Saturday, July 30, 2005

Tenth planet discovered in outer solar system

This is something I provided a link to yesterday--Jeff Hecht provides a few additional details in an article in NewScientist:

Astronomers have found a tenth planet, larger than Pluto and nearly three times farther from the sun as Pluto is today.

Temporarily designated 2003 UB313, the new planet is the most distant object yet seen in the solar system, 97 times farther from the sun than the Earth. It also is the largest body yet found orbiting in the Kuiper belt, the group of icy bodies including Pluto which orbit beyond Neptune.

Like Pluto, 2003 UB313 is covered by methane ice, and at its present distance is chilled to just 30°C above absolute zero, says Mike Brown, the Caltech astronomer who announced the discovery on Friday. The sleep-deprived father of a three-week-old daughter, Brown said the discovery was "almost as exciting as having a new baby."

Pluto was the only object known in the Kuiper belt until 1992, but since then astronomers have spotted hundreds more faint, icy bodies with orbits beyond Neptune. Five years ago, Brown's group began a systematic search for big Kuiper belt objects, which earlier yielded Quaoar - about 800 miles in diameter - and Sedna, previously the most distant object known at 91 times the earth's distance.

NASA extends Discovery mission by a day

An AP newswire article, via MSNBC, reports:

Two spacewalking astronauts armed with caulking guns, putty knives and foam brushes practiced fixing deliberately damaged shuttle heat shields Saturday, as NASA extended what could be its last trip to the space station for a long while.

With future shuttle flights grounded because of Discovery’s fuel-tank foam loss during liftoff, mission managers decided to keep the crew at the international space station an extra day to haul over surplus supplies and help with station maintenance.

It could well be next year before the foam problem is fixed and a shuttle returns to the space station.

Daily gapingvoid.com fix....

Via gapingvoid.com. Enjoy!

Critics Squeeze Cisco Over China

Kevin Poulsen writes in Wired News:

Internet equipment maker Cisco Systems is fighting a shareholder action that urges the company to adopt a comprehensive human rights policy for its dealings with the Chinese government, and with other states practicing political censorship of the internet.

A shareholder resolution filed last May by the Massachusetts-based investment group Boston Common Asset Management calls for Cisco to add human rights considerations to the criteria it uses to certify resellers.

"What we want is for them to be a better company, to ensure that their reputation is not in jeopardy and to have the processes in place to prove that they are not complicit in the abuses that are occurring around the world through the use of technology," says Dawn Wolfe, a social research and advocacy analyst at the firm, which prides itself on its socially responsible investments.

A report from the OpenNet Initiative watchdog group last April singled out Cisco for allegedly enabling the Chinese government's notorious "Great Firewall," a filtering system that prevents Chinese netizens from visiting websites that criticize the government.

A Hacker Games the Hotel

Kim Zetter writes in Wired News:

A vulnerability in many hotel television infrared systems can allow a hacker to obtain guests' names and their room numbers from the billing system.

It can also let someone read the e-mail of guests who use web mail through the TV, putting business travelers at risk of corporate espionage. And it can allow an intruder to add or delete charges on a hotel guest's bill or watch pornographic films and other premium content on their hotel TV without paying for it.

Adam Laurie, technical director of the London security and networking firm The Bunker showed Wired News how he conducted such attacks at hotels around the world before he was to speak about the vulnerability Saturday at the DefCon hacker conference in Las Vegas.

Laurie is known as Major Malfunction in the hacker community. He also revealed how infrared used for garage door openers and car-door locks could be hacked, using simple brute force programming techniques to decipher the code that opens the doors.

Boing Boing: Mike Lynn presentation mirrors and legal fund

Cory Doctorow writes over on Boing Boing:

You-all have come through with many, many mirrors for Mike Lynn's controversial Black Hat presentation in which he quit his job, described critical vulnerabilities in Cisco equipment and got sued by his employer, the candyasses at ISS. See the end of the post for lots of links -- the paranoid among you can verify mirrors via this MD-5 hash: 559942447c88086fa1304c38f9d0242c.

There's a legal-defense fund for Lynn that's gearing up now. Paypal your donations to Abaddon@IO.com. Money that is collected and not used will be donated to EFF.

Fifteen arrested in multinational 'phishing' scam

An AFP newswire article, via Yahoo! News, reports that:

Argentine authorities have detained 15 people, including a Spanish national, in connection with a multi-million euro (dollar) online banking fraud, the Spanish interior ministry said.

The Spaniard was one of 15 people arrested amid allegations of "phishing", or making illegal use of online account holders' details, following a police operation in the Spanish cities of Madrid, Barcelona, Palencia and Valencia and Santa Fe in Argentina, the ministry said.

The 23-year-old Spaniard, an information technology expert nicknamed "Tasmania", was already the subject of 14 arrest warrants.

The other suspects hail from Argentina, Italy and Romania, the ministry said, adding that house to house searches had turned up a wealth of information related to the case, covering some 150 bank accounts.

Worm poses as pirated 'Grand Theft Auto'

Dawn Kawamoto writes in C|Net News:

A worm that targets gamers is making the rounds, tapping into popular titles and peer-to-peer file sharing, a security company has warned.

The worm, Hagbard.A, tries to disguise itself on peer-to-peer networks as pirated downloads of the popular games titles "Grand Theft Auto: San Andreas," "Need for Speed Underground 2" and 400 other programs, Sophos said in an advisory released on Friday.

The downloaded program will copy itself to the file-sharing folder on the compromised PC and attempt to spread using the Windows Messenger. An instant message sent to others on the service contains a link to the worm and reads: "please download this...its only small brb."

More legal threats over Cisco flaws

Joris Evers writes in C|Net News:

In an apparent attempt to keep a presentation on Cisco Systems' router flaws off the Web, a lawsuit was threatened against a person who made details of the flaw available online.

Richard Forno, a security specialist and author, said in an e-mail that he received a cease-and-desist letter from lawyers representing Internet Security Systems. He subsequently pulled the presentation from his Infowarrior.org Web site and replaced it with a fax he said came from the law firm of Piper Rudnick Gray Cary, counsel for ISS.

An ISS representative could not immediately confirm late Friday that the company had asked its lawyers to take action against Web sites hosting the presentation. A Cisco representative said that although Cisco is working with ISS in the matter, he was told that ISS was sending out the takedown notices.

The presentation appears to be an early version of the slide-deck used by security researcher Michael Lynn on Wednesday morning at the Black Hat security confab in Las Vegas for his talk: "The Holy Grail: Cisco IOS Shellcode and Remote Execution."

Friday, July 29, 2005

Black Hat: Cisco vulnerability posted to Internet

Robert McMillan writes in InfoWorld:

One day after a security researcher and organizers of the Black Hat USA conference agreed not to post details of vulnerabilities in Cisco Systems Inc.'s router software, the information has been published on the Internet.

On Friday, the Web site Cryptome.org posted what appear to be slides written to accompany a presentation given by former Internet Security Systems Inc. (ISS) researcher Michael Lynn, at the Black Hat conference in Las Vegas. The slides had been published in conference materials for the show, but after a last-minute decision by ISS to cancel the presentation, they were literally ripped from the Black Hat books.

Conflicting Testimony At Senate Hearing

A Variety.com article by William Triplett, via Forbes Technology News:

The U.S. Supreme Court's recent decision on illegal online file-sharing is either crystal clear or perilously vague, according to conflicting testimony before a somewhat bizarre Senate hearing Thursday.

After hearing witnesses discuss the potential impact of the Grokster decision on future technological innovation—the stated purpose of the hearing—Senate Commerce Committee members demanded to know what the online industry is doing to protect intellectual property and stop pornography.

Cisco Comes Clean on Extent of IOS Flaw

Ryan Naraine writes in eWeek:

Cisco Systems Inc. on Friday confirmed that a security hole in its Internetwork Operating System could be exploited by remote attackers to execute arbitrary code.

The routing and switching giant's confirmation comes just days after details on the extent of the flaw were released at the Black Hat Briefings here by former Internet Security Systems Inc. researcher Michael Lynn.

Lynn's dramatic presentation caused quite a stir and prompted Cisco and ISS to file an injunction and temporary restraining order to block the further dissemination of information on the IOS flaw.

Nigeria to host talks on spam crackdown

Anne Broache writes in the C|Net News Security Blog:

Just weeks after a Nigerian court convicted a woman in a massive e-mail scam case, the African nation will discuss spam and cybercrime solutions at a national seminar on economic crime. The four-day event, which begins Aug. 6, will take place at the Abuja headquarters of the Economic and Financial Crimes Commission, a government-sanctioned agency created in 2003 to "crack down on fraudsters," according to its Web site.

Jonathan Rusch, the U.S. Department of Justice's special counsel for fraud prevention, is scheduled to speak on the last day of the conference about transnational "challenges in investigating and prosecuting telemarketing fraud, spamming and identity theft." A panel on cybercrime and national security is slated to follow his remarks.

Asian security group launches Internet site to share intelligence

I wonder how long it will be before this site is pwn3d? ;-)

An AFP newswire article, via Yahoo! News, reports that:

Asia's main security forum meeting in Laos launched a partially-restricted website that will enable its 25 members to share sensitive intelligence information related to tackling terrorism.

The ASEAN Regional Forum's website (www.aseanregionalforum.org), backed by US financial support, has a section available to the public and another accessible only to its members, ASEAN officials said.

It is intended to facilitate a quick exchange of intelligence information, they said.

Attacks this month in London and the Egyptian resort of Sharm el-Sheikh have reinforced the need "to increase the frequency and quality of intelligence exchanges to make sure that we're much better coordinated," Foreign Minister Alexander Downer said on the sidelines of the ARF meeting.

ARF groups the 10 members of the Association of Southeast Asian Nations (ASEAN) with Australia, Canada, China, East Timor, the European Union, India, Japan, Mongolia, New Zealand, North Korea, Papua New Guinea, Pakistan, Russia, South Korea the United States.

German court curtails news site's links

Anne Broache writes in the C|Net News Media Blog:

A German tech news web site is free to report on software that can crack copy-protection mechanisms on DVDs, so long as the story doesn't include a link to the software vendor's homepage, an appeals court in Munich has ruled.

Heise online in January published an article describing and linking to the maker of a program that claimed it could lift copy-protection from DVDs. Eight music companies then sued Heise, alleging that the report violated a chunk of German copyright law that bans, among other things, advertisement of tools to hack copy-protection.

Freedom of the press protects Heise's right to report on such software but not its right to link to the goods, a lower court ruled in March. The appeals court upheld that decision, holding that linking to "a portal where illegal activity takes place" is going too far, and refused to hear either side's appeals.

Large New World Discovered Beyond Neptune

Robert Roy Britt writes on Space.com:

A newfound object in our solar system's outskirts may be larger than any known world after Pluto, scientists said today.

It also has a moon.

Designated as 2003 EL61, the main object in the two-body system is 32 percent as massive as Pluto and is estimated to be about 70 percent of Pluto's diameter.

Other news reports that the object could be twice as big as Pluto are false, according to two astronomers who found the object in separate studies and another expert who has analyzed the data.

If the mass is only one-third that of Pluto, then theory holds that it can't be larger than Pluto, according to Brian Marsden of the Minor Planet Center, which serves as a clearinghouse for data on all newfound objects in the solar system.

Update: Michael Lynn's controversial Cisco security presentation

A couple of noteworthy developments in this saga this morning...

First, a pointer to a copy of the purported presentation that Michael Lynn (formerly of Internet Security Systems) gave at Black Hat earlier this week on Cisco's critical vulnerabilities ("The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques") showed up on Boing Boing.

Secondly, if this topic interests you, you should really read some comments by Bruce Schneier on this whole mess.

Update: Now the FBI is investigating Lynn for criminal wrongdoing? What's up wit dat?

Kim Zetter writes in Wired News this morning that:

The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical systems supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of the routers.


Prosecutors: CIA agents left trail in Italy

Also related to cell phone "insecurities" are a few interesting comments by Bruce Schneier on a related topic. Definately an eye-opener.

An AP newswire article, via CNN, reports that:

It wasn't their lavish spending in luxury hotels, their use of credit cards or even frequent-flier miles that drew attention. Instead it was a trail of casual cellphone use that tripped up the 19 purported CIA operatives wanted by Italian authorities in the alleged kidnapping of a radical Muslim cleric.

Italian prosecutors who have obtained arrest warrants for the 19 -- none of whom are believed to be in Italy -- presented evidence that the suspects used at least 40 Italian cell phones, some in their own names.

Experts say that either they were bumbling spies, or they acted with impunity because Italian officials had been informed of their plan -- a claim the government of Premier Silvio Berlusconi has publicly denied on several occasions.

Niger's nomads e-mail appeals for aid

No -- apparently this is not a 419 scam. :-)

An AP newswire article, via CNN, reports that:

Niger's Tuareg and Fulani herdsmen live as if in another century, without electricity or running water, roaming the remotest regions to find pasture for their cows.

But when the hunger crisis that has devastated Niger reached them, they found a 21st century way to call for help: They sent an e-mail -- and say donors responded with cash the nomads used to buy food for their families and their cattle.

Today is System Administrator Appreciation Day




Be sure to thank your hard-working system admins today, System Adminstrators Appreciation Day.

Or better yet take 'em to lunch, :-)


DHS Chief Calls for Reverse Manhattan Project

David Needle writes in internetnews.com:

Technology is a crucial tool in the fight against terror, Homeland Security Chief Michael Chertoff told a Silicon Valley audience Thursday. "There is no element more important than technology [to our safety]."

In line with his assertions, Chertoff said the Administration is asking Congress to approve the new position of Assistant Secretary for Cyber and Telecommunications Security.

Chertoff said the new Assistant Secretary will play an integral role in working with technology companies to improve the safety of the country's infrastructure. As one example, Chertoff said, "We have to unleash private industry to help improve our border security."

The security chief said a nuclear attack on this country would be "uniquely damaging." He said President Bush supports a "reverse Manhattan project for the 21st century" designed to invest in nuclear detection technology.

Car computers at risk as viruses go mobile

Scare tactics? Or valid concern about Bluetooth connected devices?

A Reuters newswire article, via MSNBC Technology, reports that:

Here's a new excuse for not getting to work on time on a Monday morning: My car caught a virus.

Car industry officials and analysts say hackers' growing interest in writing viruses for wireless devices puts auto computer systems at risk of infection.

As carmakers adjust on-board computers to allow consumers to transfer information with MP3 players and mobile phones, they also make their vehicles vulnerable to mobile viruses that jump between devices via the Bluetooth technology that connects them.

Phishers Steal Trust from eBay Sign In Pages

Via Netcraft.

Fraudsters have exploited a flaw in the eBay web site that allows them to orchestrate phishing attacks using eBay's own Sign In page.

Registered users of eBay's popular online auction web site must sign in using a username and password in order to participate in bidding and listing of items. A new style of phishing attack reported through the Netcraft Toolbar community shows fraudsters exploiting flaws on the Sign In page and on another ancilliary page which results in victims being redirected to the fraudster's phishing site after they have logged in.

This particular attack starts off like many others, by sending thousands of emails that instruct victims to update their eBay account details by visiting a URL. However, that is where the similarity ends, because the URL in this case actually takes the victim to the genuine eBay Sign In page, hosted on signin.ebay.com. By including special parameters at the end of the URL, the fraudster has changed the behaviour of the Sign In page so that when a user successfully logs in, they will then be sent to the fraudster's phishing site via an open redirect hosted on servlet.ebay.com.

The Swedish keep sharing

Jan Libbenga writes in The Register:

A new law in Sweden banning the sharing of copyrighted material doesn't appear to have had any effect, Swedish ISP's say.

Niklas Jakobsson, an engineer at Netnod, Sweden's biggest internet hub, told the (free) newspaper Metro that the law hasn't influenced the traffic passing through the company's systems. However, the managing director at download company Inprodicon, says he sees a significant rise in legal downloads.

The law, which went into effect on 1 July, implement long-overdue provisions of the European Union Copyright Directive (EUCD) of 2002. It also bans technology and software such as P2P file-sharing programmes, including Kazaa and E-Donkey.

Australia Outlaws 'Grand Theft Auto'

The story... that... wouldn't... die...

An AP newswire report, via Yahoo! News, reveals:

Australian officials effectively banned the computer game "Grand Theft Auto: San Andreas" and ordered it removed from stores Friday because it contains hidden sex scenes that can be viewed with a special Internet download.

The Office of Film and Literature Classification said in a statement it had outlawed sales of the game by stripping it of its official classification after learning of the explicit content.

"Revocation of a classification means the computer game cannot be legally sold, hired, advertised or exhibited in Australia from the date the decision is made," the statement said.

Cisco Security Advisory: IPv6 Crafted Packet Vulnerability

Via the Cisco website.

Summary

Cisco Internetwork Operating System (IOS®) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.

Cisco has made free software available to address this vulnerability for all affected customers.

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.

Thursday, July 28, 2005

Thousands Expected To Attend In-Person Graduation Ceremony For On-line Degrees

Wow. I don't know why I'm shocked, I just am... :-)

But given the fact that more Computers Science degress are earned through Strayer University and DeVry Institute of Technology than any other university system in the U.S., I shouldn't be surprised at all.

Marianne Kolbasuk McGee writes in InformationWeek:

Although they completed their coursework via the Internet, more than 3,700 students from across the world are expected to travel to Phoenix, Ariz., to attend graduation ceremonies of the University of Phoenix Online Friday and Saturday.

The record number of students attending this year’s graduation ceremonies at the America West Arena, home of the Phoenix Suns basketball team, earned undergraduate, graduate, and doctoral degrees from the online school over the last 12 months.

This year, approximately 155,000 students are attending online classes offered by the University of Phoenix Online, says its CEO Brian Mueller. Among the most popular degree programs at the school are business, management, IT, health care, and education, he says.

Senate Approves Sexual Predator Registry

An AP newswire report, via Yahoo! News:

The Senate voted Thursday to set up a national sex offender database that would be available on the Internet and require strict monitoring of high-risk sex offenders for a year after their release from prison.

The legislation, sponsored by Sen. Byron Dorgan (news, bio, voting record), D-N.D., is known as "Dru's Law" for Dru Sjodin, a 22-year-old University of North Dakota student who was abducted from a shopping mall and killed in 2003.

Senators approved the bill by voice vote. An identical version is pending in the House Judiciary Committee.

Oracle vs. the hackers

I have to say, this entire issue inflamed me beyond belief. And I'm happy to report that I was the first person to provide a feedback comment in the original commetary article on C|Net News by Oracle's Chief Security Officer, Mary Ann Davidson. Spin, spin, spin.

Ah. But here's some backup..

Mike Yamamoto writes in C|Net News Blogma:

As the annual Black Hat security conference takes place in Las Vegas this week, a certain opinion piece published on News.com is being kicked around in the blogosphere--and I do mean kicked.

The column, written by Oracle's chief security officer, defends corporate security efforts and takes to task some of the "security researchers" (aka hackers) who expose flaws in software manufactured by her company and others. Needless to say, the criticism has been less than welcome in many circles.

Already this week, security researchers at Black Hat are planning to discuss flaws in Oracle software. It will be interesting to see if more bugs are found in Oracle products as the column makes the rounds, especially given the company's boastful claims of "unbreakable" software in years past.

Microsoft Gets Win Over Google

An AP newswire article, via CBS SciTech News, reports that:

A former Microsoft Corp. executive who defected to Google Inc. cannot immediately perform the job Google hired him to do, a judge ruled Thursday, saying Microsoft has a well-grounded fear that leaked trade secrets could hurt its business.

King County Superior Court Judge Steven Gonzalez granted a temporary restraining order barring Kai-Fu Lee from working at Google on any product, service or project similar to those he worked on at Microsoft, including Internet and desktop searching technology.

A Google lawyer asked for a more specific list of tasks Lee can and cannot perform. Microsoft said it would provide the court with a recommended list by Monday.

U.N. Not Seeking to Govern Net

Via Red Herring.

The United Nations’ recent examination of Internet governance does not portend a wholesale shift of control to the international body, the chief of the working group parsing the issue said Thursday.

"Our mandate was not a proposal for sweeping regime change," said Markus Kummer, executive coordinator of the U.N. Working Group on Internet Governance (WGIG). The group released a report July 14 that called for more international oversight in the operation of the domain-name system (DNS) for Internet addresses. Mr. Kummer made his remarks at a meeting sponsored by the Internet Governance Project at Syracuse University.

Planting trees may create deserts

Yeah, you read it right the first time. Listen up, tree-huggers...

Fred Pearce writes in NewScientist.com:

Planting trees can create deserts, lower water tables and drain rivers, rather than filling them, claims a new report supported by the UK government.

The findings - which may come as heresy to tree-lovers and most environmentalists - is an emerging new consensus among forest and water professionals.

“Common but misguided views about water management,” says the report, are resulting in the waste of tens of millions of pounds every year across the world. Forests planted with the intention of trapping moisture are instead depleting reservoirs and drying out soils.

The report summarises studies commissioned over the past four years by the Forestry Research Programme, funded by the UK government’s Department for International Development.

Israel plans high-tech fence

An AP newswire story, via The Globe and Mail, reports that:

Israel is increasing security at its border with the Gaza Strip in anticipation of next month's withdrawal, the army said Thursday, disclosing details of a high-tech complex to ring the coastal strip with what it hopes will be the world's most impenetrable barrier.

The barrier system will surround Gaza with fences, electronic sensors, watchtowers mounted with remote-control machine guns, and hundreds of video and night vision cameras, the military said.

Senators Grill P2P Providers

Michael Grebb writes in Wired News:

Anyone who thought the Supreme Court's Grokster decision would get Congress off the peer-to-peer industry's back might want to think again.

In June, the court held that P2P companies can be held liable for copyright infringement of their users under certain circumstances, but key U.S. Senators suggested Thursday that the decision might not have gone far enough.

At a hearing of the Senate Commerce Committee, lawmakers warned P2P industry leaders to do more about piracy on their networks or face potential legislation that could restrict P2P usage.

Honeynets expanding their capabilities

William Jackson writes GCN.com:

A global consortium of cybersecurity researchers has released a new tool to make it easier to track and analyze the activities of hackers.

The tool, released in May by the Honeynet Project, is a honeynet gateway called "Roo" and is available as a free download.

A honeypot is a baiting system built to be compromised by hackers and monitored to observe their activities. A honeynet is a collection of honeypots. The Honeynet Project is a volunteer organization developing and using open-source tools to expand the use and awareness of honeynets and their capabilities in identifying online threats.

Canada: Phone firms unite to fight VoIP ruling

Tim Lai writes in The Globe and Mail:

Canadian phone companies banded together Thursday in an effort to get Ottawa to overturn a decision regulating local Internet-based phone services.

Executives from Aliant Inc., Bell Canada Inc., SaskTel and Telus Corp. told a press conference they have petitioned the cabinet to reverse a May 12 Canadian Radio-television and Telecommunications Commission ruling that would regulate voiceover Internet protocol (VoIP).

The decision prevents large telecom companies from cutting prices to keep rivals out of the business. Prices established by cable companies and new VoIP firms would not be regulated under the CRTC ruling.

IE7 nukes Google, Yahoo! search

Andrew Orlowski writes for The Register:

Microsoft's Internet Explorer 7 went on a limited beta release today and contains a nasty surprise for some users.

Users with search toolbars from Yahoo! and Google have discovered that these vanish. Other third-party toolbars designed to block pop-ups or aid with form filling appear to be working normally, according to reports from Reg readers.

IE7 integrates search into the browser, but the only option is Microsoft's own MSN Search. There are sound compatibility reasons for Microsoft disabling third-party toolbars in an early cut of the software. The beta is only available to Vista beta testers, and is available either as part of Vista itself or as a download for Windows XP Service 2, and affects only a few thousand people.

Daily gapingvoid.com fix....

Via gapingvoid.com. Enjoy!


Investors Warned About Online Accounts

Via TechWeb News.

The National Association of Securities Dealers on Thursday warned investors against using public Wi-Fi connections for accessing online accounts, saying that they pose additional risks of confidential information being stolen by cyber criminals.

The NASD, based in Washington, D.C., issued two formal alerts, one for investors and the other for brokerage firms, offering guidance for protecting personal information.

"The Internet makes life a lot easier for investors on the go, but it also presents them with new and serious security concerns," Robert R. Glauber, NASD chairman and chief executive, said in a statement. "Investors have the responsibility to be vigilant when doing business on-line. But firms also have the responsibility to have the right policies and procedures in place to protect investor records and information."

Memo to IT security: Think globally, act immediately

William Jackson writes in GCN.com:

IT security is more complicated than packets, bytes and bits, a former White House adviser told security experts gathered this week for the Black Hat Briefings conference.

The economic, political and possibly even military consequences of a cyberattack extend beyond its immediate impact on networks and systems, said Bryan Cunningham, now a principal at the Denver law firm Morgan & Cunningham. In a worst-case scenario, a cyberattack launched against another country by a third party from compromised computers inside the United States could be construed as an act of war on the part of the United States.

"We could be backed into a real shooting war, theoretically," Cunningham said.

He added that the likelihood of such an event probably is not great.

"I don’t want to create a sense of panic or say this is likely to happen," Cunningham continued. But other countries have acknowledged they are developing cyberwarfare capabilities, and terrorist groups have demonstrated an interest in acquiring these skills. "Knowing this, you have to start assuming it can happen. You need to hope for the best but plan for the worst."

Planning for the worst was part of Cunningham’s job as a CIA officer and deputy legal adviser to the National Security Council for more than two years under Condoleezza Rice. He drafted portions of the Homeland Security Act — "the good parts," he says — and contributed to the 2003 National Strategy to Secure Cyberspace. He said the government is taking the threat of cyberwarfare seriously.

Senate moves toward new data security rules

Anne Broache and Declan McCullagh write in C|Net News:

U.S. politicians signaled Thursday that they were eager to enact security breach and data safeguard laws, a move that indicates new federal regulations could reach President Bush's desk by the end of the year.

In a flurry of activity before Congress prepares to skip town for an August recess, three different congressional committees considered similar legislation at the same time on Thursday morning.

RIAA to Expand Attack on File Swappers

Ed Oswald writes in BetaNews:

The RIAA on Thursday announced another round of lawsuits on Thursday against 765 "Internet thieves" across the United States, emboldened by last month's decision by the Supreme Court that said file sharing networks can be held responsible for their users' actions.

The "John Doe" lawsuits -- where the filing litigant is given a set amount of time to positively identify the defendant -- were filed across several federal district courts in eight states.

In addition to Thursday's actions, 176 named defendant lawsuits were filed last week in 25 states, which all came out of previous John Doe suits. The names of the individuals were obtained through Internet service provider logs.

RIAA President Cary Sherman also issued an ominous warning to any file sharers who continue running software such as Morpheus and Kazaa, saying the record industry plans to up the ante in its war on illicit song swapping.

US charges eight with copyright piracy after 15-nation sweep

An AFP newswire article, via Yahoo! News, reveals that:

US authorities said they had charged eight people with copyright infringement and snared illicit goods worth 100 million dollars, in their largest global sweep against organized crime online.

In a crackdown centering on 15 nations, from France to Singapore and Hungary to Australia, the US Justice Department claimed a serious blow against illegal online copyright pirates which bilk industry of billions of dollars a year.

AT&T Internet service goes down in several Western states

An AP newswire article, via The Mercury News (obnoxious, but free, registration required), reports:

Subscribers to AT&T Corp.'s DSL Internet service in several Western states lost their connections for several hours Thursday after the telecommunications company experienced a problem with equipment that routes data over its network.

The service went down about before 7 a.m. PDT, and some customers were being restored about four hours later, said AT&T spokesman Andy Backover.

The company confirmed homes and businesses in California and "a couple other Western states" were affected, but it would not confirm the total number of subscribers who lost service. Backover said AT&T has received about 1,000 reports of trouble.

"We're working as hard as we can to restore the service," he said. "We're very apologetic to any customers who were inconvenienced."

Backover added the problem stemmed from a problematic router that's been identified and was being repaired. But he did not know when all affected customers would be restored.

The outage only affected Digital Subscriber Line, or DSL, customers, not the large data network that is maintained by the telecommunications company.

Welcome to the Root Zone, .TRAVEL!

Bret Fausett writes in his ICANN Blog that the .travel TLD is basically ready for buisness:

It's in there!
TRAVEL. NS A.GTLD.BIZ.
TRAVEL. NS B.GTLD.BIZ.
TRAVEL. NS C.GTLD.BIZ.
TRAVEL. NS D.GTLD.BIZ.
TRAVEL. NS E.GTLD.BIZ.
TRAVEL. NS F.GTLD.BIZ.
TRAVEL. NS G.GTLD.BIZ.
TRAVEL. NS H.GTLD.BIZ.

Windows Vista, IE7 Betas Leak to Web

Nate Mook writes in BetaNews:

Less than 24 hours after Microsoft announced the release of Windows Vista Beta 1 and Internet Explorer 7 Beta 1 to testers and MSDN subscribers, both betas have leaked to Internet sites and newsgroups along with a crack for Windows Product Activation, according to BetaNews sources.

The Vista download weighs in at close to 2.5GB, but the operating system's heft did not keep the pirates away. The next-generation Windows beta likely uses the same activation technology found in Windows XP, which was compromised long ago.

Nearly 433,000 watch NASA launch webcast

And I was among them. :-)

An AP newswire article, via USA Today, reports:

In another milestone for Internet video, nearly 433,000 people simultaneously watched NASA's webcast of this week's space shuttle launch.

That's more than twice the 175,000 streams that America Online Inc. had at its peak July 2 for the Live 8 concerts, an event widely cited as a coming-of-age moment for online video. It also nearly quadrupled a record for NASA set three weeks ago during Deep Impact's encounter with the comet Tempel 1.

Canada's Arctic spat with Denmark hits Internet

A Reuters newswire article by David Ljunggren, via Yahoo! News, reports:

A spat between Canada and Denmark over a tiny Arctic island has moved to the Internet, where a Canadian man is dueling an unknown opponent over who really owns the disputed lump of rock.

The two have placed online ads about which country controls the 1.3 square km (half a square mile) Hans Island, located between Canada's Ellesmere Island and Greenland, which belongs to Denmark.

'Shadow Walker' Pushes Envelope for Stealth Rootkits

Ryan Naraine writes in eWeek:

Just when anti-virus vendors think they have a bead on the threat from stealth rootkits, along comes word that a pair of researchers have discovered a new way to hide malicious programs.

Jamie Butler, director of engineering at HBGary Inc., and Sherri Sparks, a PhD student at the University of Central Florida, demonstrated the technique at the Black Hat Briefings here with a chilling warning that anti-virus scanners must "completely revamp" existing rootkit detection technologies.

The proof-of-concept, dubbed Shadow Walker, is a modification of Butler's FU rootkit, a kernel-level program capable of hiding processes and elevating process privileges. The rootkit uses DKOM (Direct Kernel Object Manipulation) to fake out the Windows Event Viewer to make forensics virtually impossible and can also hide device drivers, Butler explained.

With Shadow Walker, Butler and Sparks explore the idea of memory subversion to hide the rootkit in memory with almost no performance impact.

Seduced into scams: Online lovers often duped

Bob Suyllivan writes on MSNBC:

Richie's picture showed a jolly, bearded man curled up on a couch with a cat rubbing his face. "Loving, caring and hardworking," the online dating profile said.

When Theresa Smalley received a note from Richie last January asking if she wanted to chat, she was flattered. He seemed cute. The two began exchanging e-mails, friendly at first, but quickly swelling in intensity and passion. By Valentine's Day, Smalley received a box of chocolate candy, a teddy bear, and a helium balloon that said "I love you." Smalley, 46, was hooked, even though she had never met him.

Richie said he was from Milford, Mass., but that he was out of the country on a big construction job. He was helping build a stadium in Nigeria, he said. As soon as he returned, he promised, he'd come visit Smalley in Ohio. He couldn't wait, and neither could she.

The spirited e-mail romance hummed along for another two months before there was a problem. Richie said his boss paid him in postal money orders, and he was having trouble cashing them. Could Theresa do a small favor for him? Could she cash the money order for him, then wire the money to him in Nigeria? Smalley agreed, and over the next two weeks, she cashed two $900 money orders and sent along the funds. Then, Richie was ready to leave the country, but needed money to deal with a visa problem. She cashed another money order.

Then, Smalley's bank called her. Something was wrong.


Betcha can't guess what comes next....


'Free' Danish beer makes a splash

Now this is my kind of tech... ;-)

Via the BBC.

The Danes love their beer, but increasingly they are looking beyond the old Danish standby, Carlsberg, to quench their thirst.

Students from the Information Technology University in Copenhagen is trying to help by releasing what they are calling the world's first open source beer recipe.

It is called Vores Oel, or Our Beer, and the recipe is proving to be a worldwide hit.

The idea behind the beer comes from open source software. This is software whose code is made publicly available for anyone to change and improve, provided that those changes and improvements are then shared in turn.

Geeks Gather at 'What the Hack' Conference

An AP newswire article by Douglas Heingartner, via Yahoo! News, reports:

There are hundreds of tents on the hot and soggy campground, but this isn't your ordinary summertime outing, considering that it includes workshops with such titles as "Politics of Psychedelic Research" or "Fun and Mayhem with RFID."

This is the three-day "What The Hack" convention, a self-styled computer-security conference dealing such issues as digital passports, biometrics and cryptography.

Borrowing heavily from the model of Woodstock and the more professionalized Def Con conference that begins Friday in Las Vegas, the event held every four years in the Netherlands draws an international array of experts and geeks. About 3,000 gathered Thursday for the opening.

Unlike better-known and better-funded industry gatherings, "What the Hack" had to fight for its right to exist.

Cisco hits back at flaw researcher

A raging discussion of this issue has been taking place since this story broke yesterday over on the North American Network Operators Group (NANOG) mailing list.

Joris Evers writes in C|Net News:

Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers--a problem that he said could bring the Internet to its knees.

The filing in U.S. District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from "further disclosing proprietary information belonging to Cisco and ISS," said John Noh, a Cisco spokesman.

"It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," Noh added.

Lynn decompiled Cisco's software for his research and by doing so violated the company's rights, Noh said.

Wednesday, July 27, 2005

EurID Says No Domain Resellers for .eu Names

Via Netcraft.

EurID, the operator of the new .eu top-level domain (TLD), says registrars won't be allowed to sell .eu domains through resellers. In a statement on its web site, EurID says its agreement with the European Commission prohibits .eu sales by parties that haven't been approved by EurID. "This means that the offering of services as a 'reseller' ... is completely excluded," says the statement. While no firm date has been set, the launch of .eu domain sales is expected to begin in early 2006. Domain industry insiders say similar reseller bans are being considered for other upcoming TLDs, including the .xxx and .travel extensions.

Update2: Cisco nixes conference session on hacking IOS router code

In a follow-on to a previous story-line here on the blog, Ellen Messmer and Phil Hochmuth write in NetworkWorld:

Cisco this week asked that a presentation on how to hack its IOS router software be pulled from a security conference in Las Vegas.

A presentation called “The Holy Grail: Cisco IOS Shellcode Remote Execution” was slated to run at the Black Hat conference in Las Vegas this week. But Internet Information Systems and Cisco, the companies presenting the segment, decided to pull the presentation after discussions between the two firms.

“Based on our discussions, both companies felt that it was premature to present this research at this time,” said a Cisco spokesman. Cisco and ISS “decided to pull the presentation and requested that the conference material be pulled. We don’t have a date on when it will be presented next.”

ISS confirmed that after discussion with Cisco, it was decided that presenting the materials about exploration of shellcode on IOS would be premature and that they wanted to conduct further research.

“The research was to understand if IOS is exploitable with shellcode and buffer overflows,” says Chris Rouland, CTO for ISS. “We were expecting to validate this.”


Update: CRN.com is running this story:

"Cisco 'Cover Up' Ignites Black Hat Controversy"

Cisco Systems and ISS came to an agreement to cancel the talk and remove the presentation from the conference materials, the companies said. A Cisco spokesperson added that there was no "cover up" of new vulnerabilities. Cisco and ISS plan to research the vulnerabilities further and disclose them in the proper forum at a later date, the spokesperson said.

“Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners,” the company said in a statement released Wednesday. “It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained.”

Cisco’s statement added that Lynn’s presentation was not a disclosure of a new vulnerability or a flaw with Cisco IOS software, but an exploration of “ways to expand exploitations of existing security vulnerabilities impacting routers.”


Update2: Wow...this thing just keep growing to a monstrosity in the press.

A story by Kim Zetter in Wired News reports:

A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.

Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here.

The security hole in Cisco IOS, the company's "infrastructure operating system" that controls its routers, was patched by Cisco in April, Lynn said, and the flawed version is no longer available for download. But Cisco didn't want the information disclosed until next year when a new version of the operating system would be out of beta testing and ready for distribution.

Elderly Americans lose millions to Internet scams

A Reuters newswire article, via Yahoo! News, reports that:

Scams involving Internet auctions, as well as identity theft, lotteries, prizes and sweepstakes, top the list of fraud complaints by older Americans, who lost $152 million to con artists last year, U.S. officials told a Senate panel on Wednesday.

Internet-based scams are growing and now account for about 41 percent of fraud complaints the Federal Trade Commission receives from people over 50, Lois Greisman of the FTC's consumer protection division told the Senate Committee on Aging.

"This figure is all the more dramatic when one considers that Internet-related fraud represented only 33 percent of all fraud complaints from this age group in 2002," she said.

Older consumers reported being defrauded of more than $43 million last year through Internet scams, with on-line auctions topping the complaint list, she said.

Low tech: Hill's Cafe, South Austin




I just have to get off of the high-tech path every once in a while (like most people, I would imagine) and stop in a treasured landmark and have a few cold beers and a great burger.

For those of you living here in Austin, I don't have to tell you about Hill's Cafe.

For those of you who have never visited Austin, or perhaps have visited and never has a taste of South Austin, Hill's Cafe is the place to go. It's bit of Austin, Texas, that you just can't beat with a stick. :-)

Senators seek to fast track FBI's Sentinel

Michael Arnone writes in FCW.com:

Members of the Senate Judiciary Committee asked FBI Director Robert Mueller today why it will take nearly four years for the bureau to get its new comprehensive data-management system up and running.

The FBI was scheduled to issue a contract for the Sentinel program by the end of this year and complete the four-phase implementation in 40 months, Mueller said.

But lawmakers suggested that was too far on the horizon. Having the system operational by 2009 is “an awful long ways away,” said Sen. Arlen Specter (R-Pa.), the committee’s chairman. He asked Mueller whether it was realistic to set up a counterterrorism infrastructure if the information technology to support the system was not in place.

Sen. Dick Durbin (D-Ill.) asked Mueller if the country could afford to wait that long and if Congress could do anything to speed the process.

But Mueller said that implementing Sentinel will simply take time because the FBI has to triage more than 100 existing systems and then create new ones for Sentinel. The bureau must also learn to handle large projects the way a large corporation would, he said.


Former Ugandan president splits with Japanese Internet bride over Moon

Wow. Is this the day for El Bizzaro tech-related news, or what? First it was O.J. stealing satellite TV, now it's Sun Myung Moon.

This nugget comes to us via an AFP newswire report, on Yahoo! News:

An octogenarian ex-president of Uganda who married a Japanese woman he fell in love with over the Internet has split with his bride, alleging that she was trying to force him to join the Korean-based Unification Church.

After less than a year together, Godfrey Binaisa, 85, said he could no longer remain with Tomoko Yamamoto, whom he married last July in a mass wedding at Korean billionaire Sun Myung Moon's Unification Church in Seoul.

In a court document, Binaisa cited "irreconcilable differences" for the break-up, specifically "the fact that I am being unduly influenced, cajoled and/or coerced to convert to the Reverend Moon's Unification Church contrary to our earlier understanding that I will not change my faith."

The July 22 document, a copy of which was obtained by AFP on Wednesday, said the Seoul marriage had never been formalized in Uganda and that former president had given Yamamoto 30,000 dollars in cash as a settlement.

Sophos AntiVirus Products Remote Heap Overflow Vulnerability

Via FrSIRT.

FrSIRT Advisory : FrSIRT/ADV-2005-1244
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-07-27

* Technical Description *

A critical vulnerability was identified in multiple Sophos AntiVirus products, which may be exploited by remote attackers or malware to execute arbitrary code. This flaw is due to a heap overflow error when analyzing malformed files, which may be exploited by remote attackers to execute arbitrary commands by sending a specially crafted attachment to a vulnerable system. No further details have been disclosed.

* Affected Products *

Sophos Anti-Virus versions prior to 3.96.0 (on Windows, Unix, NetWare, OS/2, OpenVMS)
Sophos Anti-Virus versions prior to 4.5.4 (on all platforms)
Sophos Anti-Virus Small Business Edition

* Solution *

Upgrade to Sophos Anti-Virus version 3.96.0 or 4.5.4 :
http://www.sophos.com/support/updates

Sophos Anti-Virus Small Business Edition will be updated by 29/07/05

* References *

http://www.frsirt.com/english/advisories/2005/1244
http://www.sophos.com/support/knowledgebase/article/3409.html

Report: FCC Nominees On The Way

Paul Kapustka writes in Advanced IP Pipeline:

Telecom analysts at research firm Legg Mason said in a report today that the Bush administration is close to naming two nominees to the Federal Communications Commission, a move toward restoring the Republican voting majority on the FCC.

The Legg Mason report named current Bush aides Michael Meece and Richard Russell as potential FCC nominees, along with Tennessee state regulator Deborah Taylor Tate and Suzanne Haik Terrell, who ran for a Senate seat in Louisiana in 2002. While the report said "other names are still mentioned as possibilities," it expects two of the four aforementioned to be presented as nominees, perhaps as early as this week.

The nominations are necessary to re-establish the GOP majority on the five-member FCC commissioner panel, which has had one seat vacant since the resignation of former FCC chairman Michael Powell in March. Current FCC chair Kevin Martin, who was named by President Bush to succeed Powell, has been hamstrung in his policymaking by not having a voting majority in the FCC. The other Republican commissioner, Kathleen Abernathy, is expected to step down as soon as a replacement is named, hence the need for two new GOP nominees.

For Sale: Iraq's Cell-Phone Franchises

W. David Gardner writes in TechWeb News:

The licenses to operate Iraq's three cell phone companies are running out and potential new operators are assembling in the United Kingdom this week to sort out the risks and rewards involved in what is one of the world's most dangerous, but lucrative business opportunities.

The risks are clear. Employees at the three existing Iraq cell phone operations have been kidnapped, according to published reports, and U.S. military forces have had to jam service to prevent insurgent cell phones from detonating bombs along convey routes. But the operations are profitable and offer unbridled growth possibilities to companies willing to take the risk.

"You can actually make handsome returns in Iraq despite the risks," said Jonas Lindblad of Pyramid Research in an interview Wednesday. "There's a lot of money chasing around a few deals in the [Middle East] region. In one way or another, they are linked to oil money." Lindblad, senior analyst Middle East for Pyramid, believes the initial licensees probably have already made money on the existing franchises.

"This is a very rare occurrence--three brand new, fresh licenses," he said, noting that cell phone services and infrastructures have been built in most populated parts of the world. Saddam Hussein had banned cell phones, but after his demise three monopoly cell phone licenses in separate regions were awarded.

Update: FTC to Investigate 'Grand Theft' Mod

Yes, indeed--the issue that won't die.

Ed Oswald writes in BetaNews:

Just when gamers may have thought the controversy surround Grand Theft Auto: San Andreas may be over, Take-Two Interactive Software on Tuesday announced that the Federal Trade Commission is looking into the game and the "Hot Coffee'"modification.

The Hot Coffee mod allows the main character to engage in sexual acts, causing the ESRB to change the rating of the game from "M" for Mature to "AO" for Adults Only. The ESRB's action meant the game was pulled from a majority of retailer's shelves, including Wal-Mart, Target, Best Buy, and Circuit City.

The uproar even caused Senators Hillary Clinton (D-NY) and Joe Lieberman (D-CT) to jump into the fray, calling for the FTC to step in and investigate.

Update: It just... won't... die... arrrrrggh...

An AP newswire article, via ABC News, reveals:

Take-Two Interactive Software Inc. and its Rockstar Games subsidiary are being sued in federal court in Manhattan over hidden sexual content in their popular "Grand Theft Auto: San Andreas" video game.

The lawsuit filed in the Southern District of New York on Wednesday is seeking class-action status for purchasers of the games. A Take-Two Interactive spokesman didn't immediately have a comment on Wednesday.

The plaintiff, Florence Cohen, claims in her lawsuit that she purchased the game for her teenage grandson in or about late 2004 when the game was rated "M" for mature by the Entertainment Software Ratings Board and was damaged when it came to light that sexually explicit scenes believed to be inaccessible by players were left in the game by developers.

Black Hat Day 1: A Cover Up?

Brian Krebs writes in his Security Fix column in The Washington Post:

One of the primary reasons companies send their computer security experts to the annual Black Hat security conference here is to learn about new security vulnerabilities that bad guys could use to disrupt Internet communications that most of us rely upon to send e-mail and browse the Web.

The most popular speakers at the gathering typically are security researchers who have discovered new flaws in the hardware and software designed to ensure that the Web page you request is the same one that is served, and that your e-mail gets routed to its destination without incident.

The first "scandal" to emerge from Black Hat 2005 (so far, at least) is the omission of some 30 pages of text from the 1,000-page-plus conference presentation materials, which were handed out to conference attendees when they registered on Tuesday. The missing pages -- literally ripped from the massive handout -- apparently detailed the specifics of a serious security flaw present in Cisco Systems routers, devices that route the majority of Internet traffic on the Web today.

Michael Lynn, a researcher for Atlanta-based Internet Security Systems, was slated to follow the conference’s keynote address Wednesday with a discussion of the Cisco hardware flaw. As of this writing, however, none of the conference organizers knew whether Lynn was expected to even show up, much less present his findings.

Use of passenger data breaks privacy laws, says US watchdog

This seems like a great time to mention Unsecureflight.com...

Via OUT-LAW.com.

The US Government Accountability Office, the investigative arm of Congress, on Friday confirmed that the Transportation Security Administration (TSA) had violated privacy laws in using personal information to test a passenger-screening programme.

The programme, known as Secure Flight, is a security measure brought in under the Transportation Security Act to check the names of airline passengers against lists of terrorist suspects. The first version of the screening programme, CAPPS II, was cancelled last year amid growing concerns that it would not protect Americans’ privacy or security.

The latest controversy was unearthed by the Government Accountability Office (GAO), which on Friday reported to Congress that the TSA had obtained over 100 million records from databases legitimately held by three commercial data companies, covering details such as names, addresses and phone numbers.

However, the TSA requested records not only in relation to 43,000 names obtained from airline data records, but also in relation to 200,000 other versions of those names. This meant that the 100 million records returned on the 243,000 names related to a large number of people who had not actually flown in June 2004 – the month advertised by the TSA as the one in which it would be collecting data.

Banking regulator warns of spyware on public computers

Via OUT-LAW.com.

US banks have been told to do more to protect themselves and their customers against spyware in new guidance from the industry watchdog that says customers should be warned against using PCs in hotels, libraries and cafés for online banking.

The guidance from the Federal Deposit Insurance Corporation (FDIC) is a reaction to the growth of spyware, the term for software that is deposited on a computer without the user's knowledge and can then send information in secret from that computer to others.

"The information collected through spyware can be used to compromise a bank's systems or conduct identity theft," said Michael Zamorski, Director of the FDIC's Division of Supervision and Consumer Protection. "So it is critical that banks stay vigilant about the risks involved with this malicious software, and take appropriate action so that they and their customers do not fall victim to it."

In particular, banks should consider spyware threats as part of their general risk assessment process, according to the guidance.

Sun to lay off 1,000

China Martens writes in InfoWorld:

Sun Microsystems expects to lay off around 1,000 staff at a cost of about $100 million as part of the company's ongoing cost-cutting strategy, according to Sun's chief financial officer.

Sun Chief Financial Officer Steve McGowan announced the layoffs during a Tuesday afternoon conference call on the company's fourth-quarter fiscal results. Sun took $44 million of the $100 million layoff charge in its fourth quarter and expects to account for the remaining $56 million "over the course of the next four quarters," McGowan said on the call.

There was no word from Sun where in its operations the job cuts ax is likely to fall.

Report: China working on anti-satellite systems

A Space.com article by Leonard David, via USA Today, reveals that:

A recently issued report by the U.S. Office of the Secretary of Defense has cast an eye on China's growing space capability.

The annual report — The Military Power of the People's Republic of China 2005 – flatly claims that China is developing and intends to field anti-satellite (ASAT) systems.

In assessing China's overall military prowess, the U.S. Defense report stresses that China is "facing a strategic crossroads." Noting that China's emergence has significant implications for the region and the world, the Defense Department assessment stresses that "questions remain" about choices that China's leaders will make regarding its military might as that country's power and influence grow.

OJ Simpson fined $25,000 for signal stealing

How's this for bizarre tech news? :-)

Via The Inquirer.

DIRECTV said that OJ Simpson will have to pay $25,000 after a civil court found he had tapped into its signals using bootloading devices.

According to the Chicago Tribune, Simpson will appeal the case, because he neither knew nor should have known devices in a house he owned were illegal.

But, said his lawyer, Simpson wasn't living in his house at the time.

Extension For E911 "Not as Good As..." Rule

Roy Mark writes in internetnews.com:

Voice over IP providers have another 30 days to inform customers of possible E911 emergency calling limitations -- or pull the plug on their service.

After Aug. 30, VoIP providers will have to cut off subscribers who refuse to acknowledge the warning, according to the ruling by the Federal Communications Commission (FCC). The original deadline was Friday, July 29th.

According to the FCC's order: "If an interconnected VoIP provider has not received subscriber acknowledgements from 100 percent of its existing subscribers [by Aug. 29], then the…VoIP provider will disconnect…all subscribers from whom it has not received such acknowledgement."

In addition, the FCC ordered providers to distribute labels warning subscribers about possible VoIP limitations. Subscribers are expected to place the stickers on or near VoIP equipment interconnected to the public switched telephone network (PSTN).

Yo, Computer Geek Girls...

A friend of mine pointed this one out to me, and it's just too priceless not to mention. ;-)


Israel Fining Spammers

Via Red Herring.

Israel’s Knesset (or parliament) has passed a law to fight against spam, imposing fines and strict regulations for the sending of spam.

The law applies to email, SMS, and fax messages. Over half of all email traffic, and a growing percentage of other types of messaging, in Israel is spam.

“State intervention was necessary in order to prevent the continued impingement on the public’s privacy,” said Israeli Communications Minister Dalia Itzik, who initiated the legislation. Unlike the United States’ CAN-SPAM Law, the Israeli law bars the sending of spam unless the recipient gives his or her prior consent.

“Israelis are inundated with spam through email and on their cell phones due to the popularity of messaging,” said Haim Geron, senior deputy director general of Israel’s Communications Ministry.

Overhaul of U.S. telecom law to be introduced

Via EE Times.

A Republican senator will unveil a rewrite of U.S. telecommunications laws on Wednesday (July 27).

Sen. John Ensign, R-Nev., said he will introduce the Broadband Consumer Choice Act of 2005 during a Capitol Hill press conference.

"The bill will improve consumers’ access to communication technology by rewriting outdated telecommunications laws," Ensign's office said in a statement. "One of the bill’s goals is to reduce government obstacles to technological innovation and expansion."

The proposed legislation would replace the Telecommunications Act of 1996.

U.N. Internet summit draws rights groups' fire

Michael Moran writes for MSNBC:

A United Nations organization created to settle disputes between the world’s broadcast and telecommunications giants is preparing this summer for one of its most important, and possibly most contentious meetings in decades: an Internet summit aimed at giving the world a greater voice in the governance of the World Wide Web, which to this point has been handled primarily by the United States.

Yet even as battle lines are drawn between those who seek greater “democracy” in doling out addresses on the Web and the U.S.-based Internet Corporation for Assigned Names and Addresses (ICANN), advocates for free speech and the Internet are attacking the summit for a different reason: its location.

“Putting a summit on the future of Internet in society in a country like Tunisia is like holding an environmental summit in a nuclear power plant,” says Alexis Krikorian, director of Freedom to Publish, International Publishers Association in Geneva. “We believe it is a very inappropriate place for such a meeting to take place.”

RIAA shuts down machinima site

Cory Doctorow writes over on Boing Boing:

RPGFilms was a website that hosted tons of machinima videos made with video-game engines. One popular machinima genre is the music video, in which a machinima artist synchs action recorded from a game to a piece of popular music.

Now the Recording Industry Association of America has had RPGFlims shut down because they argue that these "songs files" (not MP3s you understand, but humorous videos made by fans who in no way substitute for purchasing the songs) infringe their members' copyrights.

Under the US fair use doctrine, a court can find a use fair if it can be shown that the use doesn't interfere with the rightsholder's income. I think that's pretty clearly the case here: no one who downloads a machinima video of a bunch of Wookies getting down to "Surfin' Bird" is going to say, "Well, hell, now that I've got this, no need to buy the CD."

The use of music in fan-films can only be beneficial to the rightsholder's interests, and permitting that use can only be beneficial to society. Watching the RIAA commit slow, spectacular suicide by taking down the fan art that celebrates, advertises and raises awareness of its members' products, well, it's flabbergasting.

What a bunch of tools. Link

Comcast may launch ESPN rival

Via CNN/Money.

Comcast Corp., the nation's largest cable operator, may be weighing a sports network to challenge the leadership of ESPN, according to a published report.

The Wall Street Journal reported Tuesday that Comcast may try to turn its niche Outdoor Life Network into a more broad-based sports network. At first it would need to land rights to broadcast games from the National Hockey League and National Football League to give it the sports programming it needs to attract viewers and greater cable distribution.

Mozilla Implements TLD Whitelist for Firefox in Response to IDN Homographs Spoofing

Via CircleID.

Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, "Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities."


Read more here.

Extended Outages for World of Warcraft

Via Netcraft.

The web site for the World of Warcraft online game was unavailable for much of the day Tuesday, with many of its game servers offline for maintenance as well. The "virtual world" now has more than 3.5 million subscribers, including 1.5 million new paying customers from China. Users on numerous World of Warcraft servers have been reported performance problems in recent weeks.

World of Warcraft conducts maintenance every Tuesday, but rarely for such a lengthy period. At least 28 game servers were scheduled to be offline for at least 24 hours, according to an advisory from Blizzard. "We realize that this is inconvenient; however, this downtime is necessary to address the recent issues adversely affecting performance for players on these realms," the message noted. "All World of Warcraft players on these realms will receive a one-day time extension for the downtime caused by this maintenance." Last week the maintenance window was also expended while game publisher Blizzard Entertainment investigated a possible exploit in the game.

World of Warcraft is a massively multiplayer online role-playing game (MMORPG) based on Blizzard's Warcraft series depicting a war between four races with magical abilities and distinctive weapons.