50% share, followed by Vista on 22%, Windows 2000 on 6% and Windows 7 accounted for 1% but its been growing. Amazingly 0.3% of visitors were using Windows 98!

Mac OS X on the other hand was at 4%, iPhone on 2% and Linux on 0.8%.

@Alexander Hanff: the Postcode system is a lot more complex than you make out, and is actually a huge undertaking requiring hundreds of thousands of updates per year at great cost. RM invented it and develops it, so why shouldn't they derive profit from it? If anything in this day and age we should be applauding a nationalised company that consistently makes a profit instead of costing the taxpayer billions and billions.

...completely misleading. Not a hack of SIM card at all, but a hack of a carrier billing system. Just getting in before the Friday conspiracy crowd.

"its a civil liberties movement" - reeeealy?

Oh, and if you are going to try and sell people on open source, you might want to avoid the cluster**** that is OLPC. Just a thought.

At last! A great new way for AQ to raise funds by selling art. "Yes sir, its a brave piece from the non-existentialist school, a real one-off in the style of Marc Quinn but with quite a lot more blood, and as you can plainly see, the artist has really put everything into this work. Absolutely everything."

At first I thought this was just another IP trolling story, but it looks like a pretty clear slam dunk case. You could argue that the logo itself as used in the films is a bit of free advertising for Luxo, but selling lamps with the actual NAME is blatant IP theft in all senses of the phrase. Naughty Disney.

Chrome is still very much beta, and not a very good beta at that. Its quick and simple, but it has great trouble with lots of popular sites. Bizzarely I have had lots of problems getting it to run Youtube (someone famous owns them don't they?) content on several machines and Flash in general has loads of issues on Chrome.

The IT angle is?

Yes, do you?

Extensions do *not* have to be signed. Mozilla stipulates only that any updates to extensions need to be secured, and that can be done either via an SSL link or a signed cert. A quick search on the number of unsigned Firefox extensions will provide illuminating results. People use unsigned addons all the time for lots of perfectly good reasons, and the system does not prevent them from doing so - also for perfectly good reasons.

Therefore, when presented with a warning that an extension is unsigned, many people make the perfectly reasonable decision to proceed to install it anyway. In other words, established user behaviour means the warning is not a useful indicator of a possible threat.

The article makes it clear that the malware is downloaded into the extensions folder by another piece of malware all ready to run, so the issue of "you can only download from Mozilla.com" does not apply.

"incidents of the malware are "very low", so the attack is more notable for its novelty than its potency" -

Sorry, those two concepts are not the same thing at all. This malware is in the form of a payload and relies on the PC already being infected with something else to enable it to be installed in the first place, so all that needs to happen is for bigger bot herders to include this code into their bot updates for it to affect more people instantly.

"Potency" is a measure of how much harm the malware can cause - and in this case I would say it could be substantial. It is designed to steal your actual money, and it takes advantage of popular myths that Firefox is somehow "more secure" to lull users into not taking security seriously.

It constantly irritates me that many people dismiss malware victims as being somehow "stupid". Its illuminating that many of these same observers also like to say how proud they are that they do not use anti-malware systems, as though smugness is some sort of ultimate shield.

Quite correct Graham!

El Reg did indeed serve up malicious banner ads a few years ago in one of the first cases of its kind. Odd that this bit of history didn't find its way into the original article, perhaps this site has been learning more lessons from the DM than it cares to think about.

Banner ads are an obvious target for malware as they offer a 3rd party route into an otherwise trusted web site. The economic climate is harsh at the moment, and I don't believe that any legit site can afford to have its reputation damaged by an external supplier, why this could mean the end for the DM... oh wait. Carry on.

More seriously though the downturn could see banner ad companies consider taking on certain advertisers in future without looking too closely at them, or paying attention to the fact they are being paid with a stolen credit card by a guy called "Vlad" on the other end of an untraceable VOIP number. Time for ad blockers.

"release it through the _front_ wheels"

Nice idea, but banned as F1 cars are only allowed to have drive via the rear wheels, else we'd have seen 4x4 F1 cars for years now.

@Warhelmet

Generally though I agree that KERS does not sound like it has much applicability in the "real world". I'd prefer the FIA to give the teams greater autonomy to reach for certain goals, e.g. maximum fuel efficiency and minimum emmissions. That might encourage serious research into wacky things like diesel-electric, turbine-electric, hydrogen or even battery/supercapacitor electric. The rate of development in F1 means that we might see some real (or at least interesting) progress in these technologies.

F1 COULD be a source of great innovation - there is huge pressure to invent and innovate, to create components with minimum mass and maximum reliability and performance, and to constantly develop. The other good thing is that money is not generally a constraint, which helps to drive innovation in a way that "normal" car companies would find difficult to justify, but who might derive the benefits further down the line. Sadly, this argument has been made before and so far with relatively little effect.

Good to see some reasoned discussion on the pros/cons of unsprung weight - did I really just type that? Anyway I can now see that there may be good reasons for not avoiding more weight in the wheels.

However, I still think my complexity argument stands. Here we have a design with eight separate motors in what looks like two groups of four - four for drive, and four for suspension assistance. Each set needs to be co-ordinated both internally and between the two sets in order for the design to work.

No matter how clever the software is, that's still a lot of things that need split-second coordination throughout the life of the car. No matter how reliable each component, they all have a real-world MTBF. In an internal combustion car, failure of the engine gives a predictable result - you slow down in an even manner. In this car, failure of one or more (but not all) motors will result in some pretty immediate and unpredictable things happening. Even worse if the co-ordination system goes up the fritz and starts spinning the port side motors at 500rpm more than the starboard side ones for example. This could happen for innocuous reasons - e.g. crud in a wheel's spin speed sensor. Plus, correct me if I am wrong, but eight motors somehow sounds just a bit more expensive and complicated to design and build than one motor...

Still, its nice to see people experimenting with new form factors in this day and age.

The car looks very pretty, and its good to see that many manufacturers are now thinking of electric in a performance context rather than in a weedy G-Whiz context, as that is far more likely to get the man in the street interested in electric cars. The media interest in these vehicles is absolutely a case in point.

However, I'm not convinced by Venturi's putting what looks like both the drivetrain AND parts of the suspension in the wheels, as this adds considerably to the unsprung weight of the vehicle, which traditionally means poor handling & braking. I'm guessing that the suspension motor is designed to help overcome the effects of the weight of the drive motor, but that just sounds like throwing unecessary complexity at the problem.

Sounds like a good idea, as it provides a last-ditch alternative for astronauts that just doesnt exist at the moment.

Its not a new idea though (although the materials science probably is), as I am old enough to remember NASA considering pretty much the same concept back in the 1960s. In that instance however it was conceived as a sort of spray that an astronaut would apply to his colleague that would expand and harden into a hard heat-resistant shell. One hard part is orbital steering, and in the old NASA concept it would be via a small hand-held reaction thruster, which sounds very scary but as the problem remains I wonder how it can be solved.

Its kind of hard to denigrate someone who has literally made more money in his sleep than I suspect anyone on this forum will make in their entire lives, but....

He made most of his mark in the tech sector, but he never pretended to be a tech person. What he is is a very good packager and marketer. Unfortunately he went and spoiled it all for me with his "mug's eyeful" comments that basically showed his contempt for people who bought his stuff.

As for the property comments by @AC, I would say that now is a very good time to be a buyer if you have the cash. Lots of places going cheap!

Its a bit odd how many luddites a technology publication manages to have on its payroll. Relax, its just a security advisory! If El Reg had a bit more imagination then it could have explored the implications of the growing number of internet-enabled consumer devices. Many of these will be based on low-cost firmware models that will probably be difficult/impossible to patch leading to long-term vulnerability windows.

The article quotes: "the number of specialists officers tackling e-crime has been maintained over the last two years at 58, more than it inherited from the NHTCU (though it wasn't able to say what this figure was)."

No kidding!

By sheer coincidence, NHTCU had around 55 officers, so clearly SOCA has delivered a huge increase. When SOCA e-crime was launched it was budgeted for 150 officers, but failed to recruit anywhere near that figure. Numbers are only part of the story, as its what those officers are tasked with doing that makes all the difference.

Most complaints about SOCA e-crime stem from its perceived lack of focus on crimes that concern private citizens and businesses, e.g. fraud, DDOS extortion, targeted hacking etc. SOCA e-crime is doing valuable work, its just work that is largely invisible to most of us who suffer these crimes, and there is no one else who is capable of picking that up. So yes there is a major gap in law enforcement coverage that I for one hope PCeU will be allowed to fill.

>>>You're probably being sarcastic and I am too dim to notice it but - nuclear

>>> power combined with big targets for torpedos? I know we have had nuclear

>>> subs for a long time, but the idea of nuclear battle ships worries me more

>>>(don't know why).

I make no comment on your dimness or otherwise, but no sarcasm was intended.

Nuclear powered warships have been commonplace in many navies for decades with an extremely high safety record. Battleship reactors are very small compared to commercial power plants, and use much less fissile material, typically a few kilos. They are also - understandably - very robustly made. The US Navy PWR reactor (which is present on 40% of the US frontline Navy) for example is designed to survive combat conditions without release of radioactive material.

Due to cost/power requirement ratios, you would probably only want to put reactors on larger ships like aircraft carriers, and to damage one to the extent that the reactor is breached would probably itself take a nuclear explosion, in which case you would frankly have other things to worry about. If ever such a ship were to be sunk, then I can think of worse radiation shields than lots of seawater.

Uranium is the only proper fuel for a warship. Modern reactors are highly efficient and give off no CO, and can be decommissioned as a complete sealed unit.

For the record, I run a public consumer advice web site on Internet threats, and every month we receive several hundred emails from potential 419 victims, even though that is not our primary focus. Most of them write to us because they are already suspicious, and in some cases it is quite startling how far along the process they have been led before this happens. In a few cases actual fraud has occured, sometimes on a quite staggering scale, so the email sent to the Reg strikes me as being an all too genuine cry for help.

I have dealt with cases where victims have been strung along for over a year, with a steady drip-drip of "fees" and "taxes" that can add up to tens of thousands of pounds. There is a clear psychological phenomenon at work here, and once a victim has been persuaded to part with a small amount of money, they become emotionally invested in the scam being the real deal, as to believe otherwise can be painful.

To write such people off as being simple-minded and greedy is foolish, as the scammers are using very similar techniques to those commonly used by marketing people to convince YOU to buy the latest useless gizmo at outrageous prices. Or aren't you a typical Reg reader?

PINs are probably as far down the "secret code" route that card issues will ever want to go, as customers have been trained for decades to remember 4 digits. Numerous studies have shown conclusively that the longer the code, or the more abstract the coding system (e.g. choosing "patterns" rather than actual numbers) the more people have trouble remembering them. The claim of "over 90%" in the story sounds convincing until you remember that any system that falls short of 99.9% is likely to be unworkable on a large scale. One of the problems that pundits - particularly clever ones who read The Reg ;-) - have in understanding this is that they tend to see things from their point of view, e.g. "I understand this so it must be easy for everyone" - but when a system is scaled up to encompass tens of millions of people, many of whom could be charitably compared to Cletus the slack-jawed yokel of Simpsons fame, then that argument simply falls over. Any bank contemplating this system had better think about hiring several hundred more call centre staff to handle the forgotten passcode requests.

The number of permutations in a system, whether it be 10k or 100k, is also something of a red herring. In a 4-digit PIN system, guessing the PIN is made difficult as 3 consecutive failures results in the card being disabled. That mitigates the guessing risk. As for shoulder surfing, there is no difference between using PINs or patterns, as both reveal the same visual information to an attacker.

The fact that many people write down PINs is also interesting. Personally I doubt if many attacks are perpetrated in this way, and on balance it may even be preferable to write down your PIN as at least that way you don't forget it and your bank is probably secretly happy because they don't have to handle your calls to the helpdesk to get a new one when you do. But it does raise an interesting question as to how a customer would write down a gridsure pattern. I can't think of one - can anyone else?

The real evolution away from PIN will probably be a biometric. The technology is nowhere near robust enough for banks yet, but it does have many potential benefits, not the least of which is that you may never have to remember a PIN or pattern or whatever again.

"Mark Bruno, one of the users, said he has changed his eBay password "two or three times," only to learn later his account has been breached again."

... sounds like he has a keylogger on his system. Hey Bruno! Scan your machine, and not with S***mantec!

Archos and Apple I mean. I've been a long term Archos fan starting with the AV20, the AV500 and now a 504. Each one has been a substantial improvement on the last and now this... and I'm beginning to appreciate the "upgrade envy" pull that Apple has so successfully turned into a major business. Archos will always get my money though as its just a much more open and rich system. Nice to see that Archos are learning the same tricks - or not so far as my wallet is concerned.

I've been an enthusiastic Archos user for several years, starting with an AV420 then an AV500 and now an 80GB 504, all of which have kept me sane on my 3 hr daily commute. I also thank god I didn't give in to my herding instincts and go down the horribly restrictive iPod route. I hear what people say about codec support but don't understand the argument at all, as there are plenty of free conversion tools available to repackage your existing content, and in my experience nearly all the videos I have come into possession of pretty much play with no fuss at all in any case.

Having said that I've watched Cowon with some interest as I have heard that the screen quality is very good, but was always put off by the lack of anything like a decent capacity. A 60gb model may do the job but that just brings up my other beef - the price! Its way above what Archos are charging. Still, competition is always a good thing and maybe this will gee up Archos into picking up some of its slack.

...without being distracted by a silly protest over nothing. Face it, Linux on the desktop account for 0.7% of the market (that's what my weblogs tell me) - what sane businessperson would ever focus on that platform as anything other than a tiny niche? PLEASE don't bother quoting stats back me, its boring enough just typing them in the first place.

For me the real problem with iPlayer is Kontiki, and in particular the simply awful manner in which iPlayer implements it. When I signed up for the beta it was never made clear that what I was doing was installing a P2P system, and more to the point one that works invisibly and never tells you what it is doing. The P2P function keeps on working even when iPlayer is exited, and also when the system tray icon is exited. The only way to shut it off appears to be to track down the Kservice process and manually shut it down. From a consumer point of view that is just crap and potentially very expensive if you are on a capped contract.

This sounds like the m.o. of one of the Haxdoor family, aka Torpig, A311Death etc. Its an html injector and a clever one at that. The victim has obviously loaded one specialising in IE, but there are versions in the wild that are perfectly effective against Firefox, Opera and a few other browsers. Unfortunataly even up to date AV may miss this family as it is quite sneaky and also possesses rootkit functionality so even new AV signatures loaded subsequent to the malware's installation may miss it. Use an anti-rootkit tool as well as anti-spyware to discover and remove.

On a wider note I am concerned that non-Windows users are creating a psychological barrier for themselves by denying that anything bad can happen to their OS which may leave them severely exposed if/when an attack does come their way. And it will. As soon as Firefox climbed above 10% of the browser market we began seeing intensive development of attacks directed against it, and now such exploits are a standard part of many malware packages. Please don't be complacent, its your money that is at risk, not just your pride.