Saturday, April 30, 2005

BitTorrent as friend, not foe

Krysten Crawford writes in CNN/Money that:


BitTorrent has been described as Hollywood's Napster -- a sinister software that makes it easy to steal movies off the Internet. And just like the recording industry response to the Napster scourge years ago, movie studios today are determined to stamp out BitTorrent.

Vinton Cerf, one of the co-creators of the Internet, thinks Hollywood is making a big mistake and that BitTorrent or another technology like it can't be stopped. His advice to Hollywood: If you can't beat 'em, join 'em.

Microsoft Updates IM Server to Connect with Other Networks

Matt Hicks writes in eWeek that:

Microsoft Corp. has released an update to its enterprise instant messaging and presence servers for free, a move that makes good on its promise to interoperate with the three major IM networks.

The Redmond, Wash., software maker on Thursday shipped Service Pack 1 for its Office Live Communications Server 2005. One of its key features is the ability for enterprises to connect their LCS installations with the AOL Instant Messenger, Yahoo Messenger and MSN Messenger IM networks.



Defense Department signs Red Hat deal

Stephen Shankland writes on C|Net News that:

The department's Defense Information Systems Agency agreed Monday to purchase subscriptions for Red Hat Certificate System software, Red Hat spokeswoman Leigh Day confirmed Friday. The deal renews support for software that was sold by America Online's Netscape Communications group until Red Hat acquired it in December.

Friday, April 29, 2005

Law enforcement struggles to stop ID theft

On tonight's (April 29, 2005) NBC Nightly News with Brian Williams, there was a segment (posted on MSNBC) on a multi-agency task force making efforts to stem the tide of ID theft (Article by Tom Costello):

In San Diego, a high-tech, undercover, multijurisdictional task force called the Computer and Technology Crime High-Tech Response Team, or CATCH, targets the nationwide identity theft epidemic.

"This is the fastest-growing crime in the United States today, and it is worldwide," says Keith Burt, the project director of CATCH and a deputy district attorney in San Diego. "We had one individual who had 10 million profiles in his computer alone."

Hushmail DNS Attack Blamed on Network Solutions

Ryan Naraine writes in eWeek that:

Secure e-mail service provider Hushmail Communications plans to pursue a criminal investigation into a hacking attack that redirected users to a defaced Web site. The company pinned the blame for the breach squarely on the shoulders of domain name registrar Network Solutions.

Hushmail, which markets PGP-encrypted e-mail, file storage and vanity domain services, has opened a criminal investigation with the Royal Canadian Mounted Police in Vancouver to get to the bottom of a DNS server breach caused by a combination of social engineering, phishing and pharming tactics.

Atlas Backtracks on Cookie Data

Brian Morrissey writes in Ad Week that:

Just a week after casting doubt on research showing users deleting Internet-tracking cookies, aQuantive's Atlas research unit revised its findings, concurring that cookie deletion is a problem.

In a report released last week, Atlas said it found a significant gap between users' self-reported cookie deletions and the actual cookie lifespan on their computers. Like surveys done by Jupiter Research and Nielsen//NetRatings, Atlas found 43 percent of respondents said they deleted cookies weekly. Instead of an average cookie lifespan of seven days, however, it was 45 days for those users. Similarly, the 14 percent who said they erased cookies monthly had cookies lasting an average of 59 days, rather than 30 days.



Tiger Responds to Security Warnings

Ian Betteridge writes in eWeek that:

As Apple releases Mac OS X 10.4, aka "Tiger," analysts have praised the company's security efforts so far, while cautioning that a rise in the market share for the Mac could lead to more attention being paid to the platform from hackers.

The release of the update is widely expected to create more interest in the platform from consumers who are looking for an alternative to Windows. Apple has highlighted security as one of the strengths of Mac OS X, thanks to features such as its firewall and use of a secure administrator account.

Firefox Breaks 50,000,000 Barrier

Via /.

MrDrBob writes "Today at 16:59 GMT (8:58 AM PST) Mozilla Firefox received its 50,000,000th download. To celebrate, SpreadFirefox.com has created a special page, where you can watch the downloads continue to climb in real time. Three cheers for Firefox! May it go on swiftly to 100,000,000!"

Google searches for quality not quantity

Barry Fox writes for New Scientist:

Google has plans that will dramatically improve the results of internet news searches, by ranking them according to quality rather than simply by their date and relevance to search terms.

The ambitious system is revealed by patents filed in the US and around the world (WO 2005/029368) by researchers based at the company's headquarters in Mountain View, California.



Apple Tiger queues disrupt London traffic

You've got to see this. Over on The Inquirer, Wil Harris has written a short piece and has plenty of pics of the rush in London to tame the Tiger. Link here.

Hackers to test U.K. lawmakers' systems

Andy McCue, in a special to C|Net News, writes that:

Hackers are to be employed to test the effectiveness of the IT security defences for the computer systems in the House of Commons, home of the British parliament. A three-year IT security contract is up for grabs to conduct internal and external penetration testing on routers, firewalls and critical servers using a range of independent vulnerability assessment techniques
.

E-passport makers hail U.S. retreat

Junko Yoshida writes in the EE Times that:

Global electronic passports suppliers hailed a decision by the U.S. State Department to drop a requirement for additional security measures in next-generation U.S. passports. The specifications have yet to be finalized.

Neville Pattinson, director of technology development and government affairs for smart card provider Axalto Americas, said Friday (April 29) that adding security measures such as "Basic Access Control" and a metallic shield cover to U.S. passports could "completely make the information [stored in the e-passport] undetectable."


Muni, Mesh Wireless Players Meet in Philadelphia

Carol Ellison writes in eWeek that:

Philadelphia Mayor John Street and Dianah Neff, the city's chief information officer, will welcome technology professionals from some 33 cities, as well as counties, states and municipal coalitions, to their city next week as representatives from Dallas to Shanghai gather for the Digital Cities Convention there.

Sponsored by the Wireless Internet Institute, the convention promises to provide three days of brainstorming, analysis and consensus-building among representatives of wireless and mesh networking providers and the city, state and international representatives interested in implementing their solutions.



Business Inaction Could Lead to Cybersecurity Law

Andy Smith writes for Reuters:

U.S. businesses for years have urged the government to let them set computer-security standards of their own, but their inability to do so could now prompt Congress to step in, experts say.

Those who worry that regulation may stifle innovation say the business community may have already missed an opportunity to prove the government's help is not needed.

Do We Need a Sarbanes-Oxley for the Internet?

Via Newsfactor Technology News:

Should there be a higher authority for Internet security? With billions of dollars transacted daily via the Internet and online banking growing, some say it's high time for industry to collaborate on a stringent security doctrine to hold organizations accountable for operating, providing and commercializing Internet service.

"I'm held to accountability through Sarbanes-Oxley (SOX) and all these other regulatory requirements," says Larry Jarvis, vice president of network engineering for Fidelity Investments. "That doesn't exist for some of these critical elements in the Internet."

Martin Skips VoIP in First FCC Meeting

Roy Mark writes on internetnews.com that:

It was a slow day for the Internet at the Federal Communications Commission (FCC). In the first post-Michael Powell FCC public meeting, not a single IP-related issue was on new Chairman Kevin Martin's agenda.

That, however, is very likely to change on May 19 when the FCC next meets.



Australian study uses mobile phones to monitor teen angst

Well, here's a new one. An AFP newswire article reports (here on Yahoo! News) that:

Australian researchers are planning to use teenagers' love of mobile phones to help monitor adolescent depression and pick up warning signs of potentially suicidal behaviour.

Psychologist Sophie Reid from Melbourne's Murdoch Children's Research Institute hit upon the idea after finding it impossible to persuade teenagers to fill in normal monitoring documents such as questionnaires and diaries.

Italians Seek to Close Website Showing Pope as Nazi

Via Reuters:

Rome judicial authorities sought a temporary injunction on Friday against an Internet site which carried doctored photographs of Pope Benedict dressed in a Nazi uniform.

Google Unites Europe

Robert MacMillan writes in the Washington Post that:

France's decision to create an online repository of European literature got critical backing from five other European nations this week when the heads of Germany, Hungary, Italy, Poland and Spain joined French President Jacques Chirac in asking for support from the European Union.

European media reported that a letter signed by the leaders asks EU President Jean-Claude Juncker and European Commission President Jose Manuel Barroso to coordinate the effort and, more importantly, cut a check to fund it. The letter comes after the national libraries of 19 European nations agreed to support the plan as well.

HP wins Euro border, visa deal

Dibya Sarkar writes in Federal Computer Week that:

The European Commission (EC) has signed a $48.5 million contract with Palo Alto, Calif.-based Hewlett-Packard and three European-based information technology companies to develop centralized information systems to manage border and police information and visa requests, HP announced today [April 28, 2005].

Transfer of Authority to AfriNIC and Joinder to NRO MoU

Announcement on the NRO web site:

The NRO is pleased to note AfriNIC's continued progress since it received ICANN recognition as the fifth Regional Internet Registry (RIR) on on April 8, 2005.

At the AfriNIC-2 meeting (held in Maputo, Mozambique, 26-27 April) APNIC, ARIN, and the RIPE NCC signed letters transferring to AfriNIC formal authority for the parts of the region they had previously served, including all registration and accounting documentation and DNS administration. This now completes the transfer of all custodial and registry processes for the entire AfriNIC service region.

Also at this meeting, AfriNIC became an official member of the NRO by signing a joinder to the NRO Memorandum of Understanding (MoU). AfriNIC is a welcomed and celebrated addition to the NRO, which now includes all five RIRs.


Porn-surfing Norwegians awarded $40k

Lester Haines writes on The Register:

We are seriously considering relocating the entire Vulture Central editorial staff to occasionally-sunny Norway after learning that two workers sacked for hunting net smut at work have been awarded 250,000 Kroner ($40,000) a head for unfair dismissal, Aftenposten Norway reports.

Florida University on alert after hack attack

John Leyden writes on The Register:

Students and staff at Florida International University (FIU) were warned they are at risk of identity fraud this week after techies discovered hackers had broken into college systems. A file found on a compromised computer showed that an unknown hacker had access to the username and password for 165 computers at the University, sparking a major security alert.

Islamist internet posting stirs bin Laden mystery

Reuters reports that:

A posting on an Islamist Web site stirred speculation over the fate of al Qaeda leader Osama bin Laden, and prompted a flurry of denials on Friday that the world's most wanted man was dead.

The entry on www.islam-minbar.net Web site began by saying there was news bin Laden had died but went on to say he was alive but, as a human being, could die any time and that Muslims should be prepared for that when it happens.

Squid HTTP Specifications Web Proxy Cache Poisoning

Secunia reports this morning:

Steve Orrin has reported a vulnerability in Squid, which can be exploited by malicious people to poison the web proxy cache.

The vulnerability is caused due to an error in the handling of upstream HTTP agents (e.g. web servers) not complying correctly with the HTTP specifications. This can be exploited to cause the HTTP agent and Squid to be out-of-sync by sending a specially crafted request containing e.g. white spaces in the HTTP header names and extra CR characters at the end of HTTP headers.

Successful exploitation allows poisoning of the web proxy cache.

An issue, where input validation errors in dynamic web sites can be exploited to conduct HTTP response splitting attacks, has also been reported.

The vulnerability has been reported in versions 2.5.STABLE7 and prior.


Details available at Secunia.

China's biggest bank makes switch to Linux

Sumner Lemon (IDG News Service) writes in InfoWorld that:

China's biggest bank plans to deploy Linux on servers across its network of 20,000 national branches in a project that may be the biggest Linux deployment yet seen in China, according to an executive involved with the deal.

Under the terms of an agreement announced Thursday, the Industrial and Commercial Bank of China (ICBC) plans to gradually roll out Turbolinux's Turbolinux 7 DataServer operating system for all of its front-end banking operations over a three-year period. Financial terms of the deal were not disclosed.

9 guilty verdicts in tech sting

Karl Schoenberger writes in the Mercury News (posted here on Yahoo! News) that:

Operation Matrix, a major undercover investigation of stolen computer hardware and software in Silicon Valley, recovered $480 million in property and put nine people behind bars before finally drawing to a close with the sentencing of the final two defendants, law enforcement officials disclosed this week.


The Wired 40

Duff McDonald writes in the May 2005 issue (Issue 13.05) of Wired:

They're masters of technology and innovation. They're global thinkers driven by strategic vision. They're nimbler than Martha Stewart's PR team. They're The Wired 40.

BenedictXVI.com Owner Donates Address to N.Y. Charity

David McGuire writes in the Washington Post that:

The Florida man who registered BenedictXVI.com weeks before Cardinal Joseph Ratzinger became the Catholic Church's new pope has donated the Internet address to a New York charity, at least until the Vatican comes calling.

Customer Data Losses Blamed On Merchants And Software

Steve Martin writes in InformationWeek that:

The steady stream of disclosures that customer information is being lost or stolen from retailers has caused security experts to focus on two areas: poor security practices by the retailers themselves and weaknesses in the software used to process credit-card payments.


Retail Ventures Inc. this month reported that personal customer information from 108 stores in its DSW Shoe Warehouse subsidiary was stolen. The information, involving 1.4 million credit cards used to make purchases mostly between November and February, included account numbers, names, and transaction amounts.




IPod Craze Leads to Crime Spike in New York

A Newsfactor Technology News story reports that:

"It usually has to do with young people taking them from young people," said police Commissioner Raymond Kelly, speaking of the iPod thefts. Thieves spot people with the telltale white earphones, then snatch the iPods and run out train doors.

Massive bank security breach uncovered in N.J.

On the NBC Nightly News with Brian Williams last night (story posted here on MSNBC), there was a disturbing story about a fairly massive "inside-job" in New Jersey:

In court Thursday, Orazio Lembo was described as the alleged ring leader of what police say was a massive scheme to steal 500,000 bank accounts and personal information, then sell it to bill collectors.

Lembo's alleged accomplices included branch managers and employees from some of New Jersey's biggest banks, including Bank of America, Wachovia and Commerce Bank.

All of them are accused of turning over customer bank account numbers and balance information for a profit of $10 per account. Even a state employee is accused of providing private information from state employment files.

Senate bill proposes to close e-mail wiretapping "loophole"

Declan McCullagh writes in his Politicis Blog on C|Net that:

Two senators are hoping to close what they call a "loophole" in U.S. wiretapping law that led to an acquittal last year of a man charged with e-mail interception.

In that case, the 1st Circuit Court of Appeals ruled that Bradford Councilman, a former executive for an online bookseller, did not violate federal wiretap laws by allegedly snooping on e-mail that Amazon.com sent to customers through accounts Councilman provided. (The appeals court currently is reconsidering its earlier ruling.)

California bill would ban tracking chips in IDs

Alorie Gilbert writes over on C|Net News that:

California lawmakers are joining the national debate on the merit of incorporating electronic identification devices in driver's licenses, student IDs and passports.

A bill that would put strict limits on California's use of such devices in all state-issued identity documents is making its way through the state's legislature and was approved this week in a 6-to-1 vote by a senate judiciary committee. It's the first bill of its kind in the nation, said its author, state Sen. Joe Simitian.

Thursday, April 28, 2005

Marconi plunges on BT deal news

As a result of the announcement by BT, which named suppliers for their 21CN (21st Century Network), the BBC also reports that:

Shares in Marconi have fallen nearly 40% after the telecoms equipment group failed to win a major contract from BT.

The UK company generates about 25% of its work from BT but it was not among the eight named preferred suppliers for a new £10bn ($19bn) network.




ID double-check systems stymie on-line thieves

Paul Lima writes in the Globe and Mail that:

Customers of New Zealand's ASB Bank Ltd. have to have cellphones in hand before transferring large sums of money over the Internet from their accounts.

ASB was one of the first to use two-factor authentication through cellphones to help keep thieves out of on-line bank accounts, a security precaution that's now attracting the attention of businesses of all types and sizes, thanks to the popularity of mobile phones and personal digital assistants with wireless Internet access.

Russia's Federal Security Bureau asks for more authority to control Internet

Via Novosti:

MOSCOW, April 28 (RIA Novosti) - Russian security authorities should be given broader powers to control telecommunications and the Internet, argues Dmitri Frolov, of the Federal Security Service's Information Security Center.

Frolov spoke Thursday in the Federation Council, or Russia's upper house of parliament, at a panel discussion devoted to telecommunications and Internet regulations.

The Federal Security Service proposes setting new rules for Internet providers so that it could prevent the spread of extremist ideas, track down illegal online operations, and get access to databases with mobile telephone subscribers' details, such as e-mail addresses, Frolov said. There should be compulsory registration of mobile phone users with Internet connectivity.


(Thanks, Sean!)

Bagle history

Mikko Hypponen over on the F-Secure "News from the Lab" Blog writes that Jason Gordon from infectionvectors.com has written a thorough three-part study on the history of the Bagle worm.

Admittedly, it is weird to see a reference to portions of the Bagle Worm referred to as "business practices," but I understand the implications.

Update: Gregg Keizer writes over on TechWeb today about this -- in fact, it's today's top story:

Bagle Worm Seen As 'Blueprint' For Web Criminals

A pair of research reports have explored the long-running Bagle worm and laid out a chronology that points to a professional developer who, like counterparts in the commercial software world, is constantly testing, tweaking, and improving his code for profit, not pride of ownership.

The Bagle worm debuted in mid-January 2004, and according to most anti-virus firms, has been spotted in 60 to 100 variations since then. It's also usually credited with starting the malware-for-profit movement among hackers, who prior to the ground-breaking worm, typically were motivated by notoriety.

On-line banking booming: Study

Jack Kapica writes in the Globe and Mail that:

On-line banking is being so rapidly accepted around the world that it may overtake e-commerce, says a study by global market research company Ipsos-Insight.

The survey, called The Face of the Web 2004, reported on the on-line behaviour of 6,544 adults (including 3,304 active Internet users) in 12 countries. It found that currently, 70 per cent of Internet users have purchased products or services on-line, and more than half of all users have used on-line banking.

Wiretaps in U.S. jump 19 percent in 2004

An AP newswire report on CNN reveals that:

The number of secret court-authorized wiretaps across the country surged by 19 percent last year, according to court records which also showed that not a single application was denied.

State and federal judges approved 1,710 applications for wiretaps of wire, oral or electronic communications last year, and four states -- New York, California, New Jersey and Florida -- accounted for three out of every four surveillance orders, according to the Administrative Office of the U.S. Courts.

FCC To Require 911 for VoIP

Elizabeth Millard writes on Newsfactor Technology News that:

The FCC has expressed concern after hearing about lawsuits against Vonage, in which users sued the company for inadequately warning them about the potential inability to dial 911 through its services in an emergency.

The Federal Communication Commission said it will move ahead with developing a plan to require emergency 911 calling capability on VoIP phones.

Microsoft tries to quell TCP/IP 'danger'

Renai LeMay writes on ZDNet Australia that:

To fully implement the TCP/IP protocol in Windows XP would make denial of service attacks a walk in the park, Microsoft said.

The company was responding to claims by a well-known security expert only known as "Fyodor" that by repeatedly disabling the ability to send TCP/IP packets via "raw sockets", Microsoft was asking the security community to "pick their poison": either cripple their operating system or leave it open to hackers.

BT to offer six classes of service

Matthew Broersma writes on Techworld that:

BT has launched a service designed to make life easier for businesses running voice, multimedia and data traffic over converged networks.

The service, catchily titled Six Class of Service Differentiated Services Code Point (6 CoS DSCP), prioritises communications traffic into six classes of service in order to guarantee performance. BT expects the service will appeal to the growing number of companies seeking to cut costs by managing their own converged network, loaded with such services as video and voice over IP.

Additionally, Graeme Wearden writes in a Special to C|Net News that:

BT Group has chosen its preferred suppliers for a multibillion-dollar upgrade of its U.K. infrastructure.

Among those selected are Alcatel, Ciena, Cisco Systems, Ericsson, Fujitsu, Huawei, Lucent Technologies and Siemens. All have been picked to supply equipment and services that will allow BT to replace existing circuit-switched networks with a single IP-based network. The project is known as the 21st Century Network project, or 21CN.

U.K. backpackers heed call of India firms

Andy McCue writes in C|Net News that:

U.K. backpackers and college graduates are being hired by British companies to work in India-based call centers in an attempt to bridge the culture gap between agents and customers.

The travelers can earn from $250 per month at entry level to $900 per month as team leaders working in Indian call centers supporting U.K. customer service operations.

In terms of the cost of living in India, that would rank the workers at a similar level to teachers and other young professionals.

Spitzer Sues Intermix Over 'Spyware'

Well, it looks like Spritzer is following up on his earlier promise to tackle malware on the web. In an AP newswire story on Yahoo! News, Michael Gormley writes that:

New York Attorney General Eliot Spitzer on Thursday sued a major Internet marketer, claiming the company installed "spyware" and "adware" that secretly install nuisance pop-up advertising on screens which can slow and crash personal computers.

Spitzer said the suit filed in New York City against Intermix Media Inc. of Los Angeles combats the redirecting of home computer users to unwanted Web sites and its own Web site that includes ads, the adding of unnecessary toolbar items and the delivery of unwanted ads that pop up on computer screens. After a six-month investigation Spitzer concluded the company installed a wide range of advertising software on countless personal computers nationwide.


ATI sets up largest R & D center outside U.S. in India

K.C. Krishnadas writes in EE TImes that:

Graphics and digital media solutions firm ATI Technologies Inc. has opened what it said is a key research and development center for its consumer and PC business units at Hyderabad in south India.

ATI (Ontario, Canada) will invest millions of dollars in the center, said to be the company's largest outside North America. It plans to hire about a hundred engineers for the center, which will develop next-generation audio and digital multimedia products for consumer electronics devices and PCs, as well as chipsets for PCs, mobile handsets and high-definition television sets.

Wal-Mart targets parody site run by Carnegie Mellon student

An AP newswire article today in the Globe and Mail reports that:

A college student was forced to redesign a website satirizing a foundation run by Wal-Mart after the discount retail giant claimed he violated copyright law by using graphics from the company's website.

Daniel Papasian, 20, of West Hartford, Conn., said he was forced to change his website — http://www.walmart-foundation.org — after lawyers for Wal-Mart Stores Inc. sent his Web host a cease-and-desist order last week.

Bahrain Site Registration Sparks Protests

Adnan Malik writes in an AP newswire article on Yahoo! News that:

All Web sites operating in Bahrain must register with the country's Information Ministry under a new government mandate that has provoked protests from an international watchdog for press freedom.

The move comes two months after the government detained three Bahrainis who were linked to an Internet forum that it viewed as hostile.

Bharti net profit more than doubles on growing phone use in India

AN AFP newswire article on Yahoo! News reports that:

India's largest private phone company, Bharti Televentures, said net profit more than doubled to 14.4 billion rupees (335 million dollars) in the year to March as mobile and Internet subscribers rose sharply.

Virus targets Romanian gypsy music

John Leyden writes in The Register today that:

A mass-mailing virus designed to wipe Romanian gypsy music off PCs is spreading rapidly across the east European country. The virus, dubbed Antiman-A, uses a recent story about the kidnapping of three Romanian journalists - abducted by a little-known terrorist Iraqi group approximately a month ago - to trap curious punters.

Wanadoo UK hits broadband high

Tim Richardson writes in The Register that:

Wanadoo UK has seen the number of broadband subscribers in the UK rocket over the last year as more and more people switch from dial-up to high-speed access.

At the end of March 2004, Wanadoo UK had 192,000 broadband users. Today, parent company France Telecom revealed that its ISP now has a whopping 717,000 broadband users.

Number of Internet users hits one million mark in Bangladesh

An AFP newswire article on Yahoo! News reveals that:

The number of Internet users in Bangladesh has jumped by more than 150 percent in a year to over one million, partly due to lower tariffs.

"In the last 12 months, we had more than 150 percent growth in the number of Internet users," general secretary of the Internet Service Providers Association of Bangladesh (ISPAB) Ershad Shafi Chowdhury told AFP on Thursday.

techdirt.com: Verizon Killing Successful WiFi Program

Over on techdirt.com last night, Mike drew our attention to this:

"Mixed in with various announcements from Verizon today was the little noticed news that they're going to phase out their WiFi offering in New York City in favor of increasing the 3G EV-DO wireless broadband offering from Verizon Wireless. This doesn't make very much sense at all. The two services don't really compete. The WiFi was offered free to subscribers of Verizon DSL as a way to take that connection around the city with them -- and it had been described as a success in that it reduced churn more than enough to pay for the program. EV-DO is a useful offering, but it still costs quite a bit, and isn't suitable as a DSL replacement. It sounds like the decision to do this was done from the incorrect belief that WiFi somehow competes with EV-DO when it really doesn't in most cases."

Laptop from Iraq leads to arrest of Zarqawi men

David S. Cloud (The New York Times) is the author of an article which appears this morning in the International Herald Tribune's Technology Section:

"The recovery in February of a laptop computer in Iraq by U.S. forces has helped in the capture of several associates of the Jordanian militant Abu Musab al-Zarqawi, Pentagon officials say.
The laptop was found in a truck used by Zarqawi as he fled capture by U.S. troops near the city of Ramadi on Feb. 20, the officials said Tuesday. ABC News, which disclosed the existence of the laptop this week, reported that U.S. officials believed they had nearly caught Zarqawi there after receiving a tip."

Managed Services Are Paying Off for VARs

Pedro Pereira writes in eWeek that:

VARs and small integrators are always on the lookout for steady sources of revenue as product margins shrink and competition from online retailers and direct-selling vendors intensifies.

For many, the opportunity for a recurring revenue stream comes in the form of managed services. That is why many VARs and small integrators are shifting at least a small portion of their business focus to the MSP (management service provider) model. For some, it is more than just a new opportunity; it is a potential business lifesaver.

Cisco Reports VPN Conflict with Tiger

Elizabeth Millard writes in eWeek that:

"When Apple's 'Tiger' operating system is released Friday, it will be without support for Cisco Systems' VPN client.

Cisco Systems Inc. and Apple Computer Inc. had been working to have VPN support available by the release date of Mac OS 10.4, but they were not able to get the work done in time, according to Pete Davis, product line manager for remote-access VPNs at Cisco."

Net-illiterate parents 'failing children'

An article this morning from the BBC UK Edition explains that:

"Internet-illiterate parents could leave their children on the wrong side of the digital divide, researchers have said.

Many parents lack the skills to help their child's internet use, a London School of Economics study has said.

It said 85% of parents surveyed wanted stronger laws to clamp down on internet pornography.

And one in five said they did not know how to help their children use the web safely, according to the UK Children Go Online report."

Wednesday, April 27, 2005

Malaysian Web Defacement an Epidemic

An AP newswire report on Yahoo! News explains that:

An overwhelming number of Malaysian Web sites have been hacked and defaced this year, evidently by Indonesians upset over a territorial spat between the neighboring countries, an Internet watchdog said.

At least 256 Malaysian sites were broken into in the first three months of 2005, compared with 42 intrusions reported in the previous quarter, according to Malaysia's Computer Emergency Response Team, a private organization that monitors Internet security.

RFID In Cars Update: Texas Senate Approves Bill

Again, living here in Austin, I'm constantly watching for Texas-related tech news. And this one is alarming. From techdirt.com:

Bob Dole writes "Apparently, after news of the plan to mandate RFID chips in all Texas cars hit the net, the state representative who introduced the bill was so swamped with complaints that he decided to drop the RFID provision. Ah, we can relax now, right? Wrong. On Tuesday, the state Senate actually passed the bill that creates an auto insurance verification database unanimously. The Senate version leaves the details of how to enforce it up to the state police and transportation department, as long as the program is 'cost-effective.' I'm sure it's just a coincidence that the House sponsor has one of the biggest RFID chip makers, Texas Instruments, located right next to his district. "
Remember: RFID kills!

Schools don't have to identify music pirates

An AP newswire report posted on MSNBC reveals that:

A federal magistrate has ruled that two North Carolina universities do not have to reveal the identities of two students accused of sharing copyrighted music on the Internet.

Bush signs DVD filtering measure

An AP newswire report on CNN this afternoon reports that:

President Bush on Wednesday signed legislation aimed at helping parents keep their children from seeing sex scenes, violence and foul language in movie DVDs.

The bill gives legal protections to the fledgling filtering technology that helps parents automatically skip or mute sections of commercial movie DVDs. Bush signed it privately and without comment, White House press secretary Scott McClellan said.

Quote of the day: H-1B suggests too many smart people coming

Via C|Net News:

Microsoft Chairman Bill Gates slammed the federal government's strict limits on temporary visas for technology workers Wednesday, saying that if he had his way, the system would be scrapped entirely.

The theory behind the H-1B (visa)--that too many smart people are coming--that's what's questionable," Gates said during a panel discussion at the Library of Congress in the nation's capital. "It's very dangerous. You can get this idea that the world is very scary; let's cut back on travel...let's cut back on visas.

Microsoft Wants Longhorn Shots Pulled

Ed Oswald writes on BetaNews that:

"Microsoft began a surprising effort to remove any unofficial screenshots of its next-generation operating system, code-named Longhorn, Wednesday. The move raised questions as to whether or not the company is attempting to do damage control over increasing criticism of its latest preview build of the new version of Windows."

US Actress Sparks Controversy with 9/11 Comments

Via Reuters:

"A fan Web site dedicated to Maggie Gyllenhaal has shut down its bulletin board after the actress drew a storm of criticism for suggesting America was "responsible in some way" for the Sept. 11, 2001, attacks.

The actress, who starred in "Secretary" in 2002, made the comments last week at the Tribeca Film Festival while speaking about her new film, "The Great New Wonderful," which is about people living in the aftermath of the attacks in New York."

Group wants encryption bans overturned

Dan Ilett writes on C|Net News that:

"An international security consortium plans to push governments around the world to withdraw restrictions on the use of encryption.

Countries including China, Israel, Russia and Saudi Arabia have strict rules governing the use of encryption tools, and in some cases they have banned these tools."

U.S. Postal Service's Personalized PC Postage Program Returns

W. David Gardner writes over on Techweb.com that:

"The U.S. Postal Service's immensely popular PC photo and imaging stamps program is being re-launched in test mode, and this time it hopes its vendors can stop people from abusing the service.

Stamps.com, leading provider of last year's two-month test, is already taking orders for its PhotoStamps postage. The USPS advertised for request for proposals (RFPs) in Wednesday's Federal Register, but Stamps.com--already approved by the postal service to offer its online postage--jumped the same day, offering consumers the ability to turn their wedding pictures, baby pictures, and other images into postage."

U.S. Postal Service's Personalized PC Postage Program Returns

W. David Gardner writes over on Techweb.com that:

"The U.S. Postal Service's immensely popular PC photo and imaging stamps program is being re-launched in test mode, and this time it hopes its vendors can stop people from abusing the service.

Stamps.com, leading provider of last year's two-month test, is already taking orders for its PhotoStamps postage. The USPS advertised for request for proposals (RFPs) in Wednesday's Federal Register, but Stamps.com--already approved by the postal service to offer its online postage--jumped the same day, offering consumers the ability to turn their wedding pictures, baby pictures, and other images into postage."

Cisco Rolls Out Network Protection Appliance

This is an interesting development -- I'll have to read up on this one.

Cisco has announced an out-of-band appliance for its Clean Access network registration and network admission control solution providing vulnerability assessment and authentication integration.

The Cisco Clean Access Out-of-Band appliance is designed to automatically detect, isolate, and repair infected or vulnerable devices that attempt to log into the network. The device recognizes users and devices as they gain network access and determines whether they are compliant with security policies. If they are not, the appliance can isolate or repair noncompliant machines under the direction of the network administrator.

The appliance integrates with a switching infrastructure and implements Network Admission Control (NAC). A Cisco-sponsored initiative, NAC promises to use the network infrastructure to minimize the damage caused by viruses and worms by enforcing security compliance by all devices seeking to access network resourtces [sic]."

China announces 3 new TLDs

Via ICANN Watch:

ukryule writes "It seems the Chinese government has announced 3 new top level domains - using Chinese characters (seen via slashdot). The article is a bit sketchy on details, but it seems that it is based on existing IDN (punycode) technology, and is already widely deployed in China. The 3 new TLDs are ".公司", ".网络" & ".中国" (equivalent to .com, .net, .cn). Notable by it's abscence is any mention of ICANN ... it is unclear whether there been any discussion between the Chinese registry and ICANN, and how these new TLDs fit in with the existing root nameservers."

57% Evil, 43% Good

Huh?

I ran across this site earlier today, and it determined that fergdawg.blogspot.com is 57% evil, and 43% good.

This site is certified 57% EVIL by the GematriculatorThis site is certified 43% GOOD by the Gematriculator

Here's how:

"The Gematriculator is a service that uses the infallible methods of Gematria developed by Mr. Ivan Panin to determine how good or evil a web site or a text passage is.

Basically, Gematria is searching for different patterns through the text, such as the amount of words beginning with a vowel. If the amount of these matches is divisible by a certain number, such as 7 (which is said to be God's number), there is an incontestable argument that the Spirit of God is ever present in the text. Another important aspect in gematria are the numerical values of letters: A=1, B=2 ... I=9, J=10, K=20 and so on. The Gematriculator uses Finnish alphabet, in which Y is a vowel.

Experts consider the mathematical patterns in the text of the Holy Bible as God's watermark of authenticity. Thus, the Gematriculator provides only results that are absolutely correct."


Of course, the balance in the percentages will change as more words are added to the blog, so ....

Bangalore, still the outsourcing capital of the world

K.C. Krishnadas writes in the EETimes that while Bangalore is still the "Outsourcing Capital of the World," it's infrastructure is worrisome:

"Bangalore may be attracting attention for sagging infrastructure but the city's reputation as a location for software development is not under threat, yet.

Multinational companies are still pushing into the city, even though by general consensus, the city is getting less livable with each passing day. It is getting more congested, costly, dusty, commuting is getting more difficult, continuity of electrical power is still a problem and the roads are getting worse — not better — since an outcry against the authorities started."

XP SP2 downloads top 180 million

Iain Thomson, at InfoSec Europe, writes on vnunet.com that:

"Over 180 million computer users have downloaded Windows XP Service Pack 2 (SP2), and Microsoft said today at the InfoSec Europe event that it is working to make life more secure for those using non-XP systems."

You can say that again....

New Crop of Software Startups Growing Up

Let's just hope it's not "Déjà vu all over again."

John Palletto writes in eWeek that:

"In the years since the post-2000 IT recession and dot-com meltdown the software industry has been buffeted by business consolidation and job losses.

However, at the Software 2005 conference here [Santa Clara] Tuesday there were signs that a new generation of startup software companies is emerging with new ideas and products to replace at least some of the jobs lost through earlier business failures and mergers."

One-Third Of All Companies Wasting Money On Email Monitoring

Mike over at techdirt.com writes that:

"While studies have shown that spying on workers tends to make them less productive, that hasn't stopped approximately 1/3 of all US companies from employing email monitoring tools. 43% of those companies employ staff to check outgoing emails. This seems like quite a waste. While there are some times when it makes sense to monitor emails (or it's required by law), most of the time, this seems like a complete waste of money. Not only are you upsetting workers and decreasing productivity, the benefits are pretty hard to spot. The number of "problem" emails tends to be incredibly low. If someone really wants to send out inappropriate emails, they're going to figure out some other way to do so, such as via a free webmail account somewhere. Yet, the companies are buying up expensive tools and hiring staff to watch just in case they catch the one or two problematic emails that go over the corporate network."


A couple of good links in that post, too.

CNN on China: Young, angry ... and wired

CNN's Kristie LuStout writes that:

"On May 4 in 1919, students in Beijing launched a nationwide movement against imperialism and a government that had failed to stand up to the West and Japan."

"More than 80 years later, a new generation in China is flexing its nationalist muscle. Its members are still stoked by hostility toward Japan, but now they're powered by laptops and high-speed broadband."

"About 100 million people are wired to the Internet in China. More than half are male, and under the age of 25."

Netcraft making available phishing pheed

Over at Netcraft:

"Netcraft is now making available the list of phishing sites reported by the Toolbar community and validated by Netcraft as a continuously updated feed suitable for ISPs, hosting companies, enterprises, and other companies that operate mail servers and web proxies, or network monitoring systems."

Wireless Valley Maps RF Management

Living here in Austin, it's nice to be able to post some positive news about local tech. Jim Wagner writes on internetnews.com that:

"Site survey tool vendor Wireless Valley is launching a tool later this year to find out the true effectiveness of wireless deployments, officials said Wednesday."

"The RF Manager will be tied to the Austin, Texas-based company's software suite to provide real-time information on RF activity on the wireless network, evaluate bandwidth usage and report areas that aren't getting enough coverage, providing possible solutions to the problem."

Technology outlays fueling U.S. growth

Eve Tahmincioglu (The New York Times) is the author of an article in the International Herald Tribune that explains how:

"Small businesses are living up to their reputation as engines of economic growth in the United States, a new study shows."

"In a survey released on Wednesday by Hewlett-Packard, 81 percent of 399 small businesses polled last month said they planned to increase their technology spending by an average of 20 percent in the next two to three years, and 68 percent said they would do so over the coming year."

Internet Growing As Main Source Of News Among Online Adults

No big surprise here. Techweb News posted an article last night that reveals:

"The number of online adults who prefer the Internet as their main source of news has grown by over 35 percent in the last four years, at the expense of television and newspapers, a market research firm said Tuesday."

"Currently, more than 26 percent of online adults prefer the Internet for national and international news, compared with 19 percent in 2001, JupiterResearch, a division of Jupitermedia Corp., said."

EU Threatens Microsoft Over Windows

Hmmm. Two back-to-back posts this morning involving Europe...

Reuters reports this morning that the EU has pretty much issued Microsoft an ultimatum:

"BRUSSELS (Reuters) - The EU's executive told Microsoft CEO Steve Ballmer his company must comply urgently with its decision to stop abusing its virtual monopoly position of its Windows operating system or face action."

"'All I can say for the moment we are still not satisfied,' European Commission spokesman Jonathan Todd told a news briefing, referring to Microsoft's action to meet the Commission's demands. "

© Reuters 2005. All Rights Reserved.

Update: The BBC has an article about this, too.

Software models death row outcomes

In a rather interesting, yet bizarre, article in USA Today this morning, Susan Llewelyn Leach (The Christian Science Monitor) writes that:

"Convicts on death row can wait for years while appeals are filed and protests lodged. Many never get beyond this limbo. Others are executed."

"What determines the final outcome? That is the question two professors, one a criminologist, the other a computer scientist, asked as they took 28 years of data on prisoners facing the death sentence and fed it into a software program."

"What the software — known as an artificial neural network — managed to do was to predict with more than 90% accuracy who would be executed."

Can Europe Survive?

An interesting article in Red Herring (online version of the April 18, 2005, print issue) explains that:

"Europe gave the world Linux, GSM, and the web, but got little of the fortune and less of the glory. To get what it is due, some old world ways will have to change."

"Olli Martikainen, Bernhard Grill, and Stratis Avrameas don’t like to think about what might have been."

"Mr. Martikainen, a Finn, started developing a router—hardware that directs streams of data from one computer to another—back in 1982 at VTT, a research institute in Espoo, Finland. The Finnish companies financing the research, including Nokia, didn’t see the potential, so the project was dropped in 1986, shortly before an American startup called Cisco commercialized similar technology. Cisco went on to dominate basic corporate networking gear, with annual sales of more than $23 billion. Mr. Martikainen today works as a professor and researcher; his prototype gathers dust in a university display."

Tuesday, April 26, 2005

Blogger discrepancies.... Please stay tuned.

I've noticed that my XML atom feed sometimes gets funky -- at times there is the proper summary in the per-link feed, else times it appears that it does not (and wants to link directly to the individual article).

I'm not sure what the problem is here, but I will inquire with the the Blogger folks, as they have had a spot or two of application/server, etc., issues in the past week or so.

Thanks for bearing with me, and please stay tuned!

- ferg

Publisher banned from Apple stores

Well, everyone else and their brother is writing about this, so I guess I should at least mention it.

First off, however, I should mention that I have co-authored a book (and contributed to several others) for this publisher, John Wiley & Sons. And kudos to my esteemed coauthor, Geoff Huston, for his patience and effort -- he certainly has had more success, and perhaps less aggravation, working & writing on other projects (Thanks, Geoff!).

In any event, it sounds to me like a protracted, juvenile reaction by Apple to something their Public Relations droids found "objectionable" (I hate that word -- it allows the people of this planet to really show how stoopid they really are -- euphemisms are tearing this world apart), and yanked their support for it at their leisure. Scumbags.

Here's perhaps the best existing "real" news story about the situation, on CNN/Money.

Snails Edge Out ADSL

And now, something from the Lighter Side of the Networking Sciences:

Via /.

"Anomymous writes "Dear Sirs, Following our experiment last year, and after long preparations, we have successfully proved that certain gastropods called African giant snails can be faster then ADSL and ... pigeons. The system we have used, called SNAP (SNAil-based data transfer Protocol), uses biological carriers (snails), and, for the first time, taking advantages of the unique merits of the wheel for data transfer. More details can be found here."

Phishing for Credit

Figures. ~:-/

Via /.

"An anonymous reader writes "Two graduate students at Indiana University conducted a phishing study to determine how readily students will give up personal information if the phishing emails appear to come from close friends. Using only publicly available information, they sent out emails to students asking them to click a link that required username/password information. Needless to say, the study has generated lots of attention on campus. The student newspaper has the story and the researchers have created a blog where the participants can vent."

Security guru slams misuse of 'cyberterrorism'

Apparently, Dan Ilett has been quite busy reporting on Infosec Europe for C|Net News. This time, Dan reports that Bruce Schneier has, yet again, slammed the "establishment":

"An Internet security expert told conference attendees Tuesday to use the term 'cyberterrorism' properly--and played down the spread of government-sponsored hacking. Organizations are abusing the word by using it to fuel their budgets, Bruce Schneier said. Speaking at the Infosecurity Europe conference in London, the renowned author and cryptography expert called cyberterrorism a myth that has yet to become to a threat to human life."
Good for him. Amen, brother.

Spamhaus hits out at ISPs, praises Microsoft

Lots of stuff from Infosec Europe. Obviously. Dan Ilett writes in C|Net News that:

"The chief technology officer of anti-spam campaign group Spamhaus hit out at ISPs on Tuesday, accusing them of failing to protect their customers from malicious attacks. Meanwhile he had high praise for Microsoft's Windows XP Service Pack 2."

Rootkit Hunter Insecure Temporary File Creation Vulnerability

FrSIRT Advisory : FrSIRT/ADV-2005-0398

Rate: Low

"A local vulnerability was identified in Rootkit Hunter, which may be exploited by malicious users to conduct symlink attacks and potentially overwrite arbitrary files. The problem is that the 'check_update.sh' script creates several temporary files with predictable filenames, which may be exploited by a local attacker to overwrite arbitrary files with the privileges of the user running a vulnerable application."

Affected Versions:
Rootkit Hunter versions prior to 1.2.3-r1

Be careful when searching the web

Over on the F-Secure blog, Jusu posted an interesting snippet this morning which describes how Bad Things (tm) can happen when you accidentally mis-type a URL:

"We have been investigating an interesting case about what happens if you happen to mistype www.google.com. One variation (www. googkle .com) leads to a site that will start a huge chain of webpages with exploits in various formats. HTML, CHM, JS, VBS, EXE, JAR you name it. As an end result the poor mistypist will have seriously malware and spyware infected computer. So keep your browsers up to date and practice on your touch typing."
The F-Secure folks have a detailed description of this particular malware web page here.

Update: Apparently, Techweb.com picked up on this story, too. Read it here.

FCC Chief Wants 911 Service for Internet Phones

In a Reuters article by Jeremy Pelofsky (posted here on Yahoo! News), "Federal Communications Commission Chairman Kevin Martin said on Tuesday he would soon propose requiring Internet-based telephone providers to offer their customers emergency 911 dialing services."

Nixon and Rumsfeld caught on tape

Jennifer Guevin posts on C|Net's Missing Links Blog that:

"Another set of secret tapes have found their way to the Internet, but this batch has nothing to do with Paris, Britney or Ashlee. And although these tapes are "work safe," that doesn't mean they don't reveal dirty dealings. The Presidential Recordings Program at the University of Virginia has made available almost 5,000 hours of tapes recorded by six U.S. presidents from 1940 to 1973. They can be listened to for free at Whitehousetapes.org."

Sheet could shelter Wi-Fi from eavesdroppers

Gotta get me somma dat! Dan Ilet reveals, in C|Net News, some really cool laminate that thwarts WiFi snooping:

"Wireless hackers in the United Kingdom could soon face a new obstacle to stealing information. The British government has endorsed a transparent film that can block Wi-Fi transmissions and other wireless signals from traveling through windows. The film, called SpyGuard, can be laminated or fitted inside windows to prevent remote eavesdroppers penetrating rooms with infrared or Wi-Fi signals to steal information or access private networks."

Has tech employment turned a corner?

Ed Frauenheim writes in C|Net News that perhaps the tech sector job losses have hit rock bottom:

"That's the implication of a study released Tuesday by the American Electronics Association, which found that the country's high-tech industry shed 25,300 jobs in 2004, to 5.6 million. By comparison, 333,000 tech industry jobs were lost in 2003 and 612,000 in 2002, according to the trade group."
Well, let's hope so....

Microsoft to Beta MBSA 2, Student 2006

David Worthington writes in BetaNews that:

"Microsoft has issued beta invitations to testers for Baseline Security Analyzer 2.0 (MBSA 2.0) and Microsoft Student 2006. MBSA 2.0 is a free vulnerability assessment tool designed for IT professionals built with the Windows Update Services infrastructure. No specific areas of improvement for MBSA 2.0 has been released at this time. The beta will officially begin on May 16, 2005 and is expected to continue into July. A Microsoft spokesperson would not provide further details."

Juniper Buys Peribit, Redline For Traffic-Processing Smarts

Paul Kapustka writes in Advanced IP Pipeline that Cisco Systems isn't the only networking vendor who has been doing some shopping lately -- so has Juniper Networks:

"Juniper Networks on Tuesday announced plans to acquire Peribit Networks and Redline Networks, two startups in the emerging field of application acceleration technologies. The two purchases, which total about a half-billion dollars, give Juniper more weapons to compete against router kingpin Cisco Systems for enterprise IT customers. Wide-area optimization technology like Peribit's and application-acceleration hardware like Redline's are being used to speed performance of enterprise applications, especially when they are being accessed via remote connections. Overall, the application acceleration market was worth $1 billion in 2004, according to analysts at Gartner."
Nothing like a little competition to stir things up.

Netscape GIF Image Netscape Extension 2 Buffer Overflow

The folks over at Secunia have posted a "highly critical" vulnerability found in Netscape browsers, verison 6.x and 7.x:

"A vulnerability has been reported in Netscape, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability has been confirmed in version 7.2 and has also been reported in version 6.2.3. Other versions may also be affected."

Verizon to hand 911 access to VoIP operators

Ben Charny writes this afternoon on C|Net News that Verizon is opening up access to it's 911 plumbing to external VoIP network providers:

"In another sign of detente between traditional phone companies and upstart VoIP businesses, Verizon Communications, the largest of the Baby Bells, said it plans to open its 911 emergency calling infrastructure to providers of Net-based phoning. Verizon announced Tuesday that it would start making its 911 network in New York City available to all voice over Internet Protocol providers this summer. How well things go in the Big Apple will determine whether Verizon will open the rest of the emergency network, according to spokesman Mark Marchand."

GoDaddy.com Tops Registrar Ranking

Jim Wagner reports today on internetnews.com that:

"Domain name registrar GoDaddy.com is tops in the world, officials announced Tuesday. The new ranking comes from a recent report by analyst firm Name Intelligence and topples Network Solutions (NetSol) from the No. 1 spot it has held for years."

AOL Placed on Spam Blacklist

Via /.

"Hacker-X writes "According to this item over at Spam Kings, AOL has had a large swath of its IP addresses added to the Mail Abuse Prevention Systems (MAPS) Real-time Blackhole List (RBL). The RBL is used by many corporations and large ISPs to filter spam. MAPS evidently started blocking the AOL mail servers less than 24 hours after filing a complaint with AOL's abuse desk. The block was initiated in response to spam emanating from AOL mail servers."

Social Security Administration opened files after 9/11

In a startling admission, the U.S. Social Security Administration says that it made it's account files available to the FBI in their investigation of the 9/11 disaster:

"The Social Security Administration freely opened its files to the FBI and other police agencies after the attacks on Sept. 11, 2001. In a letter dated Sept. 13, 2001, SSA's general counsel signed off on the police agencies' request, saying the information should be released for 'investigations of the above terrorism acts.'"
Posted by Declan McCullagh to the C|Net Politics blog.

Whatever happened to machines that think?

I just read a pretty good article over lunch by Justin Mullins in the New Scientist entitled "Whatever happened to machines that think?" The article provides an overview of the current state of Artificial Intelligence development, as well as a pretty good historical timeline of AI development over the course of the past 70 years, beginning in 1936, when Alan Turing completed his paper "On computable numbers" which paved the way for artificial intelligence and modern computing. Worth a read.

The article begins with the definition of "The Sigularity" from Wikipedia, and then:

"CLEVER computers are everywhere. From robotic lawnmowers to intelligent lighting, washing machines and even car engines that self-diagnose faults, there's a silicon brain in just about every modern device you can think of. But can you honestly call any machine intelligent in a meaningful sense of the word?"