World’s biggest bug? That depends…

Mark Moffett / Minden / Solent

Entomologist Mark Moffett found this carrot-eating giant weta in a tree on New Zealand’s Little Barrier Island. The cricketlike critter weighs 2.5 ounces (71 grams) and has a length of 7 inches (17.8 centimeters).

Is this the world’s biggest bug? As with all superlatives, it depends on your definition. But the sight of a New Zealand giant weta chomping down on a carrot surely has to give you the creeps, even if it’s rivaled by other giant creepy crawlies.

This particular species of the cricketlike creature — known as a giant weta or wetapunga to the Maori, and as Deinacrida heteracantha to scientists — is found only in protected areas such as New Zealand’s Little Barrier Island. That’s where Mark (“Doctor Bugs”) Moffett, an entomologist and explorer at the Smithsonian Institution, found the specimen after two nights of searching.

“The giant weta is the largest insect in the world, and this is the biggest one ever found,” Britain’s Daily Mail quoted Moffett as saying. “She weighs the equivalent to three mice. … She enjoyed the carrot so much she seemed to ignore the fact she was resting on our hands and carried on munching away. She would have finished the carrot very quickly, but this is an extremely endangered species, and we didn’t want to risk indigestion.”

The carrot-crunching cricket went viral today, and now questions are starting to emerge about the “biggest bug” label. The information accompanying the picture lists the insect’s weight at 2.5 ounces (71 grams) and its length at 7 inches (17.8 centimeters, supposedly for wingspan, but keep reading).

The New Zealand-based news site Stuff.co.nz checked that with Landcare Research entomologist Thomas Buckley. “From the picture, it’s a female, but it just looks like an average-sized one of that species,” Buckley said.

Even the biggest giant weta has its rivals in the insect world. By some accounts, goliath beetles can reach a weight of 100 grams (3.5 ounces) during their larval stage and achieve a wingspan of nearly 10 inches (25 centimeters). The White Witch moth, meanwhile, has a wingspan of up to 12 inches (31 centimeters), which is wider than the wings of a sparrow.

But if you confine yourself strictly to adult insects, and define “big” in terms of weight, Moffett appears to have a good case. He told me in an email that the giant weta he found counts as the “largest one weighed, as far as I have seen recorded anywhere.”

Now, if your definition of a “bug” takes in more than insects — say, the giant crustaceans known as isopods, which are super-sized versions of rolypoly bugs — then you’re talking about bugs of truly horrific proportions. Do you have tales of monster bugs to share? Add them as comments below.

Update for 9:30 p.m. ET: Some of the reports about this giant weta make it sound as if the darn thing might bite somebody’s finger off, but that’s bogus. This CafeTerra posting describes the bug as a vegetarian and “the gentle giant of the insect world.” They survive only in protected environments because they’ve been driven to near-extinction by rats and other invasive predators on New Zealand’s main islands. The Kiwi Conservation Club says the bug is a “docile creature and does not kick or bite.” Some reports have referred to the giant weta as having a 7-inch wingspan, but Moffett told me that the insect is “wingless, or virtually so.” It’s so heavy that it can’t jump. It’s so big that it can’t easily hide from predators. And yes, it’s edible.

Update for 11:30 p.m. ET: Moffett shed more light on the “biggest bug” question in a follow-up email: “I did not measure anything but the weight (one should correctly call it the ‘world’s heaviest adult insect’), but a rough estimate from the picture suggests an outstretched leg might be 7 inches. The weta is essentially wingless: no wings to see at all, let alone a seven-inch wing. [As to size:] I’ve seen a walking stick nearly 19 inches long in Sarawak, Malaysia, but it weighs next to nothing!”

Does Linux Mint 12 Measure Up?

Tuesday, 29 November 2011 08:27 Joe ‘Zonker’ Brockmeier |Exclusive

After a fairly routine release with Linux Mint 11, the team is back with a new look and a lot of changes in the offing. As with any release with a major overhaul, Linux Mint 12 has some hits and misses.

We took an early look at Mint 12 after the team pushed out the first release candidate. As far as the look and feel goes, there’s not been a lot of changes with Mint 12 since the RC. But now that the release is final, let’s take a look at some of the changes and see whether you should be rushing to upgrade or install Mint 12.

Desktops Galore

One thing is certain, you can’t criticize the Mint team for lack of choice. With Linux Mint 12 you have the options of GNOME 3 with the Mint GNOME Shell Extensions (MGSE), GNOME 3 “classic,” and the GNOME 2.x fork MATE. Actually, I hesitate to call MATE a “fork,” given that it’s simply picking up where the GNOME Project stopped — it’s really a continuation.

As the Linux Mint folks acknowledge, MATE isn’t complete yet. If you load up MATE, you get a pretty clunky looking GTK theme, and some things just don’t work right. If you’re a hard-core GNOME 2.x fan, this might be OK.

Even after the final release, I didn’t get GNOME classic working on my test machines. So I spent most of my time in GNOME with MGSE.

Mint 12 has all the goodies you’d expect in a current Linux distribution. It has the most recent releases of Firefox, Thunderbird, LibreOffice, and so forth. Not much has changed in terms of applications, excepting that they’ve been updated.

The one change worth noting is the deal that Mint’s made with DuckDuckGo for search. The default search in Firefox is now DuckDuckGo, because Mint struck a partnership with the startup. The good news is that DuckDuckGo does not collect or share personal information. It doesn’t tailor search results, either – so you get the same search results I do. Whether this is what you want or not is another question. I’ve only been using DuckDuckGo for a week or so, and I haven’t formed a strong opinion one way or another.

It’s not as if Mint is a complete liberation from Google. If you fill in the “online accounts” info in the GNOME menu, you’re using Google services. It doesn’t support any other account types. It’s also not entirely clear what “online services” gets you right away. In fact, it doesn’t seem to get you anything because Mint doesn’t come with Empathy by default, which is what GNOME 3 uses for instant messaging.

That’s sort of representative of the Mint 12 experience for me. The team is trying to tame the GNOME 3 desktop into, basically, the GNOME 2.32 desktop with some of the added features of GNOME 3. But the blend is a little odd.

Users have a lot of hunting to do now to find the configuration tools, for instance. You have a separate configuration tool for startup apps, system settings, MGSE settings, and then there’s the software center. If you want to configure the firewall and whatnot, that’s another setting.

You also have two application menus, the GNOME 3 version and the MGSE add-on. The MGSE menu retains some of the look and feel as the old “slab” menu from Mint 11, but not as much functionality. I don’t see any way to add an application to the “favorites” on the left-hand side, for example.

Linux Mint 12 Configuration Tools

I did most of my testing on two machines, an old Dell Core Duo machine and a Core 2 Duo ThinkPad. Everything worked fine out of the box as far as wireless, graphics, sound and such. However, the performance was a little laggier than I expected. Starting applications and opening files usually meant waiting a few seconds.

Overall, I like Mint 12, but it’s inconsistent and I’m guessing needs another release before some of these UI oddities get sorted out. The expose-type features that come with GNOME 3 are welcome, and I think I actually prefer the GNOME 3 application picker to the menu. Some of the icons, like the xterm icons, need to go.

Bottom Line

Linux Mint 11 was an A-grade release, but I’d have to give Mint 12 a solid B. It has some rough edges, and might have been better to wait until MATE was in better shape since it’s the closest thing to the original Mint look and feel.

Mint is in a rough position between its upstreams, though. On one hand, you have Ubuntu going fast and furious with Unity – which the Mint folks have decided not to use. On the other, you have GNOME moving to GNOME 3, which isn’t quite what many Mint users are looking for.

So I have some sympathy for the Mint team, but more for the Mint users – who are getting caught in the middle and having to suffer through transitional phases in the desktop just to get back to where they were in the first place.

If you love the Mint 11 experience, I’d recommend sticking with that release another cycle and waiting for Mint 13. If you love change and are excited to try out new approaches, then by all means upgrade to Mint 12. It is a solid desktop, but I don’t find it as polished as Mint 11. But I do like where the Mint team is going with MGSE. In the long run, MGSE and GNOME 3 might produce a better experience than GNOME 2.x did. But I don’t think we’re there yet.

DIY search engine takes on Google

Google, Bing, Yahoo and other search sites have a new rival called YaCy.

Backed by free software activists, YaCy aims to literally put search into the hands of users by distributing its indexing engine around the net.

Anyone can download the YaCy software and help the search system improve and spread the load of queries.

Its creators also hope YaCy will be much harder to censor than existing systems that pipe queries through centralised servers.

Peer privacy

The YaCy search page was opened to the public on 28 November and currently has about 600 participants or peers that share the load of queries and the task of indexing information.

“Most of what we do on the internet involves search,” said Michael Christen, YaCy’s project leader in a statement. “It’s the vital link between us and the information we’re looking for.”

“For such an essential function, we cannot rely on a few large companies, and compromise our privacy in the process,” he said.

YaCy (pronounced “Ya See”) is supported by the Free Software Foundation Europe (FSFE) which campaigns on digital rights and tries to help people control their own digital destiny.

FSFE said YaCy helps privacy by encrypting all queries and by letting peer owners build up and manage their own search profile.

“We are moving away from the idea that services need to be centrally controlled,” said Karsten Gerloff, president of the FSFE. “Instead, we are realising how important it is to be independent, and to create infrastructure that doesn’t have a single point of failure.”

YaCy software is available for Windows, Linux and MacOS and users are being encouraged to download and run it for themselves.

The first version of YaCy has been used and refined on intranets for the FSFE and the Sciencenet search site.

On its opening day, the YaCy demo page struggled to handle all the queries coming its way.

The prospects for YaCy’s success are mixed as there have many other pretenders to Google’s crown. One of the most notable was a search engine called Cuil that was set up by two former Google workers.

Cuil launched in 2008 and struggled to win over significant numbers of users. It shut down in late September, 2010.

AT&T: It’s all about the dividend

By Paul R. La Monica @lamonicabuzzNovember 28, 2011: 12:43 PM ET

If the AT&T/T-Mobile deal collapses, it will be a blow for Ma Bell … but not a complete disaster. AT&T is still a wireless giant.

NEW YORK (CNNMoney) — Ma Bell’s plan to buy T-Mobile may still technically be on life support. But make no mistake, AT&T’s stock looks pretty dead.

That may not be a bad thing.

AT&T (T, Fortune 500) announced last week that it is temporarily pulling its application for merger approval before the Federal Communications Commission. That move comes as the FCC and Department of Justice have both raised questions about the deal.

Ma Bell also last week said it was prepared to take a $4 billion accounting charge in the fourth quarter to cover the required break-up fee payment to T-Mobile parent Deutsche Telekom if the merger falls apart.

If AT&T has to pull the plug on the deal — leaving that pretty T-Mobile spokesgirl looking for another corporate gentleman caller (paging Sprint (S, Fortune 500)!) — it may be tougher for Ma Bell to compete as effectively with its top rival Verizon (VZ, Fortune 500).

But analysts said that as long as AT&T keeps paying that big, fat dividend, investors may not care. AT&T’s annual dividend is $1.72 a share. That works out to a yield of nearly 6.2%.

To put that in comparison, it’s more than triple the puny 2% or so that you get from holding onto a 10-year Treasury bond. And despite all the problems facing Ma Bell — slow growth, more competition, and a relative paucity of spectrum for its 4G network, to name a few — it looks like AT&T is a safer bet than the U.S. government.

It costs AT&T about $10.2 billion to pay its annual dividend to all its shareholders. That’s a lot of money. But consider that AT&T generated $12.4 billion in free cash flow in just the first nine months of the year.

So while not being able to buy T-Mobile would be a blow, it’s not significant enough to cause any questions about the safety of the dividend.

“Recent events have to make you take a fresh look at things. This is another hurdle,” said Joe Bonner, an analyst with Argus Research in New York. “But the dividend is very juicy and AT&T’s cash flow is not in any danger right now. You’d have to extrapolate far in the future before that happens.”

Without AT&T, T-Mobile is a wireless white elephant

As long as AT&T has the dividend, it’s easy to forgive some of its other shortcomings. No more Apple (AAPL, Fortune 500) iPhone exclusivity? Look at the dividend. Landline business continues to wither away? Did you see that dividend?

Comcast (CMCSA, Fortune 500), DirecTV (DTV, Fortune 500) and other broadband video providers making life more difficult for the telecoms? Have I mentioned that Ma Bell pays a ginormous dividend?

For existing AT&T shareholders, it’s no secret that the company is not an earnings momentum story. Analysts are forecasting annual profit growth of just 3% a year, on average, for the next few years.

But a stock that goes nowhere can still get you a 6% return thanks to the yield. That’s not bad in any market, let alone one as rocky as this.

AT&T also trades at a discount to Verizon — which admittedly has better growth prospects. Ma Bell is currently at about 11 times 2012 earnings estimates while Verizon is valued at 14 times next year’s profit forecasts.

So there may be a (pardon the telecom pun) disconnect here — especially since the T-Mobile purchase was not a make-or-break deal for the company. AT&T still has more than 100 million wireless subscribers.

“The valuation is pretty interesting,” said Steve Clement, an analyst with Pacific Crest Securities in Portland, Ore.

Your phone company is selling your personal data

“Without the T-Mobile assets, AT&T will still need to buy spectrum to accommodate continued traffic growth, but that’s not a major issue for the near-term,” he added. “AT&T still has a strong position in the wireless industry without T-Mobile.”

That’s why any long-term, “buy and hold” investors — there’s at least one still out there, right? — don’t need to panic.

This stock isn’t likely to do well enough to vault you from the 99% to the 1%. But there is something comforting about that dividend.

“Investors generally assumed the T-Mobile deal was not going to go through for a couple of months now, and that clearly is a disappointment,” said Christopher King, an analyst with Stifel Nicolaus in Baltimore. “But I have a buy rating on it and it’s mostly because of the dividend.”

Best of StockTwits … and Belgian waffles. Monday’s ferocious move up for stocks had people talking over on StockTwits. Unsurprisingly, some investors are skeptical.

gtotoy: Bear market rallies are the MOST vicious, most PROFITABLE and FASTEST rallies there are!

stevenplace: Friendly reminder that large % up days are characteristic of bear market rallies

Good point. Not sure if this is really a bear right now though. But investors have to be nimble.

StockSage1: Throw your preconceived notions out the window, anything can happen in this market – moves continue to be larger than most expect.

Agreed. “Volatility” is undoubtedly the investing word of the year for 2011.

Finally, noticing that the ETF of a certain Flemish-Dutch region (EWK) was up 5%, I asked Twitter followers to identify the following movie quote: “Uh, a big record just broke in Belgium.”

My CNNMoney colleague Chris Isidore was first to correctly ID it as Matt Dillon in “Singles.” We sit across from each other and often talk movies. So I feel badly that he “won” since he has a certain advantage.

But I feel even worse because I discovered after issuing the challenge that I already gave the same one almost exactly a year ago! That column was about RIMM. The headline? “The BlackBerry is dead! Or is it?”

I guess some things haven’t changed over the past year. Except the quality of my memory.

A Bushel of Free, Open Source Tools for Working with Digital Photos

by Sam Dean – Nov. 23, 2011Comments (0)

With holidays approaching for many of us, people will be breaking out their cameras and taking photos. Over the years on OStatic, we’ve covered a huge number of open source applications that can make editing, organizing and adding effects to digital photos much easier. The applications range from well-known ones to titles that you probably haven’t heard of. Here is an updated collection of great tools for the digital photographer–and all of them are free.

Editing and Organizing. Lisa did a good roundup on five applications focused on image editing and organizing photos here.  Among the applications she took note of, Shotwell is a very popular photo organizer for the GNOME desktop environment. Meanwhile, DigiKam is a rich application with slick editing tools, and you can use it to organize photo libraries.

Cooliris. Among photo junkies, Cooliris is almost universally lauded. Kristin covered the Linux version here. It’s a browser plug-in designed to enhance your photo and video browsing experience. You can use it to panoramically soar through photo collections, and it works great for navigating photo and video collections found online.

Shooting the Panorama. For working with very splashy and impressive panoramic digital photos, Hugin is hard to beat. It’s a free, open source photo panorama stitcher that lets you assemble collections of overlapping pictures into one big image, including a full 360° panoramic view. Check out Lisa’s post on it here. At the bottom of this post, check out the cool panoramic photo of the Golden Gate Bridge from Hugin’s site.

Go GIMP. If you’ve spent any time working with photos and graphics–whether you favor open source software or not–you’re probably familiar with the power of GIMP, one of the very best open source graphics applications. In this post, we rounded up five free, educational resources for getting started with GIMP and becoming an expert user.

Red Hat OpenShifts Into the Cloud

Tuesday, 22 November 2011 09:56 Carla Schroder |Exclusive

Red Hat’s OpenShift is their new Platform as a Service (PaaS) cloud offering. OpenShift makes some big promises: power, speed, openness, and portability, the ultimate fast friendly PaaS. Will it deliver on these promises? Time will tell, and you can start testing it now for free.

What Does it Do?

OpenShift is a platform comprising Linux, the OpenShift software and services, and a cloud backend for developing, deploying, and managing cloud applications. Write your fine code on your own computer, push it to OpenShift, and it does the heavy lifting of compiling and deploying your application.

OpenShift

You don’t have to worry about databases and application servers, or building and maintaining an application stack, or figuring out how to scale out your applications. Just code, git push and go. It supports multiple languages, frameworks, databases, middleware, and multiple cloud hosting providers. Currently the only provider available is Amazon Web Services (AWS), but someday users will have multiple choices of Red Hat-certified providers. It’s all built on free/open source software, except the OpenShift code, which Red Hat promises will be opened sometime in the future.

It’s easy to try it out, which is a refreshing change of pace from vendors who expect us to jump through multiple hoops before we even know what their products do. You don’t even need Red Hat or Fedora Linux, but can use any Linux, Mac, or Windows computer. Just register for an account, install the client software, and you’re ready to start. Currently it is in developer preview, so it’s all free. Someday Red Hat will charge money, but they’re not giving any pricing information yet, and they say there will always be a free level of service.

OpenShift has three different types of accounts to choose from: Express, Flex, and Power. Let’s see what we can do with these.

OpenShift Express

Express is the most limited type of OpenShift account. It’s hosted on a multi-tenant AWS account that Red Hat pays for; you don’t have to shell out so much as a penny. It supports Java, Perl, PHP, Python, and Ruby, and most popular frameworks for these languages, such as Spring, Rails, Symfony, Zend Framework, Django, Java EE, and many more. With Express you are limited to 5 applications and 250 megabytes of disk space, though you can request more, or open additional accounts. With an Express account you get only a command-line interface, and can write, manage, and deploy your applications.

Your first task is to log in and create your own domain name. (On Linux look for the OpenShift commands, such as rhc-create-domain, in /var/lib/gems/.) This will also automatically create an SSH public/private key pair for your Flex account. Let’s call our example domain tigger. It is a subdomain of rhcloud.com, so your new domain is tigger.rhcloud.com. When you create a new application, let’s call it piglet, then it becomes piglet-tigger.rhcloud.com.

What if you want to use your own domain name? You can do this. First you need a proper registered Internet domain name. Then in your own DNS manager create a CNAME for your OpenShift domain that points to your Internet domain name. Then use your OpenShift client software to create an alias in your Express account, like this:

$ rhc-ctl-app -a piglet -c add-alias --alias www.example.com

Of course, if your application name is not piglet you must use your real app name, and instead of example.com your own real Internet domain name.

Now you can write and upload an application, and have instant gratification seeing it go live. When you create a new application, OpenShift automatically creates both a remote and a local git repository. Publish it with git, and update it with git. You can save snapshots, which include all data and logfiles. Visit the Quickstart page to learn more.

Flex

An Express account may be all you ever need. If you want a graphical interface, if you want to create and manage servers, clusters, and cloud objects, and to have access to performance data, then Flex might be for you. A Flex account is in a dedicated hosting environment, rather than multi-tenanted like Express, and it includes shell access, monitoring, versioning, and auto-scaling. Flex only supports Java and PHP applications. It supports application servers like Tomcat, Apache, and JBoss, and you get a choice of databases such as MySQL, Membase, and MongoDB, and Memcache and Infinispan for data caching.

You get a nice complement of management tools, and can migrate your applications to different clusters, and can create, start, stop, and remove any of your cloud objects. A prerequisite is you need your own Amazon EC2 account. Though you can skip this by signing up for the free 30-day trial, which includes 30 days or 30 hours of Amazon EC2 at no cost to you. Note that the 30 hours include all the time your applications are running. This is truly a test drive, as your data and applications will be deleted at the end of the trial, and there are no service-level agreements. So, obviously, don’t use this for production work.

Power

The ultimate in features and flexibility is an OpenShift Power account. Or will be, anyway. Power accounts are not yet available, but when they are you will be able to deploy any Linux applications written in any language. It promises features like scripting templates, multi-virtual machine architectures that span clouds, “headless” apps (those with no Web interfaces), and deep customizability.

Red Hat has published two excellent OpenShift manuals: OpenShift Express User Guide and OpenShift Flex User Guide. There are active forums, an IRC channel, and howto videos. With all of this flexibility, speed, and ease-of-administration, Red Hat may have a chance to take the lead in the infant PaaS space.

IPv6 Adoption Growing Thanks to Go Daddy

Black Friday iTunes infected credit malware alert

Security experts say the infected email offers users credit for iTunes music, games and video

Criminals are targeting internet users with a new gift certificate scam, according to security experts.

Users receive an email that claims to be from Apple’s iTunes store, warns the Eleven security blog.

The ZIP file attached contains malware that may allow hackers to gain access to the recipient’s computer.

The blog says the attack appears to have been timed to coincide with Black Friday, one of the US’s busiest shopping days.

Black Friday was the name used by Philadelphia’s police department in the 1960s to describe the day after Thanksgiving because of all the traffic jams caused by people visiting the city’s stores.

It is now viewed by many retailers as the start of the Christmas shopping season. They mark the day with one-off discounts and other special offers.

Eleven says the period has become one of the most popular times for internet scammers to target users.

Infected offer

The security firm says that users are told they have been sent $50 (£32) of iTunes store credit and need to open an attached file to find out their certificate code.

The file contains a program known as Mal/BredoZp-B.

PCthreat.com says the software opens up a backdoor on the users’ computers and may also capture passwords and other information.

It says the code may also slow down the infected computer’s performance and make files disappear.

The malware can be removed with the use of anti-spyware tools.

Facebook phishing

Security adviser Sophos warns of a separate threat linked to Facebook.

It says users are receiving emails claiming that they have violated the social network’s policy regulations by annoying or insulting other members.

An attached link take users to a web page that presents them with a fake “Facebook Account Disabled” form.

The firm says that members are then asked to fill in a series of forms requesting their login details, country of residence and the first six digits of their credit card number.

If the users refuse they are told their account will be blocked automatically.

“New day, new attempt,” writes Sophos’s security writer Lisa Vaas on the company’s blog.

“All these phishing scams boil down to a naked grab for your account details. Remember, neither Facebook nor other reputable social media sites would ask for this information.”

FBI plays down claim that hackers damaged US water pump

US officials have cast doubt over reports that a water pump in Illinois was destroyed by foreign hackers.

The FBI and the Department of Homeland Security said they had “found no evidence of a cyber intrusion”.

The Illinois Statewide Terrorism and Intelligence Center (STIC) previously claimed a hacker with a Russian IP address caused a pump to burn out.

A security expert, who flagged up the story, said he was concerned about the conflicting claims.

Information about the alleged 8 November breach was revealed on Joe Weiss’s Control Global blog last week. His article was based on a formal disclosure announcement by the Illinois STIC.

The report said that the public water district’s Supervisory Control and Data Acquisition System (Scada) had been hacked as early as September.

It claimed that a pump used to pipe water to thousands of homes was damaged after being repeatedly powered on and off.

It added that the IP address of the attackers had been traced back to Russia.

The news attracted attention because it could have been the first confirmed case of foreign hackers successfully damaging a US utilities.

‘No evidence’

The FBI and the DHS said they had carried out “detailed analysis” and could not confirm the intrusion.

“There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant,” an email sent to the US Industrial Control Systems Joint Working Group said.

“In addition, DHS and FBI have concluded that there was no malicious or unauthorised traffic from Russia or any foreign entities, as previously reported.”

The officials added that their analysis of the incident was still ongoing.

Mr Weiss said he was concerned that the email appeared to contradict the initial report.

“This begs the question why two government agencies disagree over whether a cyber event that damaged equipment had occurred at a water utility,” he wrote on his blog.

“If the STIC report is correct, then we have wasted precious time and allowed many others in the infrastructure to remain potentially vulnerable while we wait to find out if we should do anything.”

Fewer managers

Mr Weiss also notes that a 2010 report by the security company McAfee highlighted the relative vulnerability of the global water system compared with other industries including energy and financial services.

“The water/sewage sector… had the lowest adoption rate for security measures protecting their Scada/ICS systems,” it said.

The report noted that the low adoption rate might have been linked to the fact that the water and sewage sector, and said that only 55% of its Scada systems were connected to the internet – a lower percentage than most other industries.

However, it went on to highlight the lower number of managers taking responsibility for the issue.

“When considering this data, the small number of water sector executives amongst those with Scada/ICS systems responsibilities – only 11 out of 143 – needs to be noted,” said the McAfee report.

Secret net Tor asks users to sign up to cloud services

The Onion Router is so named because it is multi-layered with no clear centre

People involved in a project to maintain a secret layer of the internet have turned to Amazon to add bandwidth to the service.

The Tor Project offers a channel for people wanting to route their online communications anonymously.

It has been used by activists to avoid censorship as well as those seeking anonymity for more nefarious reasons.

Use of Amazon’s cloud service will make it harder for governments to track, experts say.

Onion router

Amazon’s cloud service – dubbed EC2 (Elastic Compute Cloud) offers virtual computer capacity.

The Tor developers are calling on people to sign up to the service in order to run a bridge – a vital point of the secret network through which communications are routed.

“By setting up a bridge, you donate bandwidth to the Tor network and help improve the safety and speed at which users can access the internet,” the Tor project developers said in a blog.

“Setting up a Tor bridge on Amazon EC2 is simple and will only take you a couple of minutes,” it promised.

Users wishing to take part in the bridging project, need to be subscribed to the Amazon service.

It normally costs $30 (£19) a month. However, Amazon is currently offering a year’s worth of free storage as part of a promotion, which Tor developers believe their users will qualify for.

Amachai Shulman, chief technology officer of data security firm Imperva believes that cloud services could have a big impact on Tor.

“It creates more places and better places to hide,” he said.

“With cloud services it will be easier to create a substantial number of bridges. Amazon is hosting millions of applications and it will be difficult for governments to distinguish between normal access to Amazon’s cloud and Tor access,” he said.

Tor is short for The Onion Router, so named because of the multi-layered nature of the way it is run. It is also known as the dark net.

It has been in development since 2002 and works by separating the way communications are routed via the internet from the person sending them.

Data is sent through a complex network of ‘relays’ or bridges run by volunteers around the world. When someone receives data routed via Tor it appears to come from the last person in the relay rather than from the original sender.

Internet addresses are encrypted to add to anonymity.

Ugly face

The Tor Project has been praised for offering people living in repressive regimes an opportunity to communicate freely with others without fear of punishment. Activists have used it in Iran and Egypt.

But it is also used to distribute copyrighted content.

The people behind the Newzbin 2 website are suggesting its members use the network to continue sharing illegal downloads after BT blocked access to the site in the UK.

Tor is also used by people wanting to share images of child abuse. Hacktivist group Anonymous recently launched Operation Darknet which targets such abuse groups operating via the network.

“There is an ugly face to Tor,” said Mr Shulman. “Studies suggest that most of the bandwidth is taken by pirated content.”

While cloud services are unlikely to make Tor mainstream, the more bridges there are, the more anonymous the network becomes.

Imperva research estimates that there are currently “a few thousand” exit nodes on Tor – the points at which communications reveal themselves on the wider internet.

“There could be far more other nodes but it gives a sense of the size of the community,” said Mr Shulman.

Access to Tor is not limited to fixed line communications.

Android users can access it via an application called Orbot and earlier this week Apple approved Covert Browser for iPad to be sold in its App Store, the first official iOS app that allows users to route their online communications through Tor.