Saturday, July 23, 2005

Does Macromedia Flash infringe on the privacy of it's users?

Om Malik writes in his Broadband Blog:

One of my readers, Jonathan Hirshon, sent me this email after he accidentally right-clicked on a Flash ad that happened to sneak past my ad filter to try and grab its source URL…

After checking Macromedia’s online privacy manager on my iMac, I was horrified to learn that Flash 7 (and presumably gives advertisers the option to not only capture data from your mic or video camera - but to also store data separate from your cookie files that can be read by macromedia.com (and presumably its advertisers, though I am unsure of this last point). Click the 4th tab on the privacy manager and check the ‘Website privacy settings’ and see what sites you have visited that have already stored info on you and whether they have the ability to remotely access your A/V equipment.

Now the big this Macromedia will say, well its in our privacy manager and we are not hiding anything from you. The tiniest of tiny fine print like that is most often never read by consumers. I think we need someone like Eliot Spitzer to step up and make the big tech companies spell this out in clear, and plain english in big bold letters.

Microsoft frowned at for smiley patent

Thanks to a post over on /. which pointed this out. This goes to show you just how out of whack the U.S. Patent and Trademark Office really is in handing out patents...

Ingrid Marson writes on ZDNet UK:

Various organisations have criticised Microsoft for attempting to patent the creation of custom emoticons.

The patent, which was published by the US patent office on Thursday, covers selecting pixels to create an emoticon image, assigning a character sequence to these pixels and reconstructing the emoticon after transmission.

Mark Taylor, the executive director of the Open Source Consortium, said on Friday said this is such a basic concept that he would not have been surprised to see it posted as a fictional patent on a technology site.

Humor: "RouterGod: The online news magazine for Cisco Professionals.."

Someone over in Atlanta has a great sense of humor.

Who'd have thunk it--RouterGod's celebrity lecture series
includes (among others) "Gary Coleman on Priority Queuing,"
"Charlie Manson on Floating Static Routes," and "Don King
Explains IP Extended Access Lists."

Thanks to Chris Brenton (Thanks, Chris!) for pointing out this nugget over
on the DShield list.

License-Screening Measure Could Benefit Data Brokers

Jonathan Krim writes in The Washington Post:

Congress is considering forcing states to use data brokers to help screen applicants for commercial drivers' licenses, a potentially lucrative development for an industry under scrutiny for how it handles personal information.

Under a provision of a major highway bill, state motor vehicles departments would have to establish an "information-based" authentication program before the nation's roughly 12 million commercial drivers' licenses could be issued or renewed.

The provision does not specify who should do the work. But only a handful of companies, such as ChoicePoint Inc., LexisNexis and Acxiom, have services that likely would satisfy the requirements.

The firms, which collect, buy and sell personal information on nearly all U.S. adults, package and analyze data on individuals for a variety of clients, from security and law-enforcement agencies needing background checks to companies trying to better target potential customers.

Friday, July 22, 2005

University of Colorado servers hacked

Joris Evers writes in C|Net News:

The University of Colorado has become the latest educational institution to fall prey to hackers. The school is warning about 43,000 people that they may be at risk of having their identities stolen after two of its servers were attacked, it said Thursday. One server, at the school's health center, contained the names, Social Security numbers, student ID numbers, addresses and dates of birth of about 42,000 people, the university said. Also stored on the server were the results of about 2,000 laboratory tests, the university said. The break-in was discovered on July 14. Initial investigation has found no evidence that personal data was extracted or abused, according to the university.

Security breaches appear to be a growing problem in higher education institutions. More than two dozen attacks on university servers have compromised private data during the last six months, the University of Colorado said, citing The Chronicle of Higher Education. Earlier this week, the University of Southern California said a database containing about 270,000 records of past applicants was hacked in June.

Virus Writers Adopting Stealth Strategy

Brother, ain't it the truth.

Antone Gonsalves writes in TechWeb News:

Virus writers who once favored releasing malware that would clog corporate networks by the thousands have shifted to a strategy of secrecy in which they commandeer PCs on the Internet in the pursuit of dollars instead of notoriety, a security expert said Friday.

Security firm Symantec Corp. has seen a dramatic decrease in network-damaging viruses over the last year and an increase in less destructive Trojans that quietly embed themselves into a PC.

Such viruses typically scour computers for people's personal data, such as social security numbers and passwords, and then send the information to a clandestine server, Dave Cole, director of product management for the Symantec Security Response Center, said. The data is usually sold on the black market to criminals looking to use the information to obtain credit cards or raid bank accounts.

Bill Would Tax Internet Pornography

Huh? Wha... What?

Of course, another assinine bill which thinks that U.S. laws apply to web sites outside of the United States....

An AP newswire article, via Yahoo! News, reports that:

A Democratic lawmaker is planning to propose a new 25 percent federal tax on Internet pornography and new requirements for adult Web sites to help prevent children from looking at them.

The bill, expected to be introduced next week by Sen. Blanche Lincoln, D-Ark., would impose the excise tax on transactions with for-profit adult Web sites, which typically sell monthly subscriptions to Internet users to look at pornographic photographs or videos.

Money collected from the tax would be used for law enforcement and for protecting children from Internet-related crimes.

Lincoln's spokesman, Drew Goesl, declined Friday to discuss the provisions. "We prefer to wait until the bill is introduced to discuss it," Goesl said.

IE 7 Beta May Be At Hand

Via TechWeb News.

A Windows hobbyist Web site says Internet Explorer 7 may arrive as early as next week. Microsoft is mum.

The beta of Internet Explorer 7 may show up as early as next week, if reports by a Windows enthusiast Web site are on the mark.

According to ActiveWin.com, sources say that the first beta of Longhorn, now dubbed Windows Vista, will release Wednesday, July 27. (Microsoft has only said Beta 1 of Vista will go out by August 3.)

The fact that Longhorn, or Vista, will include its own version of Internet Explorer 7 has fueled talk that the long-awaited beta of IE 7 for Windows XP SP2 -- the only other platform scheduled to receive the security and feature update -- will appear at the same time.

UK: Student's role in £250m swindle

Via the BBC.

A student who took part in a £250m computer software swindle has been given a community punishment order.

Alexandros Samras, 33, from Loughborough, Leics, took orders from customers for counterfeit software and channelled money overseas.

Southwark Crown Court was told IBM contacted a private security firm when the scam came to light.

The Athens-based partner in crime of Samras - Evangelos Volotas - is still awaiting trial in a Greek court.

New eBay phishing trick

Mark Frauenfelder writes over on Boing Boing:

Picture 8-1
(Click on thumbnail for enlargement)


"Here's a new (at least to me) eBay phishing trick. I got this email, ostensibly from an 82-year-old woman who bid on a wheelchair that she 'really needs do (sic) to my age.' When you click on the 'Respond Now' button, your browser loads a phisher's site."

NYC Subway Riders Resigned to Searches

Not my usual genre of tech news, but newsworthy nontheless. An AP newswire article by Sam Dolnick, via MyWay News:

Straphangers seemed resigned to random bag searches Friday as police across the region stepped up transit security in response to the new round of attacks in London.

"They should have done this long time ago, ever since 9/11," said stockbroker Ron Freeman, 25, who had his backpack searched Friday morning at a subway station in Brooklyn. "I don't mind if they're doing it for the right cause."

Random searches also are being conducted on buses, ferries and commuter railroads, and anyone who refuses a search won't be allowed to ride. Those caught carrying drugs or other contraband could be arrested.

Kerr named to head U.S. spy satellite office

Via the EE Times.

Donald Kerr, a former senior CIA and FBI official, was named director of the U.S. National Reconnaissance Office (NRO), the Defense Department said Friday (July 22).

NRO builds and operates U.S. spy satellites and provides reconnaissance images and data to the CIA and the Defense Department.

Kerr is an intelligence veteran and an engineer. According to his CIA profile, he holds a Ph.D in plasma physics and microwave electronics from Cornell University. He previously served as the CIA's deputy director for science and technology. He also served as assistant director of the FBI, where he was responsible for its Laboratory Division.

He also directed the Los Alamos National Laboratory from 1979 to 1985.

Update: Windows Vista Beta 1, Server will not be "Vista"

Joe Wilcox writes in the Microsoft Monitor Blog:

I double checked with Microsoft PR and the name is Windows Vista, not WindowsVista as it appeared to me in the video. Also, I'm free to reveal that the first Windows Vista beta is scheduled to release on Aug. 3.

I don't expect anything spectacular from the first beta, nor should anyone else. Microsoft will distribute Windows Vista Beta 1 to a limited number of testers, and the software will by no means be feature complete. That's not exactly surprising this far from the expected, late 2006 ship date. Right now, Microsoft is testing the guts, so to speak, working to make sure the fundamental architecture and "deep" features work as expected. The approach makes sense.

Update:
Nate Mook writes in BetaNews:

Microsoft on Friday told BetaNews it had no plans to use the "Vista" moniker for its next generation Windows Server product line, despite choosing the name for its Longhorn client. For now, Microsoft will continue using Longhorn Server for a Beta 1 release, which is due in the coming weeks.

"While we are not announcing the name for Longhorn Server at this time, we can tell you that the current plan is to follow the existing naming convention of Windows Server 2003," a Microsoft spokesperson told BetaNews. Windows Vista was announced Friday, alongside a video promoting the name.


Pollard loses appeal over life sentence for espionage

An AP newswire article, via MSNBC, reports that:

A federal appeals court Friday rejected convicted spy Jonathan Pollard's latest effort to reduce the life sentence he received for selling military secrets to Israel while working as an intelligence analyst for the Navy.

The U.S. Court of Appeals for the District of Columbia ruled that Pollard waited too long to try to contest his 1987 sentence and failed to make a convincing case that he got poor legal help.

Pollard's lawyers said they needed to see the material to rebut government arguments against any new appeal or against a request for presidential clemency.

Austrailian court stops spam man

René Millman writes in SC Magazine:

A federal court in Perth, Western Australia, has issued interim injunctions under the Spam Act against Clarity1 Pty Ltd and its managing director Wayne Mansfield to stop them from sending unsolicited emails.

The interim injunctions would apply until a further hearing on August 4, according to a statement from the Australian Communications and Media Authority (ACMA), the body who requested the injunctions.

Justice Robert Nicholson ordered that Clarity1 not send commercial electronic messages with an Australian link "to any electronic address, except where it has the prior consent, in accordance with the Spam Act, of the recipient or is otherwise permitted by the Spam Act", according to reports from our Australian sister publication, IT News.

China has 103 million Internet users, up 18% in first half of year

An AFP newswire article, via Yahoo! News, reports that:

China's Internet population grew to 103 million at the end of the June, an increase of 9.0 million new web surfers in the first six months of the year, state press said.

The increase marked an 18.4 percent rise over the same period last year, making China the second largest Internet user in the world after the United States, the China Daily said.

Despite the growing number only some 7.9 percent of Chinese households have access to the web, far below the 67 percent in the United States, the paper, citing the China Internet Network Information Center, said.

Bush creates high-level anti-piracy post

A Reuters newswire article, via CNN/Money, reports that:

President Bush has created a new senior-level position to fight global intellectual-property piracy and counterfeiting that cost American companies billions of dollars each year, Commerce Secretary Carlos Gutierrez said Friday.

Bush has tapped Chris Israel, currently deputy chief of staff for Gutierrez, to head up the administration's anti-piracy efforts. China -- where 90 percent of music and movies are pirate copies -- will be a chief priority, Gutierrez said.

Feds Launch Sex Offender Web Site

An AP newswire article, via CBS News, reports:

Information on sex offenders in 21 states and the District of Columbia is now available on an Internet site launched this week by the federal government.

Participation by states is voluntary and assistant Attorney General Regina Schofield said all state information is expected to be posted within six months.

The site does not contain any information not already made available on the Internet by each state. But it allows someone to do one search online to determine whether an individual who has been convicted in one state has moved to another.

There are more than 500,000 registered sex offenders nationwide, the Justice Department said. The recidivism rate for sex crimes is four times higher than for other offenses, according to the U.S. Bureau of Justice Statistics.

Nepal: Royal Army launches offensive in cyberspace

Via Reporters sans Frontières.

Reporters Without Borders expressed concern at an escalation in violations of freedom of expression on the Internet by the Nepalese army, under the control of King Gyanendra since 1st February 2005.

Websites have been blocked, bloggers threatened, discussion forums closed and emails increasingly put under surveillance.

"Direct and indirect censorship imposed by King Gyanendra in February 2005 has made freedom of expression on the Internet all the more crucial. But the army and the government have extended their crackdown into Nepal's cyberspace," the worldwide press freedom organisation said. "We call for the end to blocking of websites and the authorities' constant harassment of service providers".

Some 300,000 people use the Internet in Nepal and more than a dozen news sites set up by Nepal's civil society or by the Nepalese community abroad have been blocked by service providers. The most recent, www.samudaya.org and www.insn.org, were made inaccessible, on 30 June 2005, by a majority of Nepal's 16 providers, an error message appearing each time the URL is typed in for one of these sites.

A military spokesman confirmed that these sites had been blocked at a press conference in Kathmandu but said they had been accused of working for the "terrorists".

Firefox 1.1 Scrapped, 1.5 Due in September

Ed Oqwald writes in BetaNews:

The Mozilla Foundation will scrap Firefox 1.1, and instead focus on version 1.5 of the popular alternative browser, lead Firefox engineer Ben Goodger said earlier this week. The change reflects the amount of bug fixes and new features that will be included in the release.

"We've made some major improvements to the Firefox application, especially in the update and extension systems that warrant more than a minor version bump," Mozilla's Asa Dotzler said. "Calling it 1.1 would suggest to most users that this was a minor update when in fact it is quite major and all 1.0 users really should move forward for a much improved product."

Mitnick preaches social engineering awareness

Rodney Gedda of Computerworld Today (Australia) writes in InforWorld:

Properly trained staff, not technology, is the best protection against social engineering attacks on sensitive information, according to security consultant and celebrity hacker Kevin Mitnick.

"People are used to having a technology solution [but] social engineering bypasses all technologies, including firewalls," Mitnick said. "Technology is critical but we have to look at people and processes. Social engineering is a form of hacking that uses influence tactics."

During his keynote address at this year's Citrix iForum conference in Sydney Thursday, Mitnick said hackers are analyzing the "bigger picture" and are looking for the weakest link, which is "people like you and me".

Details of US microwave-weapon tests revealed

David Hambling writes in NewScientist:

VOLUNTEERS taking part in tests of the Pentagon's "less-lethal" microwave weapon were banned from wearing glasses or contact lenses due to safety fears. The precautions raise concerns about how safe the Active Denial System (ADS) weapon would be if used in real crowd-control situations.

The ADS fires a 95-gigahertz microwave beam, which is supposed to heat skin and to cause pain but no physical damage (New Scientist, 27 October 2001, p 26). Little information about its effects has been released, but details of tests in 2003 and 2004 were revealed after Edward Hammond, director of the US Sunshine Project - an organisation campaigning against the use of biological and non-lethal weapons - requested them under the Freedom of Information Act.

The tests were carried out at Kirtland Air Force Base in Albuquerque, New Mexico. Two experiments tested pain tolerance levels, while in a third, a "limited military utility assessment", volunteers played the part of rioters or intruders and the ADS was used to drive them away.

Huge spy satellite set to launch to Mars

Kelly Young writes in NewScientist:

NASA is preparing to launch the largest spacecraft ever sent to Mars. The behemoth will skim relatively close to the Red Planet's surface - beaming back more data than all previous missions combined - and scout out landing sites for future Mars missions.

The Mars Reconnaissance Orbiter (MRO) is scheduled to begin its six-month journey to Mars on 10 August 2005. It will blast off on an Atlas 5 rocket from Cape Canaveral Air Force Station in Florida, US.

Shuttle countdown set to start Saturday

Via MSNBC.

NASA engineers believe they have isolated the fuel gauge malfunction that stopped last week's countdown toward the shuttle Discovery's launch, and with Tropical Storm Franklin headed north, the launch team is set to begin a new countdown Saturday for a Tuesday launch.

Discovery's crew is returning from a brief respite in Houston while engineers fix the electrical grounding problem they now feel was the culprit.

The Great RFID Experiment That Wasn't

Fahmida Y. Rashid writes in Forbes:

You know a technology is hyped to the hilt when pundits call for a shakeout before the market has even had a chance to build. Such is the case with RFID, or radio frequency identification.

Two research firms say that customer mandates to adopt RFID have caused a premature rush to market, which has resulted in overly bullish spending forecasts and failed expectations.

Cisco to buy Denmark's KiSS for $61M

A Reuters newswire article, via CNN/Money, reports:

Cisco Systems Inc. said Friday it has agreed to acquire privately held KiSS Technology A/S, a maker of networked DVD players and recorders and other home video products, for $61 million in cash and stock.

KiSS was founded in 1994, and its products allow devices to access content on the Internet or on other devices on their home network, said Cisco, which is the biggest maker of equipment that directs traffic on the Internet.

The agreement marks the second acquisition by Linksys, the consumer networking unit of Cisco and the largest brand in residential and small business wireless network gear, and would be Cisco's eighth purchase in 2005.

Daily gapingvoid.com fix....

Via gapingvoid.com. Enjoy!

China's currency move may hurt U.S. tech

Alorie Gilbert writes in C|Net News:

China's decision to revalue its currency may play well in Washington, but it could raise hackles among Silicon Valley executives and their customers.

The government of China said Thursday that it will base the exchange rates for its yuan on a "basket" of different currencies rather than maintaining a strict ratio with the U.S. dollar, a decision that's expected to cause the yuan's value to rise. Though they did not say which currencies are in that basket, the move resulted in an immediate 2 percent appreciation of the yuan to 8.11 per dollar.

The country had long been criticized for policies that kept the value of China's currency low and exports to the United States and Europe high.

Few expect the U.S. and European trade deficits with China to change appreciably because of the revaluation, but the surprise currency-strengthening move could be a double-edged sword for the high-tech industry.

Google countersues Microsoft over researcher

An AP newswire article, via The Mercury News, reports that:

Google Inc. countersued Microsoft Corp. Thursday in a legal battle over a prized research engineer that illustrates the escalating tensions between the technology titans.

The tussle began earlier this week after Google -- the maker of the Internet's most widely used search engine -- raided Microsoft's management ranks by hiring Kai Fu-Lee to open a new research and development office in China.

Redmond, Wash.-based Microsoft, the world's largest software maker, promptly sued Google and Lee in Washington state court, alleging a noncompete agreement that the engineer signed in 2000 prevented him from defecting.

Google retaliated with its own complaint in California seeking to override Microsoft's noncompete provision so it can retain Lee. In its suit, Mountain View-based Google contends the clause violates California laws giving workers the right to change jobs.

MySQL Multiple Vulnerabilities

Secunia is reporting this morning multiple vulnerabilities which it classifies as "highly critical" in MySQL:

Description:
Some vulnerabilities have been reported in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service), or potentially by malicious people to execute arbitrary code.

1) MySQL uses a vulnerable version of the zlib library.

For more information:
SA15949

2) It is possible for malicious users to crash the server in various ways. See the vendor advisory for details.

Solution:
Update to version 4.1.13.

Provided and/or discovered by:
Reported by vendor.

Original Advisory:
http://dev.mysql.com/doc/mysql/en/news-4-1-13.html

Thursday, July 21, 2005

Longhorn to be renamed Windows Vista?

Ina Fried writes in the C|Net News Microsoft Blog:

Rumor has it that Microsoft plans to use Vista as the official name for the next version of Windows, which has been known by its codename, Longhorn.

In addition to the rumors on various Microsoft enthusiast sites, the company has also registered the domain name windowsvista.us, according to Windows watcher bink.nu.

The company won't comment, but it is expected to make some sort of Longhorn-related announcement Friday morning.

House votes to extend Patriot Act

An AP newswire article, via MSNBC, reports that:

The House voted overwhelmingly Thursday to extend the USA Patriot Act, the nation’s main anti-terrorism tool, just hours after televisions in the Capitol beamed images of a new attack in London.

As similar legislation worked its way through the Senate, House Republicans generally cast the law as a valuable asset in the war on terrorism. Most Democrats echoed that support but said they were concerned the law could allow citizens’ civil liberties to be infringed. Following more than nine hours of debate, the House approved the measure 257-171.

The bulk of the back-and-forth centered on language making permanent 14 of 16 provisions that had four-year sunset, or expiration, provisions under the original law, which Congress passed overwhelmingly after the Sept. 11, 2001, terrorist attacks.

CardSystems to Congress: We Face 'Imminent Extinction'

Caron Carlson writes in CIO Insight:

Despite a steady stream of reported data thefts this year—most recently by CardSystems Solutions Inc.—members of Congress are unable to agree on how to combat the growing threat to consumer privacy.

The roster of divergent potential solutions grew again Thursday.

"We need to do everything possible to ensure that our personal information remains privileged and protected when we make any financial transaction," said Rep. Sue Kelley, R-N.Y., chairwoman of the financial services committee's Subcommittee on Oversight and Investigation, which held a hearing Thursday to examine the CardSystems incident.

But some members remain reluctant to impose any new regulations at all, contending that the marketplace will compel security improvements.

"Government intervention may hurt," said Rep. Patrick McHenry, R-N.C. "If the marketplace is going to deal with this, let's monitor it, let's watch it."

Update2: Warning: 'iTunes' Attachment Is AIM Worm

Ryan Naraine writes in eWeek:

Anti-virus vendor Trend Micro on Wednesday issued a warning for a new computer worm infecting users of America Online Inc.'s Instant Messenger application.

The worm, identified by Trend Micro Inc. as W32/Opanki, spreads by tricking users into clicking on a file named after Apple's popular iTunes music service.

"This worm arrives as the file ITUNES.EXE," Trend Micro warned.

"Thus, users may be tricked into thinking that this worm is associated with a legitimate product."

The worm has been programmed to run on Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP and Windows Server 2003.

Update: I would highly recommend keeping an eye out for this one. It is out there "in the wild."

My cohorts and I spent most of the day today trying reduce the impact (and neutralize) this Trojan/Bot/Worm has had in a very large client network. And for a bonus, it includes it's own rootkit .dll (probably downloads it later per instruction from the C&C master) just to make things more fun. And at least one component of it (also, perhaps downloaded from a site via IRC instruction from the C&C Bot Master) does a brute-force dictionary attack on Microsoft Active Directory accounts, which lock out the legitimate user if it is unsuccessful (depending on your AD policies).

Here is what www.virustotal.com had to say about an infected executable:

This is a report processed by VirusTotal on 07/22/2005 at 01:09:35 (CET) after
scanning the file "inf3ct3d.bak" file.

Antivirus Version Update Result
AntiVir 6.31.1.0 07.21.2005 no virus found
AVG 718 07.19.2005 no virus found
Avira 6.31.1.0 07.21.2005 no virus found
BitDefender 7.0 07.21.2005 Backdoor.SDBot.57158BBA
CAT-QuickHeal 7.03 07.21.2005 Backdoor.SdBot.aad
ClamAV devel-20050712 07.21.2005 no virus found
DrWeb 4.32b 07.21.2005 BackDoor.IRC.Sdbot.based
eTrust-Iris 7.1.194.0 07.21.2005 no virus found
eTrust-Vet 11.9.1.0 07.21.2005 no virus found
Fortinet 2.36.0.0 07.21.2005 W32/SDBot.AAD-bdr
F-Prot 3.16c 07.21.2005 no virus found
Ikarus 2.32 07.21.2005 Backdoor.Win32.SdBot.AAD
Kaspersky 4.0.2.24 07.22.2005 Backdoor.Win32.SdBot.aad
McAfee 4540 07.21.2005 W32/Sdbot.worm.gen.by
NOD32v2 1.1175 07.21.2005 probably unknown WIN32 virus
Norman 5.70.10 07.21.2005 no virus found
Panda 8.02.00 07.21.2005 W32/Sdbot.EKF.worm
Sybari 7.5.1314 07.22.2005 Backdoor.Win32.SdBot.aad
Symantec 8.0 07.21.2005 W32.Spybot.Worm
TheHacker 5.8.2.074 07.21.2005 Backdoor/SdBot.aad
VBA32 3.10.4 07.21.2005 Backdoor.Win32.SdBot.aad


Let's be careful out there....

Update two: "Spying worm spreads via MSN Messenger, AIM"

Actually this sounds a bit more descriptive.

Munir Kotadia writes in C|Net News:

Microsoft's MSN Messenger and America Online's Instant Messenger services are being targeted by malicious messages containing links that could infect a computer with a Trojan horse or dangerous worm.

The latest threat is a Trojan called Kirvo, which arrives in the form of an instant message from someone on the user's "friends" list. The message contains a link to a Web site, which, if clicked on, loads a copy of Kirvo onto the computer, according to an advisory from security company Symantec. Kirvo is preprogrammed to then fetch a copy of Spybot, a dangerous worm that can take advantage of software vulnerabilities to spy on the user.

Tim Hartman, systems engineer director of Symantec in the Asia-Pacific region and Japan, said Kirvo worked in tandem with Spybot and the malware author's zombie army to seek out and infect more computers.

"All (Kirvo) does is take advantage of the user--by enticing him or her to click the link and launch the trojan," Hartman said. "Once launched, it attempts to download a variant of Spybot, which is a true worm that takes advantage of several vulnerabilities. Kirvo appears to have been developed to assist SpyBot propagation and increase the army of Spybot zombies on the Internet."

Microsoft and AOL could not be immediately reached for comment on Thursday.


News from the E-mail Authentication Summit in NYC

Bill Nussey writes on CircleID:

At The Email Authentication Implementation Summit in New York City last week, several major ISPs surprised attendees with their announcement that they are jointly backing a single authentication standard.

Yahoo!, Cisco, EarthLink, AOL, and Microsoft got together and announced they are submitting a new authentication solution, DomainKeys Identified Mail to the Internet Engineering Task Force for approval as a standard. This is big news. To date, these groups have been at odds over authentication, with each promoting their own authentication techniques. While it is likely that each will continue to support its own standard for now (Microsoft with Sender ID, AOL with SPF and Yahoo! with the original DomainKeys), we can expect that they all will begin to use this common standard over the coming years if it is adopted by the IETF.

U.K. to crack down on terrorist sites

Dan Ilet of Silicon.com writes in ZDNet News:

The British government has announced plans to clamp down on people who run Web sites that incite terrorism.

In a parliamentary speech Wednesday, Home Secretary Charles Clarke said that in going beyond the boundaries of usual national security measures, the government would have to "tread carefully" around free speech.

Clarke said: "I have decided that it is right to broaden the use of these powers to deal with those who foment terrorism, or seek to provoke others to commit terrorist acts. To that end, I intend to draw up a list of unacceptable behaviors that fall within those powers--for example, preaching, running Web sites or writing articles that are intended to foment or provoke terrorism."

New York sues Sprint, Nextel, T-Mobile on ads

Via Reuters.

The New York City Department of Consumer Affairs said on Thursday it sued three of the top U.S. mobile providers, Sprint Corp, T-Mobile USA and Nextel Communications Inc., accusing them of misleading consumers through their advertising.

The agency said it asked the New York Supreme Court to fine the companies and make them comply with New York consumer protection laws because their ad headlines did not include extra charges that were placed in smaller print footnotes.

"You can't promise a great deal in the headline and hide the true costs in the fine print," the consumer agencies' Acting Commissioner Jonathan Mintz said in a statement.

Brazilians used Orkut as drug distribution network

Via Reuters.

Brazilian police arrested 10 people on Thursday accused of selling drugs using Google's international social networking site Orkut, which is hugely popular in the Latin American country.

"We discovered the drug ring first via authorized phone tapping, and later the investigation included monitoring of their activities on the Internet," said a duty officer at the Drugs Enforcement Service in the city of Niteroi, just across the bay from Rio de Janeiro.

The officer, who declined to be named, told Reuters most of those accused were detained in Niteroi, others in Rio and one in the resort town of Buzios.


The Register: Biggest 419 bust in history

Jan Libbenga writes in The Register:

The FBI and Spanish police have arrested 310 people in Malaga, Spain in connection with a €100m bogus (email) lottery scam run by Nigerian gangs. It is the biggest 419 bust in history, and may result in drastic reductions of scam mails.

The operation, codenamed Nile, centered on a mob which operated from Southern Spain. No less than four hundred officers from the Spanish police, the FBI and the US Postal Service were involved with the investigation, which began in 2003. Officers raided 166 homes in places such as Malaga, Benalmádena, Mijas, Torremolinos and Marbella. Police seized € 218,000 in cash, 2,000 mobile telephones, 327 computers and 165 fax machines.

Besides lottery emails, they also sent over 6 million 'classic' 419 scam mails, offering rewards for people who were willing to stash away money that had been taken out of Iraq by the family of the ex-dictator Saddam Hussein or money founds in the remains of the Twin Towers after the 9/11 attacks.

The secret is out: DHS launches state-local network

Matthew Broderick? Hahahah, obviously not that Matthew Broderick.... :-)

Alice Lipowicz writes in Government Computer News:

The Homeland Security Department is deploying a new "secret" data network to pass classified information to hundreds of state and local officials, DHS officers said at a congressional hearing today.

The Homeland Security Information Network-Secret (HSIN-Secret) is an "immediate, inexpensive and temporary approach to reach state and local homeland security and law enforcement sites that can receive secret-level information," Matthew Broderick, director of the Homeland Security Operations Center, said in testimony today to the House Homeland Security Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment.

The new network is operating and will continue to do so until the DHS secret-level backbone called the Homeland Security Data Network is initiated in fiscal 2007, Broderick said.

DHS to mount major IT security exercise

Wilson P. Dizard III writes in Government Computer News:

The Homeland Security Department plans to conduct a major cybersecurity preparedness and response exercise to be called Cyber Storm in November, a department official said in congressional testimony yesterday.

Andy Purdy, acting director of DHS’ National Cyber Security Division (NCSD), described Cyber Storm as "a national exercise" during a hearing that focused largely on the work yet to be done in the cybersecurity field.

He spoke during a hearing of the Senate Homeland Security and Governmental Affairs Subcommittee on Federal Financial Management, Government Information and International Security.

According to written testimony Purdy presented, the division has worked with the Justice and Defense departments to help form the National Cyber Response Coordination Group (NCRCG).

Lost Dog Scams Bite Online Users

Via TechWeb News.

Scammers have taken a traditional double-cross played on owners of lost dogs to the Internet, a fido-finding Web site reported Thursday.

In recent years, said the FidoFinder.com site -- a dog-discovery site where owners can post rewards and finders can post notices -- people have preyed on owners of lost canines by demanding reward money for the return of a pet. In actuality, it's all a scam: the bogus bounty hunter never found the dog, but only used the information on lost dog posters to pretend.

"Unsuspecting lost dog owners have been coerced into wiring cash to individuals who promise to return their dog by flying them back home in a pet carrier only to never receive their pet or hear back from the caller," said Wes Cutshall, the founder of Fido Finder, in a statement.

The scam has now moved online, he added.

Daily gapingvoid.com fix....

Via gapingvoid.com. Enjoy!


Sony to Release Web Browser for PSP

An AP newswire article by Yuri Kageyama, via Yahoo! News, reports that:

Sony officials Thursday said the company will release a software upgrade that will let the PlayStation Portable video game system surf the Web without a cumbersome software trick.

The free software patch will be available next week in Japan, said Ken Kutaragi, chief executive of Sony Corp's game unit.

The PSP comes with a built-in antenna for wireless Internet access, but the only way to use it for surfing the Web has been to modify a limited browsing feature in the racing game "Wipeout Pure."

Sony also said it will launch a white version of the PSP, which is otherwise black. The white version will be sold in Japan only.

CardSystems' chief criticizes its exclusion by Visa

A New York Times article by Eric Dash, via The International Herald Tribune, reports that:

The chief executive of CardSystems Solutions, John Perry, has lashed out at Visa, sharply criticizing it on the eve of congressional hearings into the vulnerability of consumer data for stopping his company from processing its cardholders' transactions.

Perry said late Wednesday that he was "justifiably concerned" by Visa's decision, in his first public statement since a mid-June disclosure that more than 40 million credit and debit card accounts passing through the processor had been put at risk for fraud.

Bank branch robberies are passe

Dawn Kawamoto writes in the C|Net News Security Blog:

Three Japanese banks were the latest victims of an online heist, in which a total of $84,000 was illegally withdrawn via the use of spyware, according to Japanese media reports Wednesday.

The funds were pilfered from nine accounts spread among Mizuho Bank, eBank Corp. and Japan Net Bank, after a malicious attacker used spyware to gain eventual access to the accounts. The institutions are currently wrestling with how to compensate the customers for their losses, the report noted.

The recent incidents in Japan come as online banking increases in popularity, but bankers fear interest will be tempered by the increase in security breaches.

Mobile networks bear blast calls

Via the BBC.

Mobile phone networks are bearing the weight of calls once more as news of four blasts across London spreads.

Vodafone, the largest network, told the BBC News website that it had seen "significantly higher call volumes" than usual following the incidents.

A spokesperson said Vodafone was advising people in London to avoid making unnecessary calls, and to send text messages instead.

Police has called for anyone with mobile images or video to e-mail them.

They have asked that anyone with images relevant to the incident should send them through the www.police.uk website, or send the photos via MMS (Multimedia Messaging Service) to 07734 282 288.

While some networks are noticing the increase in call traffic others, such as T-Mobile, told the BBC News website that it was still business as usual.

A spokesperson said that it was experiencing "none of the congestion" that it had faced two weeks ago.

NASA Aims for Tuesday Shuttle Launch

An AP newswire article by Marcia Dunn, via ABC News:

NASA will try to launch Discovery on the first space shuttle mission in more than two years next Tuesday, and may press ahead with liftoff even if there's a repeat of the fuel gauge problem that halted last week's countdown.

Mission managers decided Wednesday night to bypass another fueling test of Discovery and go straight for the real thing in an effort to understand and either fix or work around the fuel gauge failure. The most probable cause is an electrical grounding problem lurking inside the spacecraft.

Their Kingdom for a PornPal

Randy Dotinga writes in Wired News:

Porn-site operators have long found that it's easy to make a buck in the online adult industry. The hard part is getting the entire $1 into your hands.

In the United States, adult webmasters typically use credit-card processors that take 10 percent to 15 percent out of each charge in return for accepting the risk of working with an industry known for its high level of "chargebacks." Those are the refunds -- a huge hassle for Visa and MasterCard -- that customers often get when they claim there's absolutely no possible way they signed up for an $80 annual membership to, say, a balloon-fetish sex site.

Now, some porn insiders think they have a better idea: Why not reduce fees by directly tapping the checking accounts of users with a billing system like PayPal?

London: Four explosions or attempted explosions confirmed at subway stations, bus

Breaking news, via MSNBC:

London's police chief Ian Blair described explosions on the city's transport network on Thursday [21 July, 2005] as the result of clearly "a very serious incident."

He told reporters there were four explosions or attempted explosions but that they appeared to be smaller than the ones which killed at least 50 people in the city two weeks' ago.

The explosions were reported at three subway stations and a bus.

Sky TV showed live footage of a double-decker bus parked by the side of the road in Hackney. In the footage, there was nobody on board or nearby and the streets appeared to have been cordoned off.

Wednesday, July 20, 2005

Fergie's well-deserved diatribe: Liz Beattie, Idiot of the Month

Arrrrrrrgh. I'm sick to death of the PC (politically correct) crowd dumbing down the english language so as not hurt people's feelings. Go ahead--create a nation of twinkies.

And it's even worse this time--the culprit is a woman named Liz Beattie, who according to the BBC, is a retired teacher. For cryin' out loud--competition is good, having a definitive measuring stick is good, being measured in a method in which the final grade is descriptive of the fact that a student is not meeting the minimum criteria to move forward in life in a successful manner IS GOOD.

Criminy.

The BBC reports that:


Teachers say no-one should 'fail'

Education Secretary Ruth Kelly has dismissed suggestions that the concept of "failure" should be removed from school in favour of "deferred success".

She said she gave the idea - which will be discussed at a teachers' conference - "nought out of 10".

The Professional Association of Teachers will be told at its meeting next week that the label of failure could undermine pupils' enthusiasm.


Do Not Call list under attack, activists say

Bob Sullivan writes in MSNBC Technology News:

They’re back. Or they might be, those pesky telemarketing calls, after nearly two years of peaceful, interruption-free dinners. That's the warning a consumer protection group is about to issue.

Legal wrangling threatens to disrupt that dinnertime quiet, according to the Electronic Privacy Information Center, which plans to present its concerns to the Federal Communications Commission later this month. Telemarketing groups are quietly mounting a campaign that would open the door to a floodgate of new calls, EPIC says, pointing to a series of requests filed with the FCC, essentially asking the agency to invalidate state laws regulating the practice.

Telemarketers deny they are trying to pry open the door to a wave of new calls. Industry representatives contend they simply want a single, national rule to follow.

Microsoft licenses Finjan security patents

Joris Evers writes in C|Net News:

Microsoft has invested in security company Finjan Software and licensed its patents that cover ways to protect systems against previously unknown security threats.

The deal, announced Wednesday, gives Microsoft a minority share in the privately held, San Jose, Calif.-based company. It enables the software giant to use ideas developed by Finjan in future products, said Nick Sears, president of Finjan in the United States.

"It covers a broad range of patents that Finjan has developed and acquired in the last nine years in the security space," Sears said. Financial details of the deal are not being disclosed.


GTA: San Andreas Rating Changed to Adults-Only

An AP newswire article by Ron Harris, via Yahoo! News, reports that:

The video game industry on Wednesday changed to adults-only the rating of "Grand Theft Auto: San Andreas," a best-selling title in which explicit sexual content can be unlocked with an Internet download.

The decision followed intense pressure from politicians and media watch groups.

The game's producer, Rockstar Games, said it stopped making the current version of the game and is now working on a new version. It said it would provide new labels to any retailer willing to continue selling the version currently on store shelves, which had been rated "M" for mature.

Rockstar's parent company, Take Two Interactive, also admitted for the first time that the sex scenes had been built into the retail version of that game — not just the PC version but also those written for Xbox and PlayStation2 consoles.

Company officials had previously suggested that a modification created by outsiders added the scenes.

Japan's First 128-bit Block Cipher 'Camellia' Approved as a New Standard Encryption Algorithm in the Internet

Via PhysOrg.com.

Nippon Telegraph and Telephone Corporation (NTT) and Mitsubishi Electric Corporation (Mitsubishi) jointly developed in 2000 the 128-bit block cipher algorithm "Camellia." On this occasion, as the first Japanese encryption algorithm, Camellia was adopted as a new standard encryption algorithm (Standard Track RFC) in three major Internet secure protocols, SSL/TLS, S/MIME, and XML. Furthermore, the deliberations by the IETF have approved addition of Camellia into IPsec protocol, and Camellia will be adopted this fall.

Edinburgh Film Festival bans cellphones — to stop piracy

Via Engadget.

If you’re planning on going to this year’s Edinburgh Film Festival, you may as well leave your cellphone at home. The festival’s organizers have instituted a ban on cellphones, and will confiscate them from anyone who brings them to the theater. While we’re as annoyed as you are when moviegoers yak on the phone during a film, that’s actually not the motivation behind the ban. Seems the Edinburgh edict is designed as an anti-piracy measure; they’re afraid 3G cameraphone-toting pirates will grab footage from the screen and release it into the wild. Sounds fairly ridiculous to us — though we have to admit that the quality of some of the bootleg films we’ve seen sold on the streets of New York isn’t much better than what you’d get with a cameraphone.

[Via MoCoNews]

N.Y. resumes cell phone service in commuter tunnels

Via Reuters.

Cell phone service was restored in two major New York commuter tunnels late on Tuesday after being shut down due to security concerns following the deadly bomb blasts earlier this month in London.

Cell phone service in the Lincoln and Holland tunnels, which go under the Hudson River to connect New Jersey and Manhattan, was cut off on July 7 following the blasts that killed more than 50 people in London.

Japanese bank puts the 'fun' into 'funds'

Via The BBC.

Injecting excitement into the faintly dreary business of using a cash machine may seem a tall order, but one Japanese bank is trying its best.

Ogaki Kyoritsu Bank is introducing fruitmachine-style games of chance which run while the ATM processes its more mundane transactions.

Get three sevens, and your withdrawal fee is waived; three golds promise a jackpot of 1,000 yen (£5; $9).

The purpose of the gimmick, says the bank's Yoshi Enami, is simply "fun".

Xbox Live Passes 2 Million Subscribers

Ed Oswald writes in BetaNews:

Microsoft announced on Wednesday that its online gaming community Xbox Live had reached 2 million subscribers, doubling its size in just one year. According to the company, the service was signing up customers at the rate of about one every 30 seconds.


Scientists worry about Pentagon’s new "ray gun"

A Reuters newswire article, via MSNBC, reports that:

Scientists are questioning the safety of a "Star Wars"-style ray gun due to be deployed in Iraq for riot control next year.

The Active Denial System weapon, classified as “less lethal” by the Pentagon, fires a 95-gigahertz microwave beam at rioters to cause heating and intolerable pain in less than five seconds.

The idea is that people caught in the beam will rapidly try to move out of it and therefore break up the crowd.

But New Scientist magazine reported Wednesday that during tests carried out at Kirtland Air Force Base in New Mexico, participants playing the part of rioters were told to remove glasses and contact lenses to protect their eyes.

In another test, they were also told to remove metal objects like coins from their clothing to avoid local hot spots developing on their skin.

Kodak, Posting Another Loss, to Lay Off 10,000 Workers

Vikas Bajaj writes in The New York Times:

Eastman Kodak said today it would lay off up to 10,000 more people because its film business was declining much faster than the company had anticipated.

The latest cuts will be in addition to the 15,000 positions it announced plans to eliminate in 2004, and come as the company, which is based in Rochester, posted its third straight quarterly loss today.

About 7,000 of the cuts will come in the manufacturing operations. The company estimates it will save about $800 million a year once the jobs are eliminated by the middle of 2007, but said it would incur $470 million in restructuring costs.

Austin, Samsung negotiations pick up steam

Kirk Ladendorf writes in The Austin American-Statesman (obnoxious, but free, registration required):

Austin is in the final stages of trying to persuade South Korea's Samsung Electronics Co. Ltd. to build another chip factory here in what would be the city's single biggest economic development project ever.

Local, state and school district officials, along with business leaders, have met with Samsung executives for several weeks to exchange information and negotiate what incentives will be offered to the company, said one person close to the discussions who requested anonymity for fear of jeopardizing negotiations.

A decision could be made in the next few weeks, the source said.

Samsung acknowledges it is investigating potential sites in Austin, China and other locations. But the company says it has not formally decided to move ahead with the plant, which is expected to cost $3.5 billion.

Feds Accuse Firms in Porn E-Mail Scheme

An AP newswire article by Ted Bridis, via Yahoo! News, reports that:

Federal regulators accused seven companies Wednesday of hiring others to send illegal e-mails with pornographic messages to tempt consumers to visit adult Internet sites.

The government said four of the firms already agreed to pay nearly $1.2 million to settle the charges, making it among the most aggressive government crackdowns on pornographic e-mail operations.

The Federal Trade Commission described the practice as "electronic flashing" and said at least some of the unwanted e-mails were sent to children. The threat of children unwittingly receiving smut in their inboxes helped drive the U.S. government to impose restrictions on sending commercial e-mails last year.

The FTC said the messages were not prominently marked "sexually explicit," did not include instructions for consumers to block future e-mails and did not include a postal address, all required under federal law.

RIP: James Doohan




"Beam me up, Mr. Scott."


Wow. I feel a deep personal loss. Thanks to Boing Boing for bringing this sad loss to our attention.

Ironically, James Doohan dies on the 36th anniversary of the Apollo 11 moon landing....


100Mbps Cable Internet by 2006

Ed Oswald writes in BetaNews:

A Finnish firm says that 100Mbps cable Internet will be possible as early as next year, thanks to its new Ethernet-to-the-home technology. Also, the cost to companies to connect customers using this ultra-fast connection is expected to be relatively cheap, meaning customers may not need to worry about rising broadband costs for more speed.

Teleste, a small company that produces broadband equipment, would have to compete with much larger firms Scientific Atlanta and Cisco. However, the company says the earliest it expects its rivals to have similar technology would be early 2007.

The Ethernet-to-the-home technology would cost cable providers between $60 and $240 to connect a new home, a figure that companies could recoup in several months of service.

F5 Networks BIG-IP / 3-DNS Three Vulnerabilities

Secunia reports:

Description:
F5 Networks has acknowledged some vulnerabilities in BIG-IP and 3-DNS, which can be exploited by malicious people to compromise a user's system.

For more information:
SA14745
SA14364

Solution:
Update to version 4.5.13 or 4.6.3.

Original Advisory:
F5 Networks:
http://tech.f5.com/home/bigip/solutions/advisories/sol4441.html
http://tech.f5.com/home/bigip/solutions/advisories/sol4447.html

Spam king surrenders his ignoble crown

John Leyden writes in The Register:

Scott Richter - the self-styled Spam King - has been dropped from an authorative list of known spammers after cleaning up his act. Richter and his OptInRealBig option were a fixture in Spamhaus's Register of Known Spam Operations (ROKSO) for years.

Since the beginning of this year, Richter switched to a confirmed opt-in mailing list business model that contrasts with his previous business activities. Richter was sued by New York State Attorney General Eliot Spitzer and brought to the brink of bankruptcy by Microsoft over allegations the he used a network of 500 compromised computers to send millions of junk emails to hapless Hotmail users. Richter denied any such wrongdoing in settling the NY lawsuit last July but he was forced to agree to stop sending deceptive emails and generally abide by the US's CAN SPAM Act.


Chinese military targeting DoD tech

Frank Tiboni writes in FCW.com:

Defense Department officials acknowledged in a new report released this week that the Chinese military is developing sophisticated communications systems and computer network operations.

The People’s Liberation Army is developing modern, integrated command, control, communications, computers, intelligence, surveillance and reconnaissance systems, the DOD report states. The Chinese military is bolstering its ability for computer network attacks, defense and exploitation, according to "Annual Report to Congress: The Military Power of the People’s Republic of China 2005."

"The People’s Liberation Army has likely established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics to protect friendly computer systems and networks," according to the report.

South Korean police nab China flash factory suspects

Dan Nystedt writes in InfoWorld:

South Korean police have arrested seven men suspected of stealing flash memory technology from Hynix Semiconductor and planning to use it in their own factory in China.

"In May we got a tip from an unidentified caller in China about some people from Hynix trying to set up a plant there, so we gave that information to authorities and they conducted the investigation," said Ahyoung Kim, a spokeswoman at Hynix, the world's third-largest memory chip maker.

The seven men are all former employees of Hynix, she said.

The group allegedly stole NAND flash manufacturing technology valued at 624.5 billion South Korean won ($600 million) from Hynix before they left the company, and had already established a company in the Cayman Islands to manage their Chinese operations.

Hynix estimates the technology took two years to develop.

Apollo 11 lunar landing anniversary




Via Wikipedia. On this day in 1969:

On July 20, 1969, while on the far side of the Moon, the lunar module, called Eagle, separated from the Command Module, named Columbia. Collins, now alone aboard Columbia, carefully inspected Eagle as it pirouetted before him. Soon after, Armstrong and Aldrin fired Eagle's engine and began their descent. They soon saw that they were "running long"; Eagle was 4 seconds further along its descent trajectory than planned, and would land miles west of the intended site. The LM navigation and guidance computer reported several "program alarms" as it guided the LM's descent. These alarms tore the crew's attention away from the scene outside as the descent proceeded. In NASA's Mission Control Center in Houston, Texas, a young controller named Steve Bales was able to tell the flight director that it was safe to continue the descent in spite of the alarms.

Once they were able to return their attention to the view outside, the astronauts saw that their computer was guiding them toward a landing site full of large rocks scattered around a large crater. Armstrong took manual control of the lunar module at that point, and guided it to a landing at 4:17 p.m. Eastern Daylight Time on July 20 with less than 30 seconds' worth of fuel left. Although it is commonly said that the first words spoken on the Moon were Armstrong's announcement that "Houston, Tranquility Base here. The Eagle has landed", they were in fact "Contact Light" said, by Aldrin as the landing probes on the Lunar Module's feet touched the surface.

UK government OK's all-encompassing database for children

Sarah Arnott writes in Computing:

The government is going ahead with plans for a central index of all children, despite concerns from MPs.

The Information Sharing Index scheme was devised following the public inquiry into the Victoria Climbié case and was included in the Children’s Bill passed in November.

The scheme will create 150 regional registers, with a 151st system to co-ordinate them.

The government responded to issues raised by the Commons Education and Skills Committee, saying it is committed to a staged approach informed by the results of the nine local authority pilots now under way.

The security implications of the plan have been highlighted by the Education Committee and the Information Commissioner.

NASA weighs options after Deep Impact's success

An AP newswire article by Alicia Chang, via USA Today, reports that:

NASA is considering an encore for its Deep Impact spacecraft, which made history earlier this month when it smashed a hole in a comet to study its frozen primordial core. While the space agency has not approved a specific future mission, it did give scientists at its Jet Propulsion Laboratory in Pasadena the go-ahead to bring the spacecraft closer to Earth's orbit for a potential mission extension.

Deep Impact planned to fire its thrusters on Wednesday to slightly change course in a maneuver that will bring it back to Earth by 2008. Then the spacecraft will switch to safe mode to conserve energy until it receives orders for a possible second mission. If left untouched, the spacecraft will drift further away.

Rival allegedly hacked doctors' answering service

An AP newswire article by Jim Fitzgerald, via Newsday.com, reports that:

The founder of a company that runs answering services for doctors tried to destroy a competitor by hacking into the firm's computer so that patients heard either a busy signal or sexual moaning when they tried to call their physicians, the Westchester district attorney said Tuesday.

Gerald Martin, 37, of Pawling, also made crank calls to his rival's employees, dispatched a moving truck to its headquarters and sent its customers forged papers indicating it was being audited by the state, said District Attorney Jeanine Pirro.

She said the case was "a fascinating example of when competition crosses the line into criminal behavior." Martin interfered with "the sacrosanct ability of a patient to call a doctor," Pirro said.

Stuart Hayman, president of the Westchester County Medical Society, said the alleged crime "could have prevented thousands of patients from reaching their physicians in emergency situations and ... could have led to further illness, injury and even death." He said each company serves more than 1,000 physicians around the country.

Pirro said one patient in California had to be rushed to an emergency room after failing to reach a doctor because of the alleged interference.

Northern Virginia municipality lets Verizon offer cable TV

Having lived and worked in Northern Virginia for many years prior to moving to Texas, this turn of events should prove interesting in the coming months.

Elissa Silverman writes in The Washington Post:

The Herndon [Virginia] Town Council yesterday agreed to let Verizon Communications Inc. begin offering cable television service, putting the small Northern Virginia city at the forefront of a developing battle between the nation's major telephone and cable companies.

By a 6 to 0 vote, the council approved Verizon's request to compete with Cox Communications Inc., which holds a monopoly cable franchise for the city of 22,000.

Though city officials said they were disappointed that Verizon rejected some of its requests -- including one that the company bury fiber-optic cables it recently strung alongside its old copper telephone lines -- they decided in the end that competition for cable service would benefit consumers.


Tuesday, July 19, 2005

Call for Homeland Security Cybersecurity Improvements

A PCWorld.com article by Grant Gross, via Yahoo! News, reports that:

The U.S. Department of Homeland Security needs to develop a recovery plan for widespread attack on the Internet, and it needs stable leadership in cybersecurity, a government investigator told a U.S. Senate subcommittee today.

While DHS can track Internet threats, it doesn't have an Internet recovery plan or a national cybersecurity threat assessment, David Powner, director of IT management in U.S. Government Accountability Office, told a subcommittee of the Senate Homeland Security and Governmental Affairs Committee. DHS is making progress but more work needs to be done, he said.

Juniper records profitable Q2

Jim Duffy writes in NetworkWorld:

Juniper this week posted 61% increase in second quarter revenue and a profit of $89 million.

Revenue was $493 million for the quarter. Earnings reversed a $12.6 million GAAP loss for the same period a year ago, but were 2 cents per share shy of analyst expectations, according to Thomson First Call.

Serious security research with a bit of comedic spice

You know, some of the best geek humor comes across in the musings and observations on mailing lists. Frank Knobbe sent this missive tonight to the DShield general discussion mailing list. It warms my heart to see that geek humor is alive and well. Thanks for the smiles, Frank. :-)


Frank wrote:

Frank Knobbe frank at knobbe.us
Tue Jul 19 23:38:58 GMT 2005

Earlier today, Dan Kaminsky was conducting a version.bind scan from his
servers at the doxpara.com domain. The probes are being sent from
infrastructure-audit-1.see-port-80.doxpara.com. The web page there
explains what is being probed.

However, at the moment I'm picking up packets that contain data in TCP
Syn packets during his Web server probe runs. The data reads:

"Hello, this packet is a being sent as part of research project being
conducted by Cisco Systems' Critical Infrastructure Assurance Group.
This is NOT malicious activity. For more information, please contact
Mike Schiffman: mschiffm at cisco.com..."

Maybe others don't find this is funny, but I think this is hilarious. I
always enjoy probes that introduce themselves in such a friendly
manner :)

Dan, if you are reading this, perhaps the next series of probes could
contain some packet-monkey jokes or perhaps some tidbit of wisdom? How
about including some RSS feeds in your probes or something else to
brighten up the day?

Cheers,
Frank

European lawmakers mull Net policies

Anne Broache writes in C|Net News:

Seven members of the European Parliament traveled to Washington, D.C., this week to mull over policies related to the Internet and the international digital economy. Topics of discussion ranged from intellectual property rights, spyware and spam to Internet governance and telecom industry regulations. Since Monday, the European policy-makers have visited the Federal Trade Commission and the Commerce and Justice Departments. Before departing the nation's capital on Thursday, they will hobnob with members of Congress and officials from the Federal Communications Commission and State Department.

The visiting lawmakers, who represent primarily the United Kingdom but also Germany and Hungary, belong to the European Internet Foundation, the overseas counterpart to the Congressional Internet Caucus, both of which work to shape Net-centric public policy. The two groups meet twice per year, once in the United States and once overseas, said Danielle Yates, a representative for the Congressional Internet Caucus. On this visit, Yates said, the European visitors are looking to "solidify the need for deeper discussions" about global Internet regulatory issues.