Saturday, August 06, 2005

FCC Issues Rule Allowing FBI to Dictate Wiretap-Friendly Design for Internet Services

Thanks to a post over on Slashdot which sent up the alert on this one...

The EFF warns us:

Today the Federal Communications Commission (FCC) issued a release [.pdf] announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA). The ruling is a reinterpretation of the scope of CALEA and will force Internet broadband providers and certain voice-over-IP (VoIP) providers to build backdoors into their networks that make it easier for law enforcement to wiretap them. The Electronic Frontier Foundation (EFF) has argued against this expansion of CALEA in several rounds of comments to the FCC on its proposed rule.

CALEA, a law passed in the early 1990s, mandated that all telephone providers build tappability into their networks, but expressly ruled out information services like broadband. Under the new ruling from the FCC, this tappability now extends to Internet broadband providers as well.

Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications – to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements.

"Expanding CALEA to the Internet is contrary to the statute and is a fundamentally flawed public policy," said Kurt Opsahl, EFF staff attorney. "This misguided tech mandate endangers the privacy of innocent people, stifles innovation and risks the functionality of the Internet as a forum for free and open expression."

Space shuttle begins long trip home

Wow--an absolutely stunning pic of the International Space Station accompanies this article over on MSNBC.

An AP newswire article, via MSNBC, reports that:

Space shuttle Discovery began its long trip home early Saturday, undocking from the international space station after a nearly nine-day visit.

There were hugs and handshakes as Discovery’s astronauts said their goodbyes to the astronaut and cosmonaut who live aboard the international space station. The crews then closed the hatches between the ship and orbiting lab.

Glance at International Financial Scams

An AP newswire article, via Yahoo! News, reports that:

No one knows for sure which of these dodges, if any, were invented in Nigeria, but fraudsters in the West African nation have made them so famous that they are often called "419 scams," after the clause in the Nigerian penal code that outlaws them. A look at some of the more common ones:

"You don't know me, but I used to be married to a corrupt dictator ..."

"You're in luck ..."

"You Are Our Lucky Winner!"

"Your price is right..."

Internet Scammers Keep Working in Nigeria

An AP newswire article by Dulue Mbachu, via Yahoo! News, reports that:

Day in, day out, a strapping, amiable 24-year-old who calls himself Kele B. heads to an Internet cafe, hunkers down at a computer and casts his net upon the cyber-waters.

Blithely oblivious to signs on the walls and desks warning of the penalties for Internet fraud, he has sent out tens of thousands of e-mails telling recipients they have won about $6.4 million in a bogus British government "Internet lottery."

"Congratulation! You Are Our Lucky Winner!" it says.

So far, Kele says, he has had only one response. But he claims it paid off handsomely. An American took the bait, he says, and coughed up "fees" and "taxes" of more than $5,000, never to hear from Kele again.

Annual hacking game teaches security lessons

Robert Lemos writes on SecurityFocus:

The annual Capture the Flag tournament at DEF CON has always attracted participants from a variety of background, looking to try their hands at online attack and defense. Under a new set of organizers this year, the game pitted teams and individuals against each other to find and exploit vulnerabilities in their opponents' systems to score points.

The game, dubbed "WarGamez" this year, put more emphasis on real-world skills compared to previous years, said Giovanni Vigna, associate professor of computer science at the University of California at Santa Barbara and the leader of team Shellphish, which won the event.

Former Health Secretary Pushes for VeriChip Implants for Everyone!

Over on Slashdot, an anonymous reader writes:

"Tommy Thompson, the former Bush Health Secretary after implanting a chip into himself, is going to submit a proposal within the next 50 days to promote it for everyone in the USA. VeriChip spokesperson John Procter said 'virtually everyone could benefit from having a chip inserted.' Enjoy your assimilation in the land of the free, citizen."

Microsoft Unwraps HoneyMonkey Detection Project

Ryan Naraine writes in eWeek:

Microsoft has officially lifted the wraps off its Strider HoneyMonkey research project, designed to trawl the dark side of the Internet looking for Web sites hosting malicious code.

Microsoft Corp. released a technical report, available here as a PDF, to introduce the concept of an Automated Web Patrol that uses multiple Windows XP machines, some unpatched and some fully updated, to streamline the process of finding zero-day Web-based exploits.

Yi-Min Wang, group manager of the Cybersecurity and Systems Management group in Microsoft Research, said a total of 752 unique URLs, hosted on 287 sites, were identified within the first month of launching the HoneyMonkey project.

From those URLs, the system was able to confirm that active exploits were infecting Windows XP machines, including one for a fully patched system running the company's newly hardened XP SP2 (Service Pack 2).

Verdict expected soon in Acxiom hack case

Anne Broache writes in C|Net News:

A verdict could be reached early next week in the criminal trial of a bulk e-mailer accused of stealing several gigabytes of personal information from one of the world's biggest data repositories.

Scott Levine, the 46-year-old former chief executive of a bulk e-mail service called, has been on trial in the U.S. District Court in Little Rock, Ark., for the last four weeks. The U.S. Department of Justice last year called the alleged act one of "the largest cases of intrusion of personal data to date."

Court documents allege that Levine and at least one co-conspirator illegally downloaded thousands of files from servers owned by Acxiom, a Little Rock-based company that stores data from major credit card issuers, retailers, banks and the government.

Another way past Windows antipiracy found

Joris Evers writes in C|Net News:

Microsoft's efforts to fight counterfeiting have hit another snag with the posting of a new method claimed to get around a Windows piracy check.

The check is meant to prevent people with pirated copies of the operating system from downloading additional software from Microsoft. By changing a setting in a Microsoft validation tool called "GenuineCheck.exe," it's possible to generate a code that will validate the Windows software on a machine as genuine even if it is pirated, according to a Web site publicized on Thursday in a posting to the popular Full Disclosure security mailing list.

Microsoft would not confirm that the method works, but the software maker is investigating the issue, a company representative said. "It is not a surprise for us that those who never intended to pay for software would try to find some way to circumvent Windows Genuine Advantage," the representative said.

H-1B applications for 2006 piling up

Ed Frauenheim writes in C|Net News:

Employers have applied for 49,040 H-1B guest worker visas for next fiscal year, more than 75 percent of the program's annual cap of 65,000, according to U.S. Citizenship and Immigration Services. The tally, made July 31, suggests the limit for the controversial visas could be reached near or on the first day of federal fiscal year 2006, Oct. 1. This fiscal year, employers hit the annual cap as of the first day.

Applications are coming in more slowly for the extra 20,000 H-1B visas reserved annually for foreigners with advanced degrees from U.S. institutions. As of July 28, employers had applied for 10,150 of these visas for this year, according to USCIS. As of July 31, employers had asked for 7,884 of these visas for fiscal year 2006. H-1B visas allow skilled foreigners to work in the United States for up to six years.

Lucent gets subpoenas from US regulators

Stephen Lawson writes in InfoWorld:

Lucent Technologies has received subpoenas from U.S. federal agencies in relation to two separate investigations, the company disclosed Friday in a filing to the Securities and Exchange Commission.

One of the subpoenas involved a Department of Justice (DOJ) investigation into the federal E-Rate program for connecting schools and libraries to the Internet. The DOJ is investigating possible antitrust and other violations by participants in the program, Lucent said in a Form 10-Q filed on Friday. The subpoena asked the Murray Hill, New Jersey, company to provide documents to a grand jury of a federal court in Georgia.

The other subpoena was from the Office of the Inspector General of the General Services Administration, Lucent said in the document. It involves a probe into sales of telecommunications equipment and maintenance services to the federal government.

Both subpoenas were received in the three-month period ending June 30, the term covered by the Form 10-Q. Lucent said it was too early to tell if the probes would have a material effect on its business.

Dateline NBC tracks down a porn spammer

John Hockenberry of NBC Dateline writes:

What if every day in your neighborhood, this happens: The doorbell rings, you go to answer it, but there’s no one there. Yet on the doorstep you find X-rated leaflets. You didn’t order it, didn’t pay for it, or subscribe to it. Still there it is — every day, week after week.

And what if your kids answer the door? Now it’s your kids who might see these pictures.

Well something like this is actually happening, but it isn’t outside on the doorstep, it’s inside your house. And the pictures aren’t wrapped up in nice brown paper.

Auto club fires 27 workers over blog posts

An AP newswire article, via MSNBC, reports that:

A California automobile club has fired 27 workers for posting messages on a popular social networking Web site.

The Automobile Club of Southern California fired the employees in one of its San Diego offices after at least one worker complained to management about feeling harassed by the comments, which were written by employees on the Web site on their own time at home.

Club spokeswoman Carol Thorp said comments were made about other workers' weight and sexual orientation.

Jihadists Turn the Web Into Base of Operations

Steve Coll and Susan B. Glasser write in The Washington Post:

In the snow-draped mountains near Jalalabad in November 2001, as the Taliban collapsed and al Qaeda lost its Afghan sanctuary, Osama bin Laden biographer Hamid Mir watched "every second al Qaeda member carrying a laptop computer along with a Kalashnikov" as they prepared to scatter into hiding and exile. On the computer screens were photographs of Sept. 11 hijacker Mohamed Atta.

Nearly four years later, al Qaeda has become the first guerrilla movement in history to migrate from physical space to cyberspace. With laptops and DVDs, in secret hideouts and at neighborhood Internet cafes, young code-writing jihadists have sought to replicate the training, communication, planning and preaching facilities they lost in Afghanistan with countless new locations on the Internet.

Friday, August 05, 2005

Security Software Company Discovers Possible ID-Theft Ring

Thomas Claburn writes in InformationWeek:

A Florida security software company says it has stumbled across what may be a major identity-theft effort.

Sunbelt Software Inc., which makes software used to protect computers from spyware, says it has discovered a server holding passwords and other personal information that may have been illegally collected using keylogging software.

"One of our researchers here, while doing some research for our anti-spyware tool, came across a server that happened to have a file on it that turns out to be a log file from a keylogger that's been deployed, it looks like, all over the world," David Bove, Sunbelt's director of spyware research, said in an interview.

Bove wouldn't provide more details about how the server was found or where it's located. Sunbelt has contacted the FBI about the discovery, he says. The FBI didn't immediately return calls seeking comment.

Apple: Bloggers are "unhealthy"

John Borland writes in the C|Net News Apple Blog:

Steve Jobs' computers are beautiful. You can't argue with iPod's dominance. But better not let Apple write the dictionary.

Blogger Scott Beale of Laughing Squid points out that the dictionary tool inside Apple's Tiger operating system, ordinarily quite reliable, has a somewhat idiosyncratic take on the idea of blogging.

From Apple's definition of blog: "A weblog: blogs run by twenty-something Americans with at least an unhealthy interest in computers."

Far be it from me to argue with that. It's in the dictionary, after all.

C|Net: We've been black-balled by Google

An article by Jennifer Westhoven, in CNN/Money, reports that:

Google Inc. has blacklisted all CNET reporters for a year, after the popular technology news website published personal information of one of Google's founders in a story about growing privacy concerns for the Internet search engine, according to a CNET statement.

CNET on Friday reported "Google representatives have instituted a policy of not talking with CNET News reporters until July 2006 in response to privacy issues raised by a previous story." That story, by reporter Elinor Mills ran under the headline "Google balances privacy, reach."

Google spokesman David Krane told CNN the company declined comment.

Update: Virus writers already targeting MS Vista

John Leyden writes in The Register:

Virus writers have created proof of concept viruses targeting the scripting language behind prototype versions of Vista, the next version of Windows. An Austrian virus writer has published five simple viruses targeting Microsoft Command Shell (MSH), the command line interface and scripting language, in a virus writing magazine. None of these pieces of malware have been named as yet.

As MSH (codenamed 'Monad') is scheduled to ship as the default shell for Windows Vista (which was released in beta form last week), these five items of malware could be classified as the first viruses for Windows Vista. However anti-virus firm F-Secure is careful to note that it's still uncertain whether or not MSH will ship with Vista or not. MSH is a replacement for shells such as cmd.exe and and although currently slated for inclusion in Vista it may end up in products such as the next version of Microsoft Exchange instead.

Update: An article by Joris Evers in today's C|Net News reports that:

A new scripting tool targeted by a virus writer will not be part of Windows Vista, the next Windows client release, Microsoft announced Friday.

Instead, the software maker is looking at delivering the command-line shell tool, code-named Monad, as part of its next major server operating system release, a Microsoft representative said. That release, code-named Longhorn Server, is due in 2007.

"Monad will not be included in the final version of Windows Vista," Stephen Toulouse, a program manager in Microsoft's security group, said in a blog posting. "So these potential viruses do not affect Windows Vista."

Internet Agency Reassigns Iraq Domain

Actually, this is something I pointed out that Bret Fausett had mentioned in his ICANN Blog yesterday, but now it has hit the mainstream newswires.

An AP newswire article, via The New York Times, reports that:

The Internet's key oversight agency has quietly authorized Iraq's new government to manage its own domain name, allowing for the restoration of Internet addresses ending in ''.iq.''

The suffix had been in limbo after the 2002 federal indictment of the Texas-based company that was running it on charges of funneling money to a member of the Islamic extremist group Hamas.

InfoCom Corp., which sold computers and Web services in the Middle East and got the ''.iq'' assignment in 1997, was convicted in April along with its chief executive and two brothers.

The board of the Internet Corporation for Assigned Names and Numbers, which oversees top-level domains, unanimously approved transferring the ''.iq'' name to Iraq's telecommunications regulator on July 28.

The decision to award ''.iq'' came during a private teleconference call among ICANN board members. The approved resolution was quietly posted this week on an inside ICANN Web page -- two clicks from the home page -- and got little attention until the Web journal Lextext remarked on it Thursday.

Daily fix....

Via Enjoy!

Microsoft Needs To Reissue Windows 2000 Rollup

Via TechWeb News.

Microsoft will release an updated Update Rollup for Windows 2000 as soon as it's figured out fixes for glitches plaguing some users and preventing some third-party applications from working, the Redmond, Wash.-based developer said Thursday.

The new rollup hasn't been scheduled, according to a document posted to Microsoft's support Web site, saying only that it would be reissued "soon" and that it would incorporate several hotfixes.

At the same time, however, Microsoft downplayed the reissue.

BellSouth sues AT&T

Jim Duffy writes in NetworkWorld:

BellSouth has filed two lawsuits against AT&T alleging nonpayment of access charges for long-distance calls, and breach of contract for prepaid services.

According to a 10-Q filed with the SEC this week, AT&T says BellSouth has filed similar lawsuits to earlier litigation brought against the carrier by SBC and Qwest. AT&T paid $60 million to SBC in the first quarter of 2005 after the FCC ruled against AT&T's petition that certain IP phone-to-phone services were exempt from access charges.

A Lawyer's view of "Ciscogate"

Via Wired News:

Attorney Jennifer Granick represented computer security researcher Michael Lynn in his conflict with Cisco and ISS at the Black Hat conference. The following is reprinted from her blog with permission.

Ex-IT Director Admits Trying to Sell Stolen Tapes

Dennis Fisher writes in eWeek:

The former IT director of an optical components company pleaded guilty last week to trying to sell trade secrets contained on backup tapes he stole from his employer.

Brent Woodward admitted that he stole the tapes and then tried to sell the data contained on them to the chief technology officer of JDS Uniphase, a competitor of Woodward's former employer, Lightwave Microsystems. The CTO contacted the FBI, which had agents monitor the communications between the two sides.

Woodward had set up a blind e-mail box to communicate with the JDS Uniphase executive, and the FBI traced the address to Woodward, who eventually admitted to the theft.

Woodward will be sentenced in December and faces up to 10 years in prison.

Net worms could wriggle around warning systems

Will Knight writes in NewScientist:

Computer worms may soon wriggle around the early warning systems that detect an impending attack, a study by US scientists has revealed.

John Bethencourt and colleagues at the University of Wisconsin in Madison discovered that carefully probing network addresses can reveal the location of hidden sensor networks that alert network operators to an impending attack.

Armed with this information, the creator of a computer worm could create code that bypasses these traps and infects more computers as it spreads. The researchers say the same principle could enable troublemakers to bypass other forms of network defences, including blocks against intruders probing the system and barriers to prevent so-called denial of service attacks.

Several sensor networks provide network administrators with early warning of a possible worm outbreak. These include the SANS Institute's Internet Storm Center based in Maryland, US, the University of Michigan's Internet Motion Sensor and Symantec's DeepSight.

He forgot to mention my|NetWatchman.

FCC approves radio-spectrum auction

Ben Charney writes on C|Net News:

The Federal Communications Commission on Thursday formally approved an auction of a large swath of the radio spectrum crucial to cell phone and other wireless services.

There was little doubt the FCC would approve the auction. But the FCC had been facing pressure to rejigger the auction rules to allow participation of all types of cell phone operators, including rural operators. The rules for the auction adopted Thursday do just that, according to FCC Chairman Kevin Martin.

Added FCC Commissioner Kathleen Abernathy: "We want to make sure we have maximum flexibility and for smaller entities to come in and bid."

The commission's unanimous vote sets the stage for the largest radio-wave auction (about 90 megahertz of spectrum) for cell phone operators since 2000. Because spectrum is rarely available in such large chunks, the auction represents one of the biggest opportunities for both large and small cell phone operators to fill out coverage areas.

FCC puts DSL on same footing as cable service

Marguerite Reardon writes in the C|Net News Broadband Blog:

The Federal Communications Commission on Friday did away with old rules that require phone companies to share their infrastructure with Internet service providers. The new framework puts DSL service in line with cable modem services. Recently, the U.S. Supreme Court upheld the FCC's interpretation of cable modem service as an "information" service, which means it isn't required to share its infrastructure with competitors. The new rules could hurt ISPs such as EarthLink, which will be forced to negotiate wholesale deals with existing DSL providers.

But DSL providers won't get off scott free. DSL providers will still be required to comply with wire tapping rules and disability requirements. And DSL providers will still contribute to the Universal Service Fund, at least for the next 270 days until the FCC can figure out another way to keep USF funded.

London Tube terror game sparks outrage

Lester Haines writes in The Register:

UK tabloid the Sun is beside itself with rage today after discovering an online game in which players have to stop bombs detonating on the London Underground system.

The Mind the Bombs website invites you to: "Do your part in the war against terrorism - email this FREE game to all your friends, family and associates to enjoy!", while declaring itself "dedicated to the good people of Britain - specifically those individuals directly affected by terrorist activity in London. God save the Queen".

Wikipedia to tighten editorial rules

Via Reuters.

Wikipedia, the Web encyclopaedia written and edited by Internet users from all over the world, plans to impose stricter editorial rules to prevent vandalism of its content, founder Jimmy Wales was quoted as saying Friday.

In an interview with German daily Sueddeutsche Zeitung, Wales, who launched Wikipedia with partner Larry Sanger in 2001, said it needed to find a balance between protecting information from abuse and providing open access to improve entries.

"There may soon be so-called stable contents. In this case, we'd freeze the pages whose quality is undisputed," he said.

BlackBerry Maker Could Be Headed For U.S. Supreme Court

Elena Malykhina writes in InformationWeek:

Could Research In Motion Ltd. be headed for the U.S. Supreme Court? The U.S. Court of Appeals this week upheld seven claims of patent infringement made by NTP Inc., down from the original 16 claims. The court ordered the case back to District Court where a number of things could happen, including an injunction that stops RIM from selling BlackBerrys in the U.S. or a settlement between the two companies.

RIM says it's considering asking the Appeals Court for another review with the full bench of judges (a three-judge panel gave the ruling), and may even take the case to the Supreme Court.

Views are mixed as to the outcome for RIM. If the case ends up back in District Court, NTP could be ordered to accept a settlement or the court could issue a new ruling in favor of RIM. "NTP is dragging its feet by not settling with RIM, and it might end up working in RIM's favor," says Carl Zetie, an analyst at Forrester Research. Meanwhile, the U.S. Patent And Trademark Office is reviewing NTP's remaining claims; RIM says it's rejected two of them.

But RIM isn't out of danger. Louis Ederer, an intellectual-property attorney with Torys LLP, an international business law firm, says, "It appears likely that the District Court will enter a judgment in NTP's favor and will prevent the use of BlackBerrys in the U.S., unless this goes to the Supreme Court."

Legal fight over iTunes UK domain

Via the BBC.

An internet entrepreneur has suffered a legal setback in his battle to win back the iTunes domain name in the UK.

The High Court has rejected the application for a judicial review brought against the UK domain name registry, Nominet, by Benjamin Cohen.

Mr Cohen is contesting Nominet's decision in March to take from him and hand it over to Apple.

He told the BBC News website he is planning to continue to fight for the web address.

F-Secure: Bagle just got new services....

Jarkko writes in the F-Secure "News from the Lab" Blog:

Apparently someone took the Bagle's source code and added some new functionality into it. Usually, Bagles try to download Mitglieder trojans for opening up spam proxies on infected computers. Yesterday we got sample of a new Bagle that has Mitglieder-like proxy and SMTP relay functions built-in.

In addition of typical Bagle backdoor, can also act as SOCKS v4/5 proxy, HTTP CONNECT proxy and SMTP relay.

U.S. Passes the Buck on Identity Theft

Jack M. Germain writes for the NewsFactor:

One year ago, President George W. Bush signed into law the Identity Theft Penalty Enhancement Act in response to the growing proliferation of Internet scams, such as phishing, pharming and other ploys aimed at stealing consumers' private information electronically. One year later, however, the evidence suggests that this new law has done nothing to reduce identity theft or fraud.

Rather, the number of publicly known identity theft cases has increased dramatically over the past year. Since January of 2005, there have been over 63 data-security breaches exposing nearly 50 million identities. And there will be more, according to industry insiders.

Ex-WorldCom Exec Gets Prison, House Arrest

An AP newswire article by Erin McClam, via The Washington Post, reports that:

Former WorldCom accounting executive Betty Vinson was sentenced Friday to five months in prison and five months of house arrest for taking part in the telecommunications company's record $11 billion accounting fraud.

Vinson, 49, pleaded guilty to fraud in October 2002 and helped the government build its case against former WorldCom CEO Bernard Ebbers, who was sentenced last month to 25 years in prison.

Vinson is one of five WorldCom executives facing sentencing over the next two weeks for their roles in the fraud, which plunged WorldCom into bankruptcy in 2002. It has since emerged under the name MCI Inc.

A second accounting executive, Troy Normand, was to be sentenced later Friday by the same judge, Barbara Jones of U.S. District Court in Manhattan.

eBayer auctions ad space on corpse

Lester Haines writes in The Register:

He's not dead yet, but one day Andrew Beutin will depart this life for a place free of the fiscal woes which beset this corporal plane.

In the meantime, he's looking to raise a quick $10k by auctioning advertising space on his own dead body.

Police blotter: Porn burns Navy officer

Declan McCullagh writes in C|Net News:

Chief Warrant Officer Oliver J. Smith had discovered a profitable side business: adult entertainment on the Internet. Smith ran two Web sites in which he posted photos of himself and his ex-wife (who had married another naval officer) having sex and, in the words of the court, engaging in "fetish activities."

Smith also enlisted the help of a subordinate petty officer to post hundreds of photos they obtained from an unnamed source. The duo didn't keep the detailed records of performers' ages that are required under federal law, and at least one actor was a minor.

After their side business was discovered during an investigation of child pornography being produced in base housing, Smith, a 24-year Navy veteran with a distinguished career, left town on an unauthorized absence of 17 months.

The Navy's criminal appeals court upheld Smith's sentence of two years confinement and forfeiture of $1,000 in pay a month for 240 months ($240,000 over 20 years).

Worm risk over Win2K flaw

John Leyden writes in The Register:

An unpatched flaw in a core component of Windows 2000 might be exploited to launch computer worms, security researchers warns. The flaw was discovered by security research firm eEye Digital Security. The firm is witholding details pending the release of a software patch. Microsoft is investigating the issue, which is complicated by its decision to wind down support for the operating system.

Mainstream support of Windows 2000, which is still widely used in corporate environments, came to an end at the start of July 2005. Microsoft released a final update rollup for Windows 2000 on 28 June, just two days before expiration of regular support.

Europe Follows Grokster's Lead

Bruce Gain writes in Wired News:

Little-noticed language in a European Union plan to crack down on organized piracy could also make indirect copyright infringement a crime across Europe, with implications similar to the recent MGM v. Grokster U.S. Supreme Court ruling, experts say.

A directive being pushed by the European Commission would, among other things, criminalize "attempting, aiding or abetting and inciting" acts of copyright infringement. The EU parliament will take up the proposal later this year.

Thursday, August 04, 2005

Apple gathers Stones, and will sell iTunes in Japan

A Bloomberg newswire article, via The International Herald Tribune, reports that:

Scoring a coup over its online music rivals, Apple Computer said Thursday that it had reached an exclusive agreement to offer all of the Rolling Stones' songs online for the first time.

Apple also started an iTunes online music store in Japan, which will offer more than 1 million songs from 15 Japanese record companies. Steve Jobs, Apple's chief executive, made the announcement at a news conference in Tokyo which featured a performance by the Grammy award-winning singer Beck. Ninety percent of the songs on iTunes Japan will cost ¥150, or $1.35, with the remainder priced at ¥200. The Mora online music store, backed by Sony, charges ¥150 to ¥370.

Daily fix....

Via Enjoy!

Patch Tuesday: Microsoft to Patch Six Security Flaws

Ed Oswald writes in BetaNews:

Microsoft on Thursday gave advance notice of the patches it intends to release as part of its monthly security bulletin. Six patches will be issued for August, with at least one of them deemed "critical" - the highest rating given by Microsoft. Information was not available for what the patches would address, but a serious flaw in Windows 2000 that could open systems up for attack may be fixed.

Also to be released next Tuesday is an updated version of the Windows Malicious Software Removal Tool, as well as one high-priority update that is not security related. Each month Microsoft provides advance notice of security updates that are released on the second Tuesday. Three "critical" security patches were issued in July, two for Windows and one for Office.

NBC to stop trying to annoy DVR owners

Peter Rojas writes over on Engadget:

Looks like NBC is finally going to be putting an end to one of their more odious practices: scheduling shows by a minute or two off in order to purposefully create the kind of scheduling conflicts that prevents TiVos and other digital video recorders from properly recording shows. Not as massive of a problem as it used to be now that there are more and more dual-tuner DVRs on the market, but even so it’s a totally weak tactic that creates a lot of needless frustration for viewers—if they want to make it harder to watch television then we can probably find something else to do with our time. At least in theory.

.IQ TLD Redelegated And No One Knows Why

Bret Fausett writes in his ICANN Blog:

If you were following the issue of improving the transparency of the ICANN Board's decision-making during the Luxembourg meeting, a newly adopted resolution designed to provide additional information about Board decisions no doubt piqued your interest. Would the new resolution make a difference? I was skeptical in Luxembourg, but I held out hope.

Now that we've had a chance to put the new resolution to a test, let's review the transparency of the Board's latest decisions, taken last week in a closed telephonic Board meeting. The hot subject of the day was the redelegation of .IQ.


I'm mystified. We're moving backwards, not forwards. And the ICANN staff is almost three times bigger now than it was in February, 2002, so this is not a question of inadequate resources.

U.S. charges man in camcorder-piracy crackdown

Via Reuters.

A Missouri man is the first to be indicted under a new federal law that prohibits people from secretly videotaping movies when they are shown in theaters, the U.S. Justice Department said Thursday.

Curtis Salisbury, 19, used a camcorder to make copies of recent releases "The Perfect Man" and "Bewitched" and then distributed them through illicit computer networks that specialize in piracy, the Justice Department said.

A law that took effect in April prohibits such behavior.

Salisbury also downloaded several movies and software programs from the computer network, the Justice Department said.

Salisbury, who faces up to 17 years in prison, could not be reached for comment.

Malware exploits deaths of U.S. Marines

Image source: Sophos Plc.

Jack Kapica writes in The Globe and Mail:

A new widespread spam-based virus has security experts at Sophos Labs worried that many people might fall for it.

The spam poses as a breaking news report from The Associated Press about the deaths of U.S. Marines in Iraq. The e-mail contains a link that infects a user's computer with a Trojan horse program, leaving the machine vulnerable to attackers.

The subject lines used in the malicious e-mails contain intentionally misspelled words, and usually read something like "140 died," "140 US marines kiiIled," or "Iraq Bommbing." It also purports to come from a variety of e-mail addresses.

Security experts at Sophos Labs, based in Lynnfield, Mass., say the people behind the e-mail campaign are using the AP name as a novel social-engineering method, attempting to sound legitimate while including the malicious software, and are using software to deliberately obfuscate and misspell the subject lines in an attempt to avoid simple anti-spam filters.

DSL Deregulation Fallout

Via Red Herring.

Even though the U.S. Federal Communications Commission has not yet issued a ruling on DSL deregulation, consumer groups are already preparing their legal challenges to a proposal they believe will be anti-competitive and anti-consumer.

“Deregulating DSL is one step forward and 300 steps backward,” said Kenneth DeGraff, a policy analyst with Consumers Union. “We will take this to Congress. Open access is responsible for the only true competition in broadband connectivity. Open access to DSL gave us competition. It gave us EarthLink, AOL, and Juno, and lower prices.”

A number of news outlets, including Red Herring, said Wednesday that FCC Chairman Kevin Martin was expected to officially propose the deregulation of DSL services by the telecommunications carriers on Thursday.

The official FCC meeting scheduled for Thursday has been rescheduled for Friday, when the issue of DSL deregulation is expected to be proposed.

TI to integrate VoIP technology into TCL phones

Via EE Times.

TCL Communications Equipment (Huizhou) Co. Ltd. and Texas Instruments Inc. have announced that both companies will work jointly to integrate TI's Voice-over-IP and broadband technology into TCL's IP phone solutions.

TCL plans to use the TNETV1050/1055 IP phone solution, a leading VoIP system-on-a-chip. The platform enabling product designers and manufacturers to rapidly create differentiated and innovative IP phone features such as security, polyphonic ring tones and wireless connectivity.

"The Smart IP phone is one of the key businesses for TCL Communications. Cooperation with TI will enable us to rapidly develop more innovative IP phone products," said Gu Gong, general manager of TCL Communications, in a statement. "Integrating TI's technology into our products will ensure our customers get the best voice solutions. Moreover, voice quality will improve with the adoption of TI technology and growth of the market."

In addition to the IP phone, TI and TCL will gradually expand more cooperation in other communication areas.

Auditors find IRS security holes

David Perera writes in

An audit of Internal Revenue Service computer systems shows that unauthorized access to tax information systems remains a danger.

Individuals who leave or employees whose duties have changed continue to have access to confidential information because IRS managers have not followed existing IT security procedures, according to a Treasury Inspector General for Tax Administration (TIGTA) audit released last month.

TIGTA auditors looked at five IRS systems for six months ending in January 2005 and found that 21 percent of registered users “no longer had a business need to have systems access,” the report states.

Auditors found five instances of system access by former employees. They also found that of 513 employees that did have a business need, in only a quarter of those cases did proper documentation for system access exist.

Stealth online use by Christmas: software designers

An AFP newswire article, via Yahoo! News, reports that:

Software that will allow people to anonymously swap music and other files on the Internet could render copyrighting of songs and movies obsolete by year's end, a creator said.

A test version of the "darknet" software was made available on a Freenet Project website early Wednesday and a refined edition could soon be ready "for general consumption," Ian Clarke of Freenet told AFP.

The software is intended to allow computer users worldwide to exchange files online in a way that hides them from industry investigators, vindictive politicians and others, Clarke said.

Mobile phone porn craze sparks call for action in Cambodia

An AFP newswire article, via Yahoo! News, reports that:

A teenage craze for sending doctored naked images of female celebrities to each other by mobile phones sparked a demand by a Cambodian minister for government action against pornography.

The local press in the mainly Buddhist nation has been in a frenzy in recent weeks over the sudden spread of pornographic images by phone after the mother of a pop singer spotted a photograph of her daughter sent to a phone.

While the government is powerless to monitor what images people are sending to each other by phone, Minister of Women's Affairs Ung Kantha Phavy told a press briefing that it should shut down indecent websites.

We "ask the government to block Internet ISPs which are used to transfer pornographic images, show sex sites and chat sites," she said, speaking after talks with legislators and non-government organisations on pornography.

Pentagon Troop-Morale Site Removes Political Messages

Robert MacMillan and Mary Specht write in The Washington Post:

The Defense Department has removed messages containing political commentary from a Web site designed for people to show their support for U.S. forces serving in Iraq and Afghanistan.

Most of the postings at express love and encouragement -- "The greatest nation in the world is kept that way by men and women like you," reads one message from a family in Maryland -- without partisan asides.

But among the 60,000-plus messages were at least a few dozen -- located using the site's search function -- that equated troop support with backing the Bush administration's political goals. Still others lambasted Democratic politicians including Sens. John F. Kerry (Mass.) and Edward M. Kennedy (Mass).

Cisco: The anti-Microsoft

Paul R. La Monica writes in CNN/Money:

Cisco Systems is looking a lot more like Microsoft these days....and that's not a compliment.

Shares of Cisco, the leading maker of networking gear that connects computers to the Internet, have traded in a narrow range for the past year...just like Microsoft.

The company dominates its market but critics maintain that Cisco's core business is maturing...just like Microsoft.

Cisco has a ton of cash ($16.1 billion) and investors are wondering what the company should do with it...just like Microsoft.

And some analysts are even starting to worry that Cisco's technology is vulnerable to security breaches...well, you get the idea.

But there's one big difference between the two companies: Cisco actually is a growth stock and should be valued like one.

On teaching both "Intelligent Design" and Evolution...

"The President has unfortunately confused the difference between science and belief."
- Fred Spilhaus, Executive Director of the American Geophysical Union

Robot catches high speed projectiles

High speed actuators enable the robot’s fingers to move through 180 degrees in 0.1 second (Image: Akio Namiki/University of Tokyo)
High speed actuators enable the robot’s
fingers to move through 180 degrees
in 0.1 second.
(Image: Akio Namiki/University of Tokyo)

Will Knight writes in NewScientist:

If robots are to inherit the Earth, then they should at least be able to catch. So say the researchers behind a bot that can match the most skilled human baseball player faced with a hurtling ball.

The robotic catcher, developed by scientists at the University of Tokyo, Japan, can comfortably grab a ball careering through the air at 300 kilometres per hour, or 83 metres per second, its creators say. And, of course, the robot never gets tired of doing so.

Akio Namiki and colleagues built the robot to test technologies that could some day make robots useful in situations where they may have to react at high speed.

Boing Boing: Public revolt slams crappy South African monopoly DSL offering

Cory Doctorow posts over on Boing Boing:

Nearly two years ago, we posted about a group of South Africans who were using a website called MyADSL to fight back against the national South African telcoms monopoly's ridiculous version of DSL: a network with rigid traffic caps and extensive port-blocking.

Martin, one of the MyADSL organizers, reports:

MyADSL submitted a record 466 complaints to the Independent Communications Authority of South Africa (ICASA), the regulator of telecommunications and the broadcasting sectors.

ICASA has put forward quite a number of recommendation based on our complaints and 3 days of public hearings that followed this. Just read the news headlines on our homepage to see the fallout: "ICASA ADSL report causes a media stir that reaches the JSE", "Icasa plays hardball with Telkom over ADSL threat", "PRICES UNDER PRESSURE", "Telkom must stop their bully-boy tactics", etc..

Obviously Telkom is furious. The monopoly that boasted a profit of R6.8 billion stands to lose millions in revenue.
Link (Thanks, Martin!)

UK: Piracy couple gets jail sentence

Via the BBC.

A married couple arrested for music, film and game piracy have received jail terms of between six and 21 months.

The pair, who are now separated, were convicted of copyright offences and benefit fraud.

They were arrested following a search of their home in Formby near Liverpool and the discovery of counterfeit discs worth an estimated £28,000.

The arrest was part of Operation Zouk, a nationwide scheme headed by the Department for Work and Pensions.

Netcraft Web Server Survey Turns 10, Finds 70 Million Sites

Via Netcraft.

The Web Server Survey marks its 10th anniversary this month with a milestone, as we now find more than 70 million web sites on the Internet. The August 2005 survey received responses from 70,392,567 sites, an increase of 2.8 million hostnames. This gain, together with the last month's increase of 2.7 million sites, marks the biggest two-month increase in the history of our survey. It comes just five months after the survey crossed the 60 million mark in March of this year, another sign that Internet growth is eclipsing even the torrid pace of the dot-com boom.

The first Netcraft survey in August 1995 found 18,957 hosts, with the NCSA web server dominating with 57 percent market share, leading CERN (19%) and a newcomer named Apache (3.5%). Microsoft's Internet Information Server launched in February 1996, and by the survey's fifth birthday the server market was largely divided up between Apache (62%) and IIS (19%).

Internet paedophile entrapment methods "illegal"

Thanks to Nick Farrell over at The Inquirer for pointing this out.

An article in the Columbia (Missouri) Daily Tribune reports that:

The practice has become widespread undercover agents pose as children on Internet chat rooms. When adults strike up online relationships and arrange for sexual liaisons, police are waiting at the rendezvous point with handcuffs and arrest warrants.

But a ruling of a federal court judge in Kansas City is calling the legality of the tactic into question.

U.S. District Judge Dean Whipple acquitted Jan Helder yesterday of using the Internet to try to entice a child into sex. Helder’s attorney, J.R. Hobbs, had argued that his client didn’t break federal law because the person his client was accused of enticing wasn’t a minor but a Platte County deputy pretending to be a minor. The ruling came just minutes after a jury returned a guilty verdict. Helder, 42, of Mission Hills, Kan., had faced a sentence of five to 30 years.

"We will appeal this," U.S. Attorney Todd Graves said. "Our program is going forward."

Hoping to make a dent in what appears to be a widespread problem, the Platte County Sheriff’s Department has made online child exploitation a priority. Suspects accused of crimes in Missouri are prosecuted at the state level. Federal prosecutors handle suspects from other states.

Federal prosecutors in Kansas City said about 30 men had been convicted on federal charges here using undercover officers or agents. Many more cases are pending.

Under Siege in Dulles By New-Generation Hackers

Leslie Walker writes in The Washington Post:

"We used to feel like the cat playing with the mouse," recalled Aristotle Balogh, senior vice president at VeriSign Inc., a company that oversees some of the Internet's critical functions. "Now we feel more like the mouse, trying to be fast enough because the attackers are becoming much more like the cat."

Balogh provided a gloomy account of the hacker wars two weeks ago when I visited VeriSign's global network operations center in Dulles. VeriSign considers 2004 "the turning point" in the conflict, Balogh explained, because the bad guys exhibited such dramatic leaps in creativity, sophistication and focus.

His assessment was underscored Tuesday when International Business Machines Corp. released a report saying "criminal-driven security attacks" jumped 50 percent in the first half of this year compared with last year. IBM's global security intelligence team detected more than 237 million security attacks worldwide in the first six months, including 54 million against governments, 36 million against manufacturers and 34 million against financial services.

To keep criminal hackers at bay, VeriSign, keeper of the master Internet address book, has been throwing mind-boggling amounts of money and computing firepower at security.

Wednesday, August 03, 2005

TiVo changes up Privacy Message to enable content download

Ryan Block, over on Engadget, writes:

We’re not sure what kind of tricky tricks those TiVo tricksters have up their sleeves with this one (if anything at all), but according to about a hundred people who wrote in, last night TiVo changed their Privacy Policy pertaining to “new functionality that will enable TiVo subscribers to download content to their Series2 DVR.” (Sorry, we haven’t used our office TiVo yet this week, we’re a bit busy!) We’re not entirely sure what this means since some TiVos can technically already download content by means of FireWire/S-video/RCA import, but their FAQ on 2005 Privacy Policy changes seems to somehow allude instead to more nefarious sounding third party applications. We’re confused, someone hold us?

[Via PVRblog]

RIM case sent back to lower court

Simon Avery writes in The Globe and Mail:

Research In Motion Ltd. says it may appeal to the Supreme Court of the United States to review a ruling handed down by an appeals court this week affirming that the company infringed on several patents of a Virginia firm.

On Tuesday, the U.S. Court of Appeals for the Federal Circuit in Washington upheld most of its December patent infringement ruling against RIM.

But the court revised its original ruling to say the company, based in Waterloo, Ont., had infringed on seven of 16 claims of patents of NTP Inc., rather than 11 as originally determined. In a statement , RIM questioned the long-term validity of the seven remaining claims. Two of them have recently been rejected by the U.S. Patent and Trademark Office and the other five are under re-examination, RIM said.

Web Site Devotes Itself to Strange Firings

On the lighter side of the web, an AP newswire article, via Yahoo! News, reports that:

Getting fired is rarely a happy event, but that doesn't mean you can't have a sense of humor about it. That's what Simply Hired, a 5-month-old employment-related Internet startup, counted on when it started an affiliated Web site devoted to the stories of workers who have received a pink slip for a silly, outrageous or embarrassing reason.

The Mountain View-based company is even offering a prize to the biggest "loser" — a Caribbean cruise that will include passengers famously fired by Donald Trump on his popular television show, "The Apprentice."

Alert! President Bush declares national emergency... again

ObCaveat: Of course, anyone who has followed Declan McCullagh's reporting on digital security, politics & technology, and especially privacy issues, whether via C|Net News or by following PoliTech, should know that when he "alerts" the public to any particular issue, it's important enough to pay attention.

Especially if you value your privacy.

Having said that, let's get to it. Declan writes in the C|Net News Security Blog:

President Bush this week declared a national emergency based on an "extraordinary threat to the national security."

This might sound like a code-red, call-out-the-national-guard, we-lost-a-suitcase-nuke type of alarum, but in reality it's just a bureaucratic way of ensuring that the Feds can continue to control the export of things like computer hardware and encryption products.

And it happens every year or so.

Daily fix....

Via Enjoy!

Beijing to clamp down on foreign media

Chris Buckley writes for The International Herald Tribune:

China disclosed on Wednesday that it had frozen approvals for foreign satellite broadcasters entering its market and would strengthen restrictions on foreign television programs, books, newspapers and performances in an effort to exercise tighter control over the country's cultural life.

"Import of cultural products contrary to regulations will be punished according to the circumstances, and in serious cases the import license will be revoked," the rules, which were issued on Tuesday, stated. "In the near future, there will be no more approvals for setting up cultural import agencies."

The "Google Hack" Honeypot

An interesting experiment -- thanks to the folks at the SANS ISC Handlers Desk for bringing our attention to it.

What is it?

From their web page, over at

Google Hack Honeypot is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a “Google Hack” honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence.

These insecure tools, when combined with the power of a search engine and index which Google provides, results in a convenient attack vector for malicious users. GHH is a tool to combat this threat.

After shuttle repair, NASA weighs one more fix


A spacewalking astronaut gently pulled two potentially dangerous strips of protruding filler from Discovery’s tile belly with his gloved hand Wednesday, successfully completing an unprecedented emergency repair.

Even as they celebrated spacewalker Stephen Robinson's feat, NASA managers weighed whether to attempt yet another repair job, this time involving a ripped and puffed-up thermal blanket just beneath commander Eileen Collins' cockpit window.

Update: FCC expected to officially propose DSL deregulation on Thursday

Via Red Herring.

United States Federal Communications Commission Chairman Kevin Martin is expected to officially propose the deregulation of DSL services from telecommunications carriers on Thursday.

Last month’s decision by the U.S. Supreme Court to uphold the rights of cable operators to offer broadband products as unregulated data services brought calls for fairness from telecommunications carriers, which operate their broadband services under legacy regulations.

The court ruling is popularly known as the Brand X decision, named after the ISP that challenged the three-year-old original ruling.

Mr. Martin said in a speech to the National Association of Regulatory Utility Commissioners over the weekend that he has “already shared with my colleagues a proposal that would give telcos the same deregulatory treatment as cable.

Update: Jennifer C. Kerr writes in an AP newswire story (via Yahoo! News):

The Federal Communications Commission delayed its monthly meeting as its chairman worked Wednesday to build support for relaxing rules governing high-speed Internet services offered by phone companies. The meeting, scheduled for Thursday, was pushed back to Friday.

Court orders CardSystems to retain breach information

Robert McMillan writes in NetworkWorld:

A California state court has ordered CardSystems Solutions and three other defendants in a class-action lawsuit to preserve evidence relating to a major breach of the Atlanta, Ga., credit-card processor's computer systems.

The court also has set a date for CardSystems, along with MasterCard International, Visa USA and Merrick Bank, to argue over who bears ultimate responsibility for informing customers of the breach.

The court order, issued on Tuesday by the Superior Court of the State of California in San Francisco, is the latest development in what may prove to be a long-running class-action lawsuit over the highly publicized theft of credit-card information at CardSystems' Tucson, Ariz., operations center, which was first disclosed in June.

The suit, filed shortly after the theft was revealed, claims that CardSystems was negligent in the way it maintained consumer credit data. In addition to monetary damages, the suit seeks to force CardSystems and the credit-card companies to notify California consumers whose data has been compromised.

Tuesday's order will make it more likely that the defendants are able to inform consumers, should the court side with the plaintiffs, according to Ira Rothken, managing partner of San Rafael, Calif.-based The Rothken Law Firm, which filed the suit.

Sprint-Nextel Deal Gets Government's Approval

Arshad Mohammed and Yuki Noguchi write in The Washington Post:

The merger of Sprint and Nextel Communications Inc. won approval this afternoon from both the Federal Communications Commission and the Justice Department, clearing the way for the creation of the third-largest mobile phone operator in the country.

The FCC said in a statement that it had concluded the merger would "serve the public interest, convenience and necessity, and that the likely public interest benefits of the merger outweigh any potential public interest harms."

The Justice Department, in a separate statement, said it saw no reason to challenge the merger, which will create a company with 35 million mobile phone subscribers. The Justice Department said consumers "will continue to have a number of other carriers from which to choose."

The combination will give the resulting company more ammunition to compete against much bigger rivals and to forge potentially lucrative partnerships with cable companies.

Boston airport tries to kill free WiFi node

Declan McCullagh writes in C|Net News:

Boston's Logan International Airport is attempting to pull the plug on Continental Airlines' free WiFi node that competes with the airport's $7.95-a-day pay service.

In an escalating series of threatening letters sent over the last few weeks, airport officials have pledged to "take all necessary steps to have the (WiFi) antenna removed" from Continental's frequent flyer lounge. Continental's free service poses an "unacceptable potential risk" to communications gear used by the state police and the Transportation Security Administration, the letters claim.

For its part, Continental says that a 1996 law prevents local officials from meddling with wireless service and has asked the Federal Communications Commission to intervene. Its letter to the FCC argues that the agency has "exclusive jurisdiction" over WiFi and should keep local authorities at bay.

UT: Court OK's blocking of unsolicited e-mails

I couldn't find this story in the Austin American-Statesman, but an AP newswire article, via (Thanks to /.), reports that:

The University of Texas didn't violate the constitutional rights of an online dating service when it blocked thousands of unsolicited e-mails, a federal appeals court panel ruled Tuesday.

White Buffalo Ventures, which operates, had appealed to the 5th U.S. Circuit Court of Appeals, saying it had complied with all anti-spam laws.

The company argued that the university violated its constitutional rights by filtering out 59,000 e-mails in 2003. White Buffalo also claimed a federal act that allows certain e-mails superseded the university's anti-spam policy.

The 5th Circuit panel found that the federal anti-spam law, CAN-SPAM, does not pre-empt the university's policy and that the policy is permissible under the First Amendment.

The law requires messages to have a title that correctly states the contents of the e-mail, a valid address and that companies honor requests to unsubscribe.

The court did not need to rule on whether the state university e-mail servers are public or private. Settles FTC Adware Charges

An AP newswire article, via The Washington Post, reports that: Inc., a unit of Time Warner Inc.'s America Online, agreed to settle federal charges that the company offered free security software without adequately disclosing that it also came with adware.

Under a settlement with the Federal Trade Commission, will be required to "clearly and prominently" disclose that consumers who install the program, SpyBlast, will receive pop-up ads based on their Internet browsing habits.

The settlement also requires that comply with standard record-keeping and other provisions to allow the FTC to monitor compliance with the order. The proposed consent order doesn't cover AOL, which bought for $435 million in 2004.

The FTC complaint charged that when consumers installed SpyBlast _ a software intended to protect against hackers _ they were not required to read the agreement alerting users about receiving potential marketing messages.

Stern's Show Going to Video-On-Demand

An AP newswire article, via Yahoo! News, reports that:

It's not just on radio that Howard Stern will be testing out a new technology.

The In Demand Networks, which provides video-on-demand content to cable television companies, said Wednesday it had reached an agreement to carry the televised version of Stern's show that had been shown for 11 years on the E! Entertainment network.

Microsoft Offers "Redacting" Tool For Word

Via TechWeb News.

Microsoft on Tuesday published a free add-on to Word 2003 that lets users black out sections of documents by removing confidential information prior to printing or e-mailing.

Dubbed the "Redaction Add-in," the 1MB download adds a new toolbar to Word 2003.

"Sensitive government documents, confidential legal documents, insurance contracts, and other sensitive documents are often redacted before being made available to the public," Microsoft said in the accompany notice.

Any text marked with the add-in is completely removed from the document and marked with black bars in both the on-screen and printed versions. A redacted version of the file can then be saved for printing and/or electronic distribution.

The add-in can be found on Microsoft's Download Center.

Anti-Phishing group casts line at new threats

I meant to mention this on the blog earlier this morning, due to some discussion on the local EFF-Austin mailing list where somehow, some joker managed to subscribe to the list, and then sent a crafty phishing e-mail to the entire mailing list.

But I digress....

Dawn Kawamoto writes about it on C|Net News:

Faced with a rise in so-called pharming and crimeware attacks, the Anti-Phishing Working Group will expand its charter to include these emerging threats.

The shift may serve as a harbinger, raising the question of whether phishing will eventually become passe--despite the current rise in phishing incidents.

"Over time, as banks get a better grip on fighting conventional phishing that uses social engineering, phishers will be forced to find other vectors of attack," Peter Cassidy, secretary general for the antiphishing group, said Wednesday.

Within a couple of years, he said, conventional phishing could become obsolete. "It could be even faster. Events have always eclipsed our expectations," Cassidy said.

Hidden Black Holes Finally Found

Robert Roy Britt writes on

A host of hidden black holes have been revealed in a narrow region of the sky, confirming astronomers' suspicions that the universe is loaded with many undetected gravity wells.

Black holes cannot be seen directly, because they trap light and anything else that gets too close. But astronomers infer their presence by noting the behavior of material nearby: gas is superheated and accelerated to a significant fraction of light-speed just before it is consumed.

The activity releases X-rays that escape the black hole's clutches and reveal its presence.

The most active black holes eat so voraciously that they create a colossal cloud of gas and dust around them, through which astronomers cannot peer. That sometimes prevents observations of the region nearest the black hole, making it impossible to verify what's actually there.

Hacker criticizes cyber crime laws

Daniel Thomas writes in Computing:

Gary McKinnon, the UK hacker facing extradition to the US accused of 'the biggest military computer hack of all time', is calling for international computer crime laws to be passed.

McKinnon, who faces up to 70 years in a US jail, says common legislation would ensure that computer crimes are treated in the same way, regardless of geographical location.

He also says there should be a differentiation between malicious computer crimes that cause damage and those that involve unauthorised access.

'The highest sentences should go to the virus writers,' he said.

Vicar stunned by sermon surfers

Via the BBC.

Thousands of people have downloaded a Suffolk vicar's sermons after he posted them on the internet last month.

The Rev Leonard Payne, Vicar of St Nicholas' Church in Wrentham, said the response had been overwhelming after he posted them on the Apple iTune store.

"We were stunned. Within a short period of time, over 2,000 people had downloaded one of them," he said.

At one point demand for the sermons was so great they had to change servers, Mr. Payne said.

Vonage outage

Om Malik writes in his Broadband Blog:

ALERT: Apparently people can hear the dialtone, but calls don’t go through. Voicemails are offline, and other such issues as well. Most people on the Vonage Forums are complaining about lack of service. Even is down. Looks like the entire infrastructure has blanked out. The phones into the press office are not working, and website is down as well. I reached their PR agency and they had no information about the outage as well. If you are experiencing the problems, please let me know.

Vonage spokesperson just emailed me: “Vonage is having a minor website outage due to firewall policy and it will be fixed in a matter of minutes in case you receive any additional inquiries. Thanks for touching base.”

OMB details milestones to move to IPv6

Jason Miller writes in

Agencies may have until June 30, 2008, to transition to Internet Protocol Version 6, but the planning starts now.

The Office of Management and Budget has released a memo [.pdf] that gives agencies until Nov. 15 to assign an official to coordinate the move to the new protocol and complete an inventory of existing routers, switches and hardware firewalls.

Agencies also will have to begin assessing all other existing IP-compliant devices and technologies, as well as perform an impact analysis to determine the cost and operational impacts and risks of migrating to IPv6.

DNS servers--an Internet Achilles' heel

Joris Evers writes in C|Net News:

Hundreds of thousands of Internet servers are at risk of an attack that would redirect unknowing Web surfers from legitimate sites to malicious ones.

In a scan of 2.5 million so-called Domain Name System machines, which act as the White Pages of the Internet, security researcher Dan Kaminsky found that about 230,000 are potentially vulnerable to a threat known as DNS cache poisoning.

"That is almost 10 percent of the scanned DNS servers," Kaminsky said in a presentation last week at the Black Hat security event in Las Vegas. "If you are not auditing your DNS servers, please start," he said.

The motivation for a potential attack is money, according to the SANS Internet Storm Center, which tracks network threats. Attackers typically get paid for each spyware or adware program they manage to get installed on a person's PC.