Saturday, September 03, 2005

Austin computer volunteers needed to help with Katrina victims

Thanks to Jon Lebkowsky for forwarding this to the EFF-Austin mailing list.

The City of Austin is about to open the Palmer Center and the Convention Center for Hurricane Katrina refugees. The Burger Center is already in use for this purpose as you probably know. The computer banks are now being installed in the Palmer and Convention Centers and the refugees will be arriving soon.

They need volunteers to help these folks put their information into a web site that is tracking the refugees so that their loved ones can find them and vice versa. Many of the refugees have no computer skills. If you can volunteer any of your time and skills to help out, please e-mail:

Eric will e-mail you back to let you know when you will be needed.

For the Austin Free-Net Team,

Dale Thompson, Financial Manager
Austin Free-Net (
Fix-Net (
512.236-8225 x10
Fax: 974.3477
2209 Rosewood Ave.
Austin, TX 78702

Online gamers rally for Katrina support

Via the BBC.

Online gamers are joining the US public to give their support to those affected by the aftermath of the destructive hurricane Katrina.

Sony Online Entertainment (SOE) is rallying support for those caught up in the disaster via its massive community of players in Everquest II.

Players of the online game can make in-game donations to the Red Cross.

SOE said it was also suspending some 13,000 account holders from the affected areas until they log in again.

"We look at all our subscribers as an extended family," Chris Kramer from SOE told the BBC News website.

"It is amazing what large groups of people can do and we certainly have hundreds of thousands playing the game worldwide.

Katrina: Businesses Prepare for Disaster

Via Red Herring.

Hurricane Katrina’s devastation across the Gulf Coast of the United States has prompted many businesses to look again at their disaster planning strategies, including Iron Mountain, which operates four facilities in the storm-struck area.

Iron Mountain, a company that provides offsite data storage and protection services for other large companies, said Friday all of its New Orleans facilities managed to survive the hurricane, but the flood damage was “impossible to assess.” All of the company’s employees had evacuated the area and were not yet permitted to return to see how well the buildings survived the flooding.

Iron Mountain told its customers that it could not access its records at the New Orleans facilities, but that it would provide them with updates. The company’s Baton Rouge facilities remained open and a spokesperson said company officials will review its plans in a conference call.

In an effort to help its employees, the Boston-based company’s web site provided a toll-free help line and asked employees outside New Orleans to supply information on the welfare of co-workers affected by the hurricane. Iron Mountain said it would offer updates on its intranet on the current status of its facilities and employees.

Friday, September 02, 2005

Congress looks to pass data breach law

Grant Gross writes in InfoWorld:

The U.S. Congress will look to pass consumer data protection legislation as it returns next week from its mid-year recess, but if Congress fails to act, a tough new state law will force interstate companies to disclose virtually all data breaches, no matter how small the risk.

A New York data breach law, signed by Governor George Pataki on Aug. 10, would take effect in mid-December. New York, the 19th state to pass a data breach notification law, would allow no exceptions for companies that have their own disclosure policies.

The New York law requires companies to disclose any unauthorized breach of databases that contain New York residents' personal information such as Social Security, drivers' license and credit card numbers, with a limited exception for some encrypted data. The New York law makes no exception for small data breaches or breaches unlikely to result in identity theft, despite concerns raised by groups such as the Information Technology Association of America (ITAA) that customers could be bombarded with too much notification in cases where there's little chance of harm.

Congress and about 35 state legislatures have considered data breach notification laws this year as more than 60 companies, complying with a 2003 California law, announced breaches affecting millions of U.S. residents this year. Although the California law requires that companies notify only California residents, it has become the de facto national standard, with companies sending out notices to all customers.

After chaos, changes in calling?

A BusinessWeek article, via MSNBC, reports that:

John Dark, senior marketing manager for satellite-calling provider Globalstar, says his company is overrun with orders for phones in the wake of Hurricane Katrina. Globalstar has signed up 5,000 new customers over the past three days, about 20 times normal volume.

"We've seen an absolutely astronomical demand," Dark says, highlighting an unintended consequences of what's likely to end up as one of the costliest natural disasters in U.S. history.

Photo: Anarchy in New Orleans

Image source: C|Net News / Michael Barnett

Via C|Net News.

Flames engulf a building in New Orleans in a photo taken Friday morning by blogger and DirectNIC employee Michael Barnett.


Via The American Red Cross.

The American Red Cross, with support of the worldwide Red Cross and Red Crescent Movement, is launching a Web site to help assist family members who are seeking news about loved ones living in the path of Hurricane Katrina. Visit the “Family Links Registry” via to register yourself, a missing relative or view the existing list of registrants.

Evacuees wishing to inform loved ones of their location can register their name by clicking on “Family Links Registry” on Concerned loved ones can register the names of their loved ones and view the list of those already posted. Due to the extent of the damage and the number of people displaced, concerned friends and family members are encouraged to visit the site daily to consult the list, as it will be updated continuously. A toll-free hotline is being established for those who do not have internet access.


Via Boing Boing.

Quick notes from conference call hosted by the FCC today about urgently coordinating resources and personnel from internet/wireless service providers to get communications networks up and running in in gulf states.

Lack of communications systems has been identified as a critical issue holding back aid, missing persons, law enforcement, etc. in crisis areas.

FCC personnel are working throughout the weekend to coordinate these efforts with private industry, with wireless technology groups, FEMA, and state governments in Mississippi, Louisiana, etc.

One of the challenges they face in this effort is fact that the coordination effort involves multiple layers of bureaucracies -- also, that there has been no central point for directing available assets offered by private industry. Participants on the call included folks from Cisco, Intel, and wireless organizations.

Another challenge: working with FEMA and local governments to ascertain whether it is more immediately effective to get old systems up and running, or create new temporary ones. Depends on tech behind communications system in question.


Go to Boing Boing to read the remainder of the instructions. The deadline for submitting this information is NOON EDT tomorrow, Saturday, 3 September 2005.

Red Cross works to restore communications at shelters

Michael Arnone writes in

The American Red Cross is doing everything it can to restore communications with its 300 shelters in the region devastated by Hurricane Katrina, the agency’s chief information officer said Friday.

The agency is making progress but “this disaster is on a scale we’ve never seen before,” said Steve Cooper, the Red Cross’s CIO and the former CIO at the Homeland Security Department.

“We have to plan that New Orleans as a city really won’t exist for the next six months,” Cooper said. Biloxi, Miss., is just as hard hit, he noted.

The Red Cross created a task force on Sept. 1 with several of its private-sector partners, including Microsoft, Cisco Systems and Cingular, Cooper said. These companies flew in personnel to provide satellite connectivity to all Red Cross shelters in the disaster area, he said.

New Security Advisory on Windows Firewall Exception

Via the MSRC Blog.

Hi Folks, -- you may have noticed that we posted an advisory earlier this week: This advisory discusses how a malformed registry key entry could allow an exception to be entered into the firewall, but this exception wouldn’t be visible in the standard firewall graphical user interfaces. In response to customer feedback and to clear up any confusion, we wanted to be explicit that in order for this type of action to happen a system would already have to be compromised and malicious code be running as an administrator. This is typical of most applications and platforms – once an attacker or criminal controls a system they can take what would normally be safe actions, and misuse them to confuse customers.

So, the best protection in these types of issues would to take preventative measures, like following the Protect Your PC guidance of enabling a firewall, getting software updates, and installing antivirus software as well as practice safe browsing techniques. However, that said, if you wanted to view all the exceptions in a firewall, even if the type of entries discussed in the advisory have been made, then you go do that with command line tools that come with Windows XP. Detailed instructions are in the advisory.

Katrina knocks out critical Army supply link

Frank Tiboni writes in

The Army has restarted a critical overseas supply chain after Hurricane Katrina knocked out communications with one of its logistics centers.

Soldiers and logistics officers in Iraq and Afghanistan rely on the Corps Theater Automatic Data Processing Center located in Baton Rouge, La., to process supplies. But when Katrina hit the Gulf Coast earlier this week, the center’s Standard Army Retail Supply System lost connectivity to a military network and the orders stopped.

Within 48 hours, officials with the Army’s Program Executive Office for Enterprise Information Systems (PEO-EIS), the service’s information technology shop, devised a solution to get the supply chain operating again. They acquired two satellite terminals from a unit of the 10th Mountain Division at nearby Fort Polk, La., and sent workers with the General Dynamics Signal Solutions business unit to connect them to the supply system in Baton Rouge, according to a Sept. 1 Army statement.

As a result, 80 percent of the supply chain for Iraq and Afghanistan is up and running. Army Maj. Hector Costa, assistant product manager in the Combat Service Support Very Small Aperture Terminal (CSS-Vsat) Office, said several Army organizations, including the Combined Force Land Component Command and the Office of the Deputy Chief of Staff for Logistics/G-4, assisted in the effort.

Louisiana Gov. Blasts Faulty Wireless Networks

Via EE Times.

Struggling to cope with widespread chaos in hurricane-ravaged New Orleans, Louisiana Gov. Kathleen Babineaux Blanco blasted telecommunications providers for the apparent collapse of the state's wireless network.

"The communications network is completely gone," Blanco said Thursday (Sept. 1) as the situation in New Orleans grew more chaotic by the hour. Blanco said wireless networks throughout the state remained down, and that state officials were unable to use hand-held communications devices like Blackberrys.

Hurricane Katrina has again exposed shortcomings in emergency communications networks and the vulnerability of wireless networks during emergencies. Critics said more spectrum needs to be earmarked for emergency communications, and that networks need more redundancy to function in disasters.

As of Friday, calls to hurricane relief centers in Louisiana were still not being answered. The only response was that "all circuits are busy."

Microsoft Launches Internet Crime Portal

An NewFactor Network article by Walaika Haskins, via Yahoo! News, reports that:

At a High Technology Crime Investigation Association event on Wednesday, Microsoft announced plans to launch a Web site that will aid police in investigating Internet crime.

Analysts say the move should resonate with the law enforcement community as a valuable crime-fighting tool. The announcement comes on the heels of the FBI's Microsoft-aided investigation into the origins of the ZoTob worm, which crippled business across the U.S. last month.

"Over the past months, cybercrime has gone from casual to malicious to criminal," said Joe Wilcox, a senior analyst at Jupiter Research.

They Knew What to Expect

A Reuters newswire article, via Wired News, reports that:

Virtually everything that has happened in New Orleans since Hurricane Katrina struck was predicted by experts and in computer models, so emergency management specialists wonder why authorities were so unprepared.

"The scenario of a major hurricane hitting New Orleans was well anticipated, predicted and drilled around," said Clare Rubin, an emergency management consultant who also teaches at the Institute for Crisis, Disaster and Risk Management at George Washington University.

Computer models developed at Louisiana State University and other institutions made detailed projections of what would happen if water flowed over the levees protecting the city or if they failed.

In July 2004, more than 40 federal, state, local and volunteer organizations practiced this very scenario in a five-day simulation code-named "Hurricane Pam," where they had to deal with an imaginary storm that destroyed over half a million buildings in New Orleans and forced the evacuation of a million residents.

Pirates put new Stones album on Internet

An AFP newswire article, via Yahoo! News, reports that:

The Rolling Stones' first studio album in eight years has reportedly been illegally posted on the Internet.

"A Bigger Bang" is due for release on Monday but illegal downloading from several websites could cost the legendary British group a fortune in lost sales.

A spokeswoman for the Stones' record company EMI told The Times: "The first low-quality files of new Rolling Stones music were found illegally posted on Monday, the same day we began making the new album available for consumers to listen to via radio and streaming.

"It is actually a major achievement to keep an album secure until this close to the commercial release date."

The entire 16-track album is available to listen to on the Stones' website.

Phones, Computers Coming to Astrodome

An AP newswire article by Matt Slagle, via Yahoo! News, reports that:

Thousands of Hurricane Katrina refugees packing into Houston's Astrodome are getting electronic access to the outside world.

Corporations, volunteers and nonprofit agencies continued working Friday to install telephones and Internet-enabled computers inside the sprawling former sports stadium in one of many efforts aimed at bringing communications technologies to hurricane victims.

Astrodome refugees, displaced from the Superdome in New Orleans, were getting 10 minutes blocks of time to make free local and long distance calls.

Many of them haven't heard from friends or family — nor have they been able to let loved ones know they're safe — since Katrina ravaged their hometown on Monday.

Microsoft Internet Explorer Remote Code Execution Vulnerability

Matthew Broersma writes in Techworld:

Fully patched Windows systems may be at risk from an unpatched, high-risk security hole affecting the latest version of Internet Explorer.

The bug, reported by security researcher Tom Ferris on his website,, affects Internet Explorer 6 on a fully-patched Windows Server 2003 and Windows XP with Service Pack 2.

FrSIRT, the French Security Incident Response Team, confirmed the report and gave the flaw a "critical" rating, its most severe.

An attacker could exploit the bug to execute malicious code and take over a user's system, Ferris said. He said the attack works via a specially crafted Web page, doesn't need any user interaction and doesn't give the user any warning that code has been executed. The bug isn't related to previous Explorer flaws, Ferris said.

Microsoft has confirmed it is investigating the flaw, but hasn't yet said what action it will take, if any. Possible actions could include a patch included with the company's monthly patching cycle, or an out-of-cycle patch, if warranted, Microsoft said in a statement.

As of Wednesday afternoon, the company hadn't yet issued an advisory of its own, a relatively new practice it reserves for unpatched bugs. becomes makeshift family finder

An (Opelousas, LA) Daily World article by Billy Liggett, via USA Today, reports that:

Until Monday, a visit to Katrina Blankenship's home on the Web introduced visitors to a small Powhatan, Va.-based business, known for its "Web sites with personality."

Today, in the wake of one of the worst natural disasters in American history, has become a place to look for family or loved ones still missing from Hurricane Katrina. It's also full of helpful information such as how to make a donation or how to reach Louisiana hotels.

Blankenship, a 37-year-old married mother of one, has received hundreds of phone calls, twice as many e-mails and thousands of hits to her 7-year-old Web page since the hurricane hit the Gulf Coast. For the many who aren't familiar with search engines or government Web sites, is the first thing they try, she said.

Thursday, September 01, 2005

EPA, Air Force launch surveillance jets in Katrina’s wake

Rob Thormeyer writes in

The U.S. Air Force and the Environmental Protection Agency are deploying aircraft mounted with surveillance equipment to monitor and analyze Hurricane Katrina recovery efforts.

In an effort to assess the amount of spills and chemical releases along the Gulf Coast, including New Orleans and Baton Rouge, La., EPA on Tuesday started launching Airborne Spectral Photometric Environmental Collection Technology (ASPECT) flight missions to conduct overflight assessments of the hurricane’s damage.

SAIC to go IPO

Renae Merle writes in The Washington Post:

Science Applications International Corp., the largest privately held defense contractor, announced yesterday that it would go public early next year,aiming to raise $1.7 billion for insiders cashing in on the post-Sept. 11 government spending boom that fueled the firm's growth.

The public offering would rival Google Inc.'s $1.8 billion deal in 2004 in size and be the largest IPO of a government contractor in many years. The chief beneficiaries will be SAIC's more than 35,000 shareholders, which include many current and former employees, some of whom stand to make millions of dollars. The company has 16,000 employees in the Washington region.

In a Securities and Exchange Commission filing, the San Diego-based company outlined its government work, which accounted for 87 percent of its $7.2 billion in revenue last year. Many of the company's 10,000 contracts are with the Defense Department, where it is known not for weapons, but for managing large projects to integrate information technology systems, including several in the intelligence field.

Daily fix....


SBC Ponders New Name: AT&T

Via TechWeb News.

Ma Bell may return in name at least, according to a published report Thursday that suggests SBC Communications Inc., which is acquiring AT&T, could drop SBC and return to the shorthand version of the American Telephone & Telegraph Co.

The Wall Street Journal reported that SBC’s management appears to be favoring the AT&T moniker, one of the most famous brands in the U.S.

The move could make sense for San Antonio-based SBC as it continues to strike out across the nation from its roots in the South West. SBC has already changed its brand name from Southwestern Bell Corp. to SBC.

When SBC announced earlier this year that it would acquire AT&T for $16 billion, SBC Chairman and chief executive Edward Whitacre was quoted as saying: “We value the heritage and strength of the AT&T brand, which is one of the most widely recognized and respected names throughout the world, and it will certainly be a part of the new company’s future.”

New Orleans Cops Use Single Radio Channel

An AP newswire article by Bruce Myerson, via Yahoo! News, reports that:

When the phones don't work, improvise. That's what emergency responders and civilians were forced to do in the aftermath of Hurricane Katrina, which trashed the telephone system on the Gulf Coast of Louisiana and Mississippi.

Police in New Orleans, their main communications system knocked out, have been taking turns talking on a single radio channel with their walkie talkies. The Mississippi National Guard even resorted to ancient battlefield tactics, sending runners back and forth among commanders with information.

And a local sheriff, Sid Hebert of Iberia Parish, helped keep an ambulance company handling medical evacuations across southern Louisiana running by loaning it a portable command center.

"He personally drove it to (our headquarters). He got us back on the air," said Richard Zuschlag, chief executive of Acadian Ambulance Service Inc.

By Thursday, nearly 10,000 satellite-based wireless phones had poured into the hurricane zone to coordinate relief efforts by federal disaster personnel and Red Cross workers, said service providers Globalstar LLC and Iridium Satellite LLC.

Windows Firewall flaw may hide open ports

Joris Evers writes in C|Net News:

A flaw in Windows Firewall may prevent users from seeing all the open network ports on a Windows XP or Windows Server 2003 computer.

The flaw manifests itself in the way the security application handles some entries in the Windows Registry, Microsoft said in a security advisory published Wednesday. The Windows Registry is a core part of the operating system that stores PC settings.

The bug could allow a firewall port to be open without the user being informed through the standard Windows Firewall user interface, according to the Microsoft advisory. The company has released a fix that can be downloaded from Microsoft's Web site and will be part of a future Windows service pack, the company said.

Microsoft said the firewall issue is not a security vulnerability, but said the flaw could be used by an attacker who already compromised a system in an attempt to hide exceptions in the firewall.

Alternative browsers pose challenge for cybersleuths

Joris Evers writes in C|Net News:

The advent of Firefox and other alternatives to Internet Explorer means cybercops have to learn new tricks for their investigations.

Internet Explorer hides nothing from police and other investigators who examine PCs to discover which sites the user has visited, according to a class held Wedensday at the annual training meeting of the High Tech Crime Investigation Association. Investigators know the location of the IE browser cache, cookie files and history, and they know how to read those files. Also, popular forensics tools can help out.

But that story changes when it comes to alternative Web browsers such as Firefox and Opera, instructor Glenn Lewis said at the well-attended session. These programs use different structures, files and naming conventions for the data that investigators are after. And files are in a different location on the hard drive, which can cause trouble for examiners. Furthermore, forensics software may not support the Web browsers, he said.

Though Microsoft's IE remains the most widely used browser, these alternatives are gaining in popularity. The open-source Firefox browser in particular has been able to nibble at Microsoft's dominant share of the market. Web browser data can be important in criminal investigations because browsers keep track of a suspect's online activity.

Darknets to eclipse bandwidth management

John Leyden writes in The Register:

Encrypted P2P networks will soon make bandwidth management based on deep packet inspection obsolete, says Staselog, a Finnish appliance outfit.

Around 80 per cent of all traffic in the Internet is already P2P. This traffic will increase 1,000-fold in the next five years and most of it will be encrypted P2P, according to a study by Staselog and researchers at Finnish Universities.

Such predictions are notoriously difficult to get right; and even after speaking to Jarkko Niittylahti, the managing director of Staselog, we're unconvinced these figures will prove accurate.

However, Niittylahti's general point seems reasonable enough, namely that the desire for greater anonymity among those illicitly trading music and film files on the net increase the flow of encrypted traffic.

Scammers hit Web in Katrina's wake

A Washington Post article by Brian Krebs and Caroline E. Mayer, via MSNBC, reports that:

Web sites claiming to collect donations for Hurricane Katrina victims. Phony e-mails pretending to solicit money from well-known charities. Online auctions of Internet domain names with Katrina-related addresses, such as ""

Less than two days after the hurricane, Internet opportunists are already trying to cash in on public sympathy for Katrina's victims.

Within the past 24 hours, several Web sites have emerged, promising to forward money to relief workers. Bearing such names as, and, the sites ask for money to be sent through Paypal, but there is no way to verify who is getting the money.

EBay late yesterday halted an online auction of several Katrina-related Web site names, such as "" Bidding was to start at $15,000, and the seller promised to deliver half of the final winning bid amount to the American Red Cross. EBay allows sellers to dedicate a portion of their profit to charities but requires the seller to either sign up for eBay's own giving program or obtain permission from the charity first. Red Cross officials said no permission had been granted, and eBay said it terminated the auction because the seller did not observe rules on charitable giving.

Officials Warn of Katrina Investment Scam

An AP newswire article, via, reports that:

Federal and state regulators Thursday warned investors to beware of "opportunistic investment scams" in the wake of Hurricane Katrina.

The North American Securities Administrators Association, which represents state securities regulators, urged investors to be on guard against investments that promise profits from hurricane relief and recovery efforts in Louisiana, Mississippi, Alabama and Florida.

Oil-and-gas deals and investments in water-purification technology and energy-generating devices also should raise red flags, NASAA President Franklin Widmann said.

Widmann, who is chief of the New Jersey Bureau of Securities, told investors to beware of cold calls, advertisements and Internet postings that tout potential gains from hurricane clean-up.

Craig's List vs. Katrina

Keith Axline writes in Wired News:

Local community websites have sprung into action to assist hurricane Katrina survivors with everything from blankets to offers of shelter in their homes.

With cell and landline phones mostly down, the web has emerged as a champion amidst the wreckage. E-mail, instant messenger and blogs have proven lifelines for communication.

In relief efforts, too, the internet is proving invaluable, as websites have become hubs for putting badly needed goods and services directly into the hands of people who need them most. Where organizations like the Red Cross discourage anything other than financial donations, sites like Craig's List allow people to meet up with victims for face-to-face aid. Craig's List users have flooded the New Orleans site with offers of shelter and comfort.

Flood Waters Can't Sink Net Link

Joel Johnson writes in Wired News:

Despite the loss of most public utilities, at least one hosting company in hurricane-battered New Orleans is still online, fighting against time and the odds to keep part of the internet humming.

Occupying the 10th floor of a downtown Big Easy office building, Zipa is a typical web-hosting and co-location center, with one key difference: It's sitting smack dab in the middle of some of the worst devastation the United States has ever experienced.

With buildings reduced to soggy ruin just a few blocks away, Zipa's data center -- built by Enron in its expansionist heyday -- still operates, powered by a 750-kilowatt diesel generator and connected to the rest of the world by a fiber optic connection buried deep underneath New Orleans' flooded streets.

That makes the employees of Zipa and sister company DirectNIC, which is just upstairs, some of the only flood victims in New Orleans with the ability to communicate with the outside world.

Communications Networks Fail Disaster Area Residents

A Washington Post article by Arshad Mohammed and Jonathan Krim, via Yahoo! News, reports that:

Victims of Hurricane Katrina struggled to communicate with each other and the rest of the world yesterday, using everything from text messages to ham radio as most telephone service in New Orleans and coastal Mississippi remained devastated.

The near-blackout left outsiders desperate for news about loved ones, and in some cases created life-and-death situations as aid workers struggled to get information about people stranded by rising floodwaters in New Orleans.

Phone companies had trouble even comprehending the extent of damage to their systems because they could not get into some parts of the region. One telephone executive said the storm might have caused unprecedented damage to a communications infrastructure that people have come to take for granted.

BellSouth Corp., the dominant local telephone-service provider for the region, with a network that is also vital to wireless telephone systems, said as many as 1.75 million customers along the Gulf Coast may be without service. One reason the networks will be so difficult to restore is that damage to wireless towers and copper, coaxial and fiber-optic lines could be spread across an unusually wide section of the country, from the Florida Panhandle to Louisiana.

The loss of service left residents nearly as frantic for communications as for food and shelter.

Fighting Bots.....

Sorry about nothing being posted to the blog today, but I've been quite busy fighting bots....

Damned things....

I'll post later tonight when I get home and can sit down with a cold beer and catch my breath...

- ferg

Wednesday, August 31, 2005

Ben Edelman: How Yahoo! Funds Spyware

Yeah! Ben is active again! Horray! :-)

Ben Edelman writes in his blog:

Yahoo's Overture (recently renamed Yahoo Search Marketing) allocates pay-per-click (PPC) ads among Yahoo's network of advertisers. When users run searches at, Yahoo's advertisers are assigned placements at the top, right, and bottom of search results. Advertisers pay Yahoo a fee when users click on their ads.

But Yahoo doesn't just show advertisers' ads on; Yahoo also distributes advertisers' ads to Yahoo's various syndication partners. Many of these partners are entirely legitimate: For example, most advertisers will be happy to show their ads to users running searches at, where Yahoo sponsored links complement searches of Post articles.

However, serious concerns arise where Yahoo syndicates advertisers' ads to be shown by advertising software installed on users' PCs -- software typically known as spyware or adware. In my testing, Yahoo's support of spyware is widespread and prevalent -- an important source of funding for many spyware programs, bankrolling infections of millions of users' PCs. Were it not for Yahoo's funding of these programs, the programs would be far less profitable -- and there would be fewer such programs trying to sneak onto users' PCs.

Yahoo's funding of spyware is not unique. I've recently written about Google's funding of similar bad actors (1, 2). Earlier this year, FindWhat disclosed related problems, admitting that terminating its dubious distributors would reduce revenues by at least 5%. But in my hands-on testing of various spyware-infected PCs, I find that I receive Yahoo-syndicated ads more frequently than I receive such ads from any other single PPC network.

Hidden-code flaw in Windows renews worries over stealthly malware

Robert Lemos writes in SecurityFocus:

Last week, the Internet Storm Center, a group of security professionals that track threats on the Net, flagged a flaw in how a common Microsoft Windows utility and several anti-spyware utilities detect system changes made by malicious software. By using long names for registry keys, spyware programs could, in a simple way, hide from such utilities yet still force the system to run the malicious program every time the compromised computer starts up.

Already, some spyware authors seem to be playing with the rudimentary technique to try and hide their programs, said Tom Liston, a handler for the Internet Storm Center and a network security consultant for Intelguardians.

"We have seen indications that someone is trying this technique out," Liston said. "Basically, we have seen code that is stuffing a key in the registry with a huge length. Yet, the author still doesn't have it working."

A Microsoft representative said that the company is investigating the report, but does not consider the problem an operating system flaw.

Katrina Phishing Scams Begin

Brian Krebs writes in The Washington Post:

It was bound to happen. On a hunch that we might see phishing scams popping up that take advantage of the terrible destruction that Hurricane Katrina has wrought on the Gulf Coast, I started looking up new Web address registrations for possible scam sites. In just a few minutes, I stumbled upon, which claims to be a donation site for Katrina victims but was almost certainly constructed to steal Paypal usernames and passwords.

The DNS records have very little information on the registrant, which should be the first red flag. The only information in the DNS record is a P.O. box address registered to one "Demon Moon."

What's more, when you click on the "donate" link on the site, you are taken to a Web site designed to look just like Only problem is that if you visit the site in Firefox, you will see that the Web address in the URL field is still, when it should be

Maybe this site tries to pull some tricks to manipulate what you see in that window if you visit the page with Microsoft's Internet Explorer browser, but I don't know. I haven't tried it yet. My advice would be to just stay away from this site altogether. I am sure the authorities will have it shuttered soon anyhow.

States Expanding Push for Internet Taxes

An AP newswire article by Robert Tanner, via Yahoo! News, reports that:

Going online to buy the latest bestseller or those photos from summer vacation may be tax free for most people today, but it won't last forever. Come this fall, 13 states will start encouraging — though not demanding — that online businesses collect sales taxes just as Main Street stores are required to do, and more states are considering joining the effort.

Right now, buyers are expected to pay sales taxes on Internet purchases themselves directly to the state when they pay their income taxes. But it's not widely enforced, and states say it costs them upwards of $15 billion a year in lost revenues, collectively.

"Taxes that it was difficult to collect before will now be collected. And consumers will pay that," said David Quam at the National Governors Association, helping lead the five-year effort that brought together state revenue officials, legislators and business leaders.

The question of taxing Internet sales has been in limbo since the dawn of the computer era, when the only issue was catalog sales across state lines.

Recording industry sues more U.S. file-swappers

A Reuters newswire article, via Yahoo! News, reports that:

The recording industry on Wednesday filed its latest round of copyright infringement lawsuits, targeting 754 people it claims used online file-sharing networks to illegally trade in songs.

The lawsuits were filed in federal district courts across the country, including California, Colorado, Georgia, Missouri, New York, Pennsylvania, Virginia and Washington, D.C.

The world's major record labels, represented by the Recording Industry Association of America, have filed more than 14,000 such lawsuits since September 2003.

HP warns over OpenView flaw

John Leyden writes in The Register:

Enterprise users are been urged to apply workarounds following the discovery of a potentially troublesome vulnerability involving a component of HP's widely used network management suite, HP OpenView. A security bug in Network Node Manager opens the door to possible hacker attack, according to work by security researchers at Portcullis Computer Security and NGS Software.

Network Node Manager (NNM) allows networks managers to monitor and control the operation of network devices. The flaw creates a means for hackers to execute potentially malicious shell commands by exploiting inadequate input checks involving scripts (e.g. cgi-bin/connectedNodes.ovpl) used by various versions of NNM. The vulnerability affects versions 6.2, 6.4, 7.01, and 7.50 of OpenView NNM running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP and Linux systems.

Globe and Mail: The truth about security

Mary Kirwan writes in The Globe and Mail:

Truth is often stranger than fiction, and never more so than in the world of IT security. The recent BlackHat security event in Las Vegas was a case in point, becoming the stage for a bizarre series of events.

Bemused attendees watched as Cisco and Internet Security Systems Inc. (ISS) tried to stop Michael Lynn, an ISS employee, from giving his scheduled talk on critical vulnerabilities in Cisco routers. Routers move data around the Internet, and Cisco owns the market for them. It has generally been assumed- naively so- that they are impervious to attack, so news that they are not is very bad news indeed.

These less than glad tidings, however dispiriting, would rarely qualify as front page news. But Cisco and ISS demurred. They secured an injunction to prevent Lynn from giving his talk, and his presentation was ripped from conference binders. The newly martyred Lynn duly quit his job at ISS, sallied forth and delivered his speech anyway, causing a veritable ruckus.

The entire affair was quickly dubbed 'Ciscogate', and made news around the world.

It also drew attention to a disquieting global trend that is gathering momentum. Software vendors are using copyright and trade secret laws to prevent researchers from revealing critical flaws in software products.

Fake Hurricane emails...

Good advice from the folks over at the Internet Storm Center:

Like after similar events in the past, we do expect scams and viruses to take advantage of this situation. Please be careful with e-mails containing 'hurricane videos' as attachments, or e-mail asking for donations. Refer to for a list of reputable agencies or donate to organizations you trust and have past experience with.

Daily fix...

Via Enjoy!

Happy Blog Day.

South Korea discusses Google security concerns

An AP newswire article, via The Mercury News (obnoxious, but free, registration required -- or use, reports that:

South Korea is raising concerns with the U.S. government over a service offered by Internet company Google that displays satellite photos of sites across the globe, the president's office said Wednesday.

South Korean newspaper reports in recent days have noted that the Google Earth service provides images of the presidential Blue House and military bases in the country, which remains technically at war with communist North Korea.

North Korean sites such as its main nuclear research facility at Yongbyon are also displayed on the service, which was launched in June.

Presidential spokesman Kim Man-soo said Tuesday that the office was planning on raising concerns with U.S. authorities, his office confirmed Wednesday.

Satellites spot ‘hot towers’ in Hurricane Katrina

Areas of heavy rainfall under Hurricane Katrina were
measured late on Sunday 28 August by the TRMM
satellite and the GOES spacecraft.
(Image: NewScientist/NASA/JAXA)

Kelly Young writes in NewScientist:

Satellite images of Hurricane Katrina indicate the storm experienced several "hot tower" clouds during its development, say NASA.

Thunderstorms surround the eye of hurricanes and hot towers are tall rain clouds that reach far above the rest of the hurricane near the wall of the eye. They stretch at least to the ceiling of the troposphere – the atmosphere's lowest layer. The heat in the "hot tower" is generated by water vapour condensing into liquid water.

The hot towers, also known as convective bursts, are significant because scientists think they could be a precursor to a hurricane intensifying, a process that is still not well understood.

Dell, Office Depot sued over alleged patent infringement

Via The Inquirer.

THE INTERNET MEDIA Corporation is suing Dell, Office Depot, JC Penney, Williams-Sonoma and J. Crew Group over an alleged breach of patent.

Internet Media said it is the owner of US patent 6,049,835.

This describes a system for providing easy access to the World Wide Web using a published list of pre-selected Internet locations together with unique multidigit jump codes.

According to the plaintiff, each of the defendants provides catalogues and print adverts some or all of which include a code, which when entered into a box on a particular page, allows users to quickly access desired URLs.

Norway’s Telenor Launches U.S. Lawsuit Against Russia’s Alfa Group

Via MosNews.

Norwegian telecom group Telenor has filed a U.S. lawsuit against Russian investment consortium Alfa Group, further intensifying the dispute that the two companies are involved in over Ukrainian expansion plans by VimpelCom, Russia’s second-largest mobile operator. Both Telenor and Alfa hold large stakes in the telecom company. The information was reported on Wednesday, Aug 31, by the Reuters agency.

According to a filing with a U.S. district court in New York dated Aug. 26, Telenor is seeking to deny Alfa voting rights at a VimpelCom extraordinary general meeting scheduled for Sept 14. The meeting was called by Alfa’s telecom subsidiary Alfa Telecom in order to decide its Ukraine strategy.

Telenor, Norway’s biggest telecoms company, has a 26.6 percent stake in VimpelCom and has long been at odds with Alfa Telecom, part of billionaire Mikhail Fridman’s business empire, which owns a 32.9 percent stake. Telenor wants the court to issue an order restraining Alfa and linked companies from voting at the meeting until Alfa corrects what Telenor said were misstatements in a proposal for VimpelCom to buy a small Ukrainian mobile operator Ukrainian RadioSystems. Alfa wants VimpelCom to take over the company, which operates under the Wellcom brand, but Telenor has said the $200 million purchase made no business sense. “It would harm business value to invest so much in a company not worth a fraction of the amount,” Telenor spokesman Dag Melgaard said. He added that he did not know how long it would take the U.S. court to rule.

Awesome: WIkipedia on Katrina

The subject line says it all.

If you want to be simply awed by the power of the Wikipedia collaborative, just check it out.

I'm impressed more and more. Awesome job.

Amazon lubricates sales with sex toys

Iain Thomson writes in

Amazon has started selling sex toys on its website as part of a drive to broaden its product range.

Visitors to the US site can now choose from 37,000 items in the Sex and Sensuality sub-section. The current best selling items are lubricants and condoms, with no vibrators making it into the top 100 best sellers.

A spokeswoman for confirmed the move but said there were no plans to introduce a similar section for UK customers.

She emphasised that the items were part of the Health and Personal Care section and would be treated as such.

Long term impact of Voice over IM

Om Malik has some really interesting thoughts over on his Broadband Blog (which I happen to agree with, by the way) on the long-term impact of Voice over IM, and other so-called "thin clients":

If you took things at face value, then the recent fad of adding voice to the “instant messaging” clients is nothing but Silicon Valley’s version of keeping up with Jones. Yahoo (via DialPad acquisition), Microsoft (via Teleo acquisition), AIM, Google Talk and Apple’s iChat are taking a cue from Skype and giving their users to have free PC-to-PC calls.

Over a long term, these announcements add to what is continuing trend that is commoditization of voice. If Vonage introduced the phone world to flat rate plans, then Skype was largely responsible for micro-slicing the phone revenues. Voice over IM takes it one step further. Makes voice free! Yahoo and MSN hope this translates into consumer stickiness, while Google, one day hopes to attack contextual advertising to their voice. (And some day they want the voice IP stream to be searchable just like text.)

Computer alert saves drowning girl

Via the BBC.

A 10-year-old girl has been saved from drowning by a computer system designed to raise the alarm when swimmers get into difficulties.

The girl, from Rochdale, was at the deep end of the pool in Bangor, north Wales, when she sank to the bottom.

The £60,000 system, called Poseidon, detected her on the pool floor and sounded the alarm. A lifeguard pulled her out and she recovered in hospital.

It is thought to be the first such rescue in the UK.

The girl had just entered the water and she had only swum a few strokes before appearing to black out.

One of the safety system's four underwater cameras showed her sinking without any sign of a struggle into the 12ft 6in deep end.

Once she had lain motionless on the pool floor for three seconds, the computer sounded an alarm which also pinpointed which part of the pool the girl was in to the five lifeguards on duty.

Cisco as a "First Responder" after Katrina

An interesing article on MSNBC, by Alan Boyle, reports that:

In Hurricane Katrina's wake, researchers are bringing cutting-edge technologies to the disaster area, just as they did after catastrophes ranging from the 9/11 terror attacks to last year's Asian tsunami.

Among the first high-tech responders was Cisco Systems, which is setting up mobile communication kits and wiki-based networks to deal with Katrina's information overload. "Just wanted you to know that we will have 'feet on the wet street,'" Cisco's Lori Bush reported in a posting to fellow members of the National Institute for Urban Search and Rescue.

Some of the equipment, like the Cisco kits, can fit into a search-and-rescue effort instantly. Other gadgets are being put into service on the fly, in hopes of boosting the communication systems currently being used. And still others aren't yet ready for prime time but will be tested in real-world conditions.

Gaming addicts do time for neglecting kids

Lucy Sherriff writes in The Register:

The parents of four kids have been sentenced to three months in jail for neglect, after becoming addicted to internet gaming.

It emerged in court that both parents had become utterly engrossed in the online gaming world - the 28-year-old father spent all his waking hours playing online, the BBC reports.

Neighbours spotted two of the children standing naked on a window ledge, and called the police. The subsequent investigation uncovered what Arbroath Sheriff Court, Scotland, was told was one of the worst cases of neglect seen by police or social workers.

The youngest was found in a heavily soiled nappy. The other three were all dirty, and hardly clothed. Two of the children needed emergency dental work, and one had to have all her teeth removed.

In sentencing, Sheriff Norrie Stein said that the level neglect had been appalling.

"This neglect appears to have occurred over a significant period and despite extensive home support, clothing and laundry services, and parenting classes, you have clearly chosen to disregard your children," he said.

He concluded that there was no alternative to a prison sentence.

Tuesday, August 30, 2005

1&1 Offfers Private Registration With $5.99 Domains

Via Netcraft.

The U.S. unit of 1&1 Internet has beefed up its domain registration packages in a bid to compete head-to-head with Go Daddy and Yahoo for U.S. business customers, the company said today. 1&1's new plan is stilll priced at $5.99 for a one-year .com registration, but will now include private domain registration, a feature that is a paid add-on at other providers. The enhanced plans also include a 1 gigabyte e-mail account and a web starter page at no additional cost.

The moves by 1&1 will intensify the pitched battle to attract U.S. small business customers launching web sites. 1&1, which is based in Germany and hosts more than 5 million hostnames, says the new bundle will become its standard domain package, and is not a limited-time promotion. The move further blurs any remaining distinctions between hosting providers and domain registrars, as providers in both sectors diversify and use discounts and freebies to acquire customers. Private registrations could be the next battleground in the discount war.

Commications problems along Gulf Coast could worsen

An AP newswire article, via MSNBC, reports that:

Phone service was disrupted along the Gulf Coast for a second day on Tuesday as power outages and flooding from Hurricane Katrina kept call-routing equipment, network cables and cellular transmitters out of commission.

BellSouth Corp., the dominant local phone provider for the areas hit by Monday’s hurricane, said it had confirmed that at least 73,574 customers in Alabama, Louisiana and Mississippi were without service. It expected the figure would rise.

Most long-distance and cellular providers also reported troubles for a second day, though not all responded to requests for comment or quantified the extent of their problems.

As safety officials let repair crews enter some affected areas, it was possible that disruptions might spread. Backup generators and batteries that initially kept many local phone systems and cellular sites in service were in danger of exhaustion.

Sprint Nextel Corp. said a major call-routing switch in New Orleans remained nonfunctional Tuesday, disrupting wireline phone service as far as Florida.

3Com shareholders to meet in Austin

A little local news, courtesy of the Austin Business Journal:

Following its $430 million purchase in January of Austin-based TippingPoint Technologies Inc., 3Com will hold its annual shareholders meeting Sept. 28 at the Renaissance Austin Hotel.

On the agenda are election of three directors; approval of amendments to the company's stock plan; and appointment of Deloitte & Touche LLP as 3Com's accounting firm.

3Com's largest shareholders are Barclay's Global Investors NA, Brandes Investment Parnters LP and Merrill Lynch & Co. Inc., according to its proxy filing with the U.S. Securities and Exchange Commission.

NOLA's Times-Picayune distributed online only

Boing Boing -- I gotta hand it to you guys. You're on top of the situation with some great coverage of the post-Katrina catastrophe on the Gulf Coast.

Boing Boing has had some great coverage of the issues unfolding in and around New Orleans since Katrina rolled ashore -- I urge everyone reading this to stay tuned in to Boing Boing for more great updates. And remember -- RSS is your friend. :-)

Having said that, I'll only echo this one additional snippet (posted by Xeni):

The New Orleans newspaper is (AFAIK) for the first time in its history *only* printing online. Its offices have been abandoned, and there are no means of printing a paper edition. These reporters have been doing an astounding job of covering an unfathomably large, complex, horrible series of events.

I've heard a number of friends -- including displaced pals -- say that the story unfolding in New Orleans feels to them a lot like 9/11. This was the largest national disaster we'd ever seen in America. It changed New York, and the country, forever. In both, great human suffering. But on 9/11, two buildings that had become an iconic part of a great American city disappeared. Now, it's as if an entire city is disappearing.

MSN Buys VoIP Company

Via Red Herring.

Fresh on the heels of Google’s voice chat debut last week, Microsoft’s online portal MSN said Tuesday it has acquired Teleo, a San Francisco-based VoIP provider, for an undisclosed sum.

The financial details of the transaction were not disclosed. Company representatives said MSN had made a significant investment in VoIP so that consumers down the road will have another option to stay connected.

Portals MSN and Yahoo, and search engine Google have been adding communications services and other offerings to build their brands and encourage users to spend more time on their sites. On August 24, Google launched an instant messaging service called Google Talk as it sought to catch up with its competitors.

But Google doesn’t offer VoIP services.

With Teleo, MSN gets a two-year-old privately held company that allows consumers to call cell phones and landlines from their computers. Redmond plans to integrate Teleo’s technology into future releases from MSN.

Katrina Batters BellSouth's Phone Service

Nicholas Hoover writes in InformationWeek:

Areas of the Deep South have been hit so hard by Hurricane Katrina that BellSouth doesn't even know how many phone lines were downed by the storm. Repair technicians and engineers can't get to some of the worst areas to assess the damage.

Until residents return and report outages more extensively, BellSouth communication director Nadine Randall says, any estimates are tentative, preliminary and too low. Five million remain without power. But this afternoon, the company reported that more than 196,000 customers were without phone lines in the five southern states most heavily affected by Katrina. Randall expects these numbers to grow substantially in the coming hours and days and can't estimate how long it will take to restore access to all residents. However, BellSouth has dealt with 23 hurricanes in the last 10 years and has been preparing specifically for Katrina for more than a week. "We take our mission really seriously," said CIO Fran Dramis. "We run 20 percent of the nation's critical network, so we worry about this every day."

The company has 1,000 generators on stand-by so areas with no power might still have phone access. Employees sandbagged and sealed facilities to shield them from the harsh effects of wind and water. And a monitoring team watched Katrina with GIS tracking software, overlaying her path on top of maps of BellSouth's critical infrastructure to analyze who and where would be hardest hit.

The company has also discussed plans to quickly set up tent cities in New Orleans and southern Mississippi, as it did elsewhere after last year's hurricanes. These will provide food, sleeping space and assistance to BellSouth employees unable to return to their homes. The company has put hurricane tips on its website and has toll-free lines for employees to call for information. The next stage for BellSouth will be to send technicians in to do in-depth surveys. Several thousand BellSouth technicians will be sent in to do repairs even as the surveys continue. Service has been restored to about 90 percent of those who lost it last week when Katrina first came ashore in south Florida. "We will engage any and all resources necessary to restore service to our customers," Randall said. "It's a big storm, but we have the resources, the staff and the expertise to manage it."

Yahoo! -- A "Phisher-friendly" hosting domain?

So what's up with this?

A colleague alerted me to this earlier today (with permission to reprint):

My attention was drawn earlier today to yet another phishing site on Yahoo! - we're already finding extreme porn and other disreputable sites moving there now that their "abuse dept" has been dismantled and reassembled in Oregon, apparently with all staff-under-training.

But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like "" when they are set up on their servers, if only for reasons of due diligence ... otherwise Bank of the West might possibly have grounds for a lawsuit against Yahoo! ? Have any banks ever threatened to litigate against ISPs?

If ever there was an incident calling out to be made a test case ...

Details can be found here.


The fact that very many phishers, 419s, and spamming pornographers are flocking to Yahoo is the result of changes that Yahoo have made to their abuse processing. Also, as they run ClamAV on all mail to their "new" abuse desk in Oregon, any reports to them that contain evidence of phishing incidents are automatically rejected by the ClamAV filtering - so it is difficult to know exactly HOW Yahoo! could have been expected to take action on these cases.

(Yahoo! have been told about the situation by several respected individuals but from the reactions it seems that they do not care.)

A more interesting link can be found here.

That's very disturbing. Hmmmmm...

Creative says has patent covering iPod technology

Via Reuters.

Portable music player maker Creative Technology on Tuesday said it was awarded a U.S. patent that applied to Apple Computer Inc.'s iPod and other rivals.

Creative said it was considering its alternatives, but did not say whether it would file a patent suit, which is typically an expensive process, seek licensing agreements or even if it had contacted Apple, which had no immediate comment.

Creative said the patent covers the way music tracks are selected on a device using a hierarchy of three or more successive screens. On the iPod, for instance, users can scroll from artists to albums to songs.

Microsoft France exposes Vista release date

Tom Sanders writes on

Microsoft has revealed the projected release dates of Windows Vista and Internet Explorer 7 in a phone conversation with's French sister publication SVM, the publication claims.

"Beta 2 of Windows Vista, Microsoft's future operating system is slated for release in the first week of December 2005 at best," a posting dated Monday said. "The final release has been pushed back until September or October 2006."

Beta 2 of Internet Explorer 7 is set for Septebmer 2005 followed by the release of the final version in December, the story continues. The product launch will coincide with Vista beta 2.

A spokeswoman at Microsoft's headquarters in Redmond would neither confirm nor deny the report.

CSU: Computer holding student financial data breached

An AP newswire article, via The Mercury News (obnoxious, but free, registration required -- or use, reports that:

Computer virus attacks against a California State University computer storing financial data may have exposed the names and Social Security numbers of 154 people to hackers.

The computer was left momentarily vulnerable following a series of virus attacks earlier this month, but investigators had not determined whether any of the data was accessed, Clara Potes-Fellow, CSU's media relations manager, said Tuesday.

``There is a potential computer security breach,'' Potes-Fellow said. ``We don't know exactly whether they were successful.''

The computer was used by a financial administrator at CSU's Office of the Chancellor in Long Beach and housed records related to student financial aid programs.

Two of the data files pertained to financial aid administrators, the rest to students -- most of them enrolled at campuses in Chico, San Bernardino and San Marcos, the university said.

As required by California law, the university notified the individuals whose records were on the hacked computer.

The university was also advising them to contact credit-reporting agencies and consider placing a fraud alert on their credit reports.

Attorney General Gonzales' Internet Priority? Porn, not Terrorists

Thanks to Declan McCullagh's PoliTech for the pointer here.

An article by Julie Kay for the Daily Business Review, appearing on, reports that:

When FBI supervisors in Miami met with new interim U.S. Attorney Alex Acosta last month, they wondered what the top enforcement priority for Acosta and Attorney General Alberto Gonzales would be.

Would it be terrorism? Organized crime? Narcotics trafficking? Immigration? Or maybe public corruption?

The agents were stunned to learn that a top prosecutorial priority of Acosta and the Department of Justice was none of the above. Instead, Acosta told them, it's obscenity. Not pornography involving children, but pornographic material featuring consenting adults.

DISA Louisiana megacenter closed in wake of hurricane

Bob Brewin writes in

The Defense Information Systems Agency said its data processing megacenter in Slidell, La., will be closed until Sept. 2 in the wake of Hurricane Katrina.

DISA said that the Slidell facility appears to have weathered the storm fairly well, but the surrounding areas have been hit hard with widespread outages. Ironically, the Slidell megacenter serves as DISA’s continuity of operations facility, designed to take on the entire processing operations of any of the other 17 data processing facilities operated by the agency nationwide.

The Slidell facility has been selected for closure by the Base Realignment and Closure (BRAC) Commission, with its work slated to be transferred to other data center in the Northeast later this decade.

Katrina Spurs Companies To Initiate IT Backup Plans

Larry Greenemeier writes in InformationWeek:

As Hurricane Katrina cuts a wide swath of destruction through parts of Alabama, Louisiana, and Mississippi, many businesses have been forced to activate emergency backup plans due to flooding, power outages, and other adverse conditions. Not surprisingly, SunGard Data Systems Inc. has seen a sharp increase in the demand for its availability services as businesses affected by the storm cut over to the company's various backup and recovery sites.

Since Aug. 25, when Katrina was gearing up for its assault on Florida, more than 120 SunGard Availability Services customers have put the company on notice that they might have to use SunGard facilities. So far, 18 companies have actually invoked the services, with some relocating to SunGard locations in Las Colinas and Grand Prairie, Texas; Smyrna, Ga.; Carlstadt, N.J.; Scottsdale, Ariz., Wood Dale, Ill.; and Philadelphia. Others have called for SunGard to send out mobile data-center trucks or to ship equipment to their own backup locations. SunGard expects there could be another 10 disaster declarations from its customers in the region over the next few days.

The intensity of the storm also is likely to keep clients at SunGard or other backup facilities longer than most emergencies, says Bob DiLossi, manager of SunGard Availability Services' crisis management center in Philadelphia. Some companies are talking about staying for two or three weeks, more than double the average time that companies generally operate remotely during an emergency. In addition to servers and other data-center infrastructure equipment, SunGard clients are calling for workspace for their employees who need connectivity to the Web and to telephone lines. SunGard already has welcomed 125 displaced desktop users to its Texas, Georgia, and Pennsylvania facilities, and another 125 spots will be added by the end of Tuesday, primarily to do call-center work.

Microsoft ships next beta of Windows Server 2003 R2

John Fontana writes in NetworkWorld:

Microsoft on Tuesday shipped what could become the final code for the next version of Windows Server 2003.

The company made available for download what it calls Release Candidate Zero (RC0). A release candidate signifies that Microsoft has completed the software's feature set and met certain internal benchmark tests for stability. Microsoft officials said they plan to release an RC1 after evaluating feedback from testers of RC0. The final version of Windows Server 2003 R2 is expected to ship by the end of the year.

Windows Server 2003 R2 is built upon the recently released Windows Server 2003 with Service Pack 1, a collection of updates since Windows Server 2003 was released.

Key features of the R2 server include Active Directory Federation Services (ADFS), branch office support, integration of Services for Unix into the core operating system, new storage management features, support for the .Net Framework 2.0 and enhancements to the Windows SharePoint Services collaboration features.

Microsoft announced the first public beta of R2 in May of this year after a private beta with some 3,000 testers.

The software will be made available in Standard, Enterprise and DataCenter editions. The R2 release candidate zero is available for download

Skype Insists It Is Not For Sale; IPO Another Question

W. David Gardner writes in TechWeb News:

VoIP provider Skype Technologies is actively seeking to quell rumors that the company is for sale.

In an email exchange with TechWeb, a public relations representative for the company in the U.S, said flatly: “Skype is not for sale.”

The “for sale” rumors have been circulatinging in recent days along with the report that the Luxembourg-based firm has hired investment banking firm Morgan Stanley & Co. to examine its options including floating an IPO.

Skype did not comment beyond saying the firm is not for sale.

Communications Infrastructure No Match for Katrina

jfourier writes over on Slashdot:

"In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Cell phone circuits filled up during 9/11 attacks and in the wake of hurricane Katrina very few victims can make contact with their families, despite the fact that they have all those mobile phones. The Red Cross is looking to deploy satellite equipment From the article: to restore communications in affected areas.""Katrina made landfall in Louisiana early this morning with sustained winds of 145 mph, but veered just enough to the east to spare New Orleans a direct blow. Even so, flooding, power outages and heavy damage to structures were reported throughout the region. The Red Cross tomorrow expects to begin deploying a host of systems it will need, including satellite telephones, portable satellite dishes, specially equipped communications trucks, high- and low-band radio systems, and generator-powered wireless computer networks, said Jason Wiltrout, a Red Cross network engineer. "

Pakistan Deploys Facial Recognition to Battle ID Fraud

Via TechWeb News.

Pakistan is putting biometrics to work as the country battles identity and document fraud.

The National Database and Registration Authority, a Pakistan-based independent contractor, is using Viisage's face recognition technology to uncover identity fraud among passport holders and to prevent more occurrences. The database is expected to grow to 50 million records once enrollment is complete.

NADRA announced Monday that it has scanned 34 million images for duplicates in three months and is catching more than 100 fraudulent documents a day with Viisage's FaceTOOLS and FaceEXPLORER.

Viisage, based in Billerica, Mass., and NADRA also announced that they are working on opportunities to manage national ID programs in the Middle East, South America and Asia.

Another Windows Bug Open To Zotob-Like Attacks

Gregg Keizer writes in TechWeb News:

Another Windows vulnerability disclosed earlier in August is ripe for exploit, security firm Symantec said Tuesday.

After additional analysis of the Microsoft Print Spooler Service vulnerability, which Microsoft first described August 9 in a bulletin released that day, Symantec alerted customers of its DeepSight Threat Management System to patch the flaw immediately or risk attack.

"We always take the conservative viewpoint in our alerts," said Alfred Huger, the senior director of engineering for Symantec's security response team. "But when we release an alert, we're urging people to patch as soon as possible."

In fact, said Huger, although an exploit has not been seen in the wild, one will. "There's always someone who's smart enough to figure things out, and the law of averages say that an exploit will appear."

In fact, exploits have already been published privately among hacker groups, and are in the hands of customers of vulnerability tools like Immunity's Canvas. Symantec said it wasn't sure whether Immunity's exploit was only proof-of-concept code or what it called a "robust exploit" that could actually attack systems remotely.

Microsoft's original bulletin, marked as MS05-043, rated the bug as "critical," the Redmond, Wash.-based developer's highest alert warning for vulnerabilities. On Windows 2000 PCs, as well as Windows XP and Windows XP SP1, the win32.spl.dll can be exploited remotely via the RPC interface -- the same service used by the dangerous and damaging MSBlast two years ago this month -- and attacked anonymously, in other words, by anyone, even those without a legitimate log-in account.

Windows XP SP2 and Windows Server 2003 are not anonymously exploitable, both Microsoft and Symantec agreed, because of that version's more stringent checks in the RPC interface.

Phone networks struggle in Hurricane Katrina's wake

Via Reuters.

Telephone companies struggled to restore service and measure the damage to their networks in Louisiana and Mississippi on Tuesday after Hurricane Katrina cut power and triggered severe flooding.

A spokesman for BellSouth Corp., the largest local telephone company in the region, said while the company estimated about 53,000 lines were out in the two states, the actual numbers were likely to be higher.

Cingular Wireless and Sprint Nextel Corp. said cellular service in the area had been affected as well.

All three companies said power losses were the main threat to further service failures, but that flooding was hampering their efforts to reach network equipment.

Entergy Corp. reported more than a million customers without power in Louisiana and Mississippi, and warned customers to expect a long and difficult restoration that could take weeks.

New Orleans Mayor Ray Nagin told television station WWL that 80 percent of the city was under water, and authorities declared martial law in some areas.