Microsoft cancels Patch Tuesday...
Via the MSRC Blog.
This afternoon we revised the information in the Advance Notification to reflect a change for next week’s release. Microsoft will not be issuing any new security updates on September 13th as part of the September monthly bulletin release cycle. You can check out the revised information here.
So, why did we do this? Let me explain. Late in the testing process, we encountered a quality issue that we decided was significant enough that it required some more testing and development before releasing it. We have made a commitment to only release high quality updates that fix the issues at hand, and therefore we felt it was in the best interest of our customers to not release this update until it undergoes further testing.
When we moved to a monthly release cycle almost two years ago, we planned for a significant focus on testing. That focus means that sometimes the testing process and our decision to only release quality updates might mean a month without any updates. However, we are going to issue an updated version of the Malicious Software Removal tool next Tuesday along with one non-security, high priority update for Windows.
California lawmakers OK control of video game sales
Via Reuters.
California lawmakers have approved a bill that would ban the sale of violent video game to minors, but Republican Gov. Arnold Schwarzenegger has not yet taken a position on the legislation, his office said on Friday.
The bill would end the sale and rental of violent games to minors that depict serious injury which is determined to be especially heinous, atrocious or cruel. It also calls for $1,000 fines for violators and requires violent video games to be labeled.
The Democratic-controlled legislature approved the measure late on Thursday, but the governor's office said the actor- turned-politician -- whose Hollywood film career includes violent movies -- has not taken a position on the bill.
Assembly Democrat Leland Yee, who sponsored the legislation, noted U.S. Sen. Hillary Rodham Clinton has introduced nearly identical legislation at the federal level.
Microsoft tries, and fails, to recruit open-source guru
My favorite Snark (Eric Raymond) quote from this article:
"What were you going to do with the rest of your afternoon, offer jobs to Richard Stallman and Linus Torvalds? Or were you going to stick to something easier, like talking Pope Benedict into presiding at a Satanist orgy?" he wrote. "I’ve in fact been something pretty close to your company’s worst nightmare since about 1997."
Robert McMillan writes in InfoWorld:
Microsoft may be softening its rhetoric against Linux and open-source software, but that doesn't mean the company is ever going to be able to hire Eric Raymond. Earlier this week, a recruiter from the software giant tried to lure Raymond, one of the open-source movement's most visible boosters, Raymond said in an interview Friday.
On Thursday, Raymond received an e-mail pitch from a Microsoft recruiter asking him if he'd be interested in discussing a position with the software company.
The open-source advocate said he never gave the offer any serious consideration. "I thought it was an utterly ludicrous offer that deserved nothing but a ludicrous response," he said.
Raymond, one of the founders of the Open Source Initiative group that defined the term "open source," has been a constant and very vocal critic of the software vendor. He has also published a number of confidential Microsoft memos, dubbed the Halloween Documents, which have shed light into Microsoft's campaign against Linux and open-source software.
More space objects are discovered
Via PhysOrg.com.
The three objects -- temporarily named Xena, Santa and Easterbunny -- are among the largest objects discovered in the Kuiper Belt, an area at the very edge of the solar system, the San Francisco Chronicle reported Friday.
The astronomers are Michael Brown of the California Institute of Technology, Chadwick Trujillo of the University of Hawaii and David Rabinovitz of Yale University. Trujillo and Rabinovitz are discussing their findings this week at a planetary conference in Cambridge, England.
In an interview with the Chronicle, Brown said while Pluto is nearly 3 billion miles from Earth, Easterbunny and Santa are nearly 5 billion miles away and Xena is about 9 billion miles distant.
"Santa is crazy, and it's my favorite -- by far the weirdest of the three," Brown told the Chronicle. "It is ... shaped like a huge cigar, and it rotates end-over-end every four hours."
The International Astronomical Union will ultimately determine what to officially name the objects.
'Hot Coffee' Burns Take Two
Via Red Herring.
Take Two is still feeling the burn from the “Hot Coffee Mod” that added sexually explicit material to Grand Theft Auto: San Andreas.
Shares of the New York City-based game developer fell a combined 9 percent over Thursday and Friday, after the company earlier this week reported a third-quarter loss of $28.8 million, nearly double the loss from the year before. Take Two lost $0.41 per share, while analysts surveyed by Thomson Financial had been expecting a loss of $0.38 per share.
The wider losses came as quarterly sales rose 6 percent to $169.9 million as revenues were kept in check by the fallout from the sexually explicit modification discovered in the company’s best-selling game.
EU phone talks stall
Via The Internation Herald Tribune.
European Union nations said Thursday that they had made no progress in negotiations over a bill that would force telecommunications companies to keep records of phone and e-mail traffic as part of the EU's antiterrorist campaign.
Justice Minister Brigitte Zypries of Germany said talks among EU justice and home affairs ministers had made little headway because of concerns over the cost of retaining data and privacy issues that would arise if law enforcement officials across the 25-nation EU got access to phone and e-mail records.
FEMA to adjust IE-only Web site
Wilson P. Dizard III writes in GCN.com:
Following an outpouring of commentary in the blogosphere and the news media, the Homeland Security Department’s Federal Emergency Management Agency is retooling its Web site for disaster aid applications so that it won’t require the use of Windows-based PCs running Microsoft’s Internet browser.
Currently, the online FEMA application process works only with Microsoft’s Internet Explorer 6.0 and above, according to FEMA. “We are in the process of modifying the application so that it will be available to additional browsers, FEMA said in a notice on its site. “If you do not have Internet Explorer 6.0 or higher, you may still be able to check the status of your application and update your information online once you have registered by phone.”
The FEMA site advises would-be aid applicants that use incompatible browsers, such as Firefox and Netscape, to apply by phone. The agency’s phone banks accept aid applications 24 hours per day, seven days a week, according to the notice, which adds, “Currently the lines are quite congested and the best time to call is [between] 2 a.m. to 6 a.m. EDT.”
China Telecom Blocks Skype
Via Red Herring.
China Telecom, China’s largest telecommunications carrier, has begun blocking VoIP calls in an effort to stanch the massive loss of revenue it could sustain if a substantial percentage of that country’s 100 million Internet users switch their long-distance calling to Skype.
Reuters cited media reports and Internet postings as the source of its information that the former monopoly carrier has begun blocking Internet users from accessing Skype’s voice services in the city of Shenzhen.
The news service also cites a report in the Shanghai Daily that China Telecom plans to block Skype’s service throughout the country, eventually.
News reports said the carrier, which owns a large broadband network and controls a large network of ISPs, has created a “blacklist” of Skype users in Shenzhen and threatened punitive action against those who try to circumvent the carrier’s Skype blocks.
But is the blocking solely about slowing the drain on the carrier’s revenue, or are there national security issues that concern the Chinese government?
"The Six Dumbest Ideas in Computer Security"
Thanks to Bruce Schneier for pointing this out in his blog.
I know Marcus Ranum, and he is always quite entertaining. Having said that, I would have to agree with the majority of his points of view on security issues. Havinf said that, I give you Marcus' "The Six Dumbest Ideas in Computer Security".
Enjoy!
DOJ, FBI Pool Resources For Battle With Katrina Fraudsters
Gregg Keizer writes in TechWeb News:
Federal law enforcement stepped up its efforts to quash Katrina-related fraud Thursday by setting up a special task force to deal with the booming scam business.
U.S. Attorney General Alberto R. Gonzales announced the Hurricane Katrina Fraud Task Force as he toured the destruction in Louisiana and Mississippi.
"We cannot allow the kindness of Americans to be exploited in this time of disaster and crisis," said Gonzales in a statement. "This Task Force will help ensure that those offering a helping hand do not themselves become the victims of fraud, and that the money and support they so graciously and generously offer goes to the intended recipients, the many victims of Hurricane Katrina."
The task force, which will be chaired by Assistant Attorney General Alice Fisher of the department's Criminal Division, will include representatives from the FBI, the Federal Trade Commission (FTC), the Postal Inspector's Office, and the Executive Office of the United States Attorneys.
SiliconBeat: Google+Reuters?
Michael Bazeley writes over on SiliconBeat:
We don't usually traffic in unfounded rumors, but apparently the buzz among Wall Street traders is that Google wants to buy London-based Reuters. That's according to someone who spends a fair bit of his time talking to traders. Which maybe ties into this. Or maybe not. So there you go. Add it to the rumor pile.
Security Vulnerability Threatens Firefox
Nate Mook writes in BetaNews:
A security researcher has issued an advisory on a new vulnerability in Firefox that could lead to the remote execution of arbitrary code. The flaw was first reported to Mozilla developers by Tom Ferris earlier this week, but he opted to publicly disclose the problem following a disagreement.
The vulnerability relates to Firefox's handling of IDN, or international domain names, and can be exploited by long Web links that contain dashes. The flaw causes a buffer overflow and opens the door for malicious code to be run on a PC.
Texas cable group challenges telecoms video law
Via Reuters.
A Texas cable association on Thursday challenged a state law that would make it easier for local telephone companies like SBC Communications Inc. to offer video service to consumers.
The Texas Cable & Telecommunications Association said it filed a lawsuit in U.S. District Court in Austin seeking to invalidate the law, which was signed by Texas Gov. Rick Perry on Wednesday.
The law allows SBC and other local phone companies to get statewide permission to deliver subscription television services. Cable companies typically have had to get franchises from each city where they want to offer service and cable companies, like Time Warner Inc., opposed the bill.
"Competition can't flourish when businesses offering the same services are treated differently, for no reason. And without true competition, consumers don't benefit," said Tom Kinney, chairman of the TCTA board and president of Time Warner Cable's Austin division.
HP to cut 6,000 jobs in Europe
Marcel Michelson writes for Reuters:
U.S. computer giant Hewlett-Packard will shed 6,000 jobs in Europe with more than half the cuts in France, Germany and Britain, a union official said on Friday.
"They will start informing staff in all the countries in the coming week. But the information was given to the European works council at a meeting here," said Marc-Antoine Marcantoni of the European Metal Workers Federation in Brussels.
He said some 1,250 to 1,300 jobs would go in France and 145 in Belgium.
A spokesman for HP at its headquarters in Palo Alto, California said the company had no comment. The group has a total of around 151,000 employees.
A spokesman for HP in Britain confirmed a meeting of the European works council had taken place in Brussels.
TechWeb Interview: Cerf Discusses His Jump To Google
Antone Gonsalves writes in TechWeb News:
Vinton Cerf, often called the "father of the Internet," sees a growing need for innovation in software that can find creative uses for the sea of data flowing into the Internet each day.
As a result, the 62-year-old co-developer of the TCP/IP protocol that made it possible for computers to interact on the Internet said he was drawn to the work at search-engine giant Google Inc., which announced Thursday that it had hired Cerf as "Chief Internet Evangelist." Cerf is scheduled to start work Oct. 3.
"This is a place that's just full of creative energy, and I like places like that," Cerf said.
Daily gapingvoid.com fix....
Via gapingvoid.com. Enjoy!
MS Patch Day: Can 1 Bulletin Hit the Spot?
Ryan Naraine writes in eWeek:
Microsoft on Thursday announced plans to ship one security bulletin on Tuesday, Sept. 13, to provide patches for a "critical" flaw in its Windows operating system.
As part of its advance notice mechanism, the Redmond, Wash.-based software giant said the security update will require a restart and can be detected with the MBSA (Microsoft Baseline Security Analyzer) tool.
The solitary bulletin will give IT administrators a temporary respite from patching—especially after the clean-up from the recent Zotob worm attacks—but to many in the security research community, it underscores Microsoft Corp.'s sluggish approach to addressing known security vulnerabilities.
eEye Digital Security, a private research firm with headquarters in Aliso Viejo, Calif., maintains a Web page of Upcoming Advisories that have been validated by software vendors.
Next Tuesday, when Microsoft ships the Windows update, one of the eEye-discovered flaws will be 108 days overdue.
California PUC proposes Internet rules for utilities
A Reuters newswire article, via Yahoo! News, reports that:
California utility regulators on Thursday proposed rules to provide Internet access over electric power lines.
The California Public Utilities Commission proposed regulations for the state's investor-owned electric utilities to test broadband-over-power-line, or BPL, technology in the state.
Sempra Energy's San Diego Gas & Electric Co. utility unit is working on a BPL pilot, the CPUC said, and the Pacific Gas & Electric unit of PG&E Corp and Edison International's Southern California Edison subsidiary are considering test programs.
"California has been AWOL on developing BPL while other states have been forging ahead with testing and commercial development of this new technology," Michael Peevey, CPUC president, said in a statement.
Twenty-six other states have trial programs underway, according to the commission.
Missouri Yanks Offline Alleged Katrina Web Scammer
Gregg Keizer writes in TechWeb News:
A judge in Missouri ordered several Web sites shuttered Wednesday after the state's Attorney General accused a St. Louis man -- an alleged racist and anti-Semite -- of illegally soliciting donations for Katrina relief efforts. It was the first known case of an official crackdown on Web scams taking advantage of the disaster in Louisiana, Mississippi, and Alabama.
Early Wednesday, Attorney General Jay Nixon filed an injunction asking the court to shut down 10 sites, all which fed to a central hub at internetdonations.org, that were asking for donations to Katrina relief. Nixon also asked that all funds collected be returned.
Australia Introduces Laws To Sell Telstra
An AP newswire article, via Advanced IP Pipeline, reports that:
The government introduced legislation Thursday to allow it to sell former telecommunications monopoly Telstra Corp. and provide multibillion-dollar benefits for rural customers who fear that the privatization will harm their phone services.
Communications Minister Helen Coonan introduced two final bills into the upper house Senate Thursday to allow the largest privatization in Australia's history and reap the government an estimated 30 billion Australian dollars ($23 billion).
Three bills also associated with the sale of the government's 51.8 percent stake were introduced to the lower house Wednesday.
The government intends to use its majority in both houses to pass the bills into law by the end of next week.
Microsoft Security Bulletin Advance Notification
One extremely "critical" patch for Windows due on Tuesday.
Oh, goody!
Cisco Content Services Switches SSL Authentication Bypass Issue
Via FrSIRT.
FrSIRT Advisory : FrSIRT/ADV-2005-1680
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-08
* Technical Description *
A vulnerability has been identified in Cisco Content Services Switches (CSS), which could be exploited by remote attackers to bypass the authentication mechanism and gain access to protected contents. This flaw is due to an error when SSL encryption is performed on the CSS and SSL clients do not appropriately renegotiate the SSL session, which could be exploited by remote attackers to bypass the server verification of the client certificate and access protected content.
Note : This vulnerability is only applicable to situations where SSL encryption is performed on the CSS and client authentication using SSL certificates is enabled.
* Affected Products *
Cisco CSS 11500 Series Content Services Switches with the CSS5-SSL-K9 SSL module
Cisco 11501 Content Services Switch with SSL (CSS11501S-K9)
* Solution *
Upgrade the affected software :
http://www.cisco.com/warp/public/707/cisco-sn-20050908-css.shtml#swv
* References *
http://www.frsirt.com/english/advisories/2005/1680
http://www.cisco.com/warp/public/707/cisco-sn-20050908-css.shtml
Google hires 'Father of the Internet' Vint Cerf
A Reuters newswire article, via Yahoo! News, reports that:
Google Inc. on Thursday said it hired Internet pioneer Vinton Cerf to become the company's "chief evangelist."
Cerf, 62, whose official title will be Chief Internet Evangelist, was hired away from telecommunications company MCI Inc. and charged with exploring new Internet applications for the Web search company. MCI is in the process of merging into Verizon Communications Inc.
Justice Department Files Antitrust Lawsuit
An AP newswire article, via Yahoo! News, reports that:
The Justice Department sued the National Association of Realtors on Thursday, claiming it unfairly limits competition by allowing real estate agents to withhold home listings from Internet-based brokers.
The antitrust lawsuit, filed in U.S. District Court in Chicago, follows lengthy negotiations in which the government pressed the Realtors to drop restrictions designed to protect traditional brokers.
The association announced changes to its original plan Thursday, but the new steps were insufficient to ward off the lawsuit because the organization kept in place brokers' ability to discriminate against competitors who post listings online, said J. Bruce McDonald, deputy assistant attorney general in the Antitrust Division.
USA: Still the Bandwidth Big Daddy
Om Malik writes in his Broadband blog:
US consumers maynot have ample bandwidth, but from the looks of it, when it comes to sheer capacity, US is still the bandwidth big-daddy. This data collected by Telegeography says it all. Of course, it doesn’t mean anything to consumers who are thirsty for bandwidth! That’s the irony, isn’t it!
Top Internet Hub City: London, 1.1 Tbps bandwidth, 439 Gbps peak traffic
Top Internet Hub Country: United States, 1.4 Tbps bandwidth, 704 Gbps peak traffic
Top Internet Route: London - New York, 320 Gbps bandwidth, 153 Gbps peak traffic
Top Region for Traffic Growth: Latin America, 70% average growth
Top ISP by Autonomous System Connectivity: MCI, 3,102 connections
Top ISP by Number of Countries Connected: AT&T, 52 countries
Cheapest Place to Buy GigE Backbone Access: United States, $13 per Mbps per month
Highest International Bandwidth per Capita: Denmark, 38 Kbps per person
Russian Government Approves Sale of Telecom Giant Svyazinvest
Via MosNews.
The Russian government has approved a draft decree paving the way for the long-awaited privatization of telecom giant Svyazinvest, the Interfax news agency reported on Thursday, Sept. 8.
The decree, delayed earlier on security grounds, has been submitted to President Vladimir Putin for his approval, the agency said quoting a source in the government. The report could not be immediately confirmed.
The privatization of 75 percent minus one share in Svyazinvest — which analysts say could be worth nearly $3 billion — is seen as a key indicator of the government’s commitment to modernizing the economy.
Svyazinvest unites seven regional fixed-line operators as well as the national long distance operator Rostelecom, and it is expected that the government will retain a so-called golden share or right of veto in the privatized company.
eBay considering Skype?
Tim Richardson writes in The Register:
eBay is holding talks with internet telephony outfit Skype concerning a possible deal, according to a report by the Wall Street Journal.
Discussions are still at an early stage with insiders warning that they could end up amounting to nothing. Even so, both Internet companies are reportedly chatting in a deal that would value Skype at between $2bn and $3bn.
Yahoo says must abide by law in China after accusations
This particular issue has become hugely controversial.
A Reuters newswire article by John Ruwitch, via The Washington Post, reports that:
Internet giant Yahoo Inc. defended itself on Thursday against accusations that it supplied data to Chinese authorities which led to the imprisonment of a journalist, saying it has to abide local laws.
Press watchdogs accused Yahoo Holdings (Hong Kong) Ltd. of providing details about e-mail communications that helped identify, and were used as evidence against, Shi Tao, who was sentenced in April to 10 years in prison for leaking state secrets abroad.
Court Overturns Child Porn Conviction
Fredrick Kunkle writes in The Washington Post:
The increasingly common law enforcement tactic of having adult officers pose as children in Internet chat rooms to arrest potential sex offenders came under legal attack yesterday when Maryland's highest court ruled that the law does not allow the prosecution of people who merely believed they were dealing with children.
The Maryland Court of Appeals unanimously overturned the Frederick County Circuit Court conviction of Richard J. Moore, saying he could not be found guilty of committing a crime with a nonexistent victim.
The head of the Maryland State's Attorneys' Association said the ruling effectively guts efforts to catch people preying on children via the Internet.
Hackers Admit to Wave of Attacks
Kevin Poulsen writes in Wired News:
An Ohio computer hacker who served as a digital button man for a shady internet hosting company faces prison time after admitting he carried out one of a series of crippling denial-of-service attacks ordered by a wealthy businessman against his competitors.
In a deal with prosecutors, Richard "Krashed" Roby, 20, pleaded guilty in federal court in Toledo last month to intentionally damaging a protected computer, after launching a 2003 attack on an online satellite TV retailer that caused at least $120,000 in losses.
Huge Solar Flare Spotted
Via The Science Blog.
Scientists are currently tracking a very large flare that occurred on the Sun around 1:40 pm EDT (17:40 UT). The current estimate of the size of the explosion is X-17; that would place the flare as the fifth largest ever observed.
While the blast was not aimed at Earth, the event created a complete blackout of high frequency communications in North and South America. According to the NOAA Space Environment Center, communications used by emergency services along the Gulf Coast may have experienced problems due to this flare. Low frequency navigation systems may also have experienced a period of significant degradation. Further, they report that agencies impacted by space weather storms may experience disruptions over the next two weeks. These include spacecraft operators, electric power systems, high frequency communications, and low-frequency navigations systems.
New York Judge Grants Ebbers Bail
An AP newswire article, via SFGate.com, reports that:
A judge ruled Wednesday that former WorldCom CEO Bernard Ebbers can stay out of prison while he appeals his conviction for leading an $11 billion accounting fraud — a process that could take more than a year.
Ebbers, 63, had been due to report to a Louisiana prison on Oct. 12 to begin serving a 25-year sentence.
In her decision, U.S. District Judge Barbara Jones rejected arguments by prosecutors last month that Ebbers failed to meet the legal standard of raising a "substantial question of law" that could result in a reversal or reduction of his sentence.
Defense attorneys had challenged the judge's instruction to jurors that they could find Ebbers guilty if they believed he suspected a crime was being committed but intentionally looked the other way.
Google Settles Final Piece of Geico Case
An AP newswire article by Michael Liedke, via Yahoo! News, reports that:
Google Inc. has settled the last part of a lawsuit alleging the online search engine leader's advertising network illegally exploited insurer Geico Inc.'s brand, avoiding a trial on an issue that threatened to bog down one of the Internet's biggest moneymaking machines.
Geico announced the settlement late Wednesday without providing any details of the agreement. A Google spokesman didn't immediately return calls seeking comment. Geico's statement described the settlement terms as confidential.
Mountain View-based Google had already scored a major victory in the trademark infringement case, filed in May 2004 in a Virginia federal court.
In a ruling late last year, U.S. District Judge Leonie Brinkema rejected Geico's request to block Google from letting rival insurance companies to pay for the right to have their ads displayed after Geico's name is included in a search request.
Day two: Microsoft-Google courtroom showdown
Ina Fried writes in C|Net News:
Former Microsoft executive Kai-Fu Lee told a judge here on Wednesday that he was being honest but not necessarily providing a complete answer when asked by Microsoft officials in June whether he planned to rejoin the software giant after a sabbatical.
Lee's response came after King County Superior Court Judge Steven Gonzalez asked him whether he felt he was being misleading when he told Microsoft executives he planned to return to the company. Lee said that whether he took a job with Google or another company, he intended to return to Microsoft after the sabbatical to wrap up a few projects.
In your mind, was that an honest and complete answer?" Gonzalez asked.
"In my mind, that was not a complete answer, but it was honest," Lee said.
Duplication rife in on-line Katrina efforts
An AP newswire by Anick Jesdanun, via The Globe amd Mail, reports that:
The Red Cross set up one database to help refugees from Hurricane Katrina reconnect with their families. The National Center for Missing and Exploited Children created another to help displaced kids reunite with parents.
A flurry of other well-intentioned but largely duplicative efforts sprouted simultaneously on the Internet.
Efforts to reconcile all the scattered data have been, well, scattered.
Although the Internet makes it simple for people around the world to help out with disaster relief, confusion and frustration have reigned as refugees, families and volunteers are forced to sort through as many as 50 websites to check on loved ones.
Texas Governor signs sweeping telecommunications reform bill
An AP newswire article, via The Austin American-Statesman, reports that:
Phone companies can offer enhanced TV services throughout Texas under legislation signed Wednesday by Gov. Rick Perry.
Perry said the measure will spark new technology investments and create greater competition for video, cable and telecommunications services.
"I'm proud Texas is taking the national lead in bringing choice to cable customers, offering broadband over power lines, and investing in new telecommunications innovations," Perry said. The measure "will pave the way for new technology investments, create jobs and remove barriers to 21st century innovations."
The bill's writer, Rep. Phil King, anticipates the law will create of 12,000 new jobs and $1.8 billion in annual investment and spending.
The wide-ranging telecommunications bill would allow phone companies to avoid the thousands of local cable TV licenses that cable companies must acquire. Another provision allows big phone companies to set their own rates for basic services, which consumer advocates worry could cost Texans millions of dollars.
Texas is one of several states to consider the issue, with phone companies and cable companies engaged in a furious battle. Cable companies have vowed to fight such a law in court.
"The winners will be Texas consumers who will get more choices in their cable television service, and access to new innovations in telecommunications," Perry said.
Ben Edelman: How Expedia Funds Spyware
Bravo, Ben -- who has a detailed analysis of how Expedia funds spyware. From his blog:
Although Expedia claims to show ads only through advertising programs that users "want," my testing shows Expedia ads arriving through programs generally known as spyware -- programs that are widely known to become installed without user consent. My article has screenshots and details of programs' behaviors.
Link.
Cisco Gear Hackable, Net Security Risk Rises
Gregg Keizer writes in TechWeb News:
Cisco on Wednesday confirmed that routers and other devices running the newest versions of its IOS (Internetwork Operating System) are vulnerable to serious attack.
The San Jose, Calif.-based network hardware maker published a security advisory and recommended that users either upgrade to alternate editions or install fixed versions of IOS.
For its part, security giant Symantec immediately raised its overall Internet threat to "Level 2" from "1" earlier in the day. The last time Symantec had its threat set to "2" was during the Zotob attacks of August.
The flaw is in the Firewall Authentication Proxy for FTP and/or Telnet Sessions in later versions of IOS -- 12.2 through 12.4 -- and might result in either a denial-of-service (DoS) attack which would likely bring down the device or possibly a more dangerous scenario, where the attacker gains complete control of the device. Or both.
Katrina spawns 419-styled scams
Gregg Keizer writes in TechWeb News:
Nigerian-style scams that use the ongoing Katrina disaster are beginning to appear, said a security firm Wednesday.
In the typical 419 scam -- so called because of the numbering of the relevant code in Nigeria’s criminal law, and made popular by Nigerian-based fraudsters -- criminals send out spam promising recipients a share of a fortune supposedly inaccessible to the sender. In return for an upfront fee -- and therein lies the scam -- the recipient is told he’ll collect millions.
"The 419 scammers have decided to see if they can get a piece of the [Katrina] pie," said Moscow-based Kaspersky Labs in an alert posted to its site Wednesday. "[This sample] has all the hallmarks of a classic 419 - grammar and spelling mistakes and a large sum of money."
In the mass-mailed e-mail, the writer claims to be a Mexican national and illegal alien who works on a rescue team in New Orleans. "In a relief effort to save the lives of the indigenes, I personally made a recovery of some treasure boxes which belong to a private banking firm, here in New Orleans. These boxes which are currently in my possession were found to be containing uncountable number of defaced foreign currencies, which ranges from United States Dollars down to Japanese Yens, thus running into hundreds of millions of U.S. Dollars when converted," the scam goes.
FEMA director waited to seek Homeland help
Erm... Any bets on how long it takes before Brown (is asked to) resigns?
An AP newswire article, via MSNBC, reports that:
The government’s disaster chief waited until hours after Hurricane Katrina had already struck the Gulf Coast before asking his boss to dispatch 1,000 Homeland Security workers to support rescuers in the region — and gave them two days to arrive, according to internal documents.
Michael Brown, director of the Federal Emergency Management Agency, sought the approval from Homeland Security Secretary Mike Chertoff roughly five hours after Katrina made landfall on Aug. 29. Brown said that among duties of these employees was to “convey a positive image” about the government’s response for victims.
Data On My Phone? But Why?
Thank you, Mike, over at techdirt.com, for echoing what I've been thinking for a while now.
p.s. Stop stealing my thoughts. :-)
There's been this absolute certainty by some in the wireless industry that "wireless data" was clearly the next big thing. However, it still seems like there's as lot of wishful thinking going on. We've pointed out that users tend to want phones that work for communicating first, before they're interested in all sorts of features.
Combined with the fact that the costs of data services and phones is way too high, while the industry insists people want features they've rejected for forty years, such as video calls, and is it really a surprise at all that a recent survey found that not one person asked could say what kind of data package they had on their mobile phone? The problem is the same as it's been for years. The industry takes the "build it (and hype it!) and they will come" approach as opposed to actually understanding (a) why and how people use mobile phones and (b) explaining to them the real benefits of mobile data. So, they miss out on the fact that people use phones to communicate, not consume information. And they tell people about all sorts of useless things, focusing on the technology, rather than why it might be useful.
If they really want people to use and accept data they need to move more towards flat-rate pricing (as the article suggests) and open up the ecosystem to encourage development of useful applications, rather than having the operators take random guesses at what apps people will want and then waiting for people to show up.
DISA selects SI International for IPv6 support
Roseanne Gerin writes in GCN.com:
The Defense Information Systems Agency has awarded a one-year, $3.8 million task order to SI International Inc. to provide technical and personnel support for the Defense Department’s next-generation protocol for the Internet, the company said today.
Under the contract, SI International of Reston, Va., will provide support to the Defense Department’s Internet Protocol Version 6 (IPv6) transition office in the areas of transition management, technology transfer coordination, integrated solutions development, network transition solutions development and applications transition solutions development.
The company also will provide information assurance development and network management solutions development and training.
The company has been the prime contractor for the Defense Department’s IPv6 transition office for the past year, providing internetworking, transition planning and program management consulting services to support the rollout of IPv6.
US losing battle against identity theft
Robert Jaques writes in vnunet.com:
There have been at least 104 serious "data incidents" in the US since 1 January which represent just the "tip of an iceberg" in serious systemic computer security problems.
The incidents potentially affect more than 56.2 million individuals, according to the US-based non-profit Identity Theft Resource Center (ITRC).
Congressional committees are waging a turf war over a security breach notification law, while companies, governmental agencies and educational facilities are "mishandling information on a daily basis and putting all of us at risk of identity theft".
"We have been given a loud wake-up call. Is anyone planning to pay attention to the true problem, or will companies be allowed to continue to disregard the importance of your future and your financial identity?" warned the ITRC.
"How many breaches don't make the front page or are even reported to consumers because a company has deemed the breach not to 'cause significant risk of harm' to the individual or has buried it to avoid additional problems?
Who is jamming radio communications in New Orleans?
Okay, I don't have on a tinfoil hat, but after reading (weeding) through all the links and tracebacks associated with this story (or rather, set of reports), I think a lot of people are scratching their heads.
Via Boing Boing.
Bloggers following the emergency communications flow in New Orleans report that some frequencies are being actively jammed. This post on Jacob Appelbaum's blog points to speculation that a government agency may be responsible for some of that activity. Link
Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow
Via the Cisco web site.
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS® are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
Affected Products
Vulnerable Products
Devices that are running the following release trains of Cisco IOS are affected if Firewall Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface.
12.2ZH and 12.2ZL based trains
12.3 based trains
12.3T based trains
12.4 based trains
12.4T based trains
To determine the software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as "Internetwork Operating System Software" or simply "IOS." On the next line of output, the image name will be displayed between parentheses, followed by "Version" and the Cisco IOS release name. Other Cisco devices will not have the show version command, or will give different output.
The following example identifies a Cisco 7200 router running Cisco IOS release 12.3(10a) with an installed image name of C7200-JK8O3S-M.
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-JK8O3S-M), Version 12.3(10a), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Additional information about Cisco IOS release naming can be found at http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_white_paper09186a008018305e.shtml.
Refer to the Details section for more information about affected and unaffected configurations.
Products Confirmed Not Vulnerable
Products that are not running Cisco IOS are not affected
Products that are running Cisco IOS versions 12.2 and earlier (including 12.0S) are not affected. (excluding 12.2ZH and 12.2ZL)
Products that are running Cisco IOS are not affected unless they are configured for Firewall Authentication Proxy for FTP and/or Telnet Sessions.
Products that are running Cisco IOS XR are not affected
No other Cisco products are currently known to be affected by this vulnerability.
Daily gapingvoid.com fix...
Via gapingvoid.com. Enjoy.
Indian call center worker arrested
Dinesh C. Sharma writes in C|Net News:
Police have arrested a call center worker for alleged theft of personal customer information that the firm was handling for its clients.
The arrest was made after the call center, Saffron Global, reported the matter to the police. Company officials said that the worker was found copying personal information about customers onto a compact disc.
The employee has been booked under various provisions of the Information Technology Act and the Indian Penal Code. He appeared in a local court on Tuesday and was placed in judicial custody for 14 days.
The call center did not reveal the names of its foreign clients, although, according to its Web site, Saffron has handled work for American and British companies. Among its U.S. clients are a long distance telecommunications service, a cable and Internet services provider and a food products company.
Katrina Applies Supply Chain Stranglehold
Jacqueline Emigh writes in eWeek:
More than a week after Hurricane Katrina whipped through the Gulf region, many roads, production plants and warehouses in New Orleans and surrounding areas remain shut, forcing businesses to reroute product shipments elsewhere, either with or without support from high-tech tools.
As of this Tuesday afternoon, all roads into New Orleans were still closed, according to information posted on a Web site run by the Louisiana State Police.
But even beyond the human suffering and financial losses felt in the city itself, companies and consumers in neighboring communities in Louisiana, Alabama and Mississippi are already experiencing the impact of major supply chain disruptions.
Central Louisiana, for example, may have escaped hurricane flooding, but gas and diesel fuel are in extremely short supply there, and some food items are completely unobtainable, said Mike Pierce, general manager of 3-J's Trucking Company Inc., a Lecompte, La.-based regional trucking and warehousing firm.
Indian carrier to float $5 billion tender offer for telecom gear
K.C. Kishnadas writes in the EE Times:
Bharat Sanchar Nigam Ltd., (BSNL), the state-owned telecom services company, will float a tender offer for telecom equipment worth nearly $5 billion, one of the largest ever here.
The tender is intended to fund BSNL's expansion program for adding up to 60 million new mobile subscriptions here. BSNL currently has a capacity of about 16 million lines.
The tender offer will be floated in four weeks, said A. K. Sinha, BSNL's chairman and managing director.
The expansion program includes the launch of 3G services. At least 15 million of the proposed 60 million new lines will be for 3G subscriptions, he said. No date has been set for the launch of 3G services, but it is likely to be in early 2006, according to a Press Trust of India report from Calcutta on Wednesday (Sept. 7).
BSNL and the other state-owned telecom service provider, Mahanagar Telephone Nigam Ltd., are stipulating local manufacturing of equipment purchased under the expansion plan. The move is expected to speed the plans of many global equipment suppliers to set up manufacturing or assembly plants here.
Red Herring: Microsoft Executive Frustrated
Via Red Herring.
In a courtroom drama laced with bitterness, Google sought to portray Kai-Fu Lee, the central player in its legal tussle with Microsoft, as more of a frustrated, out-of-the-loop whipping boy at Microsoft and less of the mastermind bulging at the seams with the Redmond software giant’s trade secrets.
Microsoft is charging that Dr. Lee, a former Microsoft executive who landed a job at Google, violated his non-compete agreement by accepting a role at Google similar to his role at Microsoft.
Microsoft was granted a temporary restraining order by a Seattle, court barring Dr. Lee from working for Google. Tuesday’s session was a show-cause hearing on the temporary restraining order.
Dr. Lee, who was in charge of building Microsoft’s research center in Beijing, said he sent a memo to a fellow Microsoft executive saying he was deeply disappointed at Microsoft’s “incompetence” in China. He said that Microsoft wasted “so many years in China with little to show for it.”
Report: Spammers Cost Russian Internet Users $30M Per Year
Via MosNews.
Every year spammers do $30 million worth of damage to Russian Internet users, a study by UNESCO IFAP Russia has shown.
According to the RBC News agency during the period of study every email address in the domain zone IFAP.ru received from 8.4 to 11.7 Mb of spam monthly. An average spam message size can be anywhere between 4 to 46 Kb. The largest ones were 840 Kb.
Russia’s approximately 10-17.5 million Internet users pay an extra $2.5 million monthly or $30 million annually for Internet traffic caused by spammers.
If viruses are taken into account, then the sum will double, RBC points out.
Internet satellite imagery under fire over security
Panarat Thepgumpanat writes for Reuters:
Asian governments have expressed security concerns about easy access to detailed satellite images on the Internet, such as those used by rescuers in New Orleans, saying the technology could endanger sensitive sites.
Thailand and South Korea were the most vocal critics of the search tool on Wednesday, rounding on providers like U.S.-based Google Inc, which runs the Web site www.earth.google.com, and demanding action from Washington.
"We are looking for possible restrictions on these detailed pictures, especially state buildings," the Thai Armed Forces spokesman, Major-General Weerasak Manee-in, told Reuters. "I think pictures of tourist attractions should do."
Satellite images provided by Google have been widely used by broadcasters to show the damage caused by Hurricane Katrina. Such technology has also been used by authorities coordinating rescue and relief operations in the devastated area.
Dubya: Wish you were here.
One might ask, "What technology implications does this item have?"
Well, aside for the photoshopping aspects, absolutely nothing, It was just too poignant not to post.
We love ya, Boing Boing.
UK sets out case for data logs to fight terror
Aine Gallagher writes for Reuters:
Britain, which is pushing for new EU laws on data retention, said on Wednesday that logging and storing telephone calls, email and Internet use had helped its police trap suspected terrorists.
European Union states have agreed to speed up plans for common rules on the use of data after the July 7 London attacks but the strategy has drawn criticism from EU lawmakers and the European telecommunications industry.
Britain's Home Office, or interior ministry, cited examples of where stored telephone calls, email and Internet use had proved essential in crime investigations.
Britain currently holds the rotating chair of the EU.
Yahoo! Getting PR Body Slammed
I mentioned a couple of the problems that Yahoo! was having in the public relations department (unwittingly hosting phishing sites and allegedly providing evidence to Chinese authorities in the arrest of a online journalist) -- now, Mike, over at techdirtdirt.com points out that another serious allegation regarding Yahoo! has surfaced:
It would seem that September is not Yahoo's month. Lots of companies end up facing period of bad press, but in the last week alone -- with much of it coming in the last day -- it's amazing to see how many stories have started spreading that cast Yahoo in a negative light. Last week it kicked off with the story that the latest version of Yahoo's instant messaging offering bundled a lot more than users asked for in the "default" install -- leading to a number of pissed off users. Yesterday, came the accusations that Yahoo was becoming a haven for phishing scams and the quickly spreading news from this evening was the story of how Yahoo may have given Chinese officials the info they needed to track down and jail a journalist who had reported on things the Chinese government didn't want revealed.
To top it all off, I just came across an article saying that Al Qaeda terrorists are using Yahoo mailing lists -- again, placing the blame squarely on Yahoo. Obviously, there are a lot of different ways to respond to the various stories, but it seems like Yahoo has suddenly become a magnet for negative stories.
Ireland celebrates first anti-spam conviction
Via OUT-LAW.com.
Ireland's Data Protection Commissioner, Billy Hawkes, has secured his first conviction for a breach of the country's anti-spam law. A similar law exists in the UK but the UK Commissioner, Richard Thomas, has taken no such action to date.
Ireland is also considering stiffer penalties for spammers.
4's A Fortune Limited was found guilty of sending marketing messages to five mobile phones without the consent of the subscribers – in breach of Ireland's European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003. The law applies to phone and email spam.
The company – which describes itself as "Irelands first online casino-like cash game" – made a total of 165,000 calls, all to O2 customers; but the Commissioner's office is only empowered to investigate those calls that become the subject of complaints.
Microsoft sues European Commission
David Lawsky writes for Reuters:
Microsoft said on Wednesday it filed a lawsuit against the European Commission in a European Union court, the latest wrangle in its long-running battle against competition authorities in Brussels.
"Microsoft has filed an application for annulment with the Court of First Instance specifically concerning the issue of broad licences for the source code of communications protocols," a company spokesman said.
The issue relates to server software which runs printing, filing and security tasks for small office groups.
The Commission was expected to comment at its regular midday briefing.
USPS urges Katrina victims to e-file address change requests
Rob Thormeyer writes in GCN.com:
Bracing for a historic number of relocations, the U.S. Postal Service is asking those displaced by Hurricane Katrina to use the Internet where possible to file change of address requests.
In a notice Monday, the Postal Service said the best way to send the change of address forms is online at USPS’ Web site, or by calling 800-ASK-USPS. To date, more than 36,000 hurricane victims have filed to change their addresses.
While it did not give any estimates on when it will reopen the numerous post offices closed, damaged or destroyed by the storm, the agency said customers can use its Web site to check the status of Katrina-affected branches.
USPS also said it is establishing a new ZIP code for the Houston Astrodome, a stadium serving as temporary shelter to thousands of evacuees from the Gulf Coast, and will be setting up new ZIP codes for other sites being used as temporary hurricane shelters.
F5 Networks acquires Swan Labs
Loring Wirbel writes in the EE Times:
F5 Networks Inc., a Seattle-based pioneer in Web load-balancing products, has acquired Swan Labs Corp. in a $43 million cash transaction.
By pulling in new expertise in WAN optimization and application-layer acceleration, F5 has cobbled together a core of expertise similar to that obtained by Juniper Networks in April when it made simultaneous acquisitions of Peribit Networks Inc. and Redline Networks Inc.
Swan Labs was formed just over a year ago when Andrew Foss, former manager of the PIX group at Cisco Systems Inc., garnered $15 million in Series A financing, and added ex-3Com Chairman Eric Benhamou as its board chairman. Swan’s original plan was to offer the NetCelera WAN Optimizer as a standalone product. In December, Swan acquired the assets of Pivia Software Inc. to add application-layer acceleration to its product mix.
In July, Swan combined the NetCelera optimizer with Pivia application acceleration into a product called WANJet. The merged product uses Layer 5 TCP sessions as the basis of its acceleration, but operates on a two-tier data-reduction algorithm. Swan also continued to sell the WebAccelerator.
Skype Forms Joint Venture With Chinese Company
Antone Gonsalves writes in TechWeb News:
Skype Technologies and Tom Online Inc. of China have agreed to start a joint company that would distribute jointly developed Internet telephony software to service providers.
Tom, a Hong Kong-based wireless Internet service, and Luxembourg-based Skype have developed a Chinese version of Skype software under an agreement the companies launched in November 2004. The co-branded software has more than 2.5 million registered users, the companies said.
Tom has more than 70 million subscribers to its service, the company said.
Under the latest agreement, Tom will hold a 51 percent share of the joint venture, with Skype holding the remaining share. The combined company will develop, customize and distribute a simplified Chinese version of Skype software and premium services to Internet users and service providers in China.
Katrina "Cyber-Looting" update
Via the Internet Storm Center Daily Incident Handler's Diary.
In particular our handler Tom Liston is tirelessly verifying hurricane related URLs to find new cyber looters. In a couple cases, we found well meaning URLs, which are indistinguishable from fake "cyber looting" sites.
If you registered a URL related to Katrina and are collecting donations, please identify which 501(c) you are associated with and provide contact information. If you are using a personal paypal account, please consider that by collecting the money and passing it on to a charity, you will lose whatever commision paypal is charging you. It may be more efficient to just link to the chartiy of your choice.
Just to illustrate the problem, here a graph showing the number of 'katrina' domains registered over the last couple days.
Ex-Microsoft Exec Alleges Incompetence
Hey! This is starting to get interesting! :-)
An AP newswire article by Gene Johnson, via Yahoo! News, reports that:
Former Microsoft Corp. executive Kai-Fu Lee accused the software titan of incompetence in its plans to gain a business footing in China, and testified Tuesday that an expletive-filled tirade from Chairman Bill Gates was a low point before he defected to rival Google Inc.
In testimony during a hearing on Microsoft's lawsuit against Lee and Google, Lee said he wrote a memo to another Microsoft executive saying he was "deeply disappointed at our incompetence in China — that we have wasted so many years in China with little to show for it."
Lee went on to say in the e-mail that he was embarrassed by Microsoft's business practices and that people in the government joke about Microsoft's internal politics. But he didn't provide any details in his testimony Tuesday about what exactly the Chinese government was frustrated with.
The former executive testified that one of the lowest moments of his career with Microsoft was a conversation in which Gates yelled at him and said that the company had been "f-----" by the Chinese people and its government. Lee did not clarify the context of Gates' comments.
Lee also complained that Microsoft had more than 20 business groups operating virtually autonomously in China, with little cohesion.
News junkies find Wikipedia more than encyclopedia
Eric Auchard writes for Reuters:
The Wikipedia, which has surged this year to become the most popular reference site on the Web, is fast overtaking several major news sites as the place where people swarm for context on breaking events.
Traffic to the multilingual network of sites has grown 154 percent over the past year, according to research firm Hitwise. At current growth rates, it is set to overtake The New York Times on the Web, the Drudge Report and other news sites.
But the rising status of the site as the Web's intellectual demilitarized zone, the favored place people look for background on an issue or to settle a polemical dispute, also poses challenges for the volunteer ethic that gave it rise.
Rights group says Yahoo helped China jail journalist
An AP newswire article by Alexa Olesen, via USA Today, reports that:
French media watchdog said Tuesday that information provided by Internet powerhouse Yahoo Inc. helped Chinese authorities convict and jail a writer who had penned an e-mail about press restrictions.
The harsh criticism from Reporters Without Borders marks the latest instance in which a prominent high-tech company has faced accusations of cooperating with Chinese authorities to gain favor in a country that's expected to become an Internet gold mine.
Sunnyvale, Calif.-based Yahoo and two of its biggest rivals, Google Inc. and Microsoft Corp.'s MSN, previously have come under attack for censoring online news sites and Web logs, or blogs, that include content that China's communist government wants to suppress.
Reporters Without Borders ridiculed Yahoo for becoming even cozier with the Chinese government by becoming a police informant in a case that led to the recent conviction of Chinese journalist Shi Tao.
Police violence against journalists in New Orleans in Katrina aftermath
Via Reporters sans Frontières.
Reporters Without Borders voiced concern today about police violence against journalists covering the aftermath of Hurricane Katrina in New Orleans, especially about the attacks on reporters and photographers that took place on 1 September.
“We understand that the security forces are overwhelmed and we are aware of the great tension and the difficult conditions under which they are having to work in areas hit by Katrina, but it is very worrying that this is reflected in violence against journalists,” the press freedom organisation said.
“We believe that is essential that news coverage should be completely free and unobstructed in such a serious situation,” Reporters Without Borders added.
Reporter Tim Harper and photographer Lucas Oleniuk of the Canadian Toronto Star daily were the victims of police violence while covering a clash between police and looters. The police threatened them several times at gunpoint and, when they realised Oleniuk had photographed them hitting looters, they hurled him to the ground, grabbed his two cameras and removed memory cards containing around 350 pictures. His press card was also torn from him. When he asked for his pictures back, the police insulted him and threatened to hit him.
Harper said in a report about the police violence in the Toronto Star that, given the situation in New Orleans, there was not doubt that the police saw journalists as an obstacle to their efforts to regain control of the city.
Experts Warn of Katrina Identity Theft
An AP newswire article by Jennifer C. Kerr, via SFGate.com. reports that:
Social Security cards, driver's licenses, credit cards and other personal documents are literally floating around New Orleans, raising the prospect some hurricane survivors could be victimized again — this time by identity thieves.
Betsy Broder, the attorney who oversees the Federal Trade Commission's identity theft program, said the agency has not received any complaints yet. However, it's still early after the disaster and people have been focusing on more pressing needs, such as shelter, food and medicine.
"This is probably not the most immediate concern that people have, but at a certain point they need to stop and take stock of their financial health," Broder said Tuesday.
New York transportation network awards $212 million contract for security
Dibya Sarkar writes in FCW.com:
The New York Metropolitan Transportation Authority (MTA)has awarded a three-year, $212 million contract to a Lockheed Martin-led team to upgrade the authority’s electronic security infrastructure.
Under the Integrated Electronic Security System and Command, Communications and Control (IESS/C3) program, Lockheed’s team will design, develop and deploy the system, which includes maintenance options that could extend the program through September 2013, according to the company’s press release. The announcement was made about two weeks ago.
The team will install more than 1,000 cameras and 3,000 sensors – including motion and perimeter sensors, intelligent video, closed circuit television and other threat-detection technologies – throughout the MTA system, which is North America’s largest transportation network
After Lockheed’s team completes the program, security operators will have access to incident management response and recovery capabilities across MTA’s network. The program will also provide enhanced monitoring, surveillance, access control, intrusion-detection and response capabilities at certain locations.
eEye: Flaw found in IE, Outlook installation
Dawn Kawamoto writes in C|Net News:
A security flaw has been found in the default installation process for Microsoft's Internet Explorer, Outlook and Outlook Express, according to eEye Digital Security.
A common thread with these applications is the potential for a buffer overflow, which in turn could allow an attacker to gain access to users' systems remotely, said Mike Puterbaugh, eEye's senior director of product marketing.
eEye, which issued an announcement about the problem late last week, noted that systems at risk include those running Windows XP with Service Pack 0 or 1 and Windows 2000. The security specialist noted that it is still conducting reviews of the flaw and could find that other versions of the operating system are affected.
Microsoft is unaware of any attacks involving the reported vulnerability or any customers who have been affected, a company representative said.
The vulnerability is only the latest IE security flaw researchers have discovered since Microsoft released a cumulative update for the browser last month, Puterbaugh said. Other flaws reported in the past few weeks range from a vulnerability with version 6 of the browser on Windows XP with Service Pack 2 to an IE flaw involving the Microsoft DDS Library Shape Control file.
"I wouldn't be surprised to see Microsoft release another cumulative update for IE in the near future," Puterbaugh said.
FEMA to Mac, Linux users: Drop Dead
The list of bureaucratic idiocies continues to astound.
Via Boing Boing.
A stupid usability flaw in the FEMA website is causing frustration for some of the Hurricane Katrina survivors fortunate enough to have computer and internet access. Bottom line: if you're not using Windows + IE, it appears that you won't be able to file a disaster assistance claim on Fema.gov.
[...and an update later]
Good news! Hurricane survivors who've lost everything, but who've managed to obtain access to a connected Mac or Linux workstation, MIGHT be able to file claims at Fema.gov IF they install some fancy schmantzy hypergalactic extensions to their browsermajiggie thing.
UT hacker sentenced to probation, must pay $170,000
Steven Kreytak writes in The Austin American-Statesman (obnoxious, but free, registration required -- or use BugMeNot.com):
The former University of Texas student who hacked into the school's computer system and downloaded thousands of Social Security numbers in 2002 and 2003 was sentenced today to five years probation and 500 hours of community service.
U.S. District Judge Lee Yeakel also ordered Christopher Phillips, 22, to pay the school $170,000 in restitution.
As a condition of probation, Yeakel ordered that Phillips may not own software that would allow him to connect to the Internet and may only access the Internet for work or school-related reasons pre-approved by his probation officer.
Federal sentencing guidelines, which Yeakel was required to consult but not required to follow, called for a sentence of between 15 and 21 months in federal prison.
"It is my belief that this sentence is harsher than (prison)," Yeakel said.
FCC pushing carriers to fix nets destroyed by Katrina
George Leopold writes in the EE Times:
Responding to mounting criticism, the Federal Communications Commission issued a statement [.pdf] Tuesday (Sept. 6) reiterating that it is working with communications providers to restore networks destroyed by Hurricane Katrina.
Federal officials have been harshly criticized for failing to respond promptly to the catastrophic storm that destroyed New Orleans and devastated the Gulf Coast. Louisiana Gov. Kathleen Babineaux Blanco late last week blasted carriers for failing to restore communications across the state.
In a joint statement, FCC commissioners said the agency "has been in continual contact with the industry and has taken prompt action, where necessary, to provide regulatory relief to facilitate restoration efforts." It cited efforts to deploy alternative communications networks in the Gulf region to speed the efforts.
"We have also assisted in performing coordination activities between the industry and federal emergency authorities as appropriate," the agency said. "We will continue doing everything within our power to ensure the vitality of the nation's communications network. We are confident that all service providers will do the same."
Emergency personnel in the region said some regular phone service had been restored over the weekend in areas like Jackson, Miss., which is about 150 miles inland from the Gulf Coast. However, one official said Saturday (Sept. 3) that only incoming calls were getting through and that most residents were still unable to place outgoing calls.
A spokesman for the Department of Homeland Security said Tuesday that cellular and other communications networks were completely destroyed by the hurricane and that emergency personnel were working with ultilities to restore service.
Hacking fears bog down online banking growth
Dinesh C. Sharma writes in C|Net News:
The number of people who turn to the Internet for personal banking isn't growing--but those who are already hooked on such services are using them more often, a new survey has shown.
The percentage of Americans who conduct personal banking activities online has stagnated at 39 percent in the 12-month period ending August 2005, Ipsos Insight said in a study released Tuesday.
The research firm, which interviewed 1,000 American adults for the study, found that many consumers were worried that their personal information could either be stolen by hackers and phishers or sold to third parties by banks. Nearly 83 percent of those who conduct banking online reported such concerns, while 73 percent of respondents said personal information theft is a deterrent for them.
"The industry needs to convey that they are, in fact, addressing the fundamental issues of personal information protection and theft associated with online banking, because the public's misperception is what's deterring growth," Doug Cottings, senior vice president at Ipsos Insight, said in a statement.
Intel Takes Stake In Anti-Virus Maker Grisoft
Via ExtremeTech.
Intel has taken a $16 million stake in Grisoft, makers of the free AVG anti-virus software program.
The investment is Intel's largest in Central and Eastern Europe, the company said. In return, Grisoft will use the money to grow its customer base as well as "optimize" its software, the company said.
Grisoft supplies anti-virus software to 25 million PCs, Grisoft said. The investment is subject to approval by the competition council of the Czech Republic.
The Fairy Tale of 'Net Neutrality'
Via NewsFactor Technology News.
Today the technical becomes the political. If VoIP service providers can convince the FCC to mandate net neutrality as a requirement, and some believe that they can, they will neutralize service providers as competition. But the story of net neutrality would just be a fairy tale. Nice story, but not reality.
With broadband service providers in hot pursuit of the "value-add" dollars being vacuumed from their customers by VoIP service providers such as Vonage , it was no surprise to see the battle make its way to the front page of The Wall Street Journal earlier this month.
In short, a regional service provider decided -- apparently without mentioning it to customers -- to block Vonage calls from traversing its network. The FCC came to the rescue and forced the service provider to remove the block. Score one victory for VoIP service providers, but the battle has just begun.
It's what the Israelis would call a "balagan" -- a real mess. It might not be Gaza but the prospects for peaceful coexistence are probably about the same -- at least in the short term. VoIP service providers naturally want to keep the status quo and are calling for the industry to adopt a stance of "net neutrality," which tells service providers to keep hands off third-party traffic.