Australian Cybermalls News

Following its extraordinarily scathing attack last year on the security industry for exposing chronic defects in its web software, Microsoft today found a new group to blame for its own lax software engineering practices - hackers. According to Microsoft chief technical officer Craig Mundie (who was speaking at the World Congress on IT currently being held in Adelaide) hackers are "bad guys" who've made the Net unsafe, not Microsoft. Instead, Mr Mundie said he felt that software manufacturers should not be expected to take any blame for weaknesses in their products. "They're a human product and people still make mistakes," Mr Mundie said. "It would be crazy to try to presume that any of these things would ultimately be perfect." Mr Mundie also dubbed the Nimda virus - which brought down thousands of corporate networks within a fortnight of its release last year - as "arguably the worst cyber event we've ever had" but neglected to mention that it only affected Microsoft web servers. "We now understand it's more important for us to get secure against vulnerabilities as we identify problems than it is to go slowly and require that we don't break anything in the existing environment," Mr Mundie said. "I'd rather have a few people with a broken application than a whole company taken down."

Australians are rapidly losing their fear of shopping online according to a new study by IDC. Findings from an IDC survey of 510 urban Internet users showed the Net is now being used to communicate, stay informed, manage finances, book holidays and shop more than ever before. IDC found that 34% of its sample purchased products or services online during the last year. They expect this figure to rise to 52% by year's end. Interestingly, IDC also found that 35% of purchases were currently being made from US sites. The most popular buys were new music releases, DVDs and small electrical items and the main reason was that these tended to be released in the USA before they made it to Australia. However, IDC also report that the value of transactions directed at US sites has declined, and they estimate that at least 42% of Australian ecommerce spending is now being directed at domestic sites - a sign partly reflecting the maturation of the Australian internet, and partly indicative of the poor exchange rate between Australian and US dollars.

In a study that may have some parallels in Australia, Harris Interactive (HI) report that 84% of US consumers now distrust the privacy policies of corporations so much that they think that companies should be required to submit them for independent verification. Furthermore, 83% will now stop doing business with a company completely if they hear or read that it has misused customer information. HI found that the three major concerns US consumers now have are that companies they do business with will provide their information to other companies without permission (75%); that their transactions may not be secure (70%); or that hackers could steal their personal data (69%). However, 62% said their trust might be restored if privacy polices were independently verified, and 91% of those would do more business with such a firm - especially if independent verification were mandatory. The study underlines the true cost of lax privacy policies to corporate America, which has always adopted a minimalist approach in the area and as recently as last year was still protesting that that the cost of introducing genuine privacy laws would be too high.

Internet management software company Websense (WS) have warned that the amount of adware and spyware on the Net is proliferating, and that many companies and individuals are now being covertly spied on as a result. WS report that the number of freeware and shareware sites on the Net increased by 315% during 2001 and that there are now at least 4,300 of them, representing nearly 1.3 million web pages. Many of the shareware and freeware offerings are either supported by ads (adware) or incorporate mechanisms which allow them to covertly spy on users - and many unscrupulous spammers are now using devices like this to monitor usage patterns and broadcast targeted spam at unwitting victims. WS warn that companies can lose millions of dollars annually because of these sites as unauthorized applications downloaded by employees waste bandwidth and IT resources. Worse, some freeware offerings can contain viruses or trojans, including some that can take complete control of a victim's computer.

In an effort to prevent the public learning about dangerous security flaws in its web software, Microsoft is taking a lead role in attempting to get security companies to agree to a a new set of protocols governing how defects will be reported in future. At the RSA Security Conference 2002 currently being held in San Jose, Microsoft has proposed forming a new group called the Organization for Internet Safety which will set standards for how security defects are handled in future. Under the tentative guidelines, security experts who discover dangerous flaws will have to advise software manufacturers before making the news public and give the manufacturers potentially unlimited lead time to address the problem: a move that may well stifle almost all public disclosures about security problems in the future. The move follows extraordinary criticism of the security industry by Microsoft staffer Scott Culp last October, where he blamed endemic flaws in the company's web software offerings on the way security experts were reporting news of new discoveries rather than on poor software engineering practices inside Microsoft itself. It also follows Bill Gates' candid admission in January that his firm's web software is insecure, and his promise to pay more attention to the area in future.

Microsoft was forced to amend its privacy policy for its Windows Media Player (WMP) today after noted security expert Richard Smith posted a public warning on the Net that he'd discovered that the company had been covertly monitoring what DVD movies are being watched by WMP users. In his advisory, Smith warned that he'd found a number of serious privacy problems with Windows XP and version 8 of WMP (which ships with XP) brought about by several design choices Microsoft had recently made. Amongst the concerns, Smith reported that WMP contacts a Microsoft Web server to get title and chapter information for a DVD. When this contact is made, the Microsoft Web server obtains an electronic fingerprint which identifies the DVD movie being watched as well as a cookie which uniquely identifies a particular WMP player. With this two pieces of information, Smith reported, Microsoft can track what DVD movies are being watched on a particular computer. Smith also speculated what uses the company might put this information to. While Microsoft denied at least some of Smith's assertions, the company has now put a new privacy policy on is WMP site which clarifies several of the issues Smith raised.

Kerry Packer's eCorp - operator of the NineMSN portal and Australian versions of eBay and Charles Schwab, amongst many other things - has pushed back its projections of profitability for another two years following continued losses in its ventures. The company reported today that its half-yearly loss was AU$16.3 million: a result that will put it on track to meet or exceed last year's record loss if sustained. Accounts to December 31st included an $11.8 million loss on the Schwab site and a $1.3 million loss on NineMSN. Half-yearly revenues were $37.9 million across the group - also little changed from last year. Although a typically bleak result for investors (who've seen the value of eCorp shares plummet over the last few years), the latest figures did have a few small rays of light amongst them. Ticketek, buoyed by the Olympics and a slight increase in its share of online ticket sales, reported a modest $400,000 profit (up from a $1.2 million loss in the same period last year); Wizard Financial Services (33% owned by ecorp) a slim $300,000 profit before amortisation; and eBay (50% owned) a small profit as well. Further, the company still has $80 million of investors' money left in the bank - enough to sustain 3 more punishing years at its current level of performance. eCorp has now pushed back its projected date for profitability from 2002 to 2004. Its shares remained relatively steady at 37.5c following the latest announcement.

According to a report by the Australian Communications Authority (ACA), 50% of Australians - and 33% of Australian households - now have access to the Net. The ACA estimate that the country's total online population has grown from 32% to 50% of Australians in the last 2 years. And while the ACA note that the growth spurt now appears to be tapering off, they also report that growth appears to have occurred fairly uniformly across all age groups, but especially amongst Australians aged 55 and over. The same report also reveals that Australia had 11.1 million mobile phone subscribers at the end of June 2001, an increase of 25% over the previous year. This means that 56% of Australians now use mobiles. It also means that the number of mobiles now exceeds the number of fixed-line services (estimated to be 10.9 million) for the first time.

Australian Communications Minister Senator Richard Alston - responding to growing community outrage over spam - today pledged that he would get the National Office For The Information Economy (NOIE) to look at ways of creating possible barriers to spam, including new privacy laws limiting the use of junk-mail databases. However, the Minister drew the line at immediately outlawing the practice, saying that the rights of spammers to shove illegal and pornographic content into consumers' email in-trays had to be balanced against "the legitimate function for business to better inform consumers about products and services". The Minister was responding to increasing calls for Australia to outlaw spam in the same way the European Union did in December last year. The calls have come following studies which show that the amount of spam increased approximately sixfold in 2001 and is now the single major irritant affecting Australia's online community.

Aggressive cost-cutting and high staff layoffs in pursuit of profit have finally hit the mark for Australia's largest telco Telstra. According to national news reports today, the company is now being blamed for the death of a child in rural Victoria. The child's parents were unable to get their phone repaired for 10 days before the boy suffered a fatal asthma attack - despite repeated requests to Telstra to have the work carried out - and medical treatment arrived too late as a result. Telstra CEO Dr Ziggy Switkowski said on morning radio today that he was "personally saddened" by the death of the child, and has asked auditors PricewaterhouseCoopers to conduct an independent review of the incident. Similarly, Federal Communications Minister Senator Richard Alston - a long-time proponent of fully privatising the company - said today that he has ordered the Australian Communications Authority to investigate the case. Under Telstra's Customer Service Guarantee, the grieving family will be entitled to $12 a day for the first five days after the repair deadline passed, and then $40 a day after that. The Australian Federal Government has been hoping to complete the privatisation of Telstra in its current term of office and has repeatedly assured Australians that it will not do so until services in rural Australia are "working well".

Australia's Commonwealth Bank admitted today that its NetBank online banking service - now used by 2.5 million of its 7.5 million customers - has been the victim of fraud. The bank also revealed that a major overhaul of its systems is currently underway in an attempt to find the causes of recent blackouts in its online services. A spokesperson for the bank denied that its service had been hacked, saying instead that the fraud had occurred because of "identity fraud by certain criminals". However, since the bank had previously denied repeated reports that its service could be hacked at all and has refused to reveal any details about the latest incident because of "confidentiality reasons", press reports on the matter have aroused widespread scepticism. NetBank - like most online banking services in Australia - runs on Microsoft's IIS 4.0 on Windows NT/98 (according to Netcraft). The incident is the latest in a string of massive security failures amongst web sites using Microsoft's platform - including the disclosure a fortnight ago that Melbourne's Transurban CityLink service had 500,000 credit card numbers stolen from its own systems. Microsoft agreed with world-wide expert opinion last month that its web software is insecure and unfit for ecommerce.

Internet security watchdog CERT confirmed today that a fundamental flaw in the SNMP protocol (Simple Network Management Protocol) that's widely used as a language for communicating with routers, switches and other network devices has the potential to completely disrupt the Net. The SNMP flaw could allow hackers to gain unauthorized privileged access to computers, launch denial-of-service attacks or cause unstable behavior over wide sections of the Net, and it poses a major security risk at the present time. CERT said that the flaw was first unearthed by the Oulu University's Secure Programming Group in Finland, who advised them five months ago. CERT has since been warning network-hardware makers and telcos about the problem. The flaw was found in Version 1 of the SNMP protocol and although a Version 3 was released in 2001 which addresses many of the security concerns the Oulu group found, Version 1 is still widely deployed in equipment as varied as printers, some types of medical equipment, some uninterruptible power supplies and digital cameras. A large number of hardware and software manufacturers who use the SNMP protocol in their products are now issuing patches to address the problem.

Microsoft released a major bug-fix for its Internet Explorer browser today to remedy six major security holes discovered in the product since December - including one serious defect that could allow a victim's computer to be taken over by a hacker. The company is urging all IE users to download the patch as quickly as possible. The new bug fix is the latest in a series of security patches from the company, which was forced to publicly admit in January this year that (contrary to all its earlier assertions) its web products truly are unsafe and unfit for secure ecommerce. In related news: Australian corporations and Government Departments who use Microsoft's web software to deliver online services are being forced to re-evaluate their commitment to the company in the light of Bill Gates' candid admission last month that his company's web products are unsafe. This follows a growing realisation that they could now face suits for criminal negligence by continuing to offer those services on a platform that even the manufacturer admits is unfit for the task, and that disclaimers now offer them no protection at law.

According to a report by comScore Networks, the worldwide Net population grew to a record level of 308.8 million users in January 2002 - an increase of 1.3% over December 2001. Further, the increase was driven primarily by a growth of almost 2% in the non-USA audience (which totaled 177.8 million users during January), indicating that the USA's former dominance of the medium is continuing to slowly decline as uptake accelerates in other parts of the world. ComScore report that the US domestic audience gained most of its new users at work and university locations last month as Americans returned to business and school following the festive season break. Interestingly, comScore found that travel sites were the biggest winners in January, with the total number of unique visitors to online travel sites increasing 9% worldwide from December to January, with 94.3 million people – over 30% of the worldwide audience – visiting a site in that category during the month. This set a new record level for travel sites, comScore say, exceeding a previous high of 94 million set in August 2001. Non-US travel sites did best with visitors growing by nearly 14% in January, outpacing the average US rise of less than 5%.

British Telecom (BT) will file a patent suit in a US court next week in which the company claims it holds a patent on hyperlinking. If successful, the suit would give the company the right to demand licence fees from every web site that uses hyperlinks and fundamentally affect the operation of the Net. BT claim that they invented hyperlinking in 1976, long before the Net rose to prominence. The defendant in the suit is Prodigy, an ISP which BT claimed last year had infringed its patent. However, patent attorneys believe that BT will face a tough battle winning the suit because the company's claim is too broad and could be invalidated by evidence that hyperlinking was in use before the patent was filed. Opponents of the suit are citing 1968 film footage of a Stanford Research Institute computer scientist demonstrating the first computer mouse and a technology he called hyperlinks. In other news: Australia's Telstra continued its rapacious charge into consumers' pockets today by announcing that it will substantially increase the fees it charges schools to provide Internet access to classrooms by between 400% and 1000%. In Federal Parliament today, the Opposition launched a blistering attack on the Government over the company's practices, saying that it was indulging in a "naked grab for profits above people" and being "fattened up" for privatisation.

Tens of thousands of rural Australians and small businesses got another foretaste of what life will really be like under a fully-privatised Telstra with the corporation's announcement today that it will axe its Easymail service from March 13th. The service - launched in late 1998 - allowed subscribers without Net access to send and receive emails for the cost of a local call via the phone system. Telstra said that it was axing the service because it was unprofitable, leaving up to 70,000 subscribers with little option other than to get full Net access or abandon email facilities entirely over the next 3 weeks. Meanwhile, the company's fully-owned directories business Pacific Access has written to customers advising the 2002-03 White Pages will be split into business and residential sections for the first time, and that businesses will have their listings automatically moved to the business section unless they pay an AU$126.50 fee to stay listed in both areas. The Federal Opposition has slammed Telstra for the move, saying that it discriminates against anyone working from home. The Opposition also castigated Telstra for a slew of recent price rises - many in areas where it holds either a monopoly or market dominance - describing the corporation's behaviour as "opportunistic and greedy".

Two new reports released today indicate that far from plateauing, the Net is still growing strongly and has a great deal of steam left yet. eMarketer report that the global Internet population now seems set to reach 709.1 million by 2004, up from the estimated 445.9 million who used it last year. They also estimate that average global growth in user numbers will increase at a compound annual rate of 19.1% per annum between 2001-2004, with the main increases coming from developing countries. Meanwhile the US Department of Commerce report that 143 million people (or 54% of the total US population) are now online in the USA, up 26% on last year. They also estimate that there were an average of 2 million new users on the Net in the USA every month last year. Happily, the DOC also note that the digital divide seems to be narrowing, with Net use amongst households earning less than US$15,000pa increasing by 25% a year between 1999-2001, while the rate of growth amongst households earning US$75,000 or higher was just 11%.

According to new research by Ipsos-Reid (IR), also one quarter of the US population over the age of 12 have now downloaded music or an MP3 file off the Net - roughly 50 million people. Similar proportions of Americans told IR that they've listened to Internet radio (27%) and streamed audio (21%), while 37% said they've listened to a pre-recorded music CD that was playing in the CD-ROM drive of their PC. IR also found that while music download behaviour is strongest amongst the 12 to 24 age group (40%), older age groups also appear to be adopting similar behaviour - indicating that the USA's recording industry's concern over the growth of Napster and similar music file-swapping services last year was probably well founded. IR used a two-stage research approach to collect the data for their report. For the first stage, the drew on a nationally representative US sample of 1,112 respondents aged 12 and over to gauge the prevalence of music downloading behaviour. Then a second, more in-depth survey targeted a sample of 834 music downloaders aged 12 and over across the USA.

The US Federal Trade Commission (FTC) - which is now being bombarded by as many as 10,000 spams a day forwarded by angry consumers - has announced that it will conduct an unprecedented law enforcement sweep against spammers. According to Howard Beales, the FTC's Bureau of Consumer Protection director, the campaign will mark the first time the FTC has specifically targeted spam as the focus of a law enforcement investigation. Announcing the crackdown at the 2nd Annual Privacy and Date Security Summit in Washington last Friday Australian time, the FTC said that it hopes to announce the first wave of enforcement cases against spammers as early as this week. The agency will particularly target "fraudulent and deceptive" spam as well as bogus "opt-out" spams. Meanwhile, the US Direct Marketing Association which has so far strenuously resisted any moves to outlaw the practice in the USA is also beginning to face the consequences of the grass-roots consumer backlash it has helped create. Today the group announced that it is tightening its e-mail marketing policy to require the expulsion of member companies that don't adhere to the group’s new standards - a tacit admission that it has allowed spammers to operate under its banner in the past.

The Australian Internet grew unevenly across the nation during January 2002 according to the search engines we poll to construct our monthly Australian Internet Growth Index (which has been attempting to measure the number of live Australian web sites - as opposed to the number of registered domains - since January 1996). Growth ranged from -4.2% in Perth to +6.6% in Adelaide - but the overall national average for the month was around 3.5%. We estimate that there are now anywhere between 151,000 and 166,000 live Australian web sites. The February 1st figures (with January 1st figures in brackets) are as follows:

Australian Internet Growth Index January 2002
(Figures Show Estimated Live Sites)

Brisbane - 11,970 (11,477) Sydney - 51,266 (49,437) Melbourne - 45,453 (43,413) Adelaide - 8,905 (8,354)	Perth - 9,527 (9,945) Hobart - 4,110 (3,874) Canberra - 8,739 (8,493) *Darwin - 10,808** (10,712)
NB: The Darwin figure includes rural Australian sites