Friday, October 29, 2004

Uni entry eased if students have the money

[Ed - Although this is not an article on IT, I still believe it is important for uni students to be aware of such issues]

Uni entry eased if students have the money
By Gerard Noonan, Education Editor
February 3 2003

Students wanting to get into a combined law degree at the University of NSW and prepared to pay up to $75,000 in cash can gain entry with a ranking 5 per cent lower than other students applying for the course.

The combined law degree is one of 160 courses at three NSW universities that allow the controversial two-tier entry system to operate. Data released by the Universities Admissions Centre today for late-round entry into courses for 2003 shows UNSW, the University of Sydney and the Australian Catholic University take in students under the scheme.

At UNSW, students applying for the highly competitive combined law degree would normally need a universities admissions index (UAI) of 99.30 to gain a place but could get in with 94.45 if they paid fees up-front. Over the five years of the course, the $15,000 annual fees would amount to $75,000.

Other students taking the course would typically defer payment through the higher education contribution scheme (HECS) and pay back the fees when they began earning wages.

Today's late-round release shows universities in NSW and the ACT have tightened the total number of places to non-fee paying Australian students for the second year in a row. The director of the admissions centre, Andrew Stanton, confirmed that the total number of offers to all classes of students was down by almost 700 to 58,880.

"This is a reflection of the trend which began last year and which has continued for the 2003 admissions," he said yesterday. "Universities need to manage their student populations without jeopardising the quality of teaching and learning. For some universities this has meant a reduction in the number of new places available."

This year, a HECS student enrolled in arts at Sydney University needed a UAI of 83.25 but a student prepared to pay the $11,000 annual fee required a UAI of just 78.25. Similarly, students needed a UAI of 99.30 to get into the Bachelor of Engineering in Aerospace at the same university but could enter as a fee-paying student with a UAI of 94.30.

Critics of the scheme, which has operated since 1998, argue that it gives richer students an unfair advantage. They also say many of the 2500 fee-paying students already in the system switch in second year to a HECS-funded place, thus denying another student entry.

However, the universities argue they must exploit every source of income and that the five-point UAI difference is only marginal in many cases.

The majority of universities in NSW and the ACT do not take part and Charles Sturt University in Bathurst dropped out last year.

In June the university governing council at UNSW narrowly decided to abandon its involvement in the scheme on the casting vote of the university chancellor, Dr John Yu. But the arrival of a new vice-chancellor at UNSW in mid-year resulted in the matter again being debated at the university council. Professor Rory Hume succeeded in convincing enough waverers on the council to restore the university's involvement.

Internal university research to date shows the academic performance of fee-paying and HECS students is comparable.

Professor Hume has argued privately that although the scheme is unpopular, the Federal Government's imminent review into the future of universities is likely to shake up the entire fee structure anyway.

[Ed - Most of the time universities are not to blame, they have rising costs to keep up with to provide a certain level of education to its students, and they aren't getting more money from the government. This plan to lower requirements for money is an easy way to get the vital funding.

Doing a science or technology degree is usually the best value in terms of funding. Why? Because subjects like business or law require little resources - just hire a lecturer and put them in a room of students with the same textbook.

Whereas hi-tech subjects require millions of $$$ for equipment and ongoing costs. Science, computer and electronic laboratories are very expensive to acquire and maintain in comparison. Software and harware needs to be purchased and maintained, some specialised software titles cost thousands per copy. Every year the course needs to be revised and updated with a rapidly changing world of technology.

The cost of running, say a Business degree is probably ten times lower than say a Computing degree.

One major source (if not the only one) of funding problems is the government, with the introduction of the GST they have raised much more funding, but have not placed an emphasis on higher education.

They have forced education providers such as TAFE and universities to charge fees, and now to raise them and consequently reduce the opportunity for all people to gain a better education. Some believe that education should be free. Should the government not be investing in its own people who will be paying tax? I mean if we get more education, we can get a better job, which means more money for us, and more tax for the government. Right?

The financial divide is widening and improvement doesn't look to be comming soon. Everyone should have equal access to education. Disadvantaged Australians will find it harder and harder to get more education to advance their careers. But those determined enough will find a way. There are limited numbers of scholarships offered by universities and professional associations for people in genuine financial hardship. Centrelink also has "Youth Allowance" to support Australian students while they are studying full-time at uni or TAFE, they have opportunities for apprenticeships which provide work and free TAFE courses, and those on support can enroll in many normal TAFE courses for free.]

DVD Rot

"The first issue is 'DVD rot,' a term derived from problems with laser discs and now applied to problems with pressed discs when Hollywood movie DVDs become unplayable, either as the video starts to break up during playback due to corrosion in the disc, or the disc itself even begins to physically split apart due to delamination of the bonded layers.

Beyond the online discussion groups, this issue was highlighted by The Sydney (Australia) Morning Herald, in a widely linked article from February 1, 2003 (www.smh.com.au/articles/2003/01/31/1043804519345.html). The Herald reported that some DVD movies 'are already starting to rot while others are falling apart.' The article states that 'unofficial estimates put the number of affected discs at between one and 10 per cent.' It then characterizes the industry response by reporting that 'some of the largest distributors for Hollywood Studios are accused of refusing to accept the problem exists and replace faulty products.'

Web sites now collect lists of Hollywood movie titles reportedly known to have problems. Other frequently-linked sites carry photographs of cloudy regions that have grown along the edges of discs, and even electron microscope images of 'spots' that appear to be associated with playback failures across the layer break of dual-layer DVD-9 discs. The DVD industry has clearly not responded effectively to these reorts and concerns.

The second issue is the reliability of recordable DVD discs as an archival media, either for write-once recordable (R) or rewritable (RW) formats. Can we really trust that we can save our digital files for decades on DVD discs? Or, if we use them constantly in applications like kiosk displays, is it possible for them to effectively burn out from constantly being read by a laser beam?

Click this post's heading to view the full article.

Thursday, October 07, 2004

Windows JPEG vulnerability 'will evade' AV software

Story URL: http://software.silicon.com/security/0,39024655,39124542,00.htm
by Dan Ilett, ZDNet UK, September 30, 2004

Antivirus software looks as if it will struggle to protect corporate networks from the latest Windows vulnerability - innocent looking JPEG files that contain security attacks.

According to director of antivirus research for F-Secure Mikko Hypponen, antivirus software will strain to find JPEG malware because by default it only searches for .exe files.

"Normal antivirus software by default will not detect JPEGs," said Hypponen. "You can set your antivirus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things."

There are around 11 similar file extensions that JPEGs can be changed to, such as .icon or .jpg2. Hypponen said that this would make searching for malicious JPEGs even more difficult because it could take up a significant amount of valuable processor power.

Internet Explorer processes JPEGs before it caches them. That could also mean that desktops would become infected before antivirus software had a chance to work.

"This means that it is not enough to scan at the desktop," said Hypponen. "You have to scan at the gateway, but this will put a huge load on your bandwidth."

Hypponen said that he expected a virus attack using the exploit to occur soon: "There has been so much interest in this vulnerability that someone is bound to do this. But saying that, there was a similar vulnerability found two months ago in Bitmaps, and no one has exploited that yet."

Yesterday code that exploits the way Microsoft Windows processes JPEGs was posted to US newsgroup Easynews. Hypponen wrote on the F-Secure weblog that this was not a virus because it had no way of spreading. In order for the code to infect a machine, a user must download the image it purports to be and view it in Windows Explorer.

Yesterday Microsoft hit back at critics over its handling of the vulnerability. In a prepared press statement, it said: "Microsoft does not consider this a high risk to customers given the amount of user action required to execute the attack and is not currently aware of any significant customer impact. We will continue to investigate the situation and provide customers with additional resources and guidance as necessary."

Dan Ilett writes for ZDNet UK

Copyright © 2003 CNET Networks, Inc. All Rights Reserved.
silicon.com is a registered service mark of CNET Networks, Inc.
silicon.com Logo is a service mark of CNET NETWORKS, Inc.

Sunday, October 03, 2004

Firms still failing online security test

September 30, 2004
The credit card mix-up on Sainsbury's online shopping website this week that allowed a customer to view someone else's credit card details in her account highlights some issues around how to handle a security problem when it's discovered.

In Sainsbury's case, the customer had to wait almost two days before getting a response to her initial email reporting the problem, which had the subject line "URGENT: System Bug - Someone else's credit card details stored in my account".

Later the retailer insisted it had been investigating the problem as soon as it received the report but the customer was sufficiently un-reassured as to contact silicon.com about it, out of the genuine worry that it may not be an isolated incident and that other customers could have been affected.

When the response finally came it then did reassure the customer that it was a one-off caused by a "corruption" of her account, followed by some confusing technical jargon.

Just as that seemed to be the end of it, silicon.com finally got an explanation from the Sainsbury's press office (after chasing it for over a day), which now claimed it was "human error" by a customer service representative that had caused it.

A further request to clarify what exactly the cause of the credit card mix-up was has still gone unanswered as has our question about whether Sainsbury's has contacted the customer whose card details were compromised by the error.

In the end this may well just be an isolated incident caused by a careless customer services person but Sainsbury's actions to date have hardly been reassuring and serve as something of a lesson on how not to handle the publicity around a potential website security hole.

We felt the need to publicise this incident because it shows how failing to deal with reports of security problems adequately and being transparent about them can compromise the trust of customers - trust which is vital to doing business online. It's a brave business that gambles on that.


Copyright © 2003 CNET Networks, Inc. All Rights Reserved.
silicon.com is a registered service mark of CNET Networks, Inc.
silicon.com Logo is a service mark of CNET NETWORKS, Inc.