Saturday, July 16, 2005

Shuttle launch date slips further

Kelly Young writes for NewScientist:

Space shuttle Discovery will have to wait until at least late next week to get off the ground as NASA attempts to find the cause of the fuel sensor problem that delayed launch on Wednesday.

Shuttle managers declined to give a firm target date for launch. But they did say they could attempt to lift off four days after the problem is fixed.

However, it is not yet clear what caused one of four hydrogen fuel sensors to give a false reading on Wednesday. Suspects include the sensors themselves, which lie at the base of the giant external fuel tank, and an electronics box and cables in the orbiter.

Discovery will stay on its launch pad for now as technicians continue to search for the source of the trouble. On Friday, workers drained the shuttle's rear compartment of liquid hydrogen and oxygen. Then they got into the back of the shuttle to look for glitches in the electronics that send data from the sensors to onboard computers.

Friday, July 15, 2005

Fingerprint Scanning At Disney Parks Causes Concern

Chalk another one up for Big Brother and the terrorists.

And thanks to a post over on /. for bringing our attention to this atrocity. of Central Florida reports that:

The addition of finger scanning technology at the entrances of Walt Disney World theme parks for all visitors has caused concern among privacy advocates, according to a Local 6 News report.

Tourists visiting Disney theme parks in Central Florida must now provide their index and middle fingers to be scanned before entering the front gates.

NYPD Launches Tech Center To Tighten The Net On Criminals

Larry Greenemeier writes in InformationWeek:

The New York City Police Department is turning to technology to help its detectives more efficiently chase down leads and solve crimes. The department's $11 million Real Time Crime Center, which debuts Monday at a facility adjacent to the NYPD's Emergency Operations Center in lower Manhattan, is expected to make access to information contained in millions of local, state, and national records available to the city's 4,000 crime investigators on the move via their cell phones and pagers.

The center "will become the new tech nerve center for the NYPD," New York City Mayor Michael Bloomberg said at a Thursday press conference. "Information available from the Real Time Crime Center will be comprehensive, highly relevant, instantaneous, and will transform the way we solve crimes." The mayor, who's running for re-election in the fall, added that the center isn't a "panacea" but will help save time during criminal investigations.

IPv6 push doesn't have much pull in U.S

Mike DeMaria (Network Computing) writes in EE Times:

Federal agencies and Congress are pushing for it. The major economic forces in Asia and the Pacific Rim are mandating it. And in the last month or so, the IT industry has seen more stumping for IPv6 adoption than we saw in the previous decade of the protocol's existence. But will all this hoopla speed the near-term implementation of IPv6 in the United States? Probably not.

In recent years, China, India, Japan and South Korea all have advanced plans for making IPv6 their national standard, and they've set aside substantial budgets to do it. The attitude isn't surprising--these countries are most in need of the additional addresses IPv6 provides. With the money and the incentive behind them, these Asian nations are likely to deploy the next-generation IP before most organizations in the United States do.

Scams worries delay non-English Net domains

An AP newswire article, via MSNBC, reports:

Concerns about "phishing" e-mail scams will likely delay the expansion of domain names beyond non-English characters, the chairman of the Internet's key oversight agency said Friday.

Vint Cerf, head of the Internet Corporation for Assigned Names and Numbers, would not speculate on when such characters might appear but said Internet engineers must now spend time "trying to winnow down, frankly, the number of character (sets) that are allowed to be registered."

Demand for non-English domain names is high outside the United States and a U.N. panel studying Internet governance said in a report Thursday that "insufficient progress has been made toward multilingualization." It cited the lack of international coordination and technical hurdles as among the problems.

Researcher Says Windows XP SP2 Has DoS Bug

Via TechWeb News.

Microsoft Windows XP SP2 has a bug in its kernel that could let attackers bring down the machine with a denial-of-service (DoS) attack, vulnerability tracker Secunia said Friday.

"Microsoft is currently investigating public reports of a possible vulnerability in Windows," a spokesman said Friday afternoon. "We have not been made aware of attacks that try to use the reported vulnerability, or of [any] customer impact."

Cisco Security Advisory: Cisco CSA Vulnerable to Crafted IP Attack

Via the Cisco website.

Cisco Security Agent (CSA) is a network security software agent that provides threat protection for server and desktop computing systems.

A malicious attacker may be able to send a crafted IP packet to a Windows workstation or server running CSA 4.5 which may cause the device to halt and/or reload.

Repeated exploitation will create a sustained DoS (denial of service).

Cisco has made free software available to address this vulnerability.

This vulnerability is documented in the Cisco Bug Toolkit as Bug ID CSCsa85175

Vulnerable Products

Cisco CSA version 4.5 when running on any Microsoft Windows platforms except Windows XP.

Products Confirmed Not Vulnerable

The following products are confirmed not vulnerable:

  • Cisco CSA 4.0 and earlier
  • Cisco CSA while running on Solaris
  • Cisco CSA while running on Linux
  • Cisco CSA while running on Windows XP

Freekin' %&(#$ bots!.....

I didn't find much of an opportunity to review tech news tidbits and post to the blog this afternoon because I was busy helping to identify, disable, and disinfect a few servers of an Agobot infection in a client network.

What a pain in the ass...

Having said that, I'd really like to hear from anyone who might have $.02 to pitch in on how they might have handled this type of issue before, what they used to detect it/them, etc.

The servers that were infected were probably compromised because of outdated security patches (Microsoft) and did not show any overt indications of suspicous activity (LSASS scanning of hosts, RPC buffer overflows, etc.) than usual day-to-day network errors. And on top of that, the latest installed antivirus signatures (McAfee provided a new .dat signature update earlier this afternoon which did identify the culprit executable) didn't catch the infected exectuable runnning on the servers.

The infected exectuable was "wnpsm.exe" and provided this summary report:

Virus Total

Scan results
File: wnpsm.bak
Date: 07/15/2005 19:15:37 (CET)
AntiVir found [Worm/Agobot.PD]
AVG 718/20050715 found nothing
Avira found [Worm/Agobot.PD]
BitDefender 7.0/20050715 found [Backdoor.SDBot.7E9551EC]
CAT-QuickHeal 7.03/20050715 found [(Suspicious) - DNAScan]
ClamAV devel-20050501/20050714 found nothing
DrWeb 4.32b/20050715 found [Win32.HLLW.Agobot]
eTrust-Iris found nothing
eTrust-Vet found nothing
Fortinet found [W32/AgoBot.ATZ-bdr]
F-Prot 3.16c/20050715 found nothing
Ikarus 2.32/20050715 found [Backdoor.Win32.Agobot.HM]
Kaspersky found [Backdoor.Win32.Agobot.gen]
McAfee 4535/20050714 found nothing
NOD32v2 1.1170/20050715 found [probably unknown WIN32 virus]
Norman 5.70.10/20050714 found nothing
Panda 8.02.00/20050715 found [W32/Gaobot.gen.worm]
Sybari 7.5.1314/20050715 found [Backdoor.Win32.Agobot.gen]
Symantec 8.0/20050714 found nothing
TheHacker found nothing
VBA32 3.10.4/20050715 found nothing

I have the ASCII strings of the output of this binary, which I would generally not think anything of posting here--but it's, like, 50 pages in length. ;-)

Here's a couple of troubling lines, though:


00404260   ASCII "CCmdExecutor"
0040495B ASCII "CDownloadHelper"
00405B9E ASCII "%d"
00405BF3 ASCII "***ATTENTION*** NortonBot is protected under
international copyright laws. Any attempt to dissassemble or alter this file is
a violation of international copyright law. NortonBot is NOT intended to be a
virus or trojan."
00405C06 ASCII "Bot - File Transfer Port"
00405C17 ASCII "bot_ftrans_port"
00405C35 ASCII "Bot - File Transfer Port for FTP"
00405C46 ASCII "bot_ftrans_port_ftp"

Look forward to hearing any war storys.

- ferg

Jesus Christ, a flim flam artist?

Ben Charny writes in the C|Net News Esoterica Blog:

If you have an e-mail account, you know the scam. A government official is deposed, dead or otherwise incapacitated. He, she or a relative needs your help getting millions of dollars out of their homeland. The only thing you need do is provide several thousands of dollars to secure the money transfer. As dumb as it sounds, it works to the tune of millions of dollars suckered each year.

The latest iteration is aimed at born again Christians. "Dear beloved in Christ," writes Mrs. Maureen Clarks. Her husband, she explains, was "slain to death" in Iraq, and she needs your help getting his considerable wealth out of the country to donate to victims of the tsunami. Worried about sending your bank account information to a stranger? No need, Clarks writes. "Sometimes it's hard to put your trust in things you can't see, or touch, or hear. But, with a God like ours, you don't have to."

Still worried? "Jesus showed us the power of God's peaceful center even in the midst of our tribulations when he said PEACE I LEAVE WITH YOU; My peace I give you... Do not let your hearts be troubled and do not be afraid," Clarks writes.

Some people will fall for this. Don't be one of them.

Cisco sets age limit for board members, Morgridge to retire in 2006

Marguerite Reardon writes in C|Net News:

Cisco Systems, the largest maker of networking equipment in the world, has set a maximum age limit for members on its board of directors, the company said Friday.

The new policy bars people 70 and older from being nominated or renominated for election to the board. This means that the current chairman, John P. Morgridge, 71, will retire from the board in November 2006, when his term is completed.

Morgridge joined Cisco in 1988 as president and CEO. He served in that position until early 1995, when John Chambers became president and chief executive. At that point, Morgridge took on the role of chairman.

During his years as chief executive, Morgridge grew Cisco's annual sales from $5 million to over $1.2 billion and led the company toward its 1990 initial public offering.

Yahoo!, UC Berkeley team on research

Dawn Kawamoto writes in C|Net News:

Yahoo announced Friday that it has established a research lab with the University of California at Berkeley. Yahoo Research Labs-Berkeley will begin operations in August and concentrate on new technologies for search, social and mobile media. Marc Davis, UC Berkeley professor of information management and systems, will head the new lab.

Yahoo is seeking to use the Berkeley lab to leverage its efforts in building the next generation of search applications and technologies to aid users in finding, using and sharing information, regardless of where they are logged onto the Internet.

Dell refutes spyware charge

John Leyden writes in The Register:

Dell has rejected allegations that its PCs come pre-loaded with an intrusive application that spies on users' surfing habits. The equipment manufacturer said there was nothing untoward about My Way Search Assistant despite complaints from customers that the toolbar impares computer performance, changes browser settings and is difficult to remove.

The inclusion of
My Way on Dell's Dimension desktop and Inspiron notebooks has prompted complaints to Dell's support pages, numerous gripes in online bulletin boards and even an accusation that the package is spyware. The latter accusation greatly overstates other assessments of the nuisance level posed by the application.

Anti-spyware firm Sunbelt Software defines My Way components as a "potential privacy risk" that pose a moderate threat to users.

60 years of the atomic age and Xeni Jardin at Simnuke

Xeni says on Boing Boing:

I'm on the road, headed to a (double super secret) remote site in the Nevada Desert for Simnuke -- a sci-tech-art-protest event commemorating 60 years of the atomic age. On July 16, 1945, the first nuclear bomb was detonated, marking the successful culmination of the Manhattan project. At dawn tomorrow, about 100 people will witness an explosion crafted to resemble a nuke mushroom cloud (but comprised of biodiesel, and of course many times less powerful/destructive). Details here, read more about Trinity and Manhattan project. Flickr pool for live pics here. Daniel Terdiman's Wired piece is here. I'll be filing a report about the event for NPR "Day to Day", and will post blog updates here at BoingBoing as connectivity permits.
See you!

Just What Is Identity Theft?

Jennifer Bosavage writes in InternetWeek:

Poor Bernie Ebbers. The former chairman of WorldCom should have just hacked into the accounts of his employees and investors. Chances are he would have received a lighter sentence than the 25-year one he received on Wednesday; that is, if he'd ever been caught. The fraud he did perpetrate was a huge, intricate orchestration that bilked innocent people out of $11 billion. The public is, and should be, appalled by the arrogance of such a criminal. Let's hope that the prosecutors and the jurors take a similarly dim view of hacker Scott Levine.

If you don't know, Levine is the former CEO of Snipermail, who not incidentally, is accused of stealing information from
Acxiom, one of the world's largest database companies. And it's not just a little information he swiped from Acxiom: It's 8.2 gigabytes worth. Things like names, home addresses, bank and credit card information and email addresses. In fact, he faces 144 counts on what could be one of the largest computer crimes to date.

Interestingly, Levine has not been charged with identity theft crimes but did sell the information to a marketing company. But follow me here: It's a bit tough to swallow that a count of identity theft could not be charged against him, if there is evidence he may have stolen information regarding people's identities. It seems the actual appropriating of the information is not at issue; it's what one does with the information after taking it. If one hacks into a database and steals your personal info, but does not, say, go on a cruise impersonating you, the thief may be charged with unauthorized access of a protected computer, conspiracy, access device fraud (as was Levine), but not with identity theft. (Which is, in my mind, the one thing it seems clear the thief did do.) That is crazy. If you hack into a database, that's a crime, just as surely as stealing someone else's information and selling it to someone else is. And it's of little concern what the sellers' or buyers' intentions may be.

Man charged with selling endangered species on Net

Via The Globe and Mail.

A Toronto man has been charged with allegedly selling endangered species on the Internet.

Environment Canada's Wildlife Service says animals and parts were up for sale on an auction website between October, 2002, and May, 2005. The animals included an African elephant, sperm whale, walrus and long-eared owls.

Mark Gleberzon, 36, faces 44 counts under the Wild Animal Plant Protection and Regulation of International and Interprovincial Trade Act. If convicted, he faces fines of up to $150,000 per count and up to five years imprisonment.

Mr. Gleberzon was arrested in May by U.S. officials in New York. He is accused of similar offences in the United States.

British jobs being shipped to Ind… America…?

Aaron McKenna writes in The Register:

It’s not often you hear about British workers being having their jobs sent to California, but handheld maker Gizmondo and parent company Tiger Telematics have done just that.

The company announced last week that it will open an LA-based office to lead the charge for the upcoming US release of its gaming/communications device. At the same time, it said it will “streamline” its UK operation.

China Outage May Involve Cisco

Thanks to Om Malik for pointing out this article over on Light Reading, by Craig Matsumoto:

A recent China Network Communications Group Corp. (China Netcom) outage is being traced to a Cisco Systems Inc. router, according to news reports in Beijing papers, but no blame as officially been pointed Cisco's way.

The July 12 afternoon outage cut Internet access for 200,000 subscribers of Beijing Netcom, a China Netcom subsidiary, according to reports. Beijing Netcom serves more than 2 million subscribers.

The People's Daily Online notes that a "responsible official" yesterday pinned the outage on a router rather than on human error. But China Netcom has made no formal statement saying Cisco's equipment was at fault.

"There is no statement from China Netcom assigning and no statement from Cisco accepting blame for it," a Cisco spokesman says. "The talk that it's all due to a Cisco router is hearsay." The spokesman adds that the outage lasted about 20 minutes; reports from China say it took an hour for Internet connectivity to return to normal.

Cisco and China Netcom are investigating the cause of the outage, the spokesman says.

Disney ex-dissident to shut down Web site

A Reuters newswire article, via Yahoo! News, reports that:

Former dissident shareholder Roy Disney, who led a revolt against the Walt Disney Co management last year, said on Thursday he will shut down his Web site,, days after striking a truce with the company.

Roy Disney and partner Stanley Gold used the site to criticize the entertainment giant's leadership after they left the board in late 2003. But the two men and the management agreed to work together to better the company last week.

The site would be dismantled on Aug. 7, Roy Disney said.

Last Chance to Stop Renewal of the USA PATRIOT Act!

Via The EFF.

Congress will vote any day now on new legislation that would renew parts of the USA PATRIOT Act scheduled to expire or "sunset" at the end of the year, while possibly handing the FBI even more unchecked power to snoop on your mail and private records, including logs of your Internet activities.

PATRIOT's notorious Section 215 allows intelligence investigators to demand private records about citizens who aren't suspected of spying or terrorism, including medical, financial, and library records, while other parts of PATRIOT radically expanded the government's power to subpoena records or conduct wiretaps to see what you're doing online.

The current PATRIOT bills could make these and a host of other highly controversial provisions permanent. Some in the Senate want to go even further, and allow the FBI to secretly demand any and all types of records without a judge's permission, using new do-it-yourself "administrative subpoenas." Meanwhile, the sensible checks and balances proposed in the Security and Freedom Ensured Act (SAFE), an alternative PATRIOT reform bill, have yet to be seriously considered.

Don't let Congress defy the bipartisan will of the hundreds of local communities that have passed resolutions opposing the PATRIOT Act. Contact your legislators today and tell them to vote against PATRIOT renewal and for PATRIOT reform!

Stop by the EFF website and send their ready-made form letter to your elected congresscritters!

Thursday, July 14, 2005

Glitches hit Vonage voice mail

Ben Charny writes in C|Net News:

Some of Vonage's customers haven't been able get to their voice mail via the Internet telephony provider's Web site since Wednesday. "We're having voice mail issues right now," a Vonage spokeswoman wrote in an e-mail Thursday. According to postings in a Vonage chat room, people attempting to get voice mail through Vonage's site got the message: "Customers may be experiencing an intermittent issue with logging into your Web account."

With more than 750,000 subscribers, Vonage is among the largest commercial providers of voice over Internet Protocol, which is software that allows Internet connections to double as inexpensive home phone lines.

Update: UN panel fails to agree on how to govern Internet

A Reuters newswire article by Irwin Arieff, via Yahoo! News, reports that:

A group set up by the United Nations to come up with a global plan for managing the Internet said on Thursday that it has been unable to agree on who should do the job or how it should be done.

The Working Group on Internet Governance instead came up with four rival models for overseeing the Web and sorting out technical and public policy questions.

In a report to be submitted to the World Summit on the Information Society in Tunis in November, the group also proposed creation of a permanent forum to carry on the debate.

To understand the problem, "you must recognize that the Internet was set up largely by academicians for limited use, but has grown beyond anyone's wildest expectations, with nearly one billion users today," Markus Kummer, the working group's executive coordinator, said in a telephone interview.

Update: An AP newswire article entitled "U.N. Panel Presents 4 Internet Options" also available here.

Flaws in BT chat sites expose users

Via The Register.

A third party website allowing unrestricted access to Oceanfree and IOL chat sites could enable visitors to view the IP address and domain names of the sites' 'chatters.'

Through the use of a third party website, industry experts have discovered a method for logging into BT Ireland's Oceanfree or IOL chat sites without registering on the system, giving them the ability to impersonate other visitors to the site. What's more, experts have found a vulnerability on the BT Ireland chat sites which reveal not only the IP addresses of other active visitors, but also host names which could be used to pinpoint the physical location of certain visitors.

Responding to questions about the vulnerability of the system, a spokesperson from BT Ireland said efforts would be made to repair the defect. However if a solution cannot be found, "we will need to review the chat servers as a viable entity," the spokesperson told ElectricNews.Net.

OMB seeks R&D on supercomputing, cybersecurity

Aliya Sternstein writes in

The Bush administration’s memo on fiscal 2007 federal research and development priorities tags high-end computing and cybersecurity R&D but hints at continued penny-pinching, policy analysts said this week.

"Agencies may propose new, high-priority activities, but these requests should identify potential offsets by elimination or reductions in less effective or lower priority programs or programs where federal involvement is no longer needed or appropriate," officials from the administration’s Office of Science and Technology Policy (OSTP) and the Office of Management and Budget jointly state in the July 8 memo.

"It's disappointing to see that the memo implies another year of flat budgets, or worse, for R&D," said Peter Harsha, director of government affairs at the Computing Research Association.

The guidance this year – and last year -- states that supercomputing should receive special attention in agency budget requests.

E-mail errors leave Harry Potter fans fuming

A Reuters newswire article, via MSNBC, reports that:

Customers who preordered the eagerly anticipated sixth installment of the "Harry Potter" saga on and were in for a shock this week when the retailers mistakenly e-mailed them to say their books might arrive later than expected.

Wal-Mart Stores Inc. rushed to calm shoppers' worries and put a recorded message on's toll-free customer service number assuring customers that the books would arrive on July 16 as promised. e-mailed customers to say its notice that books might be delayed "was sent to you in error."

Attackers Could Eavesdrop On Cisco-Routed VoIP Calls?

Via TechWeb News.

Flaws in Cisco's voice-over-Internet (VoIP) software could allow an attacker to bring down the alternative-to-traditional-telephone service, or access the server that initiates and routes Web-based calls, an Atlanta-based security firm said.

According to alerts posted online by Internet Security Systems' (ISS) X-Force research team, Cisco's CallManager sports a pair of bugs that could be "reliably exploited" by hackers. The potential result: at best a denial-of-service style crash, at worst, a situation where the attacker could redirect calls at will or even eavesdrop on conversations.

By sending specially-crafted packets to Cisco CallManager, an attacker could create a heap overflow and crash the system or gain access. ISS said that an exploit wouldn't need any help from a user, pushing the threat into a more dangerous category.

IBM officially kills OS/2

Jock McFrock the bekilted Engineer writes over on The Inquirer:

Big Blue has hammered the final nails into OS/2's coffin. It said that all sales of OS/2 will end on the 23rd of December this year, and support for the pre-emptive multitasking operating system will end on the 31st December 2006.

Not bad, it lived 20 years - but no one could ever say it had a peaceful childhood. From the days of OS/2 Presentation Manager through its switch to Warp, the OS was always be-devilled by Microsoft, which seemed to have its own agenda.

It looks like it's gone then, unless OS/2 is a bit like a corpse in an Edgar Allen Poe novel, and it's being buried while it's still alive. And it will wake up screaming in its coffin shouting "Warp! Warp!".

Australian man, ISP found guilty of piracy

Steven Deare writes in C|Net News:

Major record labels in Australia have won a legal battle against a man and his ISP for alleged music piracy.

Stephen Cooper, operator of a Web site called, was found guilty Thursday of copyright infringement by Australia Federal Court Justice Brian Tamberlin.

Although Cooper didn't host pirated recordings per se, the court found the resident of the state of Queensland breached the law by creating hyperlinks to sites that had infringing sound recordings.

This is the first such judgment against hyperlinking in Australia.

ICANN, VeriSign Will Consider Changes on .net Agreement

Via Netcraft.

ICANN and VeriSign will consider changes to the new .net registry agreement in response to a mass protest by major domain name registrars, who said the deal represented a "breach of trust" between ICANN and the registrar community. In response to a joint protest by more than 30 registrars at a Luxembourg meeting, ICANN chairman Vint Cerf announced today that VeriSign and ICANN will re-examine a provision in the agreement that lifts restrictions on the price VeriSign can charge registrars for each .net domain they sell.

"In light of the comments and the concerns from the community, VeriSign is willing to discuss reworking the fee cap provision," wrote Tim Ruiz of Go Daddy in an update to registrars. With the announcement, ICANN and VeriSign have committed to further discussions, with no guarantee of changes at this time. But the reopening of negotiations was seen as a step forward by registrars, who were concerned that changes in the fee structure in the .net agreement could set a precedent for the renewal of the .com registry, also maintained by VeriSign. But the registrars' primary grievance was that the lifting of the price cap was negotiated privately, and never mentioned in published drafts of the agreement.

Big Brother Could Be Tracking You

An article by Gregory M. Lamb of The Christian Science Monitor (of all places), via CBS Technology News, reports that:

Most of us know where we are on planet Earth — or close enough to make do. But sometimes we travel on business or for pleasure and suddenly wonder: Where am I? Or maybe we might want to know the location of a spouse, teenager, or pet.

More and more, GPS — the global positioning system — is coming to the rescue. But the satellite-based system has one big drawback: Its signals can't reach inside buildings or down into the skyscraper-lined streets of major cities, where millions of people live or work.

The result? One of the era's breakthrough technologies — tracking the location of everything from packages to cell phone users in distress — remains impractical to much of the population. Now that appears likely to change.

Racing to fill in the gaps where GPS can't reach, companies are experimenting with various wireless technologies. Solutions can't come too soon. The federal government has charged mobile-phone companies, even the ones that are Internet-based, to make their phones capable of being located when a user dials 911 for help.

Austin group complains of hack attack

Asher Price writes in The Austin American-Statesman (obnoxious, but free, registration required):

In the 1992 movie "Sneakers," Martin Bishop and his crackerjack hacking partner Cosmo infiltrate the Federal Reserve mainframe in 1969 and orchestrate a $25,000 donation from the Republican Party to the Black Panthers, as well as a generous contribution from Richard Nixon to the National Association to Legalize Marijuana.

The plot seemed far-fetched at the time. But this month, an Austin-based group called ProtestWarrior, which crashes anti-war demonstrations and produced a video that attacks Middle Eastern "Islamo-fascists," informed its members that their credit card information might have been compromised after a Chicago-based hacker cracked the site's code; ProtestWarrior claims that the hacker had intended to give donations to the American Civil Liberties Union, among other organizations.

The FBI is investigating, but no charges have been filed.

EU moves to speed up Europe's wireless Internet

A Reuters newswire article, via Yahoo! News, reports that:

The European Commission opened access to a new radio frequency that it said will speed up wireless access to the Internet in coffee shops and airports throughout Europe.

The European Commission said on Thursday it was making available part of the 5 gigahertz (GHz) band for Wi-Fi, a technology used by laptops for high-speed, wireless connections to the Internet.

The new spectrum will allow data transfer at 50 megabits per second compared with 10 megabits on the current 2.4 GHz radio band, originally used for microwave ovens.

Vonage, AT&T Top VoIP Ratings

Via ExtremeTech.

Vonage was found to be the most reliable VOIP vendor in a study released this week, with AT&T's CallVantage Service lauded as having the best voice quality.

Keynote Systems placed VOIP calls every 30 minutes on a variety of networks and services, evaluating every service for uptimes, call quality, and audio delays. VOIP calls have yet to exceed the standards and reliability of traditional POTS calls, the study found.

Vonage was found to be the most reliable VOIP vendor of those surveyed, which included AT&T CallVantage, Packet 8, Primus Lingo, Skype's SkypeOut service, Verizon, Voicewing, and Vonage, together with business DSL calls made over the AT&T, Sprint, and UUNet networks. Web site down overnight

A Reuters newswire article, via Yahoo! News, reports that:

Wal-Mart Stores Inc.'s Web site was down on Thursday morning, and a customer service representative said the site had been inoperative since Wednesday night.

A spokesperson did not immediately return a call seeking comment. A spokeswoman at Wal-Mart's Bentonville, Arkansas, headquarters could not immediately be reached. ranks as the 12th-largest Internet retailer, according to statistics compiled by trade magazine Internet Retailer.

It appears to be up now...

Criminal caught by computer game

And since we were just talking about computer games, and all of the hoopla surrounding Grand Theft Auto: San Andreas, how do you like this one? Nick Ferrell writes in The Inquirer:

Police in Taiwan managed to finger the collar of a heavily armed suspect after he went online to play computer games.

Chang Hsi-ming, was wanted for murder, illegal possession of weapons and multiple kidnappings and coppers have been tracking him for about a year.

But the task became easier when the police learnt that he had a passion for online gaming. They sniffed out his online persona, and tracked his IP address.

We don’t know which game he was playing, but when police knocked on his door for a quiet word, they brought nearly 130 colleagues and two tanks.

Even then, Chang, who is dubbed the Evil Dragon by the local press, decided to go out in the style of Butch Cassidy and the Sundance Kid. Unfortunately, it is not ‘game over’, according to the Taiwanese Evening papers, although Chang was shot in the chest and shoulder he appears to have survived and is now in hospital.

Update: Sen. Clinton seeks 'Grand Theft Auto' probe

An AP newswire article in USA Today reports that:

Sen. Hillary Rodham Clinton, who has attacked violent video games as "a silent epidemic" among children, said she wants a federal investigation into one of the most popular, "Grand Theft Auto: San Andreas."

Clinton, D-N.Y., is asking the Federal Trade Commission to probe how users of the game can access "graphic pornographic and violent content" for the game from the Internet.

In a letter dated Thursday to FTC chairwoman Deborah Platt Majoras, she also urged the agency to examine whether the game's rating of "M" for mature should be changed to an "Adults Only" rating.

The Entertainment Software Ratings Board, a self-regulatory ratings arm of the game software industry, is already investigating the issue.

New York's junior senator said it is time for the federal government to step in.

Update: Mike, over on, has posted a nice summary here.

Greek police arrest alleged Internet fraudster preying on US bank accounts

An AFP newswire article, via Yahoo! News, reports that:

Greek police have arrested a 43 year-old man suspected of lifting the bank details of US citizens over the Internet and stealing over 60,000 dollars (49,600 euros) from their accounts in the past year.

A police raid on the suspect's apartment at the port of Piraeus on Wednesday yielded some 4,000 printed pages of personal bank details downloaded from the Internet, a police source told AFP on Thursday.

The man identified by Greek media as Dimitris Kadas had been briefly jailed for credit card fraud in Houston in 1987 before being deported to Greece.

In the past 18 months, he is suspected of having preyed on the bank accounts of over 300 US citizens, and the authorities believe that he may have conducted withdrawals of over 355,000 dollars (293,700 euros).

Apple cautions after huge quarter

Dawn C. Chmielewski writes in The Mercury News (obnoxious, but free, registration required):

Apple Computer reported the highest revenue and profit in the company's history Wednesday, propelled by the soaring popularity of the iPod, the strongest Macintosh sales in four years and the introduction of the new Tiger operating system.

The Cupertino company reported a profit of $320 million, or 37 cents a share, on revenue of $3.52 billion for the fiscal third quarter ended June 25. That represents a 425 percent leap in earnings over the same period last year and a 75 percent surge in sales.

But Apple's recently announced switch to Intel microprocessors injected an element of uncertainty into the company's otherwise heady financial performance. Apple Chief Financial Officer Peter Oppenheimer warned of a flat September quarter, traditionally a period of strong back-to-school sales. He projected revenues of $3.5 billion and earnings per share of 32 cents.

"We feel that we're being prudent," Oppenheimer said. "This is our first full quarter after the Intel transition announcement and we expect to learn more in the quarter.''

Verisign buys iDefense for $40M

John Leyden writes in The Register:

Net infrastructure firm VeriSign has bought security intelligence firm iDefense for $40m in cash. iDefense's 45 employees will join VeriSign in a move designed to bolster its managed security services offering with proactive threat warning and security remediation advice.

iDefense is best known for its controversial vulnerability contributor
program, which rewards hackers for advance notification of unpublished vulnerabilities or exploit code. It's not immediately clear if the program will continue post acquisition.

Xybernaut Denied Funding For Possible Chapter 11

Ellen McCarthy writes in The Washington Post:

Xybernaut Corp., the Fairfax [Virginia] company that makes wearable computers, yesterday said it was unable to secure the financing necessary to operate under bankruptcy protection.

Last month, in preparation for a possible bankruptcy filing, the company asked an undisclosed lender to start work on the loans and paperwork that would ensure the company "debtor-in-possession" financing if it pursues Chapter 11 protection. Xybernaut also sent the lender a $125,000 deposit.

But yesterday, Xybernaut said in a filing with the Securities and Exchange Commission that the lender returned about $54,000 and declined to commit to the debtor financing.

Senators Propose Curbs on Patriot Act

Dan Eggen and Charles Babington write in The Washington Post:

Two senior members of the Senate Judiciary Committee introduced legislation yesterday that would lead to more restrictions on the government's powers under the USA Patriot Act, setting the stage for a protracted legislative battle in coming months over the controversial anti-terrorism law.

The proposal by Sens. Arlen Specter (R-Pa.) and Dianne Feinstein (D-Calif.) would scale back a law that the administration seeks to keep largely intact. But it also attracted immediate criticism from civil liberties advocates who say it does not adequately rein in the government's activities.

...and this seems like a good opportunity to mention

RFID Foes Find Righteous Ally

Keeping in step with the current RFID themes, Mark Baard writes in Wired News:

Anti-RFID activist Katherine Albrecht has a good reason for opposing radio-tagging technology: She thinks it's the Mark of the Beast.

And this is yet another opportunity for me to mention :-)

Microsoft and Marvel ink online game deal

Lisa Baertlein writes for Reuters:

Microsoft Corp. said on Thursday it won exclusive rights to develop and publish multiplayer online games starring Marvel Enterprises Inc.'s super heroes, including Spider-man, the X-men and the Hulk.

The deal covers massively multiplayer online (MMO) game titles developed for Microsoft's upcoming Xbox 360 gaming console and published by the software giant's game studio.

The deal is Marvel's first MMO pact. The first title is expected in 2008.

Wednesday, July 13, 2005

Banking regulators issue check fraud warning

Bob Sullivan writes on MSNBC:

Federal banking regulators have issued an alert about, a Web site that lets Web users initiate traditional paper check payments through e-mail. The alert follows an story in May chronicling complaints about fraudsters using the service.

At, visitors can create checks that draw funds from nearly anyone's checking account -- as long as the user has the correct bank routing number and checking account number. Those numbers are found on the bottom of every check.

In its terms of service, Qchex says it does not attempt to verify the identity of its users.

Update: UC Irvine to offer certificate program in RFID

Alorie Gilbert writes in the C|Net News RFID Blog:

The University of California at Irvine is developing a certificate program focusing on radio frequency identification, or RFID -- the electronic identification technology that's so en vogue at the moment in computer circles.

Students of the university's extension program may be able to enroll in the courses as soon as the winter quarter of 2006, according to Stefano Stefan, assistant director of business, management, legal and IT programs for the school's continuing education series.

UC Irvine may be the first college in the country - or even the world -- to offer RFID courses that don't require enrollment in an engineering school, Stefan said.

Update: Aaaaand, just about at the same time that I posted this, Peter Rojas posts this juicy tidbit at almost the same time over on Engadget:

Zapped! RFID workshop in NYC tomorrow
Posted Jul 13, 2005, 7:21 PM ET by Peter Rojas

We were a lot more excited about hitting this when we thought that Scott Baio was one of the presenters, but Preemptive Media is hosting a workshop on RFID at Eyebeam here in NYC tomorrow that’ll teach you how to build a keychain RFID detector that’ll beep every time you’re in range of an RFID tag reader.


UPDATE: Sender ID Gets Notice

Tim Gray writes in

The solution for stamping out e-mail-based scams may never be complete, but as evidenced at the E-mail Authentication Implementation Summit 2005 on Tuesday, insiders appear more resolved than ever to work together towards that goal.

The event, organized to bring together a diverse collection of e-mail analysts and providers, featured discussions and potential solutions, such as Sender ID, SPF and DKIM, to the halting Internet scourges.

As an aside, while doing a Google search for "E-mail Authentication Implementation Summit", I found this page which revals that The Direct Marketing Association (DMA) was a co-sponsor of this "summit". Draw your own conclusions.

Update: Paul F. Roberts has written a more detailed account of this meeting here. Worth a read if you are interested.

'MP3' Celebrates its Tenth Anniversary

Sachin Garg posts to /.

"The Data Compression News Blog reports that on July 14th 2005, the name "MP3" celebrates its tenth anniversary. On this day back in 1995, the researchers at Fraunhofer Institute for Integrated Circuits IIS decided to use ".mp3" as the file name extension for their new audio coding technology. Development on this technology started in 1987, in 1992 it was considered far ahead of its times, then MP3 became the generally accepted acronym for the ISO standard IS 11172-3 "MPEG Audio Layer 3" and no other coding method so far (2005) could uncrown MP3 as the popular standard for digital music on the computer and on the Internet."

Feds create new post of cybersecurity czar

Anna Broache writes in C|Net News:

A new cybersecurity czar will join the U.S. Department of Homeland Security's ranks, Secretary Michael Chertoff announced Wednesday.

The assistant secretary for cybersecurity and telecommunications will be "responsible for identifying and assessing the vulnerability of critical telecommunications infrastructure and assets; providing timely, actionable and valuable threat information; and leading the national response to cyber and telecommunications attacks," according to a press release from the 3-year-old department. No announcement has been made about who will get the job.

The new official will report to the under secretary for preparedness, one of three top-level officials who report directly to Chertoff. (Currently, the chief cybersecurity officer is a low to midlevel official further removed from the secretary.) The "preparedness" category would also include officials overseeing areas ranging from first responder training to public health to infrastructure.

European ministers promise data retention agreement

Simon Taylor writes in InfoWorld:

European Union home affairs ministers have promised that in October they will agree on a set of Europe-wide rules requiring companies to store phone call and e-mail data. The pledge was made at an emergency meeting of ministers in Brussels on Wednesday in response to the bombings in London last week which killed over 50 people.

The data rules, which have been under discussion by E.U. ministers since April last year, are highly controversial because of fears that they would infringe data privacy rules and impose excessive costs on industry.

But France's interior minister Nicolas Sarkozy on Wednesday dismissed objections that the cost of the rules would be too high. "What would cost us dear would be to have innocent victims," he said. He said that telephone records had played an important part in identifying and arresting terrorist suspects in the UK, France, Spain and Germany.

VoIP backlash in Germany?

Ben Charny writes in C|Net News:

The German unit of cell phone giant Vodafone plans to disable calls from the likes of Skype and other Net phone operators beginning July 2007.

Vodafone Germany spokesman Heiko Witzke said Wednesday that in the interim the company may reverse its policy, which came to light earlier in the week when it filed a tariff with German telephone regulators.

He wouldn't comment about why the company was taking the step, but said in an interview that "2007 is a long ways to go, anything may happen until then."

Vodafone's other 15 divisions serving nations in Europe and Asia have not enacted such a policy, according to a spokesman at Vodafone's U.K. headquarters.

The development is a sign that some cell phone operators are beginning to feel threatened by Internet telephony, just as soaring Net phone subscriber numbers start to significantly impact revenues of traditional landline operators.

ZombieAlert Scours Corporate Networks For Spam-spewing PCs

Gregg Keizer writes in TechWeb News:

A U.K.-based security firm is touting a new service that scours corporate networks for zombies -- PCs that have been hijacked without the owner's knowledge and turned into spam-spewing engines.

Sophos on Wednesday launched the alert service, dubbed ZombieAlert, that warns business, educational, and government administrators when some of the machines on their networks turn into the walking dead. So-called "zombies" account for more than half the world's spam, said Sophos.

Tracking down zombies, however, isn't easy.

Rather than monitoring systems internally for evidence of spam zombies, Sophos analyzes the millions of messages passing through its spam traps -- sometimes called "honeypots" -- traces such spam to its originating domain and IP address, then notifies customers when one of their machines is found sending spam.

Internet Archive sued over Wayback Machine

As reported in various places today, but probably best summarized over on Boing Boing:

The nonprofit Internet Archive, now nearly ten years old, is on the defending end of a bizarre copyright lawsuit.
Beyond its utility for Internet historians, the Web page database, searchable with a form called the Wayback Machine, is also routinely used by intellectual property lawyers to help learn, for example, when and how a trademark might have been historically used or violated.

That is what brought the Philadelphia law firm of Harding Earley Follmer & Frailey to the Wayback Machine two years ago. The firm was defending Health Advocate, a company in suburban Philadelphia that helps patients resolve health care and insurance disputes, against a trademark action brought by a similarly named competitor.

In preparing the case, representatives of Earley Follmer used the Wayback Machine to turn up old Web pages - some dating to 1999 - originally posted by the plaintiff, Healthcare Advocates of Philadelphia.

Last week Healthcare Advocates sued both the Harding Earley firm and the Internet Archive, saying the access to its old Web pages, stored in the Internet Archive's database, was unauthorized and illegal.

The lawsuit, filed in Federal District Court in Philadelphia, seeks unspecified damages for copyright infringement and violations of two federal laws: the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act.
Link (Thanks, Susannah Breslin)

Trial Begins Against Accused Hacker

An AP newswire article, via InternetWeek, reports that:

Four Acxiom Corp. employees told jurors Tuesday about their discovery that the database-management company's computer system had been penetrated, and how they responded.

The group testified as federal prosecutors opened their case against a Florida man accused of hacking into Acxiom Corp.'s system and downloading credit card numbers and other personal information.

Scott Levine, former chief executive of the bulk e-mail firm Inc., based in Boca Raton, Fla., faces 144 counts from a July 2004 indictment in what prosecutors described as one of the largest computer crime cases ever. Levine is accused of stealing 8.2 gigabytes of information from Acxiom, one of the world's largest database companies. The violations occurred from around April 2002 to August 2003.

The data included names, home addresses, phone numbers, e-mail addresses, bank, and credit card numbers involving millions of individuals. But prosecutors determined that no identity fraud was committed. There was, however, a sale of information to a marketing company, prosecutors say.

NYC wants to track 530,000 diabetics

This article doesn't mention privacy or security concerns, but the topic is bound to come up over such a proposed data repository.

Bob Brewin writes in Government Health IT:

The New York City Department of Health, which is dealing with an epidemic of diabetes, wants a central system for tracking 530,000 residents who suffer from the disease.

The department proposes requiring laboratories in the city to enter the results of all hemoglobin blood sugar in a central electronic laboratory system, an unprecedented but needed step, said Dr. Diana Berger, medical director of New York’s diabetes prevention and control program.

The department wants to collect the results of hemoglobin A1c tests, which measure the average level of blood sugar over several months. The information will help the department better manage the 530,000 diabetics in New York and focus on reaching out to the more than 250,000 undiagnosed cases.

Alleged hacker: U.S. defense sites poorly secured

Colin Barker writes in C|Net News:

A British man facing possible extradition to the United States says poor security was a major factor in his ability to have wandered through the IT systems of some key defense establishments.

Gary McKinnon, who is accused of hacking and causing damage to federal defense systems, also said that his actions, far from intending to cause harm, all started as an innocent attempt to prove that the U.S. Defense Department knows of the existence of extraterrestrials.

US court upholds AT&T verdict against Microsoft

Via Reuters.

A U.S. appeals court on Wednesday upheld a lower court decision that Microsoft Corp. was liable for infringing on an AT&T Corp. patent for converting speech into computer code in copies of Windows sold overseas.

The Federal Circuit Court of Appeals said that the world's largest software maker was liable for the unauthorized distribution of codec technology, used to compress speech signals into data, in copies of Windows overseas.

Last year, Microsoft settled most of the telephone company's outstanding claims, and both agreed to appeal the unresolved issue over the distribution of the technology overseas, which Microsoft said it was not liable for.

Terms of the March 2004 settlement were not disclosed.

Representatives from AT&T and Microsoft were not immediately available for comment.

Cisco Security Advisory: Cisco ONS 15216 OADM Telnet Denial-of-Service Vulnerability

Via the Cisco website.

The Cisco ONS 15216 OADM (Optical Add/Drop Multiplexer) contains a vulnerability in the handling of telnet sessions that can cause a denial-of-service condition in the management plane. Traffic going through the Cisco ONS 15216 OADM (i.e. transit traffic), is not affected when the management plane is under a denial-of-service condition. However, clearing the denial-of-service condition on the management plane requires resetting the device, which impacts transit traffic.

Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.

Vulnerable Products

Only the Cisco ONS 15216 OADM running software release 2.2.2 and earlier is affected by the vulnerability described in this advisory.

To determine your software revision, launch a TL1 session and use the RTRV-NE-GEN command at the TL1 prompt to retrieve the software version information like in the following example:

> RTRV-NE-GEN:::100;

TID-000 98-06-20 14-30-00 M001COMPLD"VENDOR=CISCO, MODEL=SOADM-1CH-1530.33,

This output shows that ONS 15216 OADM is running software release 2.0.0.

Homeland Security gets a makeover

Spencer S. Hsu and Sara Kehaulani Goo write in The Washington Post:

Homeland Security Secretary Michael Chertoff will announce a major restructuring of his 180,000-employee department today, changing how the two-year-old agency handles intelligence, sets policy and manages key law enforcement operations in response to criticism that domestic security remains unfocused and poorly coordinated.

Chertoff will realign agencies that secure the nation's skies and police its borders, replace or reassign the duties of three of five undersecretaries, and emphasize missions such as increasing national preparedness and screening people and cargo before they enter the nation, congressional and department officials said.

Many Americans will notice no immediate impact from the changes. But analysts said the restructuring could help the department better accomplish fundamental tasks such as protecting computer and financial networks, guiding local preparedness efforts, processing threat information, and identifying key private-sector vulnerabilities.

Ebbers sentenced to 25 years in prison


Former WorldCom Chief Executive Bernard Ebbers was handed a 25-year prison term Wednesday for directing the biggest accounting fraud in corporate history, leaving thousands of investors empty-handed.

CNBC and other news organizations originally reported the sentence as between 30 years and life in prison. However, Ebbers’ attorneys were allowed to speak before the final sentence was handed down and the judge ultimately decided to render a final, 25-year verdict.

UN report indicates ICANN retains position in Internet governance

Kieren McCarthy writes in The Register:

A sneak preview of the UN’s report into internet governance has revealed that ICANN will retain its position as the lead technical body for the Internet. However, the organisation’s dreams of becoming a quasi-governmental body overseeing the future of the internet have been dealt a heavy blow.

Chairman of the UN’s Working Group on Internet Governance (WGIG), Nitin Desai, spoke at ICANN’s bi-annual conference in Luxembourg this morning and said that 70 to 80 per cent of Internet governance did not concern ICANN at all.

Phishing auf Deutsch

Mikko writes over on the F-Secure "News from the Lab" Blog:

In addition to the typical phishing targets, such as Citibank, eBay, Paypal and US Bank, we've been seeing a move towards smaller markets. This is probably happening as most customers of a bank like Citibank have already received a hundred different phishing messages and will not be fooled by another one.

So phishers are doing more targeted attacks against smaller targets in order to find users who still could be fooled to respond to a phishing email.

This has resulted, for example, in a series of attacks against the German banks, with increased activity against organizations like Deutsche Bank and Postbank.

Mikko also has a screen-shot of one of the German language phish here.

Will the U.N. run the Internet?

Declan McCullagh writes in C|Net News:

An international political spat is brewing over whether the United Nations will seize control of the heart of the Internet.

U.N. bureaucrats and telecommunications ministers from many less-developed nations claim the U.S. government has undue influence over how things run online. Now they want to be the ones in charge.

While the formal proposal from a U.N. working group will be released July 18, it's already clear what it will contain. A preliminary summary of governmental views claims there's a "convergence of views" supporting a new organization to oversee crucial Internet functions, most likely under the aegis of the United Nations or the International Telecommunications Union.

At issue is who decides key questions like adding new top-level domains, assigning chunks of numeric Internet addresses, and operating the root servers that keep the Net humming. Other suggested responsibilities for this new organization include Internet surveillance, "consumer protection," and perhaps even the power to tax domain names to pay for "universal access."

Chelmsford (Mass.) suspect on the hook in cable-cutting case

Jessica Fargen writes in The Boston Herald:

A Chelmsford man allegedly tried to get rich in a snip by cutting Verizon and Comcast phone lines, then tried to get the companies to pay him to stop, prosecutors say.

Danny M. Kelly, 50, was charged yesterday in U.S. District Court in Boston with extortion. Prosecutors say he cut at least 18 cables between November 2004, and February 2005, and then turned around and sent extortion letters to Verizon and Comcast.

Reached at home last night, Kelly, a former phone company worker, accused judges of being corrupt and alleged a phone company had once stolen his money.

But he said of the charges "Of course they are not true.''

The anonymous letters asked the companies for $10,000 each month and demanded they set up a Web site to communicate with him, according to court papers.

Investigators say most of the cables were cut in Chelmsford, but others were also disabled in Marlboro, Westford, Billerica and Peabody.

(Thanks, Sean!)

Powell to Join Storied Venture Capital Firm

Jonathan Krim writes in The Washington Post:

After four decades of military and government service, former secretary of state Colin L. Powell is pursuing a new trail of business entrepreneurship.

Powell said yesterday that he is joining Kleiner Perkins Caufield & Byers, one of Silicon Valley's most storied venture capital firms, to work with young executives on leadership and help their businesses grow worldwide.

Powell, 68, will be a limited partner, remaining in the Washington area but traveling to California or teleconferencing frequently to confer with companies that receive seed funding from the firm. Like other venture capital groups, Kleiner Perkins plays an ongoing role in the management of companies in its stable.

Bank of America Adds New Online Security

An AP newswire article by Paul Nowell, via The Washington Post, reports that:

Stung by recent high-profile security breaches, Bank of America Corp. is rolling out a new online banking security system aimed at making it harder for cyberthieves to crack customer accounts.

Bank of America launched its new online security system, called SiteKey, last month in Tennessee. It is being rolled out this week in Virginia, Maryland and Washington, D.C., and should be available nationwide by the fall.

Tuesday, July 12, 2005

Yahoo! to carry live space shuttle feeds from NASA

An Reuters newswire article, via Yahoo! News, reports that:

Internet media company Yahoo Inc. will provide live Web video streams of the return of the U.S. space agency's shuttle, the first mission since the 2003 Columbia disaster, NASA said on Tuesday.

Yahoo will make official online video from the 12-day Discovery shuttle space mission available in Microsoft Corp. Windows Media format to millions of Internet users at and on Yahoo's own site.

Yahoo also will promote video from the space mission, slated to launch on July 13, throughout its heavily trafficked network of sites.

Separately, Akamai Technologies Inc. will stream the same NASA video feed via RealNetworks Inc.'s RealPlayer. That stream will be available only at the National Aeronautics and Space Administration site.

NASA said the agreements enable it to provide Internet access to the feeds at no additional cost to taxpayers.

It's Microsoft patch day: Exploits already exist...

Gregg Keizer writes in TechWeb News:

Microsoft on Tuesday released a trio of security bulletins, all tagged as critical, two for Windows, the third for older editions of Microsoft Word.

The July list of vulnerabilities and patches may be a fraction of June's even dozen, but they're no less important to patch, said Mike Murray, the director of research at vulnerability management vendor nCircle.

"All three of these are worth patching, of course," said Murray, "because even for the one where an exploit isn't yet public, one probably will be."

Judge Denies New Trial for Bernard Ebbers

An AP newswire article by Erin McClam in The Washington Post reports that:

A federal judge has denied a bid by former WorldCom CEO Bernard Ebbers for a new trial, paving the way for him to be sentenced Wednesday in the record $11 billion fraud.

Ebbers had argued the judge or prosecutors should have granted immunity to three witnesses that Ebbers contends could have helped clear him of charges related to the fraud.

His lawyers also said prosecutors unfairly prejudiced jurors by suggesting in their closing statement that there was evidence outside the trial record that proved government witnesses were telling the truth.

Cellphone Service Restored to Some Car Tunnels in NYC

Patrick McGeehan writes in The New York Times (obnoxious, but free, registration required):

Cellphone service in car tunnels to Manhattan, which was quietly disabled by transit officials last week after the terrorist attack in London, was partly restored yesterday after the mayor publicly questioned the move and after a dispute over who ordered the shutdown was resolved.

The service was restored for commuters who pass through tunnels under the East River. But those who cross under the Hudson River remained incommunicado. The antennas that allow drivers to use their cellphones in the four car tunnels that connect to Manhattan were disabled on Thursday in response to the subway and bus bombings that morning in London.

The Metropolitan Transportation Authority, which controls the two East River car tunnels, the Queens-Midtown and the Brooklyn-Battery, did not announce the move and said at first yesterday that the shutdown had been the Police Department's idea.

Email forwarding amounts to ritual gift exchange

Will Knight writes in NewScientist:

Forwarding a quirky email or an amusing link or video attachment to colleagues may seem innocent enough, but it is the modern equivalent of ritual gift exchange and carries with it similar social implications, say US researchers.

Benjamin Gross at the University of Illinois, US, and colleagues studied email forwarding behaviour by conducting informal interviews among email users. He says forwarding emails plays a vital role in constructing and maintaining modern social ties, despite the phenomenon receiving scant attention from social scientists.

UPDATE: UK SKY News: All 4 bombers thought to have died in last weeks attacks


Personal documents of four suspected bombers were found near the bomb scenes of the London terror attacks - at least one of them may have died in the strikes, police say.

The men travelled down from west Yorkshire and arrived at Kings Cross station shortly before the attacks were launched on Thursday morning.

Their images were captured by CCTV cameras.

All four attackers - not confirmed to be suicide bombers - are thought to have died in the blasts.

.AERO Seeks a New Registry

Bret Fausett writes in the ICANN blog:

Geneva, Switzerland | July 6, 2005: "Three years after the introduction of .aero, a sponsored top-level domain reserved exclusively for the world’s aviation community, and in view of the approaching completion of the agreement with the current registry operator agreement, SITA SC, the sponsor of .aero, is seeking a new registry operator."

Cisco CallManager Memory Handling Vulnerabilities

Via the Cisco website.

Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to Denial of Service (DoS) attacks, memory leaks, and memory corruption which may result in services being interrupted, servers rebooting, or arbitrary code being executed.

Cisco has made free software available to address these vulnerabilities.

Vulnerable Products

  • Cisco CallManager 3.2 and earlier
  • Cisco CallManager 3.3, versions earlier than 3.3(5)
  • Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2b
  • Cisco CallManager 4.1, versions earlier than 4.1(3)SR1

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by these vulnerabilities.

Homeland Security Department's Own IT Security Found Lacking

Larry Greenemeier writes in InformationWeek:

The Homeland Security Department's ability to protect its own data and IT systems leaves much to be desired, according to a report released Monday by the Government Accountability Office, Congress's investigative arm. Although the Federal Information Security Management Act of 2002, or FISMA, requires each government agency to create a departmentwide information-security program, Homeland Security has fallen behind in its risk assessment, security planning, security-tools evaluation, and systems inventory.

It's not clear how vulnerable Homeland Security's IT systems and data are to cyberattacks, but the GAO report points out that the department's inability to keep up with IT security policy outlined in FISMA isn't the only problem. The GAO report, dated June 17, also states that Homeland Security isn't properly using technology to help secure its IT systems. In particular, the department's Trusted Agent FISMA enterprise-management software tool is lacking in several areas, including its ability to verify data, provide an audit trail, report system weaknesses, and link to updated plans of action and milestones.

"Until DHS addresses these weaknesses and fully implements a comprehensive, departmentwide information-security program, its ability to protect the confidentiality, integrity, and availability of its information and information systems will be limited," says the report, which was compiled by GAO director of information-security issues Gregory Wilshusen at the request of Sen. Joseph Lieberman, D-Conn., ranking minority member of the Senate's Committee on Homeland Security and Governmental Affairs.

Dutch court rejects watchdog request to track down Internet pirates

An AFP newswire article, via Yahoo! News, reports that:

A Dutch court rejected a request by an Internet piracy watchdog group to force five Internet service providers to hand over personal data on people downloading large amounts of music and films.

The five Internet providers in question -- UPC (UGC), Wanadoo (France Telecom) Tiscali, KPN and Essent Kabelcom -- had refused to release the data requested by the
Brein Foundation, saying this would be a breach of privacy.

The Dutch court ruled that Brein had in fact illegally obtained personal data about the alleged Internet pirates through a US research firm, information that is better protected in the Netherlands than in the United States.

The court in the central city of Utrecht refused to grant the foundation's request for further information from the service providers.

Brein says that music and film piracy on the Internet bleeds the music, film and software industry in the Netherlands of 176 million euros (214 million dollars) a year.