Friday, May 13, 2005

Blogger down again at 2pm PST today


Looks like the folks here at Blogger are taking the service down in a few minutes for some maintenance -- they say it should be back up by 14:45 PST.

- ferg

iPod to Connect with Xbox 360

Nate Mook writes over on BetaNews:

Microsoft may be battling the iPod on the front, but on the gaming side Redmond has embraced its Apple rival. The Xbox 360 will enable users to connect a portable music player, including an iPod, to the system and browse or play back music through the console's interface while watching 50 visualizations.

"We see the Xbox 360 as replacing your CD player in your entertainment center, but also as the best digital media amplifier available," said Xbox 360 product manager Barry Steinglass. "Your PC is a great place to manage your music, but it's not always the best place to enjoy it. With Xbox 360 you've got one central place to listen to all your music on the best sound system in the house."

TV download sites hit by lawsuits

The MPAA is apparently broadening their scope in their efforts to squash online piracy.


The movie industry has turned its legal campaign against net piracy to TV file-sharing sites.

Six BitTorrent sites hosting links to others with illegal copies of TV shows have been targeted in lawsuits by the Motion Picture Association of America.

It is a shift in focus for the MPAA. Since it started legal action against file-sharers in December, its targets have been film indexing sites.

Friday the 13th

It's one of my favorite days of the year, and wouldn't you know it -- I'm feeling a bit under the weather. I''ll be posting more to the blog as the day progresses, but I'm just waking up and wiping the cobwebs from my wind.

In the meantime, I leave you with today's installment of User Friendly.

Thursday, May 12, 2005

Wikipedia deletes 'Vole' as Microsoft term

Esther Tigre writes in The Inquirer:

AN UNHOLY ROW has blown up after online encylopaedia Wikipedia decided that the use of the term the Vole for Microsoft was simply unacceptable.

A battle royal has broken out at alt.wikipedia about the decision to delete the Vole as a valid term for Microsoft, with battles raging back and forth about use, coined first by the unholy INQ.

Tech expert admits to ID fraud

Via the Globe and Mail:

A U.S. man pleaded guilty to nine counts of federal identity fraud Tuesday, admitting he stole about $400,000 (U.S.) by obtaining credit card numbers through fake websites.

Daniel Defelippi, 23, a former Rochester Institute of Technology student who runs Compumasters, was arrested in December for trying to use a forged credit card to buy a laptop and pizza in Syracuse. That led federal authorities to search his business, where they found the computers used to build false websites.

Verizon's E-mail Blockade Leads To Lawsuits

John Gartner writes in Messaging Pipeline:

Verizon Communications' effort to limit the flood of spam by blocking foreign e-mails has resulted in multiple class-action lawsuits. Unhappy customers who initiated litigation say the company is being overzealous in protecting its network, while Verizon says it is acting on their behalf.

Verizon began blocking e-mails coming from IP addresses in Europe, Asia and elsewhere late last year because of increases in spam from those regions, according to the company. E-mails messages are sometimes returned to the sender as undeliverable, but the intended recipient is not notified. Verizon did publicly announce the e-mail embargo or otherwise alert customers.

Teamwork will beat the spammers

Mark Buchanon writes in New Scientist:

MORE than two-thirds of all email traffic is spam. But the problem could be reduced if our computers work together to control it.

Today's anti-spam software-filters block messages that have content such as advertising slogans or sexually explicit words that is similar to that of spam emails already received and identified. Therefore, they cannot pick up new spam messages that are unlike any received before.

But anti-spam programs would be vastly more powerful if they could pool information about spam, much as police in different places share tips on known criminals. So says computer scientist Vwani Roychowdhury of the University of California, Los Angeles, who together with Oscar Boykin of the University of Florida and other colleagues has now proposed a practical way of doing it.

EMC to roll out storage router

Deni Conner writes in Network World:

EMC next week is expected to unveil its much-anticipated storage router, a hardware and software package designed to optimize use of storage resources and ease the movement of data across heterogeneous environments.

Chicago bans hand-held cell phones for drivers

An AP newswire story on MSNBC reports:

Chicago officials voted Wednesday to ban drivers from using hand-held cell phones starting this summer and set fines of $50 and up for violators.

The City Council approved the ordinance without debating it, angering some aldermen who worried about suburban residents and visitors being targeted as they cross the city line from jurisdictions that don’t have bans.

Cisco Firewall Services Module TCP ACL Bypass Vulnerability


FrSIRT Advisory : FrSIRT/ADV-2005-0527
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-05-11

* Technical Description

A new vulnerability was identified in Cisco products, which may be exploited by attackers to bypass the security restrictions. The flaw resides in the Cisco Firewall Services Module (FWSM) when configured for exceptions in content filtering, which may be exploited by attackers to bypass access-list entries intended to explicitly filter inbound TCP packets.

* Affected Products *

Catalyst 6500 series switches
Cisco 7600 series routers

Congress seeks to head off U.S.-China 'standards wars'

George Leopold writes in EE Times:

Congress has jumped into the fray over whether technology standards are being used to erect trade barriers designed to protect emerging Asian industries.

Exhibit A: During a hearing this week (May 11) was China's attempt last year to establish a wireless standard known as the Wireless Authentication and Privacy Infrastructure. The WAPI security scheme would have required U.S. companies to manufacture two sets of chips, one for the Chinese market and another for the rest of the world.

China ultimately backed down under U.S. pressure, but one lawmaker predicted that "China will continue to attempt to use standards to favor Chinese manufacturers."

Vonage To Make 911 An 'Opt-Out' Option

Paul Kapustka writes in Advanced IP Pipeline:

Under fire for its lack of a comprehensive solution for emergency 911 services, Voice over IP leader Vonage Holdings Corp. said it will change its registration process to make 911 services an opt-out rather than an opt-in option.

Vonage chief executive Jeffrey Citron said the company would change its registration procedures to the opt-out format "sometime this summer," as part of an overall revamping of the company's 911 services implementations.

Vonage is currently facing lawsuits from several states over both the advertisment and implementation of its 911 services, which some states claim are misleading.

Scaring Up Paranormal Profits

This article caught my eye this morning.

Olga Kharif writes in BusniessWeek:

Interest in the spirit world and UFOs is growing, and entrepreneurs are making money from it by providing high-tech ghost-hunting gear.

To the right person, it would be downright eerie. Electronics equipment -- electromagnetic-field detectors, white-noise generators, infrared motion sensors -- jumping off store shelves for no apparent reason. Groups of otherwise sensible people paying good money to spend a night in a soon-to-be-closed movie theater. Folks on the Internet trolling for brass dowsing rods and crystals that ward off negativity. This is the lucrative business end of the paranormal.

Mozilla releases Firefox security update

Dawn Kawamoto writes over on C|Net News:

A security update for the Firefox open-source browser has been released by the Mozilla Foundation, a move that follows the public disclosure of exploit code for two "extremely critical" vulnerabilities.

Mozilla's Firefox 1.0.4, released Wednesday, addresses vulnerabilities that surfaced earlier this week. The update includes several security fixes, as well as a fix to DHTML errors that were encountered on some Web sites, according to a posting on Mozilla's Web site.

The update is designed to address the two flaws, which when combined could allow malicious attackers to engage in cross-site scripting and remote system access. Although the two vulnerabilities could be exploited, there were no known active exploits.

Security monitoring company Secunia had rated the flaws as "extremely critical."

Google buys social networking service

Margaret Kane writes over on C|Net News:

Google has acquired social networking service Dodgeball, as it continues its expansion beyond search. Dodgeball [has posted a] notice on its site, saying it was acquired Wednesday.

The note did not reveal financial details but did say that Dodgeball's two co-founders are "Google superfans."

Google spokesman David Krane confirmed the buyout Thursday, but did not give further details.

National ID Battle Continues

Kim Zetter writes in Wired News:

Legislation supporting a standardized national driver's license may have won unanimous approval in the Senate on Tuesday, but the bill's apparently smooth passage left some jagged edges in its wake.

The Real ID Act appeared in take-it-or-leave-it spending legislation, which effectively forced lawmakers to sign on to the whole measure even if they disagreed with a portion of it. Several Republican and Democrat senators who cast favorable votes for the bill simultaneously railed against the provision authorizing the new driver's license rules.

Survey: 43 Percent of Adults Get 'Phished'

Catherine Tsai (AP) reports (link here on Yahoo! News) that:

Next week Denver-based First Data Corp., one of the country's largest electronic financial transaction companies, plans to release survey results showing 43 percent of adults have received a phishing contact. Five percent of those adults gave up personal information.

The telephone survey of 2,000 people was conducted by Synovate and had a sampling error margin of 2.2 percentage points.

Wednesday, May 11, 2005

SBC opens up 911 networks to VoIP providers

Well, the folks over at Engadget have already summed it pretty good, so:

Following in the footsteps of Qwest, Verizon and BellSouth, SBC is the last of the telcos to finally get on the bandwagon and opening up its emergency 911 networks to VoIP providers. This issue has been brewing ever since Vonage got sued when a Texas teen was unable to reach the police after her parents had been shot by a thief. So now that all of the Baby Bells have learned to play nice together, FCC head honcho Kevin Martin won’t even have to come up with a plan. His plate sure has been freed up lately, eh?

Florida removes VoIP tax from books

Marguerite Reardon writes on C|Net News that:

Lawmakers in the Florida state Senate voted on the last day of the legislative session, Friday, to repeal a portion of the Substitute Communications Systems tax law. The tax could have been applied to companies that run their own VoIP networks as well as to commercial services from providers such as Vonage.

In March, a bill to remove the levy from the Florida tax code passed the State House of Representatives. But when the bill reached the state Senate, some senators changed the language from an outright repeal of the law to a moratorium, during which time the matter would be studied more carefully.

Opponents of the tax worked with legislators to push for the repeal.

Microsoft Helps Bust Mass. Spam Ring

To add to a story I posted about here earlier today(See: "Massachusetts continues crackdown on spammers") , Nate Mook over on BetaNews provides additional insight into this:

With the investigative help of Microsoft's Internet Safety Enforcement team, Massachusetts Attorney General Tom Reilly has filed a lawsuit against a spam ring accused of sending hundreds of millions of junk e-mails each month. Nine defendants were named in the lawsuit - seven individuals and two companies.

Microsoft says the seven spammers operated out of Russia and Boston, using domain names registered in Monaco, Australia and France and servers in China, Korea, Brazil and Taiwan.

Yahoo Low-Cost Music Service Hurts Rivals

Michael Liedtke (AP) reports on ABC Business News that:

Yahoo Inc.'s steeply discounted foray into online music subscriptions struck a sour note Wednesday with the shareholders of Napster Inc. and RealNetworks Inc. the owners of the rival services that stand to lose the most from the new competitive threat.

Napster's shares plunged $1.72, or 27.1 percent, to $4.63 during afternoon trading on the Nasdaq Stock Market, where RealNetworks' shares fell $1.56, or 21.4 percent, to $5.74.

Yahoo's entrance into music downloading business even hurt Apple Computer Inc., which runs the dominant online music store with more than 400 million songs sold since it opened two years ago.

Massachusetts continues crackdown on spammers

Joris Evers (IDG) writes on InfoWorld that:

In a continuing crackdown on senders of spam, the Attorney General of Massachusetts has sued seven individuals and two companies who allegedly formed a spam ring.

The group is allegedly responsible for sending hundreds of millions of unwanted, deceptive e-mail messages each month in violation of both U.S. federal and Massachusetts state law, Massachusetts Attorney General Tom Reilly said during a news conference in Boston on Wednesday.

Google ponders Blogger, Gmail integration

This is certainly good news, at least for me. :-)

Juan Carlos Perez (IDG) writes in InfoWorld that:

Google is contemplating various improvements to its popular Blogger Web logging service, including native image uploading and deeper integration with the company's Gmail Web-mail service, according to a Google executive.

Google is also considering the creation of an enterprise Blogger version, as well as letting users limit access to their blogs by creating private groups, said Biz Stone, Blogger senior specialist.

SiliconBeat: Google's mojo, revisited

A really great pointer over on SiliconBeat provides an interesting insight on Google's "Je ne sais quoi." --

VC Fred Wilson explains why he thinks Google has become the "The Starbucks of the Internet" --
Google has recently launched some very attractive web services like Google Local and Google Maps. Their SMS service is a killer app for cell phones. It seems like they are launching a new web service every week. It's so fast and furious that it is making my head spin.

But I don't understand how all of these new web services have anything to do with their core business of targeting advertising via search and contextual advertising.

British Airways in Major VoIP Deployment

Sean Michael Kerner writes on that:

Things may soon go a lot smoother at London's Heathrow Airport, thanks to a VoIP deal announced today between Cisco Systems and British Airways.

Cisco will deploy VoIP to over 14,000 British Airways staff, which will use 8,500 Cisco IP phones at its U.K. offices and airports. Financial terms of the deal were not disclosed, though Cisco in a statement noted that it was a "multi-million-pound IP telephony system."

National ID Card Draws Fire

An AP newswire article posted to Wired News this afternoon begins:

New driver's license rules tucked in a military spending bill will create national identification cards for Americans and stick state governments with the bill, Republican Sen. Lamar Alexander said Tuesday.

Alexander, a Tennessee Republican, joined Democrats and state officials in railing against the White House-backed driver's license rules and other immigration measures before the Senate approved the $82 billion spending bill 100-0. The House approved it last week.

My personal favorite quote from this article:

"If you think a trip to the division of motor vehicle is a bad experience today, wait until the Real ID takes effect." -- Sen. Dick Durbin, D-Ill.

Rogers buys Call-Net

Tavia Grant writes in the Globe and Mail that:

Rogers Communications Inc. said it plans to buy smaller rival Call-Net Enterprises Inc. for about $330-million in stock, a move that will allow Canada's largest wireless and cable TV company to enter the local phone market.

U.S. scientists create self-replicating robot

Uh oh.

Article excerpt via Reuters.

Self-replicating robots are no longer the stuff of science fiction.

Scientists at the Cornell University in Ithaca, New York have created small robots that can build copies of themselves.

Each robot consists of several 10-cm (4 inch) cubes which have identical machinery, electromagnets to attach and detach to each other and a computer program for replication. The robots can bend and pick up and stack the cubes.

Now, go read "How to Destroy the Earth". Enjoy.

BT to Pipe Customer Calls Through VoIP

Colin C. Haley writes on that:

BT will stick with its longtime telecom equipment vendor Nortel when it shifts its U.K. and Indian call centers to Voice over IP technology.

The London carrier will phase in Nortel Centrex IP ACD (Automatic Call Distribution) systems over the coming months. By year's end, more than 2,000 of BT's 10,000 customer service reps will be IP-enabled.

Alliance Asks Congress To Consider VoIP Vulnerabilities In Updated Telecom Act

Matthew Freidman writes in Networking Pipeline that:

The Cyber Security Industry Alliance (CSIA) has called on Congress to include security recommendations related to securing voice over IP (VoIP) technologies as it reviews the 1996 Telecommunications Act.

According to the CSIA, the pervasiveness of IP-based communication and networking technologies, particularly VoIP, has made the task of protecting security and integrity of the Internet a national priority. The report notes that voice applications over the Internet are vulnerable to many of the same threats as data traffic, including denial of service attacks, worms and viruses. Such threats, the CSIA says, could cripple the information technology dependent critical infrastructure, disable VoIP-based emergency systems and weaken the national response capability in the event of attack.

BBC eases rules on news feed use

Via The BBC.

The BBC has opened up its content more so that people can use news stories and headlines on their own sites via RSS.

Revised licence terms mean other sites can integrate RSS feeds from the BBC without offline contract negotiations, as was previously the case.

RSS stands for Really Simple Syndication. It is a way of keeping automatically aware of website updates.

BBC News and Sport have made their content available for online news reader programs via RSS since 2003.

But this relaxing of the licence means a much more open approach, according to the BBC News website editor, Pete Clifton.

DoD hacker jailed for 21 month

John Leyden writes in The Register that:

A US hacker convicted of infecting Department of Defense with a computer worm was last week sentenced to 21 months imprisonment.

Raymond Paul Steigerwalt, a 21 year-old Indiana resident and former member of the Thr34t Krew hacking group, was also ordered to pay $12,000 to the DoD in compensation for the damage he'd caused at a hearing before the US District Court in Alexandria.

Google puts brakes on Accelerator

Matt Loney writes over on C|Net News that:

Google has stopped allowing downloads of its Web Accelerator software, just days after it began offering the product.

Google cited capacity as the reason for putting the brake on downloads of Accelerator, which is designed to speed the delivery of Web pages. A message on the site said the company has reached its "maximum capacity of users and (we) are actively working to increase the number of users we can support."

Skype says 'Hello' to enterprises

Om Malik points out on his Blog the fact that:

Skype just announced that it is partnering with Fiberlink - a company that develops voice-data solutions for corporations. This is a pretty interesting move, because this actually gets Skype into the enterprise market without spending a dime.

Tokyo Tightens Cyber Defense After Protest

Aiko Hayashi writes in an AP newswire article on Yahoo! News that:

Japan has bolstered the defense of its computer systems in the face of a surge in cyber attacks believed linked to anti-Japanese sentiment in Asia, increasing staff and creating a new agency to coordinate its efforts.

Government officials are reluctant to publicly pin the attacks on Chinese and South Korean hackers because of the difficulty of identifying their source, but a surge in attacks coincided with violent anti-Japanese protests last month in China.

Senate approves electronic ID card bill

Declan McCullagh writes over on C|Net News that:

Last-minute attempts by online activists to halt an electronic ID card failed Tuesday when the U.S. Senate unanimously voted to impose a sweeping set of identification requirements on Americans.

The so-called Real ID Act now heads to President Bush, who is expected to sign the bill into law this month. Its backers, including the Bush administration, say it's needed to stop illegal immigrants from obtaining drivers' licenses.

Update: I really can appreciate how Mike over on referred to this travesty last night -- "Senators Vote Yes On Identity Theft!"

Also, it is worth mention again the article by Kim Zetter in Wired entitled "No Real Debate for Real ID" - ferg

Quarter of US men view porn at work

Iain Thomson writes over on that apparently, " look more often, women look more effectively" ...

Nearly a quarter of men view pornography in the workplace, according to a newly published poll by Harris Interactive.

Of the 500 people surveyed, just under a quarter of men admitted to looking at pornography at work, compared to 12 per cent of women. But only 17 per cent of men said that they 'intentionally' watched porn, compared to 11 per cent of women.

Google steps up fight for the China market

Via Reuters.

Web services leader Google Inc. has won a license to operate in China and has bought a Web address as it battles Yahoo Inc. in the world's second-largest Internet market.

The U.S. Web services giant, which makes its money from searches, advertising and other services, is hiring staff with the aim of opening an office in the country this year, according to several sources within or close to the company.

Microsoft forms Chinese joint venture for MSN

Scarlet Pruitt (IDG) writes in InfoWorld that:

Hoping to tap into one of the largest markets in the world for Internet and mobile phone services, Microsoft has formed a joint venture with a Chinese firm to launch MSN China and acquired assets of a local mobile software provider to offer MSN Mobile products and services in the country.

Microsoft has partnered with Shanghai Alliance Investment Ltd. (SAIL) to create the new Shanghai MSN Network Communications Technology Company, it said Wednesday. The joint venture plans to launch an MSN China portal in coming months, offering a range of content and services.

Move Over, Blue Screen of Death?

Mary Jo Foley writes in Microsoft Watch that:

Some Longhorn testers are seeing red. But never fear, Microsoft execs say: There will be no Red Screen of Death in the next version of Windows, due in 2006.

As if the dreaded "Blue Screen of Death" that plagues users of existing Windows variants weren't enough, some beta testers are reporting that they've encountered a new "Red Screen of Death" in early versions of Longhorn.

The first Red Screen of Death (RSOD) reports surfaced this past weekend on various Web logs, including one written by a Microsoft employee.

Tuesday, May 10, 2005

Information Leaks Too Fast for Microsoft

An AP newswire article on Yahoo! News reports that:

The difficulty of keeping secrets in the instantaneous age of the Internet and digital cameras should come as no surprise to the world's leading technology company, Microsoft Corp. But this week, the behemoth software maker apparently was caught off guard.

Microsoft intends to preview its new gaming console, dubbed Xbox 360, to the world on Thursday via an MTV special. The Redmond, Wash.-based company invited 200 people to attend the Los Angeles taping and asked them not to reveal what they saw until the show's broadcast.

UK Watchdog targeting workplace porn

The BBC reports that:

The UK's child porn watchdog has launched a campaign targeting people who download illegal images at work.

Recent legislation makes it easier for technology managers to report incidents such as staff downloading child porn.

But the Internet Watch Foundation said some managers feared finding themselves caught up in criminal proceedings.

New Microsoft Office release coming in 2006

Joris Evers (IDG) writes in InfoWorld that:

Microsoft plans to release a new version of its Office productivity software next year, company Chairman and Chief Software Architect Bill Gates said Tuesday.

Although many insiders had speculated that a new version of Office would come in 2006, Microsoftuntil Tuesday had not publicly confirmed when it would deliver the product. A 2006 release is in line with Microsoft's two- to three-year release schedules for Office. The last major version, Office 2003, arrived in late 2003.

Foundry Unveils High-End Switches

Paula Musich writes in eWeek that:

In one of its biggest product launches in the company's history, Foundry Networks Inc., of San Jose, Calif., introduced its next-generation 10 Gigabit Ethernet switch line at the Interop show here last week.

The launch might help Foundry leapfrog Force 10 Networks Inc. as the leader in high-end 10 Gigabit Ethernet switching while broadening Foundry's appeal outside the core of large backbone networks with new application and Web optimization switches.

Microsoft, Tata Extend Their Telecom Outsourcing Partnership

Via TechWeb.

Microsoft is advancing its outsourcing partnership with India-based Tata Consultancy Services (TCS) to extend Microsoft's Connected Services Framework (CSF) to additional international locations.

Microsoft Consulting Services unit has teamed up with TCS to deliver an integrated IT solution to BT (British Telecom) Retail that the providers view as a model for the outsourcing offerings it plans to offer globally, Microsoft said.

Politicians jump on fiber-to-the-home bandwagon


Several politicians used the announcement of a new market study on the exploding fiber-to-the-home market Tuesday (May 10) to harp on the need to upgrade the nation's broadband infrastructure.

The study, designated U.S. Optical Fiber Communities, was authored by market researcher Michael Render. It notes that fiber-to-the-home installations have grown 83 percent since October 2004, reaching 398 communities in 43 states.

The study was presented at a Capitol Hill press conference hosted by Senators Charles Schumer (D-NY) and Gordon Smith (R-OR). Both gave resounding verbal plugs for advanced broadband technology, but stopped short of saying whether the government would step in to advance the fiber-to-the-home movement.

MasterCard Shuts Down 1,400 Phishing Sites

Steven Martin writes in InformationWeek that:

MasterCard International Inc. said Tuesday that it has shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID-theft-prevention program in June. The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised.

Under the program, called Stop It, MasterCard is collaborating with digital-asset-protection company NameProtect Inc. to detect online scams in real time as they proliferate across the Internet. NameProtect employs Internet detection technology and systems to continuously monitor domain names, Web pages, online discussions, spam E-mail, and other online formats to identify online trading rings, phishing attacks, and other forms of fraud the moment each attack is launched online.

Moscow To Get Citywide Pre-WiMAX Service

Via Mobile Pipeline.

Pre-WiMAX wireless broadband service aimed at enterprises will be installed to cover Moscow, the vendors involved in the project said Tuesday.

The network will be installed by Infoseti, a wireless ISP and will use pre-WiMAX equipment provided by Aperto Networks, the companies said in a statement.

It waits for no man....

Time waits for no man.

Thanks, GMSV!

Freeman Wins Rights to Name in Cyberspace

An AP newswire article posted to Yahoo! News reports that:

Academy Award-winning actor Morgan Freeman won control of the Internet domain name in a ruling issued Thursday by a United Nations panel.

Arbitrators for the World Intellectual Property Organization ordered the transfer of the domain name to the American actor, who had complained that it was being used in bad faith to divert Internet traffic to a commercial search engine.

Two hundred digit number factored

Via WikiNews:

The two unique prime factors of a 200-digit number have been discovered by researchers at Bonn University (Germany) and the CWI (Netherlands) who had been working on factoring the number since Christmas 2003. The number is the largest integer yet factored with a general purpose algorithm.

The number, named RSA-200, was one of a series of such numbers issued as a challenge by security company RSA security in March 1991 in order to track the real-world difficulty of factoring such numbers, used in the public-key encryption algorithm RSA. RSA-200 beats the previous record number 11281+1 (176 digits, factored on May 2nd, 2005), and RSA-576 (174 digits, factored on December 3rd, 2003).

FBI confirms Swedish youth charged with hacking Cisco, NASA

Via CNN:

The FBI confirmed Tuesday the accuracy of a New York Times report that software on routers, computers that control the Internet, were compromised last year by a hacker who claimed that he had infiltrated systems serving U.S. military installations, research laboratories, and NASA.

The Times reported, and the FBI confirmed, that the focus of the investigation is a youth in Uppsala, Sweden, who has been charged as a juvenile.

Entire article can be found here.

Critical Security Flaw Fixed in New iTunes

Ed Oswald writes over on BetaNews that:

Security firm Secunia on Tuesday urged Apple iTunes users to upgrade to version 4.8 of the software in order to avoid a recently discovered security flaw, which it has listed as "highly critical." The hole is created by causing a buffer overflow via a specifically crafted MPEG4 file. If the exploit is successful, a user's system could be compromised to run malicious code and cause a denial-of-service attack.

Navy cyber cafes help keep many in touch

An AP newswire article on MSNBC reports that:

Since the Navy began setting up "Internet cafes" for soldiers overseas to keep in touch with their loved ones, almost 200 of the high-tech tents have sprung up in war zones.

Two years ago, civilians working for the Navy started the $20 million program to set up communications systems — basically tents with 20 laptop computers and eight telephones — as a morale boost for Army soldiers stationed in Iraq.

Now there are 183 of the sites in Iraq, four in Afghanistan and even two aboard oil platforms in the Persian Gulf that are manned by the U.S. military, said project manager and retired Marine Steve Rhorer.

You can read the remainder of the article here.

Feds seek bids for massive telecom buy

Carolyn Duffy Marsan writes in Network World that:

The U.S. government is now seeking bids on a 10-year, $20 billion telecommunications services buy that is believed to be the largest pending network deal in the world, and carriers say they’re ready to respond.

The Networx program will provide legacy and leading-edge voice, data and video services to all U.S. federal agencies. Most major U.S. telecom carriers - AT&T, MCI, SBC, Sprint, Qwest and Verizon - are planning to bid on it.

Power outage downs eBay

Steven Musil writes on the C|Net "Missing Links" Blog that:

eBay users looking to buy or sell on the online auction giant were met instead with varying degrees of inaccessibility, an issue the site blamed on a power outage. A little after 9 p.m. Pacific, individual auction pages were unavailable, and soon the site's main page was inaccessible.

Wired News Releases Source Review

This follows the mention yesterday of Michelle Delio, a freelance journalist who has been a long-time contributor to Wired News, being accused of fabricating sources in some articles that she submitted for publication.

Late yesterday, Wired released a statement on their web site that states, in part:

MIT Technology Review Online on March 21 retracted two stories written in whole or in part by Michelle Delio, citing the publication's inability to confirm a source. On April 4, InfoWorld edited four articles by Delio to remove anonymous quotes.

Wired News has published more than 700 news stories written by Delio (under the names Michelle Delio and Michelle Finley) since 2000. In April, we assigned journalism professor and Wired News columnist Adam Penenberg to review recent articles written by Delio for Wired News.

Penenberg and his staff of graduate students at New York University reviewed 160 articles, largely from 2004, but some earlier stories were also checked.

Penenberg provided Wired News with a list of 24 stories that contained sources he could not confirm (links are included at the end of this story). Penenberg's report to Wired News can be downloaded here (PDF).

Delio, in communications with Penenberg and Wired News, stands by her reporting and the existence and accuracy of her sources. Most of Delio's sources were in fact located and confirmed by Penenberg.

The unconfirmed sources affect the content of these stories to varying degrees. For example, the Florida network tax story contains only one quote from a source Penenberg could not confirm, but the quote does not materially affect the rest of the story.

You can read about this in more detail here.

Networks Solutions Becomes SSL Certificate Authority

Via Netcraft.

Network Solutions has entered the SSL certificate market, continuing an expansion beyond its core domain name products. By becoming a certificate authority, NetSol will now compete against its former owner VeriSign, currently the largest seller of SSL certificates. VeriSign owned Network Solutions from 2000 until 2003, when it was sold to a prviate investment firm, Pivotal Private Equity. Network Solutions manages more than 6.5 million domain names, and recently expanded its web hosting business.

Meet The CIA's Venture Capitalist

Via BusinessWeek Online.

In 1999, Gilman Louie had what he thought was his dream job. He was the chief creative officer at Hasbro Toys. Remember the job Tom Hanks's character had in the movie Big? That was Louie. "I didn't think it could get more exciting," he says.

Then the Central Intelligence Agency came calling. The mission Louie eventually chose to accept was to head the agency's venture-capital arm, dubbed In-Q-Tel.

Read the remainder of this article here.

Anti-Japanese Hostilities Move to the Internet

Anthony Faiola (Washington Post Foreign Service) writes:

In the fortified control room of a major Internet security firm, a beleaguered team of experts slouched in front of glowing computer screens, tracking overseas hackers through billions of lines of data. They glanced up periodically at an electronic world map on the wall where, every few seconds, red lines lit up, revealing a new cyber-war aimed at Tokyo.

Over the past several months, a series of attacks believed to have originated in China and South Korea have hit dozens of key public and private Web sites hosted in Japan. Authorities describe it as the heaviest assault ever perpetrated on the nation's computer systems from overseas.

Homeland Security Information Network Criticized

An AP newswire report by Laura Jakes Jordan in the Washington Post reveals that:

A Department of Homeland Security network that shares classified information with intelligence and law enforcement agencies was put together too quickly to ensure it can protect the information, according to the department's acting inspector general.

In response, a department spokesman said yesterday that the Homeland Secure Data Network was still in its fledgling stages but met all security standards before it went online late last month.

In a new report, the acting inspector general, Richard L. Skinner, said the department could not show that the network's security standards and policies were in place. The network, described in one Homeland Security document as "a new DHS backbone," was set up to share secret information with as many as 600 federal, state and local agencies.

No Real Debate for Real ID

Kim Zetter writes over on Wired News that:

Hundreds of civil liberties groups, immigrant support groups and government associations oppose the Real ID Act, a piece of legislation that critics say would produce a de facto national ID card, cost states millions of dollars and punish undocumented immigrants.

Yet despite widespread opposition to the bill, it passed through the House last week and is expected to easily pass through the Senate on Tuesday.

One more pointer to

Internet Attack Called Broad and Long Lasting by Investigators

John Markoff and Lowell Bergman write in the NY Times that:

The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet.

Now federal officials and computer security investigators have acknowledged that the Cisco break-in last year was only part of a more extensive operation - involving a single intruder or a small band, apparently based in Europe - in which thousands of computer systems were similarly penetrated.

Investigators in the United States and Europe say they have spent almost a year pursuing the case involving attacks on computer systems serving the American military, NASA and research laboratories.

Read the entire article here.

Monday, May 09, 2005

The Importance of Address Allocation Policies

My old pal, Geoff Huston, does a great job of discussing the important issues involved in IP address allocation policy -- specifically, the ITU-T proposal put forth for allocating IPv6 addresses to national registries.

An excerpt of Geoff's article:

When does an experiment in networking technology become a public utility? Does it happen on a single date, or is it a more gradual process of incremental change? And at what point do you change that way in which resources are managed to admit a broader of public interests? And how are such interests to be expressed in the context of the network itself, in terms of the players, their motivation and the level of common interest in one network? While many may be of the view that this has already happened some years ago in the case of the Internet, when you take a global perspective many parts of the world are only recently coming to appreciate the significant role of the Internet in the broader context of enablers of national wealth.

I'd like to take one example here to illustrate the forms of issues that arise when public policy considerations of a national nature are added into a resource management debate.

Read the entire article over at CircleID.

Trojan Targets AIM

Via TechWeb News:

A Trojan continued to spread Monday among America Online instant messaging clients, and installs its backdoor on the infected PC when trusting users click on a link within the line "Check out this" or "i thought youd wanna see this" from a buddy on their AIM contact list.

Dubbed "Oscarbot" by McAfee and "Doyorg" by Symantec, the Trojan doesn't spread automatically when users download and run the file linked in the instant message. Instead, it opens a port and listens for instructions on IRC (Internet Relay Channel); the attacker must specifically order each infected machine to start spreading.

Online reporting witchhunt?

Well, given the protective nature of the news business, I suppose we'll start to see more and more online journalists' (and bloggers) credibility being called into question. Is this just a fashionable manuever by existing news operations to protect their turf, and discredit any non-traditional means of news reporting? The "Not Invented Here" Syndrome?

Ted Bridis of the Associated Press writes in an article which appears on Yahoo! News that:

An investigation over the sourcing and accuracy of news stories by a freelance journalist at a leading Internet news site concluded that the existence of dozens of people quoted in the articles could not be confirmed.

Wired News, which publishes some articles from Wired magazine, paid for the review of stories by one of its frequent contributors, Michelle Delio, 37, of New York City. It was expected to disclose results late Monday.

Apache to Create Open Source Java

David Worthington reports on BetaNews that:

In the absence of an offering from Sun, the Apache Foundation will begin a project to create open source Java for desktop computers called "Project Harmony." Citing broad community interest, the project will create a version of the Java 2, Standard Edition (J2SE) runtime platform that is compatible with Sun's Java.

The project is possible because Sun changed the licensing rules for J2SE 5.0 and liberalized the Java Community Process.

Start-up on track to fill gaps in GPS

Donald Melanson writes over on engadget that we should be afraid:

This sounds a bit too much like something out of Videodrome for our comfort, but a Redwood City-based tech start-up called Rosum has found a way to track individuals using television signals, reaching places even GPS can’t (like inside buildings). And as if the prospect of someone being able to know exactly how long you’ve been in the bathroom isn’t enough to scare you, Q-Tel, the investment arm of the Central Intelligence Agency, is one of the investors in the company. The first device using Rosum’s technology is currently in the prototype stage and the company expects commercial navigation products using the technology to start showing up next year.

The referenced article can be found in its entirety here.

Apple's Dashboard Hacked

Via NewsFactor Technology News:

A developer has demonstrated a Dashboard exploit in Mac OS X 10.4 "Tiger" that a malicious Web site owner could use to install Widgets you might not want on your Mac.

Writing under the name of, the developer said that a combination of lack of Apple's documentation for removing Widgets, Safari's download controls, and a Widget feature all make it possible for the bad guys to use Dashboard to take you to any Web site of their choosing, hijacking Dashboard for their nefarious purposes.

MCI To Pay $100 M In Worldcom Taxes

An AP newswire story on Advanced IP Pipeline reveals that:

MCI Inc. will pay $100 million in cash to cover back taxes that its predecessor WorldCom Inc. owed Mississippi, state Attorney General Jim Hood announced Monday.

The telecommunications company also will turn over WorldCom's former headquarters building in downtown Jackson to the state as part of the settlement, Hood said. The building has not been appraised, he said.

WorldCom collapsed in 2002 amid revelations of an $11 billion accounting fraud to inflate earnings and hide expenses.

Vulnerability Issues with IPsec Configurations

The UK National Infrastructure Security Co-ordination Centre (NISCC) has issued an alert for IPSec implementations.

What is affected?
Potentially any configuration of IPsec that uses Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol. Some configurations using AH to provide integrity protection are also vulnerable.

If exploited, it is possible for an active attacker to obtain the plaintext version of the IPsec- protected communications using only moderate effort.

This is rated as high.

NTT DoCoMo Plans U.S. VC Arm

Red Herring reports that:

Japanese mobile carrier NTT DoCoMo announced Monday it will launch a second U.S.-based venture capital firm on July 1.

The wholly owned subsidiary, called DoCoMo Capital, will be based in San Jose, California, and will invest primarily in U.S.-based mobile technology companies and venture funds.

Commutes just get longer, transportation survey finds

This is not directly related to tech, but then again, perhaps it is. As this study indicates -- and each year, the same studies concerning traffic congestion seem to show the same trends -- it just gets worse every year. So it makes one wonder -- why isn't the concept of telecommuting being embraced by more employers? It would lower the amount of stress induced by the frustrations of getting back and forth to work everyday, so why aren't more employers warming up to the idea?

As reported on MSNBC, an AP newswire story reports that:

If getting stuck in traffic makes you want to roll down your car window and scream, a new national survey released Monday has bad news: Gridlock is getting worse.

Congestion delayed travelers 79 million more hours and wasted 69 million more gallons of fuel in 2003 than in 2002, the Texas Transportation Institute’s 2005 Urban Mobility Report said.

Real ID: You Can Still Fight It

Via /.

Posted by Hemos on Monday May 09, @12:13PM
from the fight-the-man dept.
toupsz writes "Bill Scannell has created a website where anyone and everyone can fax their senators regarding the Real ID Act. Note that the act is up for vote on Tuesday, May 10th! All those against the Act might want to go to Bill's site: Thanks, Cory from BoingBoing!"

Broadcasters and movie studios look to Congress to save the broadcast flag

Peter Rojas writes over on engadget that:

A federal appeals court may have struck down the broadcast flag this past Friday (check out Demystifying the Broadcast Flag for some background on all this), but you don’t seriously think a little something like a court decision is going to stop the alliance of broadcasters and movie studios that pushed the FCC into adopting the rule in the first place, do you?

Registrars' Push Into Hosting Yields Strong Growth

Netcraft reports that:

Domain registrars' expansion into web hosting has yielded strong results, as large registrars have been among the best performers thus far in 2005, according to our Hosting Provider Switching Analysis. The strong growth for registrars reinforces the importance of domain names as a gateway to other web services, and has prompted hosting companies to feature domains more prominently in their business models.

Spycam Force

Noah Shachtman writes in Wired:

Chicago's two-fisted street cops have a new kind of backup: a point-and-click surveillance network tied to a citywide crime-fighting database.

On a warm afternoon on Chicago's West Side, a young African-American man leans against the wall of the One Stop Food and Liquor store at the corner of Chicago Avenue and Homan Street. His puffy black jacket is so oversize that the collar hangs halfway down his back. Thirty feet up, a camera mounted on a telephone poll swivels toward him.

Three miles away, in a bunkerlike, red granite building near Greektown, Ron Huberman watches the young man on a PC screen. "You see that guy?" asks Huberman, the 33-year-old chief of Chicago's Office of Emergency Management and Communications. "He's pitching dope - you can tell. Fucker."

Spyware Goes Legit?

Well, of course not.

But Robert MacMillan writes in the Washington Post online that:

Several high-profile businesses got some free advertising on the Los Angeles Times Web site today, but it's not the kind of exposure they're looking for. Times writer Joseph Menn reported that Mercedes-Benz USA and Yahoo, which build the kinds of engines we like in our garages and for our computers, have relied on spyware to get their brands in front of Internet users. And they're not the only ones.

City, state cell phone taxes on the rise

Dennis Cauchon writes in USA Today that:

Cell phone users are being hit by new taxes as state and local governments scramble to replace declining tax revenue from traditional phones.

The new charges are adding $2 to $10 or more a month to cell phone bills on top of existing federal and state taxes and fees for emergency 911 communications.

419's seek project manager

Lester Haines gives us the DL over on The Register:

The Lads from Lagos have been a bit quiet of late, which led us to suspect that they may have all gone and got proper jobs which do not involve attempting to part fools from their hard-earned cash with promises of riches beyond the wildest dreams of avarice.

But no, mercifully for those of us who like our scams with a Nigerian 419 flavour, the Boys from Abuja continue to eschew traditional employment in favour of fleecing hapless punters. Here's the latest line of attack: post highly attractive job ad on and wait for eager jobseekers to submit their applications.

In-flight Internet to launch over the Pacific

Paul Kallender (IDG) writes in InfoWorld that:

Japan Airlines (JAL) will Tuesday start offering The Boeing Co.'s in-flight Internet service on flights between Tokyo and New York, the first time the service will be available for transpacific travel, the airline said on Monday

The Connexion by Boeing service will be initially available on alternate days on flights JL005/JL006, with the service becoming available daily by the end of June, according to Geoffrey Tudor, a spokesman for the airline.

Iowa State Opens Security Testing Lab

Martin J. Garvey writes in InformationWeek that:

The U.S. Department of Justice is funding a lab at the university to let businesses and others conduct security tests on simulated IT environments.

As more companies keep their IT infrastructure running around the clock, it can be hard to find time to back up data, check out software patches, and conduct tests for security vulnerabilities. Iowa State University on Monday unveiled a federally funded test lab that's under development to help companies check the security of their IT systems without causing downtime.

Consultancy to upgrade Iridium network's terminals

John Walko writes in the EETimes that:

Cambridge Consultants has been awarded a contract to develop the necessary RF hardware and software to increase the functionality of handsets for users of the Iridium satellite based voice and data communications network.

The design consultancy, headquartered in Cambridge, England, has assembled a multi-disciplinary engineering team with expertise in satellite communications to work on what it says is a 'multi-million dollar' program.

The focus will be on moving much of the radio functionality into the digital domain using advanced digital signal processing (DSP) techniques. This will provide Iridium with greater performance and flexibility.

In-depth investigation of the "Cabir-in-Cars" myth

The guys over at F-Secure have been busy:

Couple of months ago there were rumours floating around that Bluetooth viruses could infect the on-board computers of some Lexus cars, or at least cause some visible effects on them.

In February we published an official statement from Toyota that Lexus does not use Symbian OS, and thus cannot be infected by any of the Cabir variants.

However a mobile worm infecting a car is a thought that one cannot let go easily, and even as we knew that the car cannot be infected, this was something that just had to be tested for real.

So we got a Toyota Prius to test out the myth. Credit has to be given to Toyota for trusting their systems enough to actually lend the car for us for such testing.

Vonage says sees no pressure from cable telephony

Via Reuters:

Internet telephone company Vonage Holdings Corp. on Monday said it had reached 650,000 lines and had seen no pressure so far from cable companies launching their own telephone services.

Privately held Vonage raised $200 million in funding last week, bringing the total venture capital raised by Vonage to $408 million.

Singaporean shuts blog after libel threat

Geert De Clercq writes for Reuters that:

A Singapore student said on Monday he has shut down his blog and apologized unreservedly after a government agency threatened to sue for defamation. Chen Jiahao, a 23-year-old graduate student in the United States, told Reuters he closed down his personal Web site after A*STAR, a Singapore government agency focusing on science and research, threatened legal action for what the agency said were untrue and serious accusations.

PGP announces complete hard drive encryption

Declan McCullagh writes on the C|Net Security Blog that:

PGP Corporation on Monday announced a new way for Windows users to encrypt their entire hard drives.

Previous versions of the company's popular encryption software could only scramble chunks of a hard drive -- basically, large files that are mounted as virtual drives after you type in the correct passphrase.

Now Windows XP users can buy what the company is calling "PGP Whole Disk encryption," which is a cleaner way to preserve the confidentiality of data on, say, an external hard drive. Alas, OS X users are out of luck for now, PGP's Stephan Somogyi says, because of the way Apple handles additional volumes in OS X.

Telling the Truth about Installation Tactics

Ben Edelman writes over his blog about the installation tactics of spyware: Does Claria Target Kids? Take Two...; Ask Jeeves' Problems: Non-consensual Installations, Semi-consensual Installations;180solutions Continues to Become Installed Without Any Consent At All; and Direct Revenue Commission Skimming.