Saturday, June 25, 2005

IRS audits its database for breaches

A Reuters newswire report on CNN/Money reveals that:

The Internal Revenue Service is investigating whether unauthorized people gained access to sensitive taxpayer and bank account information but has not yet exposed any privacy breaches, officials said Friday.

The tax agency -- whose databases include suspicious activity reports from banks about possible terrorist or criminal transactions -- launched the probe after the Government Accountability Office said in April the IRS "routinely permitted excessive access" to the computer files.

The GAO team was able to tap into the data without authorization and gleaned information such as bank account holders' names, Social Security numbers, transaction values, and any suspected terrorist activity. It said the data was at serious risk of disclosure, modification or destruction.

Little Agreement on Spyware Guidelines

An AP newswire article by Anick Jesdanun via Yahoo! News:

Many anti-spyware programs scour computer hard drives for those data-tracking files called cookies that we often get from Web visits. Microsoft Corp.'s tool does not. And there are disputes aplenty about whether certain widely used advertising programs circulating on the Internet are clean of spyware.

No surprise, then, that there's little agreement on what should be considered spyware, and what adware is exactly. Or on whether adware, which delivers ads, is a form of spyware or a breed apart.

Consumers are confounded. Is their computer-cleaning overzealous or not thorough enough? Are they removing useful programs with the dreck?

No less vexed are makers of anti-spyware software. They're beset by legal headaches, constantly challenged for what their products define and target as malware.

Friday, June 24, 2005

Windows Exploit Released, But Experts Downplay Danger

Ryan Naraine writes in eWeek:

Amid conflicting reports on the extent of sniffing activity on TCP/IP Port 445, the port associated with a recently patched Windows vulnerability, security experts are warning that exploit code targeting a known Server Message Block flaw has been posted on the Internet.

The exploit code, published on the FrSIRT (French Security Incident Response Team) Web site, could be used to target the "critical" vulnerability addressed in Microsoft Corp.'s
MS05-011 bulletin.

That bulletin, which was released in February with patches for affected Windows 2000, Windows XP and Windows Server 2003 systems, corrects a weakness in Microsoft's SMB protocol implementation but it is entirely separate from the SMB (Server Message Block) fixes dropped off on Patch Day this month.

Earlier this week, researchers at Symantec Corp.'s DeepSight Network warned that a noticeable surge in scans on Port 445 just one week after Microsoft's SMB patch was an ominous sign that a mass code execution attack may be imminent.

RIM Offers Few BlackBerry Outage Details

An AP newswire article by Bruce Myerson, via Yahoo! News, reveals that:

Research In Motion Ltd. is offering few details about two major outages in a week with its popular BlackBerry service, which delivers e-mail to wireless devices that many of users affectionately call CrackBerries.

RIM, which makes the pioneering mobile devices and provides the e-mail service over cellular networks, attributed a June 17 outage lasting nearly four hours to a software upgrade "that did not operate consistent with prior testing."

The Canadian company said a second North American outage on Wednesday was the result of an unrelated "hardware failure." A RIM statement said a "back-up system functioned with lower capacity than expected and the lower capacity then caused latency in message delivery for some customers."

RIM declined to elaborate on the number of customers affected or the nature of the software and hardware involved in the two incidents. The company also seemed to dispute the magnitude and length of last week's disruption.

Major Advertisers Caught in Spyware Net

An AP newswire article by Michael Gormley, via Yahoo! News:

Unwanted software slithered into Patti McMann's home computer over the Internet and unleashed an annoying barrage of pop-up ads that sometimes flashed on her screen faster than she could close them.

Annoying, for sure. But the last straw came a year ago when the pop-ups began plugging such household names as J.C. Penney Co. and Capital One Financial Corp., companies McMann expected to know better.

Didn't they realize that trying to reach people through spyware and its ad-delivering subset, called adware, would only alienate them?

Patches issued for critical RealPlayer flaws

Robert McMillan (IDG News Service) writes in InfoWorld:

RealNetworks has issued patches to four vulnerabiliites in its RealPlayer media software, some of which could allow an attacker to run unauthorized code on the user's computer.

The most serious of the bugs, which affects RealPlayers on the Windows, Macintosh and Linux operating systems, takes advantage of a bug in the RealText file format that is used in SMIL (Synchronized Multimedia Integration Language) files, according to Michael Sutton, director of iDefense's labs. "This is something that somebody could be vulnerable to without really taking much action. They could double click on a file, or go to a URL that somebody sent them in an mail."

Sutton has not yet seen anyone publicly release software that could take advantage of any of the four bugs, but researchers at iDefense labs in Reston, Va., have privately developed code that exploits the RealText vulnerability.

Update: U.K. seeks Interpol's help in data-theft scandal

An AP newswire article on MSNBC reports:

British police sought help from Interpol on Friday, after a newspaper reported that one of its undercover reporters bought personal data on 1,000 British customers from an Indian call center employee.

Karan Bahree, an employee at Infinity eSearch, a web designing company in Gurgaon, a New Delhi suburb that has become a hub of outsourcing companies, did not report to work Friday but denied any wrongdoing.

Bahree "says he is innocent ... he told us that he was only trying to make a presentation to someone," said Deepak Masih, lawyer for Infinity eSearch. The company said it had nothing to do with the scandal, and that it had given Bahree, on probation for three months in the company, until Friday evening to formally explain his role.

John Ribeiro (IDG News Service) writes in InfoWorld:

Karan Bahree, who allegedly sold information on U.K. bank accounts to a reporter from The Sun, remained at large a day after a news story appeared about him in the London tabloid.

The Sun reported Thursday that Bahree sold a reporter operating undercover information on 1,000 bank accounts. Bahree reportedly obtained the data from contacts at call centers in Delhi, where the information was sold. The Sun in its online edition, however, gave the name of the seller as Kkaran Bahree.

Police in Delhi say that they cannot make an arrest unless there is a formal complaint from either the call-center companies in India from where the information was allegedly stolen or from the affected banks or customers in the U.K. "As soon as we get a complaint, we will arrest him," said a police official on condition of anonymity. Police are conducting their own investigations, he added.

India demanding 195,000 H-1Bs?

Ed Frauenheim writes in the C|Net News Workplace Blog:

According to a report today in The Economic Times, India's government has made a proposal to the World Trade Organization demanding that the United States' annual cap for H-1B visas be raised sharply, to 195,000.

Currently, the annual ceiling for the guest worker visas is 65,000, along with an additional 20,000 visas reserved for foreigners with advanced degrees from a U.S. institution.

If the story in the Indian press is true, the move likely would be welcomed by U.S. employers who have pushed for more visas, but criticized by labor groups already wary of the guest worker permits.

H-1B visas, which allow skilled foreigners to work in the United States for up to six years, have long been a point of debate in the tech industry. Microsoft Chairman Bill Gates stirred up the pot recently by calling for the elimination of H-1B visa caps.

From The Economic Times story: "In the ongoing WTO talks, India has made enhancement of the H1B quota as a key bargaining chip for offering concessions on market access for industrial products and farm goods, highly-placed government officials said."

New Phishing Attacks Eliminate Need for Target Web Site

Via Netcraft.

New phishing attacks with data collection forms embedded directly in the electronic mails received by victims are inducing victims to send their financial details directly to the phishers via mail rather than through a specially constructed web site mimicking that of the financial institution.

The HTML emails masquerade as a security check on a PayPal account, with the subject "Validate Your Informations by Email" (sic). The message asks recipients to fill in an HTML form, which includes fields for the user's credit card details, date of birth, Social Security number and mother's maiden name. "Completing all of the checklist items will automatically restore your account access," the email advises. Clicking on "Submit to Secure Server" mails the form's contents to a free email account at Yahoo, using a CGI script hosted by a Brazilian hosting reseller at The Planet.

Yahoo! sued by child abuse victim

John Oates writes in The Register:

Yahoo is facing a $10m lawsuit from a victim of child abuse who claims pictures of their abuse were distributed by the firm.

Adam Voyles, partner at Heard, Robins, Cloud & Lubel, told the Reg he represents a child who was molested and pictures of that molestation were distributed to the Candyman website, which was hosted by Yahoo.

Voyles said: "They owed a duty to the population as a whole to not distribute illegal material, we're not talking inappropriate here but illegal. It is like distributing cocaine or heroin."

Yahoo is accused of distributing child pornography in breach of federal law, public disclosure of private facts and negligence.

The FBI investigated the Candyman group in 2002. As a result almost 1,400 individuals were identified and 86 people later arrested.

Yahoo did not reply to our request for comment.

AOL Latin America files for Chapter 11 protection

A Reuters newswire article via Yahoo! News reports that:

America Online Latin America, Inc. today announced that it has filed for Chapter 11 bankruptcy protection.

AOL Latin America, which provides AOL-branded services in Latin America, said its subscribers will continue to receive the America Online branded service without interruption.

Time Warner Inc. owns the America Online service and is one of AOL Latin America's principal stock holders.

Finland To Get Nationwide Wireless Broadband Network

Via Mobile Pipeline.

Finland's Ministry of Transport and Communications this week selected FLASH-OFDM technology from U.S. vendor Flarion for its nationwide wireless broadband network.

The government agency said in a statement that it selected FLASH-OFDM over CDMA technology. Seven vendors applied for the license to deploy the network, five of which proposed using various forms of OFDM technology.

This is the second major international win for a non-WiMAX wireless broadband technology in the last week. T-Mobile said earlier in the week it would deploy a UMTS TDD network
throughout the Czech Republic.

IBM Moving 14,000 Jobs to India

Nate Mook writes in BetaNews:

IBM is planning to expand its workforce in India by 14,000, despite announcing intentions to cut 13,000 jobs in the United States and Europe. The move, which was disclosed in an internal company memo, highlights a growing trend by tech firms to cut down on costs by hiring low-wage workers.

The memo, dated April 2005 and posted on the Web site of the
Washington Alliance of Technology Workers (WashTech), indicates IBM's Indian workforce will rise from 24,150 in 2004 to 38,196 employees in 2005. IBM would not comment on the report, but WashTech president Marcus Courtney told the New York Times, "IBM is really pushing this offshore outsourcing to relentlessly cut costs and to export skilled jobs abroad."

Identity Thieves Drain Unemployment Benefit Funds

Clipped from /.

Posted by Zonk on Friday June 24, @11:15AM
from the thanks-jerks dept.
Makarand writes "According to a article, the defrauding of state government unemployment benefit programs is the most underpublicized identity theft crime and the states are not doing much about it. Identity thieves are using stolen social security numbers to file false unemployment claims and collecting benefits because the states have no systems in place to deter fraud. In fact, it is easier to convert stolen identity data into money by filing false unemployment claims than going after the credit card companies." From the article: "File a false unemployment claim and you can receive $400 per week for 26 weeks. Do it for 100 Social Security numbers and you've made a quick $1.04 million. It's tough to make crime pay much better than that."

Bush dissolves IT advisory group

Aliya Sternstein writes in

President Bush has let a council of independent information technology experts lapse.

The President's IT Advisory Committee (
PITAC) has been shut down and will not examine any other issues, a committee member said.

After releasing a June 16 report on U.S. competitiveness in computation science, PITAC had planned to take a broad look at IT research and development, as a follow-up to its 1999 report, according to PITAC members.

PITAC is a congressionally mandated committee comprised of industry and academic experts appointed by the president. At the moment, the committee is vacant. The president's executive order establishing the most recent PITAC expired June 1, and Bush did not reappoint current members or select new members.

In the Age of ID Theft.....

Microsoft Refreshes AntiSpyware Beta

David Worthington writes on BetaNews:

Microsoft has quietly released a refreshed build of its AntiSpyware software. Build 613 provides better documentation about unwanted software, fixes bugs that make it difficult to read alert messages and reduces the likelihood that its Winsock LSP removal mechanism will trigger unintended network disruptions.

Microsoft's AntiSpyware is based on technology the Redmond company acquired from GIANT. The acquisition is part of an ongoing effort to secure the Windows operating system in the aftermath of many high profile exploits.

Aussies prosecute first 'spammer'

Dreew Cullen writes in The Register:

Australia is prosecuting the first alleged spammer under its new-ish Spam Act. The Australian Communications Authority (ACA) accuses Perth-based Clarity1 of sending at least 56 million junk emails since the Spam Act came into force in April last year.

And it accuses the company and its managing director, Wayne Mansfield, of harvesting some of the email addresses he sent mail to. Citing the "scale of the breach" of the Spam Act, the ACA is seeking an interim injunction until the court hearing against Clarity1.

Digital Air Traffic System Launched

Sara Kehaulani Goo writes in The Washington Post:

The Federal Aviation Administration said yesterday that it has launched a new digital air traffic system that will improve safety and reduce fuel costs for planes flying over the Atlantic and Pacific oceans.

The $548 million program now operates only over the Atlantic, out of a center in New York, but the FAA plans to expand the program to facilities in Oakland, Calif., and Anchorage, which handle traffic from the Arctic to the South Pacific. It replaces a low-tech system that required pilots to report their longitude and latitude every 50 minutes to an air traffic facility because the oceans are not covered by radar.

Online Porn Dodges Major Bullet

Randy Dotinga writes in Wired News:

Federal prosecutors agreed Thursday to temporarily protect members of an adult industry trade group from strict new enforcement regulations. But thousands of porn sites are still fair game, and their webmasters now face hefty prison terms if they don't keep records proving that models and performers are over 18.

"It would be a mistake to view this as anything other than a big victory" for porn webmasters, said J.D. Odenberger, an adult industry attorney based in Chicago. He predicts that the U.S. Department of Justice won't actually prosecute anyone, pending court hearings this summer.

It wasn't immediately clear how the agreement will affect the many websites that removed adult content or shut down entirely in anticipation of the new enforcement effort. Affiliates of, including, and took down photos, as did some featuring celebrity nudity.

Security Fix Installed After Breach

An AP newswire report via Yahoo! News:

The operations center for a credit card processing firm whose security was breached by a hacker, exposing 40 million accounts to possible fraud, has put new security software in place.

Marc Maiffret, a computer security specialist and co-founder of eEye Digital Security of Aliso Viejo, Calif., said his firm installed the security upgrade for Atlanta-based CardSystems Solutions' operations center here on June 10.

On Friday, MasterCard International Inc. disclosed that 40 million credit card accounts belonging to it and other companies were exposed to possible fraud by a security breach at CardSystems Solutions' operations center here, the latest in a string of recent breaches at financial institutions.

Maiffret told the Arizona Daily Star that the upgrade his firm sold CardSystems Solutions was in place three days later. CardSystems may have initiated other measures as well in response to the breach, he added.

Australia outlaws using Internet to incite suicide

Via Reuters.

People who use the Internet to incite others to commit suicide or teach them how to kill themselves face fines of up to A$550,000 ($430,000) under tough new laws passed in Australia on Friday.

Using the Internet to counsel or incite others to commit suicide or to promote and provide instruction on ways to do it has been outlawed but the new laws were not designed to stifle debate about euthanasia, Justice Minister Chris Ellison said.

Thursday, June 23, 2005

Outages for LinuxWorld Web Site

Via Netcraft.

The web site for LinuxWorld magazine was offline for more than two hours yesterday, the latest in a series of performance problems over the last month. While many of the outages have been brief, the sites for LinuxWorld and its parent company, tech publisher Sys-Con Media, were down for more than 12 hours on June 12.

Microsoft to Embrace RSS in IE7

David Worthington writes in BetaNews:

Microsoft is deepening its commitment to the Really Simple Syndication (RSS) Web publishing standard and, according to a prominent blogger, will detail the level of its commitment on Friday at the Gnomedex conference in Seattle.

RSS, a standard used by bloggers and content providers to notify subscribers of new or updated content, is said to be of great interest to Microsoft.

Microsoft's interest lies in its desire to build upon the existing RSS standard and order syndicated data in different ways beyond "what's new." These new capabilities would benefit e-commerce and Web applications by enabling richer usage scenarios.

Yahoo! Tests Behavior-Based Content Ads

Brian Morrissey writes in AdWeek:

Yahoo has begun testing a program to show text listings on Web pages based on user behavior.

In a pilot program with
Revenue Science, a Bellevue, Wash., behavioral-targeting company, Yahoo's cost-per-click text ads are shown on Web pages using data collected by Revenue Science.

The program, which can be seen on and, could represent a rival to Google's far-flung AdSense network, which displays ads on thousands of sites based on the content on the Web page. Revenue Science, in contrast, targets ads to consumer behavior.

NTT DoCoMo Achieves 1Gbps Packet Transmission in 4G Field Experiment


NTT DoCoMo, Inc. announced today that it achieved 1Gbps real-time packet transmission in the downlink at the moving speed of about 20km/h in a field experiment on fourth-generation (4G) radio access. The experiment took place in Yokosuka, Kanagawa Prefecture on May 9, 2005.

This is the latest achievement in DoCoMo's ongoing development of key radio access technology for 4G mobile communications.

Reports of Iridium's death greatly exaggerated?

W. David Gardner writes in TechWeb News:

Iridium Satellite has been quietly muscling its way into the nascent in-flight voice and data market, offering its narrowband service globally. Earlier this week, the firm announced that El Al Airlines is fitting seven 747-200 Boeing aircraft with Sky Connect Classic Iridium satellite phone systems.

The narrowband service is not head-to-head competition to Connexion by Boeing, which is equipping several non-U.S. airlines with its broadband service. However, the satellite service is seen as having some advantages over broadband.

"We're global, we're light weight, and we don't cost so much," said Iridium spokeswoman Liz DeCastro Rhodes. "We talked with several partners at the Paris Air Show last week. You'll see more announcements soon." She said Iridium already has a majority market share of corporate jet communications.

Public broadcasting funding cuts averted

Good news for NPR, and other public broadcasting services. An AP newswire article on MSNBC reports:

Big Bird and National Public Radio won a reprieve Thursday as the House restored $100 million that had been proposed as a budget cut for the Corporation for Public Broadcasting.

The 284-140 vote demonstrated the enduring political strength of public broadcasting, whose supporters rallied behind popular programs such as “Sesame Street,” “Postcards From Buster” and “The NewsHour With Jim Lehrer.”

The Public Broadcasting Service undertook a high-profile campaign to rescind the proposed cut. Lawmakers were flooded with letters and phone calls.

The vote came as the House worked on a $142.5 billion spending bill for health, education and labor programs for the budget year beginning Oct. 1.

The Republican-controlled House Appropriations Committee had cut $100 million from $400 million in previously enacted support. The committee also eliminated subsidies for educational programs and technological upgrades.

The corporation was set up by Congress in 1967 to shield public broadcasting from political influence. It distributes federal subsidies to PBS, National Public Radio and hundreds of public radio and television stations.

Library Internet Access Better Than Ever

An AP newswire article by Anick Jesdanun, via Yahoo! News:

Virtually every U.S. public library now offers free Internet access but most ration it, inhibiting the ability of lower-income families to benefit from the Information Age.

Libraries in Fresno County, Calif., impose a half-hour limit during peak periods, but one branch reported that patrons needed two hours or more of computer time just to fill out online job applications for a new Home Depot store.

Typically, two to seven people are waiting for a computer to become free at the main library.

Time limits mean "people can't get to the things that are important to them," said Karen Bosch Cobb, Fresno's interim chief librarian. "People are doing grant applications, scholarship, reading their e-mail," she said, while immigrants use the Internet to stay in touch with relatives abroad via e-mail and read news about their native countries.

Bank in Utah Says Its Data Was at Risk in Intrusion

Eric Dash writes in the NY Times (registration required):

A small bank in Utah is the latest company to become entangled in the controversy over a security breach that has put personal data on 40 million cardholders at risk for fraud.

The Utah institution,
Merrick Bank, began using CardSystems Solutions - the processor from which the information was stolen - when it bought a portion of Provident Bank's merchant business in November 2004. Merrick acknowledged yesterday that CardSystems had not complied with Visa and MasterCard's security standards, but would not say when it became aware that the company was not following the rules, or whether the violations occurred under its watch.

The timing is important because those violations have placed Visa, MasterCard and American Express cardholders at risk for fraud. It is also critical because those payment companies have said that banks that hire third-party processors are responsible for ensuring that those companies are in compliance.

Canada to announce Internet pharmacy curbs soon

A Reuters newswire story on Yahoo! News reports that:

Canada will soon announce measures to clamp down on Internet pharmacies that send cheap medicine to the United States, often without Canadian doctors seeing the patients, Health Minister Ujjal Dosanjh said on Thursday.

Dosanjh, who says the practice is immoral, has for months been studying a number of options on how to restrict a trade worth around C$850 million ($690 million) a year.

Canada, unlike the United States, sets limits on how much pharmaceutical firms can charge for their drugs. Dosanjh says Canada does not have the resources to become a cheap supplier for Americans hunting for cheaper medication.

Asked by reporters when he would make the announcement, he replied: "Very soon." Canada's cabinet will hold a retreat next Wednesday and Dosanjh is likely to unveil his plans then.

Sprint Nextel Reveals New Brand Identity

Ed Oswald writes in BetaNews:

Sprint and Nextel announced how they will handle the transition to the combined company that is expected to complete by the end of the summer. The name for the company will be Sprint, however Nextel's brand name will continue to be used for certain services provided by the company.

Originally, it was believed that the merged company would take the name Sprint-Nextel. However, according to officials, internal studies showed that the Sprint name alone carried a better positive response on its own. Sprint Nextel will only refer to the corportation itself.

Intel Teams To Improve WiMAX Antenna Technology

Via Mobile Pipeline.

Intel said Wednesday that it is working with another vendor to tweak the 802.16 WiMAX wireless broadband standard to better handle smart antenna technology.

Specifically, Intel said it will work with ArrayComm to make the changes and that it intends to support the vendor's smart antenna technology in its mobile WiMAX client device chipsets.

Reporters Without Borders backs a new Nepalese-language blog

Via the Reporters sans Frontières website.

Reporters Without Borders is supporting a just launched Nepali-language news blog Nepal Info on which it is hoped will help counter tight censorship in the kingdom.

The royal government has continued to censor and harass the Nepalese media, despite the lifting of the state of emergency. A number of initiatives and campaigns have been started to try to break out of the deadlock imposed by King Gyanendra since 1st February 2005, the organisation said.

In an editorial, the Nepalese journalists running the blog condemn repeated government and Maoist attacks against press freedom. They are calling on all Nepalese, wherever they live, to speak out.

"We are trying to disseminate uncensored news without any political bias. We are also supporting peaceful solutions to the crisis, maintaining human rights and press freedom as the first priority," the editorial said.

Nepal Info is written entirely in Nepalese (Kantipur font) with headlines of articles translated into English. It intends to post news and commentary on the current situation in Nepal.

The blog's journalists are calling on Internet-users to send in comments on the online articles and to send contributions in Nepalese to

Update: Rap Marketing Comes to Nerdcore

Robert Andrews writes in Wired News:

Tupac and Biggie, move over. A new hip-hop feud is brewing that glamorizes not guns and 'hos but Java and secure encryption algorithms.

While gangsta rap is seen as celebrating the violence and aggression that claimed two of its brightest stars, "geeksta" rap is a hip-hop genre celebrating coding skills and school grades.

Also dubbed "nerdcore," this branch of hip-hop is for geeks, by geeks. Geeksta rappers adopt the same combative verbal-assault stylings of their forerunners, but bust rhymes about elite script compiling and dope machine code.

The term was first coined in 2000 by nerdy New York rapper MC Frontalot in a track of the same name. Nerdcore now refers to artists waxing lyrical about topics as disparate as engineering and Lord of the Rings.

In recent months, the field has seen a growing number of releases from computer science labs, where egocentric grad students show off their Ph.D. credentials in tracks like "Have to Code" and "End of File."

Update: I just had to point out a couple of my favorite lyrics to a track by Monzy called "So Much Drama in the PhD":

Your mom circulates like a public key,
Servicing more requests than HTTP.
She keeps all her ports open like Windows ME,
Oh, there's so much drama in the PhD.

Excellent. :-)

Grokster, Brand X rulings to come Monday

John Borland writes in the C|Net News Media Blog:

The Supreme Court has said that all remaining decisions for this term will come next Monday, which means that the long wait for rulings in the Grokster peer to peer case and the Brand X cable Net case will finally end. Ten o'clock Eastern Time, be there or be, well, somewhere else and read about it on the Net.

Just a note of thanks to the folks at, who post extraordinarily fast information on Supreme Court rulings as they happen. Everyone I know has been reloading their blog every 12 seconds or when decisions are due. And they're not even selling ads.

Secure Enterprise: Q&A with Austin Energy's Andres Carvallo

It's nice to see some local flavor in the trade press--now, let's see what Austin Energy is doing with all the money I pay them every month. :-)

In a Q&A article by Don MacVittie (Secure Computing) appearing in Security Pipeline, Austin Energy's CIO "discusses changes in his company's data security posture, putting security in the hands of application development and server management staff, and more."

Anyone interested can read the Q&A interview here.

AT&T Expanding Network in China, India

Colin C. Haley writes in

Focusing on reach and consistency of services, AT&T is expanding its network into China and other emerging countries in order to improve services to worldwide customers.

"We are aggressively deploying new nodes in China, Croatia, Cyprus, Ecuador, India, Malaysia, Qatar, Panama and United Arab Emirates," Chris Rooney, AT&T's president of sales, said in a call with reporters today.

In addition to adding its own infrastructure worldwide, AT&T is signing interconnect agreements with local carriers in Brazil, Canada, China, France, Germany, Ireland and the United Kingdom.

Microsoft Genuine Advantage Cracked

Via /.

Posted by samzenpus on Wednesday June 22, @07:17PM
from the absolutely-secure dept.
piyush ranjan writes "An Indian researcher has cracked the much-touted "impenetrable" Windows Genuine Advantage of Microsoft. According to Microsoft this service would soon require all Windows users to verify their license before downloading updates."

And with that, I point you to today's installment of User Friendly. :-)

Daily fix....



BT escapes breakup in telecom review

John Walko writes in EE Times:

England's largest telecommunications group, BT, struck a deal with industry regulator Ofcom that prevents the carrier's breakup. The operator has agreed to tough undertakings that must ensure fair and equal access to its nationwide network for other service providers.

The settlement announced Thursday (June 23) by Ofcom and BT followed 18 months of tough negotiations and uncertainty for the industry and after years of bickering about BT's dominance of the U.K.'s telecom sector.

The exact terms of the accord will be published next week, but the key issues have been thrashed out. Among them is that BT would not be split into two groups, one division for wholesale, the other for retail, as some alternate operators had urged.

The deal is a huge relief for BT, as well as for the many companies that are involved in the operator's groundbreaking 21st Century network upgrade
to an all IP based network. There were fears that this huge investment would have had to be seriously overhauled and maybe even scrapped if Ofcom's review had led to a split.

Calif. city looks for tech-savvy prankster

An AP newswire report on MSNBC reveals that:

A tech-savvy prankster has been tampering with traffic lights in this Silicon Valley town [Sunnyvale], turning them off and rejigging wires so the lights flash red in all directions.

The prankster also has surreptitiously turned traffic lights to face the wrong way, mixed up the audible crosswalk signals that help guide the blind and thrown off the timing of lights to delay drivers.

City officials have launched a publicity campaign in hopes of thwarting the unknown crafty engineer, who has evaded the law for months.

The trickster has been performing antics for three months and has used a key to open control boxes and reprogram the lights. Most audaciously, he or she recently used a cherry-picker truck to turn an overhead signal across a busy intersection — but no residents or city officials reported any unusual activity.

Nicolas Cage victim of e-mail ID theft?

Okay, okay -- I'm a sucker for celebrity tech banter. :-)

Thanks to Nick Farrell over at The Inquirer for the pointer to this intersting celluloid tidbit.

An article on the Warner Brothers television tabloid show Celebrity Justice (CJ) web site reports that:

Hits like the recent "National Treasure" made Oscar-winner Nicolas Cage a box office favorite. But fame has its costs. "CJ" has learned that the actor is upset because someone has assumed his identity online, trying to sully his stellar reputation with lewd sexual e-mails.

Early Tuesday morning, Cage's reps turned exclusively to "CJ" with the following statement: "Nicolas Cage would like to make the general public aware that somebody has illegally and fraudulently been using the following e-mail address pretending to be Nicolas Cage: Mr. Cage has informed the authorities, and this matter is under investigation."

Sources close to Cage tell "CJ" that they believe the impostor may be acquainted with the actor, someone who has access to the e-mail addresses of Nic's friends and business associates and is sending some of them graphic sexual messages. We're told Nic learned of this after some of the surprised recipients asked the actor about what they had received.

We're told the e-mail address was once used by the star and that's why the e-mails seemed authentic. We've learned that Nic's powerhouse lawyer Marty Singer has contacted the FBI and the LA County DA. However, the identity of the impostor remains a mystery.

Japanese nuclear data leak raises security concerns

This time it's not a disclosure of unauthorized access to personal privacy data, but rather unauthorized access to sensitive nuclear power plant information. Sheesh...

A Reuters newswire report on Yahoo! News:

Japanese officials scrambled on Thursday to contain the public relations fallout from reports that confidential information about Japan's nuclear plants had leaked onto the Internet through a virus on a personal computer.

Japan's top government spokesman pledged to take steps to protect information after data on several nuclear plants appeared online, including photographs of their interiors, details of regular inspections and repair work and names of workers.

Mitsubishi Electric Corp. said the information was leaked through a personal computer used by an employee of a Mitsubishi subsidiary that was in charge of inspecting the plants.

Mitsubishi Electric said the leak occurred at one of its subsidiaries and included information from seven Japanese electric power companies and five independent firms.

Pentagon creating student database

A Washington Post article by Jonathan Krim, via MSNBC, reports that:

The Defense Department began working yesterday with a private marketing firm to create a database of high school students ages 16 to 18 and all college students to help the military identify potential recruits in a time of dwindling enlistment in some branches.

The program is provoking a furor among privacy advocates. The new database will include personal information including birth dates, Social Security numbers, e-mail addresses, grade-point averages, ethnicity and what subjects the students are studying.

AT&T plans CNN-syle security channel

Stephen Lawson and Robert McMillan (IDG News Service) write in InfoWorld:

Security experts at AT&T are about to take a page from CNN's playbook. Within the next year they will begin delivering a video streaming service that will carry Internet security news 24 hours a day, seven days a week, according to the executive in charge of AT&T Labs.

The service, which currently goes by the code name Internet Security News Network, (ISN) is under development at AT&T Labs, but it will be offered as an additional service to the company's customers within the next nine to 12 months, according to Hossein Eslambolchi, president of AT&T’s Global Networking Technology Services and AT&T Labs

ISN will look very much like Time Warner's Cable News Network, except that it will be broadcast exclusively over the Internet, Eslambolchi said. "It's like CNN," he said. "When a new attack is spotted, we'll be able to offer constant updates, monitoring, and advice."

UK: Indian call center staff 'sold ID data'

I wonder how many days in a row I'll be able to say this?

Another day, another disclosure of possible unauthorized access to privacy data.

A Reuters newswire article on CNN reports that:

London police were investigating a newspaper claim on Thursday that confidential details of British bank accounts are being sold by criminals from Indian call centers.

The Sun said it had bought bank details of 1,000 Britons for just £3 ($5.50) each from a computer expert in Delhi who said he had obtained the information from contacts working in call centers.

In recent years, many British and U.S. businesses particularly in financial services have "outsourced" thousands of back-office jobs to India to save money on wages.

The paper said its reporter had obtained addresses, passwords, phone numbers and details of credit cards, passports and driving licenses which could be used to raid unsuspecting victim's accounts.

A City of London police spokeswoman confirmed they were investigating the allegations.

Wednesday, June 22, 2005

Update: Yahoo! shuts door on dodgy chatrooms

John Oates writes in The Register:

Yahoo! has pulled the plug on user-created chat rooms in the US with apparent child sex content after major advertisers withdrew their ads.

The change of heart came after an exposé by a Houston TV station which revealed Yahoo! was hosting chat rooms with titles including
"Girls 13 And Under for Older Guys" and "9-17-Year Olds Wantin' Sex". The TV station found chat from men seeking children for sex.

On Friday last week Yahoo! stopped users from creating their own chat rooms. A statement on the site said the service was unavailable while Yahoo! worked on improvements and on making it compliant with Yahoo's terms of service.

Update: More information from an AP newswire article by Greg Sandoval on ABC News:

Reacting to angry protests from several of its top sponsors, Yahoo Inc. has pulled the plug on perhaps hundreds of chat rooms operating on its site after a media report revealed that some of the rooms were used to promote sex with minors.

Companies such as PepsiCo Inc., State Farm Insurance and Georgia-Pacific Corp. stopped advertising on Yahoo after they were informed that adults were attempting to lure children into sexual encounters within some of Yahoo's user-created chat rooms, according to a report by KPRC-TV in Houston.

Web sites go dark in anticipation of 2257 crackdown

I must have read through this, and it's associated links, 4 or 5 times -- all the while thinking about the broad scope of impact this law may have on the Net.

Xeni Jardin posts on Boing Boing:

Amended Section 2257 recordkeeping regulations go into effect at midnight tonight. The federal law requires website owners to keep records documenting, among other things, that "every performer portrayed in a visual depiction of actual sexually explicit conduct" is over the age of 18.

In anticipation, porn sites and others that include adult content are preparing to make their sites compliant -- or taking them offline. Today, several sites in the family are going dark for that reason, including (like amihotornot for amateur snapshots of a particular male anatomical part in a particular state) and (which you could call an industrial-strength grossout blog).

Section 2257 is ostensibly aimed at preventing the exploitation of minors in pornography, but some free speech advocates argue it provides the conservative Bush administration with the power to effectively silence other websites deemed offensive.

Please read the remainder of this post, as well as the reader comments.

America Online licenses Live 8 TV, radio rights

A Reuters newswire article, via Yahoo! News:

America Online on Wednesday said it licensed the rights to broadcast Live 8, a series of free international concerts, to Viacom Inc.'s MTV Networks, Clear Channel Communications Inc.'s Premiere Radio Networks and XM Satellite Radio Holdings Inc.

America Online, a unit of Time Warner Inc., is the primary North American media partner and exclusive online broadcaster for Live 8, which will be held on July 2 in Philadelphia, London, Paris, Berlin and Rome, with an aim of pressuring the leaders of the G8 group of countries, comprising the world's leading industrial nations plus Russia, to eliminate third world debt, increase aid to Africa and adopt fair trade practices.

German soldier refuses to develop software for Iraq

John Blau (IDG News Service) writes in InfoWorld:

A soldier in the German military's IT division, demoted for refusing to obey an order to develop software for possible use in the Iraq war, has been cleared in court.

The Federal Administrative Court in Leipzig, Germany, ruled Wednesday in favor of the soldier, ranking his freedom of conscience higher than the command of a superior.

The soldier, whose name was not publicly revealed, argued that his conscience would not allow him to develop software that could be used -- either directly or indirectly -- in a war he viewed as a violation of international law. He claimed his superior could not guarantee that the software he was developing would not be used in Iraq by German forces stationed in Kuwait, or German soldiers flying in AWACS (Airborne Warning and Control System) surveillance airplanes or even by U.S. forces stationed in Germany.

E-Mail authentication fight looming: Microsoft pushing Sender ID

It looks like a fight is gearing up between Domainkeys Identified Mail (DKIM), a joint effort between Cisco, Yahoo and a number of other vendors, and Microsoft's Sender ID scheme.

An AP newswire article by Anick Jesdanun in ABC News reveals that:

Microsoft Corp. is stepping up the pressure on e-mail senders to adopt its "Sender ID" spam-fighting technology despite problems that could send up to 10 percent of legitimate messages to junk folders.

By the end of the year, Microsoft's Hotmail and MSN services will get more aggressive at rejecting mail sent through companies or service providers that do not register their domain names with the Sender ID system.

CardSystems' Data Left Unsecured

Kim Zetter writes in Wired News:

CardSystems Solutions -- the credit-card processing company that recently exposed 40 million debit and credit-card accounts in a cyber break-in -- failed to secure its network, even though the network had been certified secure to a data security standard, according to Visa.

Since 2001, Visa and MasterCard have been touting a data security industry standard they developed in an effort to prevent credit-card data theft and stave off federal regulation. The standard has become a required criteria for businesses handling credit-card transactions.

BlackBerry endures another outage

Ben Charny writes in C|Net News:

A number of BlackBerry handheld wireless devices experienced service problems on Wednesday, marking the second time in less than a week that the popular devices lost their data connections.

A RIM representative said a hardware failure Wednesday triggered a backup system that operated at a lower capacity "than expected." Service has been restored, she said.

BlackBerry customers, including a federal agency in Washington, D.C., were told by RIM on Wednesday of an outage affecting accounts nationwide and across all carriers, according to an e-mail from RIM seen by CNET Similar warnings were posted at Internet chat room PDA Street.

US firm says Iran 'illegally' uses Internet filter software

An AFP newswire article, via Yahoo! News, reports:

A US Web security firm cited in a report on Iran's Internet censorship said that any use in Iran of its software is "illegal and unauthorized."

John McNulty, chairman and chief executive of Secure Computing Corporation said in a statement that his company "has sold no licenses to any entity in Iran.

The company was cited in a report Tuesday by the OpenNet Initiative, a partnership of researchers that called Iran's Internet censorship among the worst in the world and called the US firm "complicit."

"We have been made aware of ISPs (Internet service providers) in Iran making illegal and unauthorized attempts to use of our software," McNulty said.

"Secure Computing is actively taking steps to stop this illegal use of our products. Secure Computing Corporation is fully committed to complying with the export laws, policies and regulations of the United States."

IT Workforce Becoming More Male

Eric Chabrow writes in InformationWeek:

Fewer and fewer women are making up the American IT workforce, declining by 18.5% in eight years.

The percentage of women in the IT labor force fell last year to 32.4% from a high of 41% in 1996, according to
new research [.pdf] from the Information Technology Association of America (ITAA), an industry trade group. As a comparison, the percentage of women in the overall workforce remained virtually unchanged in that same period, at roughly 46%.

In addition, most racial minorities remain significantly underrepresented in the U.S. IT workforce, according to the report, Untapped Talent: Diversity, Competition, And America's High-Tech Future, which ITAA released Wednesday.

Orlando Drops City-Run Wi-Fi

Via Mobile Pipeline.

The city of Orlando, Florida has shut down the free Wi-Fi service it launched in its downtown area, the Orlando Sentinel reported Tuesday.

The project failed because not enough people were using the service, the newspaper reported.

"We love having and promoting a wireless district, but the usage has been somewhat low," Frank Billingsley, director of the city's Downtown Development Board and Community Redevelopment Agency, told the Sentinel. Only about 27 people a day used the service on average, which wasn't enough to justify its $1800 monthly expense, according to the newspaper.

While the service didn't have enough users to justify the expense to taxpayers, the newspaper reported that the city is exploring use of private vendors to run the service and even expand the coverage area. Potential profits could come from upselling users to faster service or even charging for service such as voice-over-IP.

Senators Push New Bill To Protect Municipal Broadband

I like John McCain, and I like him even more now.

Mike, over on, sums it up pretty good:

Contributed by Mike on Wednesday, June 22nd, 2005 @ 12:10PM
from the who-let-those-people-in? dept.
Just when you thought that the lobbyists had taken over, and all of the legislation being proposed at both the local and national levels were focused on ways to buck up companies that didn't want to innovate or keep up with the times, it looks like some politicians are actually being reasonable (shocking, we know). In response to a bill that would ban municipal broadband, that was proposed by a former SBC employee who still owned a lot of stock in the company (and who is married to a current Cingular employee), Senators John McCain and Frank Lautenberg are introducing the Community Broadband Act of 2005, which would guarantee local governments the right to explore municipal broadband as an option. It doesn't encourage municipal broadband or suggest it's the right option. It just clears the way for cities to explore the option if they believe it's best for their citizens. This sounds like a reasonable law, outside of the scary fact that it's needed in the first place. It still seems like many cities shouldn't offer municipal broadband, as it offers no real benefit. Also, it's likely that many municipal efforts will be implemented poorly. However, that's no reason not to have the option out there for local governments to offer the service if they believe it makes sense.

U.S. senators to offer bipartisan data-breach bill

Via Reuters.

Business leaders who fail to tell consumers when they may be at risk of identity theft could face jail under a bipartisan bill expected to be introduced in the U.S. Senate on Wednesday.

Senate Judiciary Committee Chairman Arlen Specter and Sen. Patrick Leahy, the committee's top Democrat, would also restrict a freewheeling trade in Social Security numbers that are prized by identity thieves.

The bill, the first to draw Republican sponsorship, comes on the heels of the largest security breach announced to date after an outsider gained access to 40 million credit-card accounts held by CardSystems Solutions Inc., a payment processor.

Dozens of similar breaches have been disclosed this year after a California state law required businesses to make such incidents public.

Businesses and consumers have urged the Republican-controlled Congress to pass a national version of the California notification law.

Top 500 supercomputer rankings show IBM surge

Eric Auchard writes for Reuters:

IBM increased its dominance in the market for supercomputers used to solve the toughest research problems, claiming half of the world's Top 500 supercomputers, while the share of Hewlett-Packard Co. fell sharply, according to a survey published on Wednesday.

HP fell to 26 percent, or 131 of the most powerful supercomputers ranked in the semi-annual Top 500 List. That's down from 170, or 34 percent, just six months ago.

IBM scored broad gains, with 259 machines or 51.8 percent of the Top 500, up from 43 percent of the world's most powerful supercomputers last November.

Microsoft Won't Patch IE Spoofing Bug

Via TechWeb News:

Hours after word broke that most browsers were vulnerable to a spoofing flaw that phishers could use to pilfer confidential data, Microsoft has declined to issue a security update.

In a security
advisory posted on its TechNet site, Microsoft acknowledged that its Internet Explorer browser, including the version packaged with Windows XP SP2, could be used to trick people into entering information such as passwords in a bogus dialog box which appears atop a trusted site.

Microsoft published the advisory, it said, "to clarify the risks associated with browser windows without indications of their origins." But it won't release a security update to fix the flaw because it considers the issue a feature, not a bug.

"This is an example of how current standard Web browser functionality could be used in phishing attempts," the advisory went on.

The Redmond, Wash.-based developer told users that fake dialog boxes could be recognized by the lack of an address bar and lock icon. It also pointed users to a pair of sites for additional info on spotting spoofing attacks and protecting PCs.

Feds Begin CardSystems Investigation

Ed Oswald writes in BetaNews:

The U.S. government said on Tuesday that it launched an investigation into the practices of CardSystems Solutions last week. Investigators are hoping to find out how hackers managed to get into the company's systems and download credit card information for thousands of card holders.

The Federal Financial Institutions Examination Council, a conglomerate of several federal financial agencies is heading the investigation that is expected to take approximately two to four weeks. Seperately, the FBI has launched an investigation into the matter as well.

NY Times: Social Security Opened Its Files for 9/11 Inquiry

Eric Lichtblau writes in The New York Times:

The Social Security Administration has relaxed its privacy restrictions and searched thousands of its files at the request of the F.B.I. as part of terrorism investigations since the Sept. 11, 2001, attacks, newly disclosed records and interviews show.

The privacy policy typically bans the sharing of such confidential information, which includes home addresses, medical information and other personal data. But senior officials at the Social Security agency agreed to an "ad hoc" policy that authorized the release of information to the bureau for investigations related to Sept. 11 because officials saw a "life-threatening" emergency, internal memorandums say.

The Internal Revenue Service also worked with the bureau and the Social Security agency to provide income and taxpayer information in terror inquiries, law enforcement officials said. Officials said the I.R.S. information was limited because legal restrictions prevented the sharing of taxpayer information except by court order or in cases of "imminent danger" or other exemptions. The tax agency refused to comment.

The Social Security memorandums were obtained through a Freedom of Information Act request by the Electronic Privacy Information Center, a civil liberties group here. Copies were provided to The New York Times.

California aims to close loophole in state ID theft law

John Leyden writes in The Register:

Californian legislators have backed a bill that tightens up the state's existing laws about the disclosure of security breaches involving consumer data. The California Assembly's judiciary committee voted 6-3 on Tuesday for a bill that would mean firms have to tell consumers if paper records or a back-up tape containing personal information are compromised or lost. Information security breaches are covered by state laws on ID theft that came into effect in January 2003, so the new bill is essentially designed to close a loophole in existing laws.

"Right now, companies have to tell you when a thief hacks into their computer system and gets access to your personal account information or Social Security number, but they don't have to say word one when paper records or a back-up tape containing the exact same personal information are lost, stolen or inadvertently handed to a perfect stranger," Democratic state Sen. Debra Bowen told Reuters.

Banks Scramble To Contain Damage From CardSystems Hacking Incident

Steven Martin writes in InformationWeek:

Banks that issue credit and debit cards are moving rapidly to contain the damage caused by the potentially massive theft of card information from a transaction-processing company that was disclosed last week.

Some 22 million Visa-branded cards and 14 million MasterCard-branded cards were exposed to the security breach at CardSystems Solutions Inc. that was disclosed by MasterCard last week. The breach was reported by CardSystems to Visa and MasterCard in late May.

Washington Mutual has canceled 1,400 cards whose numbers were stolen and is issuing replacements. J.P. Morgan Chase & Co., which with 94 million cards outstanding is the nation's largest card issuer, hasn't canceled or reissued any cards as a result of the incident but is monitoring the situation closely, a spokesman says. Visa and MasterCard are relaying information picked up by their fraud-detection systems to issuing banks, which then decide whether to cancel or reissue cards.

The 1,400 cards canceled by Washington Mutual are known to have been used to commit fraud; an unknown but presumably higher number may be at risk for fraud, a bank spokeswoman says.

Tech Workers Outsourcing Themselves

An AP newswire article by Adam Geller in InformationWeek:

After two rounds of layoffs, Ellen Wagner still had a job--training the programmers brought in from India to replace her co-workers. But frustrated and tired of resisting the changes, Wagner decided to take a bold step.

She outsourced herself.

She quit her job in Seattle and took another paying half as much. She sold her house and traded it for a split-level overlooking a pasture here, for a third what it would cost in the frenzy she left behind.

She piled into an SUV with her golden retriever, Ginger, and two cats, and beelined away from the offshoring trend that has siphoned thousands of white-collar jobs from the U.S. economy.

The journey took Wagner to this town of 1,435 [Watford City, N.D.]--a self-dubbed "oasis on the western horizon," nearly 50 miles from the closest traffic light--and a job in an office fashioned out of an old John Deere tractor dealership. The slate blue cubicles around hers, decorated with pictures of faraway skylines, house programmers from Chicago, Pittsburgh, and Jacksonville, Fla.

UK: Companies face crackdown over data laws

David Neal writes in IT Week:

Government and law enforcement agencies came out in force in June to warn they intend to crack down on firms that fail to protect personal data or that have indecent images on their systems.

The Information Commissioner's Office (ICO) launched three new divisions to take action against organisations flouting the Data Protection Act. New consumer and policy divisions will work alongside a Regulatory Action Division (RAD).

Cisco to Up China's Share of Outsourcing

An AP newswire article on Yahoo! News reports:

Cisco Systems Inc., the world's biggest maker of computer networking equipment, plans to boost China's share of its outsourcing budget to 40 percent by the end of 2006, a company executive said Wednesday.

Jia-Bin Duh, president of Cisco's China operations, wouldn't say how much the company will spend this year. But he said it spent about $5 billion on outsourcing in China in 2004, or 25 percent of its global total.

China is one of Cisco's top five countries for revenue, together with the United States, Japan, Britain and Germany.

Telestra Says 'Not Yet' to MS Internet TV

Ed Oswald writes in BetaNews:

Australian telephone company Telestra told the Wall Street Journal Wednesday that it had pulled out of a deal with Microsoft to use its Internet TV service. The company denied the decision had anything to do with the technology, but rather the company's "current state of readiness" to make the necessary upgrades to launch the service.

Telestra would not rule out that it could sign a deal with a Microsoft competitor when it is prepared to re-enter the IPTV market.

Senators promote interoperability

Dibya Sarkar writes in

Senate lawmakers on June 21 introduced legislation to help first responders communicate with each other at disasters.

The Improve Interoperable Communications for First Responders Act of 2005 would require the Homeland Security Department (DHS) to develop a national strategy and architecture for interoperable communications, including providing technical assistance to state and local officials developing interoperable systems.

The act would authorize the DHS secretary to establish a comprehensive and competitive research and development program. It would also require the DHS Office of Interoperability and Compatibility (OIC) to fund and conduct pilot programs to evaluate new technologies.

Under the bill, lawmakers are proposing $3.3 billion over five years for long- and short-term initiatives and another $126 million annually to the OIC to conduct outreach, technical assistance, research and development and pilot programs.

Ameritrade to buy rival TD Waterhouse


Ameritrade Holding Corp. will later today announce a deal worth about $3 billion to buy discount brokerage TD Waterhouse according to CNBC’s Maria Bartiromo. The deal would make it the nation’s largest online brokerage.

Citing people familiar with the deal, Bartiromo said the deal will be announced at about noon ET Wednesday. The deal has been widely anticipated in the media in recent days, with reports in newspapers such as The Wall Street Journal and the New York Times.

Ameritrade’s CEO Joe Moglia is expected to run the new company.

Russia’s Alfa Group to Pay $3.3Bln to Enter Turkish Telecom Market

It looks like it's Turkcell's day for attention.

Via MosNews:

It was announced on Wednesday, June 22, that the troubled Turkish conglomerate Cukurova has reached a $3.3 billion financing deal with Russia’s Alfa Group. The deal envisages the Russian investment group taking a stake in Turkey’s leading mobile operator Turkcell.

SBC unveils managed IDS/IPS service

Jim Duffy writes in NetworkWorld:

SBC Tuesday said it added an intrusion prevention service to its managed security services.

The SBC PremierSERV Managed Intrusion Prevention Service (IPS) is intended to detect, contain or neutralize both known and unidentified threats from viruses and worms attacking servers, laptops, desktops or other endpoints. The service uses an appliance from Mirage Networks designed to monitor and defend a business network’s interior.

he Mirage device is installed on customer premise LANs. It monitors behavior of various computers and servers operating on the corporate network, as opposed to looking for known signatures of worms and viruses in a database.

This enables the service to identify malicious activity resulting from both known and unknown threats, SBC claims.

Cisco CTO says WiMax is over-rated

Via Newsfactor Technology News:

The promise of WiMax wireless wide area networking is largely overrated, according to chief technology officer Charles Giancarlo.

"Ninety-eight percent of the population of the developed world is going to be highly wired. We do not think that fixed wireless for the last mile makes a lot of sense," Giancarlo said at Cisco's annual Networkers 2005 user conference.

"Wired technologies are already highly deployed. We do not believe there is a good business model [for WiMax]."

Turkcell deal in doubt as Iran seeks other partners

An AFP newswire article on Yahoo! News reports:

Iran said it had given the green light for negotiations to start with other potential partners to create a second mobile telephone network, throwing into doubt a deal it had already signed with Turkish firm Turkcell.

The comments by Minister of Communication Ahmad Motamedi were the latest twist in the protracted wrangle between Iran and Turkcell over the project.

"Turkcell's participation in the second operator of mobile phones has not been cancelled but the Iranian partners of the project have received permission to start negotiations with other consortia," Motamedi was quoted by the student news agency ISNA as saying.

"This decision is because we have not received a positive response from Turkcell yet," he noted Wednesday.

Spain arrests web code-cracker "P. Power"

An AFP newswire article on Yahoo! News reports:

Spanish police said they had arrested "P. Power", one of the most renowned code-crackers on the Internet, following a nine-month inquiry.

Armed with a simple modem connection to the World Wide Web, a decrepit computer and standard software "P.Power" broke security codes and hacked his way into costly professional computer programmes, the interior ministry said.

Spanish authorities have not released the identity of "P. Power," known only by his Internet pseudonym, but they did say he was a 26-year-old engineer.

After meticulously unassembling programmes, analysing their weak points and then stripping them of their protection, the hacker broadcast messages to the Internet saying that he was the unique code-cracker and was sending out the codes for free, according to the interior ministry.

The ministry added it was impossible to put a price on the damage caused to firms using the programmes pirated or how many Internet users had downloaded the codes for free.

Russian Space Agency: Solar Launch Failed

An AP newswire article by Vladimir Isachenkov on ABC News reports:

A joint Russian-U.S. project to launch a solar sail space vehicle crashed back to Earth when the booster rocket's engine failed less than two minutes after takeoff, the Russian space agency said Wednesday.

The Cosmos 1 vehicle was intended to show that a so-called solar sail can make a controlled flight. Solar sails, designed to be propelled by pressure from sunlight, are envisioned as a potential means for achieving interstellar flight, allowing such spacecraft to gradually build up great velocity and cover large distances.

But the Volna booster rocket failed 83 seconds after its launch from a Russian nuclear submarine in the northern Barents Sea just before midnight Tuesday in Moscow, the Russian space agency said.

US-VISIT Delays Foreign Airlines

Sara Kehaulani Goo writes in The Washington Post:

A new air-security system designed to track foreign visitors arriving in the United States has mistakenly snagged dozens of crew members of foreign airlines, according to new documents obtained from the Department of Homeland Security.

The manager of an unidentified foreign carrier complained that 35 employees were stopped for 30 minutes to an hour after arriving in Los Angeles, San Francisco, Honolulu, New York, Anchorage and Guam. Another airline said eight crew members had been questioned in Miami, Newark, New York's John F. Kennedy and Los Angeles airports. In each case, carriers indicated that the new program called US-VISIT, which captures digital fingerprints and photographs of all foreigners entering the country, was unable to properly identify the crew members who already have had U.S. background checks.

Security Flaw Exposes CVS Purchase Data

Another day, another disclosure of a unauthorized access to privacy data.

An AP newswire article by Michelle R. Smith, via Yahoo! News, reports that:

A security hole that allowed easy access to the purchase information of millions of CVS Corp.'s loyalty card customers prompted the company to pull Internet access to the data on Tuesday.

The Woonsocket [Rhode Island]-based drugstore chain, which has issued 50 million of the cards, said it would restore Web-based access to the information after it creates additional security hurdles.

The data security flaw in the ExtraCare card service was exposed Monday by the grassroots group Consumers Against Supermarket Privacy Invasion and Numbering, or
CASPIAN.It said anyone could learn what a customer had purchased with an ExtraCare card by logging on to a company Web site with the card number, the customer's zip code and first three letters of the customer's last name.

Once logged on, a list of recent purchases could be sent to an e-mail account. Information about prescriptions was not provided, and the list of purchases was only available by e-mail.