Saturday, September 17, 2005

France requiring ISP's to filter content harmful to minors?

Naje Jeval, a reader of the blog, alerted me to this notice.

Apparently, the alarm was sounded by the C'est l'association Iris that (paraphrased) "... the debate on the filtering of the contents on Internet would begin again.."

According to this Yahoo! News France article (ran through the Alta Vista Babelfish translator, so I have paraphrased):

The new proposal would require [ISPs] put in/near all their subscribers, in an automatic way, the technical devices powerful and activated by "defect" [keyword or URL alarm filtering] which make it possible to restrict accèss with the services of communication to the public on line putting in danger the minors. A decree in the Council d'Etat lays down the methods of this article. The significant issue, this time around, is especially the concept "activation" by filter alarm", which goes well beyond the means of simply supplying "software of parental control chosen, installed, configured by the parents in function their concerns for their children."


Although the debate about mandatory content filtering in France is not a new one, it appears that France is edging ever closer to their own "Firewall of France".

Enthusiast uses Google Earth to reveal Roman ruins

Declan Butler writes on Nature.com:

Using satellite images from Google Maps and Google Earth, an Italian computer programmer has stumbled upon the remains of an ancient villa. Luca Mori was studying maps of the region around his town of Sorbolo, near Parma, when he noticed a prominent, oval, shaded form more than 500 metres long. It was the meander of an ancient river, visible because former watercourses absorb different amounts of moisture from the air than their surroundings do.

His eye was caught by unusual 'rectangular shadows' nearby. Curious, he analysed the image further, and concluded that the lines must represent a buried structure of human origin. Eventually, he traced out what looked like the inner courtyards of a villa.

Mori, who describes the finding on his blog, Quellí Della Bassa, contacted archaeologists, including experts at the National Archaeological Museum of Parma. They confirmed the find. At first it was thought to be a Bronze Age village, but an inspection of the site turned up ceramic pieces that indicated it was a Roman villa.

Friday, September 16, 2005

Plan lets users be the judge of flaws

Joris Evers writes in C|Net News:

A plan to make it easier for companies to determine how hard they could be hit by security flaws is ready for prime time, according to its backers.

The Common Vulnerability Scoring System plan calls for a unified approach to rating vulnerabilities in software, to replace the proprietary methods many technology companies and security vendors use when determining the impact of a flaw.

The Common Vulnerability Scoring System, or CVSS, was developed under the auspices of the National Infrastructure Advisory Council, which advises President Bush about the security of information systems for critical infrastructure. FIRST, a worldwide consortium of security incident response teams such as the United States Computer Emergency Readiness Center, coordinates further CVSS development.

On Monday, FIRST plans to announce a push for wide-scale adoption of CVSS. Backers believe the rating system is ready to move into more general use after being a work-in-progress for the past year and a half. It was released publicly in late February, when a group of about 30 companies started testing it.

Update: Miami-Dade police officer suspended in unauthorized data access

An AP newswire article, via The Mercury News (obnoxious, but free, registration required -- or try using BugMeNot.com), reports that:

A Miami-Dade police officer has been relieved of duty and is under investigation for allegedly obtaining unauthorized access to Social Security numbers and other personal data on as many as 4,689 people maintained by ChoicePoint Inc.

The company, based in Alpharetta, Ga., said Friday that the U.S. Secret Service was investigating the matter but that it was unclear whether any identity theft had occurred.

The employee, ChoicePoint said in a letter to the potentially affected consumers, was not authorized to use the Miami-Dade Police Department's account with the company and ``had accessed information illegally and acted outside the scope of his employment.''

The consumer information accessed, with log-in and password, included Social Security data, drivers license numbers and dates of birth.

Detective Mary Walters, a Miami-Dade police spokewoman, said the officer involved was relieved of duty and an internal investigation was under way.

She declined to provide the officer's name or any details about where in the department the officer worked.

Update: Bob Sullivan writes on MSNBC, that in addition to the Miami-Dade incident:

The three other incidents announced Friday were:

  • Two California-based private investigators, Kenneth Beck and Robert Starr, allegedly used ChoicePoint’s data to hunt for possible identity theft victims, Lee said.
  • A Texas-based firm named RPM was found to have improperly accessed data.
  • An employee of an "accredited insurance” company that ChoicePoint would not name, citing contracts with the firm, was also alleged to have improperly accessed records.

In total, the three incidents resulted in 547 warning notices being sent to victims, Lee said.

Clam AntiVirus (ClamAV) Buffer Overflow and DoS Vulnerabilities

Via FrSIRT.

FrSIRT Advisory : FrSIRT/ADV-2005-1774
CVE Reference : CAN-2005-2919 - CAN-2005-2920
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-16

* Technical Description *

Two vulnerabilities were identified in Clam AntiVirus (ClamAV), which could be exploited by remote attackers or malware to execute arbitrary commands or cause a denial of service.

The first issue is due to a buffer overflow error in "libclamav/upx.c" when processing malformed UPX-packed executables, which could be exploited by attackers to compromise a vulnerable system by sending, to a vulnerable application, emails containing specially crafted files.

The second issue is due to an error in "libclamav/fsg.c" when processing specially crafted FSG-packed executables, which could be exploited by attackers to cause the application to enter an infinite loop.

* Affected Products *

Clam AntiVirus (ClamAV) version 0.86.2 and prior

* Solution *

Upgrade to Clam AntiVirus (ClamAV) version 0.87 :
http://sourceforge.net/projects/clamav/

* References *

http://www.frsirt.com/english/advisories/2005/1774
http://sourceforge.net/project/shownotes.php?release_id=356974


Hackers Targeting Security Hole in Twiki

Via Netcraft.

A serious security hole has been discovered in TWiki, the popular open source collaboration software. The vulnerability allows remote attackers to execute shell commands on affected systems, and is already being actively exploited, with some analysts warning that a worm could soon follow. A hotfix is available from the TWiki web site.

TWiki is an enterprise collaboration platform typically used on development projects. It is used for internal communications at companies including IBM, Yahoo, Circuit City, Reuters, Boeing, General Electric, Wachovia and ZoneLabs. Some large companies use it to run web-facing Wikis, such as British Telecom's UK Telco B2B Forum.

The TWiki program doesn't check URL parameters properly for shell metacharacters, leaving it vulnerable to revision numbers containing pipes and shell commands, according to the advisory. An exploit is possible on topics with two or more revisions, with the attacker gaining the same privileges as web server processes.

A Wiki is a web application that allows users to add content, as on an Internet forum, but also allows anyone to edit existing content. One popular example is Wikipedia, the user-compiled Internet encyclopedia, which has more than 700,000 entries. The TWiki web site has nearly 18,000 registered users.

Tony Li has left the buidling (Cisco) -- again....

Om Malik scoops:

Here is the latest from the Silicon Valley grapevine - the ultimate networking maverick, Tony Li, is leaving Cisco. Again! He had rejoined Cisco only a few months ago. He sent out an email to others at Cisco. Right now, file this in “rumored” category, but be assured, more to follow!

How the Internet killed the phone business

Thanks, David I.



Decision on .xxx domain delayed again

Anne Broache writes in C|Net News:

The fate of the highly controversial .xxx Internet domain will not be decided until "a future date," a representative of the Internet Corporation for Assigned Names, which oversees domain names, said Friday. ICANN's board of directors considered an agreement for the proposed virtual red-light district at a Thursday meeting but decided against taking action, directing ICANN staff to negotiate "additional contractual provisions" with ICM Registry, the Florida company that plans to operate the domain.

The Bush administration and conservative groups have recently voiced opposition to the domain's creation. ICANN pushed back its vote last month, though it did approve the .xxx concept back in June.

New Security Flaw Discovered in IE

Ed Oswald writes in BetaNews:

Security firm eEye released a notice on Thursday saying it had discovered a new flaw within Internet Explorer on both Windows XP and XP SP2. According to the notice, "A vulnerability in default installations of the affected software could allow for remote code execution."

Windows XP SP2 was touted as a much more secure version of Microsoft's flagship operating system. However, hackers have still found ways around the new security features, and flaws continue to pop up. Microsoft has been alerted to the problem, but as standard practice eEye will not release details of the vulnerability until it is patched or publicly acknowledged by Microsoft.

ICANN approves new TLD's: .XXX and .CAT

You know, at least one of these top-level domains (and arguably, both) show how out of touch with operational reality ICANN really is. Do people really expect online pr0n to simply pick up and move to the .XXX doman? And come on -- do we really need a whole TLD just for the Catalan language? I'll stop now before I really go off on a lengthy rant about the usefulness of some of the other TLD's that are used by virtually no one except for warez, phishers, and malware distributors.

An AP newswire article by Anick Jesdanun, via Yahoo! News, reports that:

The Internet's key oversight agency approved a domain name for the Catalan language Thursday while deferring final action on creating a red-light district on the Internet through a ".xxx" suffix.

Creating the ".cat" suffix for individuals, organizations and companies that promote the Catalan language and culture was relatively uncontroversial. Though the language is spoken largely in certain regions of Spain, backers say a domain name could unify Catalan speakers who live in France, Italy, Andorra and elsewhere. The name could begin appearing in use next year.

As for ".xxx," the Internet Corporation for Assigned Names and Numbers deferred final approval for the second time in as many months.

The board decided to seek changes to a proposed contract with ICM Registry Inc., the Jupiter, Fla., that would run the domain name for voluntary use by the adult entertainment industry. No details were immediately available on the changes sought.

The ".xxx" domain has met with opposition from conservative groups and some pornography Web sites, and ICANN postponed a final decision last month after the U.S. government stepped in just days before a scheduled meeting to underscore objections it had received. ICANN had given a preliminary OK in June.

Thursday, September 15, 2005

University of Miami, Ohio, discloses privacy data exposure

Thanks to a post by "DutchSter" over on Slashdot, which reveals:

"In the wake of other schools announcing the theft of hardware containing sensitive student information, Miami University, of Oxford, Ohio, has announced that a file containing the name, Social Security number, the grade point average for the Fall 2002 semester, cumulative grade point average, and other related academic information, such as credit hours attempted that semester, for all 21,000 students who attended the Fall 2002 term has been available on a web server for the last three years. The discovery was made this week and the university is taking steps to deal with the fall-out sure to come."


Japanese Phisher Gets Slapped on Wrist

Via Red Herring.

A Japanese man convicted of creating a fraudulent website to steal personal information was given a 22-month suspended sentence earlier this week, alarming security analysts who said Thursday the penalty is too soft and sets a bad precedent in the fight against scammers.

In Japan’s first case against phishing, Kazuma Yabuno, 42, was recently convicted of creating a website that tried to mimic Yahoo Japan by replacing the ‘h’ in the Yahoo with ‘f’ creating the name ‘Yafoo!’ The trick site’s name closely resembled the original and has the same pronunciation in Japanese.

Through the spoofed site, Mr. Yabuno proceeded to obtain account names and passwords of Yahoo members and gained illegal access to their email accounts.

A former computer systems engineer in Osaka, he was arrested in June and charged with violating copyright and unauthorized access. At the conviction, Judge Mitsuaki Takayama said that the sentencing took into account that Mr. Yabuno did not use the stolen information to commit other crimes.

US House panel staff unveil draft new telecom bill

Jeremy Pelofsky writes for Reuters:

U.S. House Energy and Commerce Committee staff on Thursday unveiled draft legislation aimed at overhauling U.S. telecommunications laws to address new technologies, such as Internet video and voice services.

The House Energy and Commerce Committee lawmakers will likely discuss the draft measure over the next few weeks and likely try to hold hearings on it in October, a congressional aide said, declining further identification.

The draft was prepared by staff for Republican Chairman Rep. Joe Barton of Texas, fellow Republicans Fred Upton of Michigan and Chip Pickering of Mississippi and Democrats John Dingell of Michigan and Ed Markey of Massachusetts, the aide said.

"We need a fresh new approach that will encourage Internet providers to expand and improve broadband networks, spur growth in the technology sector and develop cutting-edge services for consumers," Barton said in a statement.

Secret Cold War Spy Satellite Program Declassified by U.S.

Over on Space.com, Leonard David writes:

A bit of Cold War space history has been unthawed.

The National Reconnaissance Office (NRO), National Security Agency (NSA) and Naval Research Laboratory (NRL) have declassified the fact that a series of satellites was orbited from 1962 through 1971, designated POPPY.

POPPY’s mission was to collect radar emissions from Soviet naval vessels – an activity called electronic intelligence, or ELINT for short.

In total, seven POPPY satellites were lofted into space from 1962 to 1971: Dec. 13, 1962, June 15, 1963, Jan. 11, 1964, March 9, 1965, May 31, 1967, Sept. 30, 1969, and Dec. 14, 1971.

The POPPY Program operated from December 1962 through August 1977.

FCC Seeks New Bureau For Disaster Management

Paul Kapustka writes in Advanced IP Pipeline:

FCC Chairman Kevin Martin on Thursday proposed the creation of a new internal bureau inside the agency to coordinate the planning and response actions for communications services during national disasters, as part of the agency’s response to communications failures in the face of Hurricane Katrina.

Speaking at the end of the commission’s monthly open meeting -- which was broadcast on the Web from the Atlanta-based emergency-operations center of telecom provider BellSouth -- Martin said that in addition to the new bureau, the FCC would also provide approximately $200 million in financial assistance to telecom customers and companies, and also convene an “expert panel” to review what lessons might be learned from the effects of Katrina.

Martin’s comments followed those from a long list of telecommunications and broadcast industry representatives, who mostly detailed what damage Katrina had inflicted on their infrastructures, and how they had responded in their attempts to restore service. According to Ken Moran, the FCC’s director of its office of homeland security, there are still almost 350,000 customers without wireline phone service, and still three 911 centers in Louisiana that are inoperable.

UC-Berkeley laptop with personal data of 98,000 recovered

A Reuters newswire article, via Yahoo! News, reports that:

A stolen laptop computer holding personal information of more than 98,000 California university students and applicants has been recovered, but it uncertain whether the information had been tapped, the University of California, Berkeley said on Thursday.

The laptop, which stored names and Social Security numbers, disappeared in March from a restricted area of the university's graduate division offices, forcing the university to alert more than 98,000 students and applicants of the theft.

The university said in a statement that a San Francisco man has been arrested and charged by the Alameda County district attorney with possession of stolen property after investigators discovered the laptop had been bought over the Internet by a man in South Carolina.

"UC police note that while a lab analysis could not determine whether the sensitive campus data was ever accessed, nothing in their investigation points to identity theft nor individuals involved in identity theft. It appears ... that the intent was simply to steal and sell a laptop computer," the university said in its statement.

Forensic tests showed files on the laptop had been erased and written over with a new operating system installation, leaving only residual data and making it virtually impossible to determine whether password-protected files had been breached, the university said.

Mississippi gets satellite technology to help with recovery efforts

Dibya Sarkar writes in FCW.com:

A Virginia-based satellite technology company is lending Mississippi’s public safety department a mobile communications trailer equipped with computers and voice over IP-enabled phones to aid hurricane relief and recovery efforts.

A spokesman for Segovia, which bills itself as the first global satellite network to support IP communications, said the trailer is en route to Gulfport, Miss., which is one of the areas ravaged by Hurricane Katrina, and should be operating by this weekend, if not before. He said the company contacted Gov. Haley Barbour’s office, which accepted the company’s offer.

The trailer will provide broadband Internet access and IP telephones for 20 people, but it can handle as many as 250 people, the spokesman said. The company is picking up all of the state’s phone charges and will have two technicians on site for at least three weeks.

U.S. Takes Action Against Bank in China

An AP newswire article by Jeannine Aversa, via SFGate.com, reports that:

The Bush administration took action Thursday against a bank in China for what it said were lax money-laundering controls, alleging the bank helped North Korean customers distribute counterfeit currency and engage in other illicit activities.

The Treasury Department designated Banco Delta Asia SARL as a "primary money laundering concern."

That designation alerts the global financial community about the alleged problems associated with the bank, which is located and licensed in Macau, China. The department also proposed that the bank be cut off from the U.S. financial system.

The 2001 USA Patriot Act gives the department the powers to take the action.

Former Austin police detective guilty of possessing child porn


Image Source: Brian K. Biggs /American-Stateman


..and in disgusting local tech-related news, Steven Kreytak writes in The Austin American-Statesman (obnoxious, but free registration required -- or use BugMeNot.com):

A former Austin police detective pleaded guilty to seven counts of child pornography in federal court Thursday, admitting that he possessed on his personal computer hundreds of images of male and female children engaged in sexual acts.

Lance McConnell, 34, faces between 5 and 120 years in federal prison and $1.75 million in fines when he is sentenced by U.S. District Judge Sam Sparks November 18.

Both McConnell, who remains free on bond pending sentencing, and his lawyer Rip Collins declined to comment as they left the federal courthouse downtown.

Special Assistant U.S. Attorney Grant Sparks said in court that during a March 23, 2005, search of McConnell's home on Mockingbird Lane in Lockhart investigators seized several computers, including one with between 300 and 600 digital images and movie files of child pornography.

Those included ones of prepubescent children engaging in sex acts with each other and with adults, according to court documents.

The computer also showed evidence that McConnell had e-mailed "dozens of images" and kept the pictures in organized folders, Grant Sparks said.

RIAA sends letters to P2P services

Dawn Kawamoto writes in C|Net News:

The Recording Industry Association of America has sent letters to seven peer-to-peer companies, asking them to halt what the RIAA alleges is their practice of encouraging users to illegally distribute copyrighted material.

The RIAA's actions follow a U.S. Supreme Court ruling in June against P2P services provider Grokster and marks one of the first actions the recording industry trade group has taken against P2P services beyond Grokster. In a unanimous decision, the court said companies that build businesses with the active intent of encouraging copyright infringement should be held liable for their customers' illegal actions.

"Companies situated similarly to Grokster have been given ample opportunity to do the right thing," a RIAA spokesperson said. "Those businesses that continue to knowingly operate on the wrong side of that line do so at their own risk."

The letters were mailed to seven file-sharing companies, according to a RIAA spokesperson, who declined to identify the companies.

China produces movie about dangers of the Internet

An AFP newswire article, via Yahoo! News, reports that:

Chinese authorities have helped produce a movie that will educate its youth on the dangers of excessive Internet use, state media reported.

"Internet Teenagers," currently showing in theaters across the nation, deals with the "appropriate use of the Internet and smooth communication with adolescent children," the China Daily said.

"Some students choose to indulge themselves in virtual reality, where they believe they can find relaxation, entertainment, self-esteem and friendship, and not face real life," said Shi Xuehai, the director.

The movie's story line has a teacher coach a group of problem children who also happen to be "high-tech geniuses," according to the paper.

US Senate turns aside Web gambling ban for now

A Reuters newswire article, via Yahoo! News, reports that:

The U.S. Senate on Thursday turned aside an attempt to restrict Internet gambling in a procedural move, but Sen. Jon Kyl vowed he would try again and said he expected the legislation would become law eventually.

The Arizona Republican tried to attach language restricting Internet gambling to an annual spending bill that must be passed this year, but an unnamed Democrat objected to attaching an unrelated matter to the spending measure under consideration.

Kyl said his legislation would require banks and credit card companies to block payments to online Internet gambling sites. He said some firms were already voluntarily blocking money transfers.

"We will proceed with this, it will become law at some point at some time," the Arizona Republican said on the Senate floor. "There should be no reason why we can't move forward on this."

Massive sunspot has Earth in its sights




Lucy Sherriff writes in The Register:

A sunspot five times the size of Earth could wreak havoc with satellites and radio communication systems, scientists warn, as it moves across the face of the sun and Earth moves directly into its firing line.

Seven huge X-class flares have already erupted from the spot, including one of magnitude X17 last Wednesday that made it into the record books as the fourth largest ever seen.

The US National Oceanic and Atmospheric Administration (NOAA) said that the flares have already caused problems with some electric power systems, radio communications and global positioning equipment.

It went on to warn that further flares are likely in the next week, and because the sunspot is moving into line with Earth, the risk of disruptions is even greater as the solar activity will strike the planet head-on.

Verizon Wireless Wins Injunction Against Data Thieves

David Haskin writes in Mobile Pipeline:

Verizon Wireless said Thursday that it has received a court order preventing a Tennessee company continuing what Verizon calls the theft of subscriber information.

The wireless operator received an injunction against Source Resources of Cookeville, Tennessee. The permanent injunction prevents Source Resources from acquiring, possessing or selling customer account information without either a court order or the subscriber's permission.

"They call themselves private investigators," Verizon Wireless spokesman Jeffrey Nelson said in an interview. "They are common identity theft crooks."

In its initial court filing in July, Verizon Wireless claimed that Source Resources used "deceit, trickery and dishonesty" to obtain customer records. Specifically, the wireless operator claimed that Source Resources "is engaged in wrongfully obtaining confidential customer information (such as the customer's calling records) … by posing as a customer of Verizon Wireless seeking information about his or her own account."

The Source Resources "investigators" provided Verizon Wireless customer service agents with security information, such as the victim's social security number of mother's maiden name. That information was, according to Verizon's brief, "wrongfully obtained."

USA Today Calls for ICANN to Adopt .XXX

Thanks to Bret Fausett for pointing this out. Bret writes in his ICANN Blog:

This has to be a first: a major U.S. newspaper has an unsigned editorial recommending that the ICANN Board take a certain action. In this case, implement.XXX. Here's an excerpt:

"The [ICANN] Board shouldn't bow to the pressure. Internet porn is big business driven by big demand. It can't be eradicated. But trying to improve the protections for parents is a good idea — including a .xxx domain experiment."

Blockbuster Probing Online Video-On-Demand

David Koenig writes in The Washington Post:

Movie-rental giant Blockbuster Inc. continues to take small steps toward a rollout of online video-on-demand in the United Kingdom while rival Netflix Inc. plans a small-scale test in the United States this year.

Blockbuster demonstrated an online video service at a trade show in Europe last week and has completed a test involving 5,000 British households, but officials downplay talk of service in the very near future.

Spyware getting nastier

Guy Matthews writes in The Inquirer:

SECURITY VENDOR Aladdin Knowledge Systems says 15% of spyware is successfully stealing passwords and logging keystrokes.

It says spyware is increasingly used to steal logged-on user names and administrator passwords, as well as tamper with instant messaging and email addresses. Aladdin’s study illustrates that a growing amount of spyware is specifically designed for identity theft and continues to compromise both personal and commercial privacy, with potentially dangerous effects for large organizations in need of protecting proprietary information.

The vendor classifies spyware into three clear types:

Severe Threat – 15% of spyware threats send private information gathered from the end user currently logged on to the infected system, logging the user's keystrokes, logged-on user name, hash of administrator passwords, email addresses, contacts, instant messengers login and usage, and more.

Moderate Threat – 25% of spyware sends information gathered from the victim's operating system, including the host name, domain name, and logs all processes running in memory.

Minor Threat – 60% of spyware transmits gathered commercial information about the end user's browsing habits, including keywords used in search engines, browsing habits and ratings of frequently visited websites.

Time Warner, Microsoft in talks on AOL

A Reuters newswire article, via Yahoo! News, reports that:

Time Warner Inc. and Microsoft Corp. are in advanced talks over Microsoft buying a stake in Time Warner's America Online unit, the New York Post reported on Thursday.

Citing two unnamed sources familiar with the matter, the Post said the talks concern Microsoft acquiring an AOL stake and then combining it with Microsoft's Web unit MSN.

Microsoft would pay some money to Time Warner for the AOL stake, leaving the two companies approximately equal partners in the venture, the Post said.

A Time Warner spokeswoman declined to comment. Microsoft was not immediately available for comment.

Dutch to Create Cradle-To-Grave Database

An AP newswire article by Toby Sterling, via Yahoo! News, reports that:

The Dutch government will begin tracking every citizen from cradle to grave in a single database, opening a personal electronic dossier for every child at birth with health and family data, and eventually adding school and police records.

The Health Ministry says the new database will begin Jan. 1, 2007.

As a privacy safeguard, no single person will be able to access someone's entire file. And each agency that contributes to the records will maintain its own files as well.

But organizations can raise "red flags" in the dossier to caution other agencies of potential problems with children, said ministry spokesman Jan Brouwer. Until now, schools and police have been unable to communicate with each other about truancy records and criminality, which are often linked.

Wednesday, September 14, 2005

Daily gapingvoid.com fix....

Via gapingvoid.com. Enjoy!

Austin American-Statesman Launches Community Blogs

An Editor & Publisher Online article, via Yahoo! News, reports that:

The Austin American-Statesman became the latest newspaper to embrace citizen journalism this week with the launch of StatesmanBlogs.com and Austin360Blogs.com.

The citizen-blog sites act as companions to the news-centric Statesman.com and entertainment-focused Austin360.com. Both use software developed by Austin-based Pluck.

"The mutual launch is to build audience, create loyalty, and make us the information authority people turn to in the market," says Jim Debth, Internet General Manager for the American-Statesman, which is owned by Cox Newspapers. "Since the beginning of time newspapers have been community resources, and this helps us keep our community connection and grow our audience participation."

The Statesman has launched the blogs using existing resources, and currently has no plans to increase staff to manage the new sites. "Since this is a new venture for us, we're helping to seed the initial blogging" with "friends of friends," Debth says, before adding that the eventual plan is for users to contribute 100% of the content.

White House Deed Winds Up in Casino's Hands

Via PR Newswire.

The only known deed to exist for America's most famous address has been bought by Internet casino and poker room GoldenPalace.com for an unbelievable $43.45 through online auction house http://www.eBid.tv.

While conducting research for his upcoming book "Night of the Realtors", in which a Canadian realtor sells the White House, seller David Jenneson discovered that the U.S. Government has no deed recording the property ownership for 1600 Pennsylvania Avenue.

According to Jenneson's eBid page, he sent a written request to the U.S.National Archives regarding the deed. A two-month search resulted in the archives office sending a letter stating they could not find the deed for the White House. After an extensive amount of legal survey and analysis, Jenneson acquired the only known deed in existence.

"The winning bid will acquire a Quitclaim Deed for the famous property, plus a signed copy of my book Night of the Realtors," said Jenneson on his eBid page.

FCC to probe Katrina telecom failures

George Leopold writes in the EE Times:

The Federal Communications Commission will meet in Atlanta on Thursday (Sept. 15) to determine how telecommunications networks collapsed in the aftermath of Hurricance Katrina and to find ways to prevent future failures.

The agency said it will empanel a broad range of telecom industry executives, communications workers, broadcasters and industry groups during its monthly meeting in the Georgia state capital. The FCC seldom holds monthly open meetings outside of Washington.

The meeting appears to have been convened in response to widespread criticism of the federal response to the devastation caused by Hurricane Katrina. As of earlier this week, reports found that many local Internet networks in the region remained offline.

On Wednesday (Sept. 14), members of the commission investigating the 9/11 attacks called the lack of interoperable communications across the Gulf region after the storm a "scandal." In its final report, the 9/11 commission highlighted emergency communications as a key priority.

Among those scheduled to participate in the FCC meeting are: Rod Odom, president of network services at BellSouth Corp.; Booker Lester of the Communications Workers of America; former congressmen Steve Largent, now president of the CTIA Wireless Association; Willis Carter of the Shreveport, La., fire department; and executives from TV and radio broadcasters.

Live audio coverage of the meeting will be broadcast on the FCC's Audio Events Page.

Senators request $5 billion for emergency networks

Anne Broache writes in C|Net News:

In the wake of Hurricane Katrina, senators are clamoring for billions of dollars to enhance the communications network that first responders rely on during emergencies.

Sen. Debbie Stabenow, a Michigan Democrat, has proposed that Congress provide $5 billion in "immediate" funds intended "for the basic hardware that allows emergency responders to talk with one another and coordinate their efforts," according to a press release from her office.

The proposal, co-sponsored by eight Senate Democrats, is one of a slew of proposed amendments to the Commerce, Justice and Science appropriations bill, which is currently under debate and could go to a vote later this week.

The brief, broadly phrased amendment would place the funding in the hands of the Department of Homeland Security, which would then pass it on as grants to state and local entities. Two months ago, Stabenow offered a similar addition to the Homeland Security appropriations bill, but her measure was defeated.

India prods telecoms to interconnect

A UPI newswire article, via PhysOrg.com, reports that:

The Indian government is urging the country's telecom companies to speed up the process of interconnecting with one another.

Telecom Secretary J.S. Sarma said he would hold monthly meetings on the effort among India's public and private companies.

Press Trust India said Wednesday that the absence of such interconnections was seriously hampering expansion of the telecom network in both urban and rural areas.

Some private operators contend that some 2,000 applications for interconnections have been pending with telecom giant Bharat Sanchar Nigam Limited for as long as two years.

Let's Hope eBay's Lawyers Have Read Up On Network Neutrality...

Over on techdirt.com, Mike writes:

Someone at eBay might not be happy about this bit of news today. Just days after spending billions of dollars to buy Skype, a company that makes traffic management technology for broadband providers is offering up a Skype filter that will let broadband providers block out Skype traffic.

They're not the first, obviously, as some operators and even countries have looked at or implemented various Skype-banning systems. However, it is interesting to see the Skype blocking feature being so prominently mentioned. This probably means that eBay is going to have to become a bit more proactive in the whole network neutrality discussion -- otherwise they may just discover that operators (especially outside the US, which was one of the main reasons cited by eBay for buying Skype) are making their latest purchase worthless.

FU Cheney: See Movie, Buy Shirt

Jenn Shreve writes in Wired News:

In the past two weeks, Dr. Ben Marble of Gulfport, Mississippi, lost his house, saw his wife give birth by flashlight, and became an instant celebrity for telling Vice President Dick Cheney to go fuck himself.

"I tell you it was a good feeling at the time. It did feel really good. Wasn't quite as good as having sex or something, but it was good," Marble said of the Sept. 8 event, captured live on CNN.

Seconds later, however, he noticed this "panic stricken look on the Secret Service guys' faces, like they were about to tackle me or I didn't know what." Marble walked briskly from the scene, leaving his friend Jay, who'd captured the whole thing on video camera. Marble told the man who'd just patted him down to "have a nice day," before heading home. He was later detained by two men in fatigues, questioned and released.

But that wasn't the end of it. The incident, remarkable for an administration renowned for screening its audiences, was not only captured live on CNN but replayed on numerous websites and blogs, and even earned a Daily Show screening.

Ben Edelman: How Affiliate Programs Fund Spyware

Ben Edelman, wherever you are -- you're one of my heros. Keep Fightin' the Good Fight (tm).

Ben writes in his blog:

Affiliate networks offer an appealing promise for supporting free, independent content on the web: Any ordinary user can sign up to promote any interested merchant via a special affiliate tracking link. When a user clicks the link and makes a purchase from the merchant, the referring web site ("affiliate") gets a payment from the merchant. Since merchants only pay affiliates when users actually make purchases, merchants feel free to partner with smaller affiliate sites -- sites that might otherwise be too small or quirky to get advertisers' attention.

Despite the promise of affiliate marketing, these casual marketing arrangements entail serious risks. If merchants sign up affiliates without investigation or monitoring, merchants risk accepting partners with undesirable business practices. Consider an affiliate who sends spam, or whose site is so controversial that no reasonable merchant would want to be seen there. So, experienced merchants have learned, they must monitor their affiliates for these kinds of dubious behaviors.

Sprint employees blog on hurricane relief efforts

Michael Hardy writes in FCW.com:

Sprint Nextel employees have established "Sprint City," a six-acre home for hurricane relief workers at the Baton Rouge, La., fairgrounds.

According to the company, the camp was established within 48 hours of Hurricane Katrina's landfall in late August, and since then it has served as a base from which employees are working to re-establish wireless and wired service for those in the areas hit by the storm. About 300 Sprint Nextel employees and contractors are temporarily living there, protected by armed guards.

Employees based there are filing Web log entries on their experiences in a Sprint-hosted blog called "Dispatches from Sprint City."

Bill Expands Monitoring of Sex Offenders

An AP newswire article by Jim Abrams, via Yahoo! News, reports that:

Congress would create a national Web site for child sex offenders and sex felons would face up to 20 years in prison for failing to comply with registration requirements under far-reaching legislation the House took up Wednesday.

The measure, which also requires felony sex offenders to register for life and authorizes the death penalty for sex crimes resulting in the killing of a child, responds to what House Judiciary Committee Chairman James Sensenbrenner, R-Wis., said was a "national crisis" in child sex offenses. He said that of some 550,000 convicted sex offenders in the nation, 100,000 are "lost," with their whereabouts unknown.

Sensenbrenner said the legislation, certain to pass the House, would get favorable treatment in the Senate and he expected it to be signed into law by the end of the year.

The White House, in a statement, expressed support, saying that even though sex crimes against children have declined significantly in recent years, more needs to be done. It noted that the legislation codified the online National Sex Offender Public Registry that the Justice Department launched earlier this year.

Security Professionals: Does this sound familiar?

Jon Oltsik writes in the C|Net Corporate Security Blog:

[...]

Andre felt like he'd done his job and proudly reported his findings to upper management. Rather than act to adhere to compliance regulations or improve corporate governanace, they seemed to resent the bad news and simply swept it under the rug.


Not surprisingly, Andre, is quite disillusioned and sees his current job as a dead end. Meanwhile the management team continues to make a fool's bet the bad guys won't find the multitude of open doors and windows. This is bound to get ugly.

When I tell stories like this to other security professionals they respond with looks of acknowledgement and despair. Alas, Andre's dilemma is not unique. I hear stories like this one constantly.

Will things ever improve? Maybe, but it won't be pretty. Either more companies get breached and the laggards finally respond or Washington gets really tough with both new regulations and enforcement. Either way we are likely to see a lot more frustrated CSOs and costly security breaches in the short term.

MCI completes Totality acquisition

MCI announced their intent to acquire Totality back in early August. Now, Michael Hardy writes in FCW.com that:

MCI has completed its acquisition of Totality, a privately held firm that provides remote managed services.

MCI officials see the acquisition as a major step toward satisfying the growing demand from enterprise and government customers to manage a wider array of information technology functions.

Airgo Claims WLAN Speeds Of 240 Mbps

Via Mobile Pipeline.

WLAN technology vendor Airgo Networks said Wednesday that its next generation of Multiple Input, Multiple Output (MIMO) wireless LAN chipsets will provide data rates of as high as 240 Mbps.

The company said it is currently sampling the new chipset, which is the third generation of its MIMO technology, with WLAN equipment vendors. It said it expected the first products based on the chipset will be released later this year.

Fed Exposes Health Records Of Evacuees Online

Jonathan Krim writes in The Washington Post:

The federal government is making medical information on Hurricane Katrina evacuees available online to doctors, the first time private records from various pharmacies and other health care providers have been compiled into centralized databases.

The data contain records from 150 Zip codes in areas hit by Katrina. Starting yesterday, doctors in eight shelters for evacuees could go to the Internet to search prescription drug records on more than 800,000 people from the storm-racked region.

Officials hope to soon add computerized records from Medicaid in Mississippi and Louisiana, Department of Veterans Affairs health facilities, laboratories and benefits managers.

The records are one step in reconstructing medical files on more than 1 million people disconnected from their regular doctors and drug stores. Officials fear that many medical records in the region, especially those that were not computerized, were lost to the storm and its aftermath.

Baidu plunges as IPO bankers call stock overvalued

A Reuters newswire article, via Yahoo! News, reports that:

Baidu.com shares plunged as much as 21 percent on Wednesday after two of the investment banks that managed the Chinese Internet company's meteoric initial public offering said the stock price was overblown.

Goldman Sachs and Piper Jaffray both rated the stock "underperform," given its extraordinary debut on August 5, when it rose more than fourfold.

The eagerly anticipated IPO of Baidu, known as the Chinese Google, recalled the dot-com heyday, when first-day price rise records were broken weekly.

The debut of China's largest Web search company eclipsed even that of Google Inc., but a steady drumbeat of critiques over its valuation has surfaced since then.

Off Topic: Katrina Confusion?

Security Threats Rise 22%

Via Red Herring.

Computer worms, viruses, and other security-related threats have increased more than 22 percent year-to-date, with more companies reporting losses from cyber break-ins and insider attacks on networks and data, a study said Tuesday.

So far this year, companies reported 862 incidents, up 22.4 percent from 704 during the same period in 2004, according to an annual study released by IDG and PricewaterhouseCoopers. Cyber crime seems to be on the upswing, with 22 percent of companies surveyed reporting financial losses from attacks on their systems, up from only 7 percent in 2004.

The study surveyed more than 8,200 information security executives in 63 countries and covers a range of industries including computer-related manufacturing and software, consulting and professional services, financial services and banking, government, healthcare, and education.

Syria: Internet-user Abdel Rahman Shaguri released from prison

Via Reporters sans Frontières.

Reporters Without Borders noted the release from jail of Internet-user Abdel Rahman Shaguri on 31 August 2005 one week after completing his sentence for “publishing lies” but condemned his conviction as “utterly unjustified”.

"This man spent more than two and a half years in prison and was tortured just for sending news by email,” the worldwide press freedom organisation said.

"We also want to use this occasion to repeat our call for the release of cyberdissident Massud Hamid, imprisoned in Syria since July 2003", it added.

Intelligence officials arrested Shaguri on 23 February 2003, for emailing a newsletter taken from the website thisissyria.net, which is banned in Syria. The supreme state security court sentenced him on 20 June 2004 to two and a half years in prison. The charge against him specified that the articles he sent had “harmed the image and security of Syria”.

Shaguri served his entire sentence at the Saidnaya military prison where he was reportedly tortured by members of the military secret services.

Google Launches Blog Search Beta

Nate Mook writes in BetaNews:

Google on Wednesday took the wraps off a new search engine devoted to Web logs, or blogs, which is also integrated with the company's Blogger publishing tool. The Blog Search uses RSS feeds to index blog content, and Google says it intends to include as many blogs as possible, including those in foreign languages.

"Whether you're looking for Harry Potter reviews, political commentary, summer salad recipes or anything else, Blog Search enables you to find out what people are saying on any subject of your choice," Google says. Soon the company will offer a form for bloggers to manually submit their site, if it isn't automatically picked up.

TiVo copy protection bug irks users

Daniel Terdiman writes in C|Net News:

A bug in the latest version of TiVo's operating system has some users concerned that the service's content protection mechanisms--supposedly intended solely for pay-per-view and video-on-demand content--may someday be applied to broadcast television programming.

According to PVRBlog, a blog about TiVo and other digital video recorder companies and technology, some TiVo customers recently found that a recorded episode of "The Simpsons" had been red-flagged for content protection.

WebMD Files $90M IPO

Via Red Herring.

WebMD Health said on Wednesday it plans to file for an initial public offering of 6.9 million shares to generate more working capital and for general corporate expenses.

The subsidiary of online health advice site WebMD estimates the price will be between $13.50 to $15.50 per share of the Class A stock. WebMD plans to officially change its corporate name to Emdeon on September 29 but began using the new name on August 4. It will continue to use the WebMD brand, however.

Morgan Stanley, Citigroup, and Goldman Sachs will be underwriting the offering. The underwriters also have the option to buy another 1.03 million shares to cover their over-allotments.

WebMD Health provides “health information services to consumers, physicians, healthcare professionals, employers, and health plans through our public and private online portals and health-focused publications,” according to the company’s filing with the U.S. Securities and Exchange Commission.

UK: Redbus and Demon founder appears in court

Via OUT-LAW.com.

Internet pioneer Cliff Stanford yesterday went on trial at Southwark Crown Court on charges of unlawfully intercepting emails at his former company, Redbus Interhouse, according to reports.

Stanford resigned from the company in 2002.

Cliff Stanford is a well-known figure in the internet industry. He founded Demon Internet in 1992 and sold it in 1998 to Scottish Telecom for £66 million (Scottish Telecom subsequently re-branded as Thus), netting Stanford around £30 million.

According to reports, allegations surfaced in October 2003 that Stanford had been involved in hacking the email system of Redbus. He and another man, George Nelson Liddell, were questioned by police over the interception of emails between Redbus' former chairman John Porter, and Porter's mother, the former Westminster council leader, Dame Shirley Porter.

Both men were charged with offences under the Computer Misuse Act and the Regulation of Investigatory Powers Act (RIPA) of 2000, say reports. They deny the charges.

Computer engineer lost job over two pieces of pizza

An AP newswire article, via The Globe and Mail, reports that:

A computer engineer who lost his job because he ate two pieces of pepperoni pizza has been named the winner of an offbeat Internet contest that solicited stories about outrageous firings.

A panel of Silicon Valley judges picked Jim Garrison's strange tale from more than 1,000 entries submitted during the past month. The reward: a free Caribbean cruise.

Garrison, 39, prevailed over some tough competition.

The runners-up included a furniture mover who got fired after he and a co-worker were caught fencing with some adult sex toys found in a customer's bedroom; a worker who misunderstood a manager's instructions to send some sensitive data to microfilm and e-mailed it to a "Michael Finn" instead; and a warehouse worker found doing perverse things with the prosthetics made by his employer.

Watchtower sues website

Nick Farrell writes in The Inquirer:

A SITE which quotes bits of the Jehovah’s Witness rag Watchtower for the general amusement and edification of its readers has been sued by the magazine for bringing it into disrepute.

The magazine, which is usually seen in the pious paws of a Jehovah’s Witness knocking on your door, is apparently miffed at the antics of [the] site.

According to the writ, which can be seen here, Watchtower is claiming that the publication of selected quotes embarrasses the outfit.

The site provides a search engine of quotes about what has been said in Watchtower. When we tapped in the word ‘the Inquirer’ we found the quote “idi"ot"es, 'one without understanding,' the 'inquirer' are both in the unbeliever class in contrast to the saved of the Christian church".

Besides the obvious claim that the site breaches its copyright, Watchtower says the site might be confused with the real Watchtower because it has the domain name "watchtower.ca" which is trademarked.

World Bank site shows best countries to do business in

Via The Inquirer.

THE WORLD Bank has released data and tables showing how easy it is to do business in different countries around the world.

Entrepreneurs in Sierra Leone are likely to have a problem because if you pay all the business taxes you ought to, it will consume 164 per cent of your company's gross profit.

In Syria, said the World Bank, to start a business you need to invest $61,000 in capital which is 51 times the average annual income.

A league table of countries reveals that New Zealand is the easiest place to do business, followed by Singapore, the US, Canada and Norway. The UK is number nine in the table.

Don't go to law in Guatamela, because according to the World Bank, it takes around 1,500 days to resolve a simple dispute.

All this, and a heap of very useful information cann be found on the World Bank's Doing Business site.

Uk.com wildcard raises Net stability worries

Kieren McCarthy writes in The Register:

A decision by British company CentralNic to make all unregistered domains ending with "uk.com" direct to its own webpage has raised concerns over the future stability of the Internet.

CentralNic owns a series of valuable dotcoms including uk.com, us.com, eu.com and de.com and sells third-level domains e.g. www.theregister.uk.com to anyone for £32.50 a year. It runs around 100,000 domains.

However, no matter what domain you type in your browser (i.e. www.fskjsdkjkjsd.uk.com), so long as it hasn't been sold, you will redirected to CentralNic's own webpage, featuring advertising and an offer to buy that domain through its system.

The benefit to the company is clear - increased sales and advertising revenue - but the system by which the redirection is carried out, called wildcard, has been criticised by the Security and Stability Advisory Committee (SSAC) of Internet overseeing organisation ICANN as putting the stability of the Internet at risk.

Telstra sale given go-ahead

Here's a developing story that I've pointed out here on the the blog a few times in the past couple of weeks.

Tim Richardson writes in The Register:

The Australian Government has moved a step closer to flogging its 51.8 per cent state in incumbent telco Telstra after winning a key vote earlier today.

The Australian Senate backed plans to flog the Government's stake in the business despite a concerted campaign by opposition MPs and trade unions.

The Government is set to raise around A$30bn (£14bn) from the sale of its share in the firm, which is expected to go ahead next year.

In a bid to ease concerns about the future the Government has agreed to set aside more than A$3bn to help protect and improve services in rural areas.

As part of the sell-off, the Government also plans to separate Telstra's retail, wholesale and network business to ensure that the telco "treats its wholesale customers fairly".

More tech fails to exorcise security risks

John Leyden writes in The Register:

Current IT systems are inherently insecure and growing complexity will simply increase these risks, a leading academic has warned.

Users should rebel and demand vendors compensate them for security foul-ups, said pugnacisous Professor Klaus Brunnstein of the University of Hamburg

Brunnstein told delegates to an IT security conference in London on Wednesday that attempting to protect against IT risks - such as hacking attacks - by increasing the complexity of systems is futile. "That would be like trying to expel the devil with Beelzebub," he said.

The present wave of IT security incidents is caused by inherently insecure assumptions, including overly complex systems. The interoperation of these systems with other insecure technologies magnifies the problem, the applied informatics academic argued.

Sprint Nextel sees cost from Katrina

A Reuters newswire article, via Yahoo! News, reports that:

Sprint Nextel on Wednesday said Hurricane Katrina will cost it between $150 million and $200 million after insurance payments. It also said portions of its wireless network in the U.S. Gulf Coast remain out of service.

The telecommunications company said it has restored wireless service to all regions in Alabama affected by the storm, and more than 90 percent of its network in Mississippi and more than 70 percent in Louisiana.

Its estimated cost from the storm includes capital and operating costs associated with restoring service and its retail operations, as well as what it termed "billing relief" for affected customers.

Microsoft Offers to Settle Suit Vs. Google

An AP newswire article by Gene Johnson, via Yahoo! News, reports that:

Hours after a state judge ruled that a former Microsoft Corp. executive may begin doing limited work for rival Google Inc., a top Microsoft lawyer said the software giant was prepared to settle its lawsuit if the restrictions on Kai-Fu Lee remain in effect until next summer.

Microsoft general counsel Brad Smith said Tuesday night the company was pleased with the restrictions and would end all litigation if Google and Lee agree to abide by the judge's order until next July, when Lee's noncompete agreement expires.

"We can settle this lawsuit tomorrow," Smith said. "We can get back to ... competing in the marketplace."

Lee still cannot work on products, services or projects he worked on at Microsoft, including computer search technology, pending a trial set for January. Superior Court Judge Steven Gonzalez said Tuesday that the noncompete agreement Lee signed with Microsoft is valid.

Yahoo! upgrading webmail

Via Reuters.

Yahoo Inc. said it is upgrading Yahoo Mail, the most popular Web e-mail program, to make it run more efficiently than other Web-based systems and nearly as fast as desktop e-mail.

The new version of Yahoo Mail works in a browser, just as existing versions of the program do, but Yahoo has developed ways to short-circuit the multi-second delays that typically delay any action taken in Web-based e-mail programs.

It replaces the need to repeatedly refresh a browser to open e-mail, move it into folders or take other actions that require the user to wait for the browser to redraw the page.

Instead, it works similarly to desktop computer e-mail clients, with features such as drag-and-drop organization of e-mails into folders and a message preview window that displays selected messages nearly instantaneously.

Today's Dilbert: Blame the Absent


Click on image for enlargement.

Tuesday, September 13, 2005

iTunes upgrade has users griping

Alorie Gilbert writes in C|Net News:

A new version of Apple Computer's iTunes software released last week appears to be giving many iPod owners headaches, according to reports from across the Web.

Complaints about iTunes 5 for Windows have surfaced over the past few day on numerous blogs and discussion boards, including the company's own discussion board at Apple.com. iTunes is a desktop computer program that comes with the iPod music player and allows people to transfer music to the device. It also represents Apple's first big foray into designing software that works with Microsoft Windows.

People have reported a range of problems with the updated program, while others said the software works fine. Among those reporting problems, many say that trying to install the program causes their computers to crash. Others report that once they install the program, it won't transfer music purchased at the iTunes Music Store to their iPod, deletes playlists, interferes with other programs or generally wreaks havoc on their computers.

"What's worse, rolling back (to a previous version) can be difficult or impossible, and Apple's lack of official recognition or public response regarding these problems is driving many users up the wall," Lauren Weinstein, co-founder of People for Internet Responsibility, wrote in a letter posted online.


Years of Research Ruined in Katrina Flood

An AP newswire article by Paul Elias and Alicia Chang, via ABC News, reports that:

As rising floodwaters swamped New Orleans, Louisiana's chief epidemiologist enlisted state police on a mission to break into a high-security government lab and destroy any dangerous germs before they could escape or fall into the wrong hands.

Armed with bolt cutters and bleach, Dr. Raoult Ratard's team entered the state's so-called "hot lab," and killed all the living samples.

"This is what had to be done," said Ratard, who matter-of-factly put a sudden end to his lab's work on dangerous germs, which he wouldn't name.

At least Ratard's team was able to retrieve laptop computers containing vital scientific data. Many other scientists in the region weren't so fortunate, losing years of research, either through storm damage or voluntary destruction.

EFF wins right to unseal Apple court documents

A MacCentral article by Jim Dalrymple, via Yahoo! News, reports that:

The Electronic Frontier Foundation (EFF) on Tuesday won the right to unseal court documents from Apple Computer. The documents show that Apple planned to subpoena the anonymous sources of two reporters from AppleInsider and PowerPage before conducting an investigation inside the company.

The lawsuit was brought against the sites when they printed articles about “Asteroid,” rumored to be a FireWire audio interface for GarageBand — Apple claimed violation of trade secret law.

The First Amendment and the California Constitution require that Apple exhaust all other alternatives before trying to subpoena journalists. Lawyers claimed the journalists should be protected by the First Amendment, an argument the group lost in court and appealed earlier this year.

Documents in the case show that Apple never took depositions, never issued subpoenas (other than to the journalists) and never asked for signed declarations or information under oath from its own employees, according to the EFF.

Apple argued that the internal investigation itself was a trade secret and should be sealed from opposing counsel. EFF lawyers successfully argued to have the documents unsealed.

Zotob worm suspect in court

A Reuters newswire article, via CNN, reports that:

A Moroccan magistrate questioned an 18-year-old science student in court on Tuesday about his alleged role in unleashing computer worms that disrupted networks across the United States last month.

Farid Essebar appeared before the investigating magistrate in Rabat for three hours of questioning about the Zotob worm, his lawyer said.

The worm caused computer outages at more than 100 U.S. companies, including major media outlets like CNN and The New York Times.

"My client Farid Essebar was interrogated by a Rabat court investigating judge over the Zotob worm release on the Internet. He was returned back to detention in a Rabat jail," said his lawyer, Mohamed Fertat.

Essebar, an experimental science student who has been in jail since his arrest on August 25, was remanded in custody and will be questioned again on September 21, Fertat added.

Essebar's arrest in Morocco was part of a coordinated operation involving Turkish authorities who detained 21-year-old Attila Ekici, also suspected of involvement in the release of the Zotob worm, the FBI said in Washington.

Good Technology cuts more than a fifth of work force

An AP newswire article, via The Mercury News (obnoxious, but free registration required -- or use BugMeNot.com), reports that:

Good Technology Inc. has cut more than 100 jobs, or one-fifth of its work force, in recent weeks as part of the mobile e-mail company's growing emphasis on partnering with cellular operators such as Cingular Wireless and Sprint Nextel Corp. rather than direct sales.

Good, whose GoodLink service is a small but fast-growing rival to BlackBerry from Research In Motion Ltd., told The Associated Press on Tuesday that its total staff has fallen from about 500 positions to 400. The new tally includes an undisclosed number of hires in roles other than direct sales.

The restructuring comes about three months after Good announced a deal in which Cingular, the nation's biggest cell phone provider, began selling GoodLink directly to its subscribers at a sizable discount. A similar deal with Sprint was announced in July.

The two carrier deals have provided a big boost for Good as it wrestles for market share with the dominant BlackBerry service, which has more than 3 million users. Good, a private company based in Santa Clara, Calif., last reported that it has 7,000 corporate accounts, up from 4,000 at the end of last year, but doesn't disclose how many individual users it has.

Brief L.A. Blackout Fells More Nets Than Hurricane Katrina

Gregg Keizer writes in TechWeb News:

While the brief blackout in Los Angeles Monday was caused by an errant worker snipping wires, not Mother Nature and a wall of water, the incident actually brought down more Internet networks than failed during Hurricane Katrina, a Web monitoring firm said Tuesday.

"Los Angeles is a much more network-dense place than the Gulf Coast," said Todd Underwood, the director of operations for Renesys, a Manchester, New Hampshire-based firm that monitors Internet routing traffic. "Up to 301 networks were outaged during the [power blackout] event." That was substantially more than went down during the Hurricane Katrina storm that hit Louisiana, Mississippi, and Alabama on August 29.

"The outages were contained locally," said Underwood, "and for the most part, redundant power structures worked. There were a couple facilities where significant networks failed, however. Backup power infrastructure seldom gets a full workup, so there are always some that fail [to kick in]."

None of the long-haul lines that connect Los Angeles to the rest of the Internet, and direct traffic through the city from other parts of the western U.S. or the Pacific Rim, were affected by the power blackout.

OMB: No new money for IPv6

David Perera writes in FCW.com:

Federal agencies have all the money they need to make a mandatory transition to the next generation of IP, a top Office of Management and Budget official said today.

“The good news, you have all the money you need. [IP Version 6] is a technology refresh,” said Glenn Schlarman, information policy branch chief in OMB's Office of Information and Regulatory Affairs. Schlarman spoke at a Potomac Forum event on IPv6. "You have to adapt, reallocate," he added.

Under the requirements of an Aug. 2 OMB memo, agencies have until the middle of 2008 to become IPv6 compatible.

“We’re talking about the foundational elements, the foundational backbone,” Schlarman said. Agencies have the option of operating networks that simultaneously support the current protocol, IPv4, and IPv6.

But agencies that don’t have a plan to routinely update technology will encounter some problems, Schlarman said. Agencies that do will find that they are much closer than they perhaps realize to IPv6 compatibility, he added.

Microsoft Reissues Update Rollup For Windows 2000

Gregg Keizer writes in TechWeb News:

More than a month after Microsoft acknowledged that its final Windows 2000 update was flawed, on Tuesday the Redmond, Wash.-based giant released a revised version and says it solves compatibility problems with other software.

Update Rollup 1 for Windows 2000 SP4 -- v2 was posted Tuesday for downloading from Microsoft's Download Center for multiple machines, or via the Windows Update service for individual PCs.

The second edition of Update Rollup 1 -- the final major update Microsoft intends for the aging but still popular Windows 2000 operating system -- was necessary because of problems some users encountered with third-party software after installing version 1.

Among the headaches that Microsoft confirmed in early August were compatibility issues with several prominent vendors' applications, including ones from Citrix, Sophos, Internet Security Systems, and even Microsoft itself. The latter's Microsoft Office, for example, wouldn't save files directly to floppy disks after the rollup had been installed.

Phoney Anti-Spyware Software Lures Unsuspecting Users

Gregg Keizer writes on TechWeb News:

A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk, a security expert said Tuesday.

Like the most dangerous and devious phishing attacks, this one is based on a Web site. Users enticed here face a fake portrayal of Microsoft's Windows Security Center.

The bogus site displays such factual information as the user's IP address, the browser being used, operating system, and country of origin. Along with that, however, the page claims that an attacker "has gained access to your computer and is collecting the information about the sites you've visited and the files contained in the folder 'My Documents.'" A pop-up also alleges that the PC has been infected with a rogue .dll -- a piece of spyware dubbed "W32.Sinnaka.a" -- that's collecting private data.

It's all a lie, said Patrick Hinojosa, the chief technology officer of Panda Software.

There's no such online edition of Windows Security Center -- that's actually an on-disk utility in Windows XP -- nor is there any legit malware by the name of Sinnaka.a.