France requiring ISP's to filter content harmful to minors?
Naje Jeval, a reader of the blog, alerted me to this notice.
Apparently, the alarm was sounded by the C'est l'association Iris that (paraphrased) "... the debate on the filtering of the contents on Internet would begin again.."
According to this Yahoo! News France article (ran through the Alta Vista Babelfish translator, so I have paraphrased):
The new proposal would require [ISPs] put in/near all their subscribers, in an automatic way, the technical devices powerful and activated by "defect" [keyword or URL alarm filtering] which make it possible to restrict accèss with the services of communication to the public on line putting in danger the minors. A decree in the Council d'Etat lays down the methods of this article. The significant issue, this time around, is especially the concept "activation" by filter alarm", which goes well beyond the means of simply supplying "software of parental control chosen, installed, configured by the parents in function their concerns for their children."
Although the debate about mandatory content filtering in France is not a new one, it appears that France is edging ever closer to their own "Firewall of France".
Enthusiast uses Google Earth to reveal Roman ruins
Declan Butler writes on Nature.com:
Using satellite images from Google Maps and Google Earth, an Italian computer programmer has stumbled upon the remains of an ancient villa. Luca Mori was studying maps of the region around his town of Sorbolo, near Parma, when he noticed a prominent, oval, shaded form more than 500 metres long. It was the meander of an ancient river, visible because former watercourses absorb different amounts of moisture from the air than their surroundings do.
His eye was caught by unusual 'rectangular shadows' nearby. Curious, he analysed the image further, and concluded that the lines must represent a buried structure of human origin. Eventually, he traced out what looked like the inner courtyards of a villa.
Mori, who describes the finding on his blog, Quellí Della Bassa, contacted archaeologists, including experts at the National Archaeological Museum of Parma. They confirmed the find. At first it was thought to be a Bronze Age village, but an inspection of the site turned up ceramic pieces that indicated it was a Roman villa.
Plan lets users be the judge of flaws
Joris Evers writes in C|Net News:
A plan to make it easier for companies to determine how hard they could be hit by security flaws is ready for prime time, according to its backers.
The Common Vulnerability Scoring System plan calls for a unified approach to rating vulnerabilities in software, to replace the proprietary methods many technology companies and security vendors use when determining the impact of a flaw.
The Common Vulnerability Scoring System, or CVSS, was developed under the auspices of the National Infrastructure Advisory Council, which advises President Bush about the security of information systems for critical infrastructure. FIRST, a worldwide consortium of security incident response teams such as the United States Computer Emergency Readiness Center, coordinates further CVSS development.
On Monday, FIRST plans to announce a push for wide-scale adoption of CVSS. Backers believe the rating system is ready to move into more general use after being a work-in-progress for the past year and a half. It was released publicly in late February, when a group of about 30 companies started testing it.
Update: Miami-Dade police officer suspended in unauthorized data access
An AP newswire article, via The Mercury News (obnoxious, but free, registration required -- or try using BugMeNot.com), reports that:
A Miami-Dade police officer has been relieved of duty and is under investigation for allegedly obtaining unauthorized access to Social Security numbers and other personal data on as many as 4,689 people maintained by ChoicePoint Inc.
The company, based in Alpharetta, Ga., said Friday that the U.S. Secret Service was investigating the matter but that it was unclear whether any identity theft had occurred.
The employee, ChoicePoint said in a letter to the potentially affected consumers, was not authorized to use the Miami-Dade Police Department's account with the company and ``had accessed information illegally and acted outside the scope of his employment.''
The consumer information accessed, with log-in and password, included Social Security data, drivers license numbers and dates of birth.
Detective Mary Walters, a Miami-Dade police spokewoman, said the officer involved was relieved of duty and an internal investigation was under way.
She declined to provide the officer's name or any details about where in the department the officer worked.
Update: Bob Sullivan
writes on
MSNBC, that in addition to the Miami-Dade incident:
The three other incidents announced Friday were:
- Two California-based private investigators, Kenneth Beck and Robert Starr, allegedly used ChoicePoint’s data to hunt for possible identity theft victims, Lee said.
- A Texas-based firm named RPM was found to have improperly accessed data.
- An employee of an "accredited insurance” company that ChoicePoint would not name, citing contracts with the firm, was also alleged to have improperly accessed records.
In total, the three incidents resulted in 547 warning notices being sent to victims, Lee said.
Clam AntiVirus (ClamAV) Buffer Overflow and DoS Vulnerabilities
Via FrSIRT.
FrSIRT Advisory : FrSIRT/ADV-2005-1774
CVE Reference : CAN-2005-2919 - CAN-2005-2920
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-16
* Technical Description *
Two vulnerabilities were identified in Clam AntiVirus (ClamAV), which could be exploited by remote attackers or malware to execute arbitrary commands or cause a denial of service.
The first issue is due to a buffer overflow error in "libclamav/upx.c" when processing malformed UPX-packed executables, which could be exploited by attackers to compromise a vulnerable system by sending, to a vulnerable application, emails containing specially crafted files.
The second issue is due to an error in "libclamav/fsg.c" when processing specially crafted FSG-packed executables, which could be exploited by attackers to cause the application to enter an infinite loop.
* Affected Products *
Clam AntiVirus (ClamAV) version 0.86.2 and prior
* Solution *
Upgrade to Clam AntiVirus (ClamAV) version 0.87 :
http://sourceforge.net/projects/clamav/
* References *
http://www.frsirt.com/english/advisories/2005/1774
http://sourceforge.net/project/shownotes.php?release_id=356974
Hackers Targeting Security Hole in Twiki
Via Netcraft.
A serious security hole has been discovered in TWiki, the popular open source collaboration software. The vulnerability allows remote attackers to execute shell commands on affected systems, and is already being actively exploited, with some analysts warning that a worm could soon follow. A hotfix is available from the TWiki web site.
TWiki is an enterprise collaboration platform typically used on development projects. It is used for internal communications at companies including IBM, Yahoo, Circuit City, Reuters, Boeing, General Electric, Wachovia and ZoneLabs. Some large companies use it to run web-facing Wikis, such as British Telecom's UK Telco B2B Forum.
The TWiki program doesn't check URL parameters properly for shell metacharacters, leaving it vulnerable to revision numbers containing pipes and shell commands, according to the advisory. An exploit is possible on topics with two or more revisions, with the attacker gaining the same privileges as web server processes.
A Wiki is a web application that allows users to add content, as on an Internet forum, but also allows anyone to edit existing content. One popular example is Wikipedia, the user-compiled Internet encyclopedia, which has more than 700,000 entries. The TWiki web site has nearly 18,000 registered users.
Tony Li has left the buidling (Cisco) -- again....
Om Malik scoops:
Here is the latest from the Silicon Valley grapevine - the ultimate networking maverick, Tony Li, is leaving Cisco. Again! He had rejoined Cisco only a few months ago. He sent out an email to others at Cisco. Right now, file this in “rumored” category, but be assured, more to follow!
How the Internet killed the phone business
Thanks, David I.
Decision on .xxx domain delayed again
Anne Broache writes in C|Net News:
The fate of the highly controversial .xxx Internet domain will not be decided until "a future date," a representative of the Internet Corporation for Assigned Names, which oversees domain names, said Friday. ICANN's board of directors considered an agreement for the proposed virtual red-light district at a Thursday meeting but decided against taking action, directing ICANN staff to negotiate "additional contractual provisions" with ICM Registry, the Florida company that plans to operate the domain.
The Bush administration and conservative groups have recently voiced opposition to the domain's creation. ICANN pushed back its vote last month, though it did approve the .xxx concept back in June.
New Security Flaw Discovered in IE
Ed Oswald writes in BetaNews:
Security firm eEye released a notice on Thursday saying it had discovered a new flaw within Internet Explorer on both Windows XP and XP SP2. According to the notice, "A vulnerability in default installations of the affected software could allow for remote code execution."
Windows XP SP2 was touted as a much more secure version of Microsoft's flagship operating system. However, hackers have still found ways around the new security features, and flaws continue to pop up. Microsoft has been alerted to the problem, but as standard practice eEye will not release details of the vulnerability until it is patched or publicly acknowledged by Microsoft.
ICANN approves new TLD's: .XXX and .CAT
You know, at least one of these top-level domains (and arguably, both) show how out of touch with operational reality ICANN really is. Do people really expect online pr0n to simply pick up and move to the .XXX doman? And come on -- do we really need a whole TLD just for the Catalan language? I'll stop now before I really go off on a lengthy rant about the usefulness of some of the other TLD's that are used by virtually no one except for warez, phishers, and malware distributors.
An AP newswire article by Anick Jesdanun, via Yahoo! News, reports that:
The Internet's key oversight agency approved a domain name for the Catalan language Thursday while deferring final action on creating a red-light district on the Internet through a ".xxx" suffix.
Creating the ".cat" suffix for individuals, organizations and companies that promote the Catalan language and culture was relatively uncontroversial. Though the language is spoken largely in certain regions of Spain, backers say a domain name could unify Catalan speakers who live in France, Italy, Andorra and elsewhere. The name could begin appearing in use next year.
As for ".xxx," the Internet Corporation for Assigned Names and Numbers deferred final approval for the second time in as many months.
The board decided to seek changes to a proposed contract with ICM Registry Inc., the Jupiter, Fla., that would run the domain name for voluntary use by the adult entertainment industry. No details were immediately available on the changes sought.
The ".xxx" domain has met with opposition from conservative groups and some pornography Web sites, and ICANN postponed a final decision last month after the U.S. government stepped in just days before a scheduled meeting to underscore objections it had received. ICANN had given a preliminary OK in June.
University of Miami, Ohio, discloses privacy data exposure
Thanks to a post by "DutchSter" over on Slashdot, which reveals:
"In the wake of other schools announcing the theft of hardware containing sensitive student information, Miami University, of Oxford, Ohio, has announced that a file containing the name, Social Security number, the grade point average for the Fall 2002 semester, cumulative grade point average, and other related academic information, such as credit hours attempted that semester, for all 21,000 students who attended the Fall 2002 term has been available on a web server for the last three years. The discovery was made this week and the university is taking steps to deal with the fall-out sure to come."
Japanese Phisher Gets Slapped on Wrist
Via Red Herring.
A Japanese man convicted of creating a fraudulent website to steal personal information was given a 22-month suspended sentence earlier this week, alarming security analysts who said Thursday the penalty is too soft and sets a bad precedent in the fight against scammers.
In Japan’s first case against phishing, Kazuma Yabuno, 42, was recently convicted of creating a website that tried to mimic Yahoo Japan by replacing the ‘h’ in the Yahoo with ‘f’ creating the name ‘Yafoo!’ The trick site’s name closely resembled the original and has the same pronunciation in Japanese.
Through the spoofed site, Mr. Yabuno proceeded to obtain account names and passwords of Yahoo members and gained illegal access to their email accounts.
A former computer systems engineer in Osaka, he was arrested in June and charged with violating copyright and unauthorized access. At the conviction, Judge Mitsuaki Takayama said that the sentencing took into account that Mr. Yabuno did not use the stolen information to commit other crimes.
US House panel staff unveil draft new telecom bill
Jeremy Pelofsky writes for Reuters:
U.S. House Energy and Commerce Committee staff on Thursday unveiled draft legislation aimed at overhauling U.S. telecommunications laws to address new technologies, such as Internet video and voice services.
The House Energy and Commerce Committee lawmakers will likely discuss the draft measure over the next few weeks and likely try to hold hearings on it in October, a congressional aide said, declining further identification.
The draft was prepared by staff for Republican Chairman Rep. Joe Barton of Texas, fellow Republicans Fred Upton of Michigan and Chip Pickering of Mississippi and Democrats John Dingell of Michigan and Ed Markey of Massachusetts, the aide said.
"We need a fresh new approach that will encourage Internet providers to expand and improve broadband networks, spur growth in the technology sector and develop cutting-edge services for consumers," Barton said in a statement.
Secret Cold War Spy Satellite Program Declassified by U.S.
Over on Space.com, Leonard David writes:
A bit of Cold War space history has been unthawed.
The National Reconnaissance Office (NRO), National Security Agency (NSA) and Naval Research Laboratory (NRL) have declassified the fact that a series of satellites was orbited from 1962 through 1971, designated POPPY.
POPPY’s mission was to collect radar emissions from Soviet naval vessels – an activity called electronic intelligence, or ELINT for short.
In total, seven POPPY satellites were lofted into space from 1962 to 1971: Dec. 13, 1962, June 15, 1963, Jan. 11, 1964, March 9, 1965, May 31, 1967, Sept. 30, 1969, and Dec. 14, 1971.
The POPPY Program operated from December 1962 through August 1977.
FCC Seeks New Bureau For Disaster Management
Paul Kapustka writes in Advanced IP Pipeline:
FCC Chairman Kevin Martin on Thursday proposed the creation of a new internal bureau inside the agency to coordinate the planning and response actions for communications services during national disasters, as part of the agency’s response to communications failures in the face of Hurricane Katrina.
Speaking at the end of the commission’s monthly open meeting -- which was broadcast on the Web from the Atlanta-based emergency-operations center of telecom provider BellSouth -- Martin said that in addition to the new bureau, the FCC would also provide approximately $200 million in financial assistance to telecom customers and companies, and also convene an “expert panel” to review what lessons might be learned from the effects of Katrina.
Martin’s comments followed those from a long list of telecommunications and broadcast industry representatives, who mostly detailed what damage Katrina had inflicted on their infrastructures, and how they had responded in their attempts to restore service. According to Ken Moran, the FCC’s director of its office of homeland security, there are still almost 350,000 customers without wireline phone service, and still three 911 centers in Louisiana that are inoperable.
UC-Berkeley laptop with personal data of 98,000 recovered
A Reuters newswire article, via Yahoo! News, reports that:
A stolen laptop computer holding personal information of more than 98,000 California university students and applicants has been recovered, but it uncertain whether the information had been tapped, the University of California, Berkeley said on Thursday.
The laptop, which stored names and Social Security numbers, disappeared in March from a restricted area of the university's graduate division offices, forcing the university to alert more than 98,000 students and applicants of the theft.
The university said in a statement that a San Francisco man has been arrested and charged by the Alameda County district attorney with possession of stolen property after investigators discovered the laptop had been bought over the Internet by a man in South Carolina.
"UC police note that while a lab analysis could not determine whether the sensitive campus data was ever accessed, nothing in their investigation points to identity theft nor individuals involved in identity theft. It appears ... that the intent was simply to steal and sell a laptop computer," the university said in its statement.
Forensic tests showed files on the laptop had been erased and written over with a new operating system installation, leaving only residual data and making it virtually impossible to determine whether password-protected files had been breached, the university said.
Mississippi gets satellite technology to help with recovery efforts
Dibya Sarkar writes in FCW.com:
A Virginia-based satellite technology company is lending Mississippi’s public safety department a mobile communications trailer equipped with computers and voice over IP-enabled phones to aid hurricane relief and recovery efforts.
A spokesman for Segovia, which bills itself as the first global satellite network to support IP communications, said the trailer is en route to Gulfport, Miss., which is one of the areas ravaged by Hurricane Katrina, and should be operating by this weekend, if not before. He said the company contacted Gov. Haley Barbour’s office, which accepted the company’s offer.
The trailer will provide broadband Internet access and IP telephones for 20 people, but it can handle as many as 250 people, the spokesman said. The company is picking up all of the state’s phone charges and will have two technicians on site for at least three weeks.
U.S. Takes Action Against Bank in China
An AP newswire article by Jeannine Aversa, via SFGate.com, reports that:
The Bush administration took action Thursday against a bank in China for what it said were lax money-laundering controls, alleging the bank helped North Korean customers distribute counterfeit currency and engage in other illicit activities.
The Treasury Department designated Banco Delta Asia SARL as a "primary money laundering concern."
That designation alerts the global financial community about the alleged problems associated with the bank, which is located and licensed in Macau, China. The department also proposed that the bank be cut off from the U.S. financial system.
The 2001 USA Patriot Act gives the department the powers to take the action.
Former Austin police detective guilty of possessing child porn
Image Source: Brian K. Biggs /American-Stateman
..and in disgusting local tech-related news, Steven Kreytak
writes in
The Austin American-Statesman (obnoxious, but free registration required -- or use
BugMeNot.com):
A former Austin police detective pleaded guilty to seven counts of child pornography in federal court Thursday, admitting that he possessed on his personal computer hundreds of images of male and female children engaged in sexual acts.
Lance McConnell, 34, faces between 5 and 120 years in federal prison and $1.75 million in fines when he is sentenced by U.S. District Judge Sam Sparks November 18.
Both McConnell, who remains free on bond pending sentencing, and his lawyer Rip Collins declined to comment as they left the federal courthouse downtown.
Special Assistant U.S. Attorney Grant Sparks said in court that during a March 23, 2005, search of McConnell's home on Mockingbird Lane in Lockhart investigators seized several computers, including one with between 300 and 600 digital images and movie files of child pornography.
Those included ones of prepubescent children engaging in sex acts with each other and with adults, according to court documents.
The computer also showed evidence that McConnell had e-mailed "dozens of images" and kept the pictures in organized folders, Grant Sparks said.
RIAA sends letters to P2P services
Dawn Kawamoto writes in C|Net News:
The Recording Industry Association of America has sent letters to seven peer-to-peer companies, asking them to halt what the RIAA alleges is their practice of encouraging users to illegally distribute copyrighted material.
The RIAA's actions follow a U.S. Supreme Court ruling in June against P2P services provider Grokster and marks one of the first actions the recording industry trade group has taken against P2P services beyond Grokster. In a unanimous decision, the court said companies that build businesses with the active intent of encouraging copyright infringement should be held liable for their customers' illegal actions.
"Companies situated similarly to Grokster have been given ample opportunity to do the right thing," a RIAA spokesperson said. "Those businesses that continue to knowingly operate on the wrong side of that line do so at their own risk."
The letters were mailed to seven file-sharing companies, according to a RIAA spokesperson, who declined to identify the companies.
China produces movie about dangers of the Internet
An AFP newswire article, via Yahoo! News, reports that:
Chinese authorities have helped produce a movie that will educate its youth on the dangers of excessive Internet use, state media reported.
"Internet Teenagers," currently showing in theaters across the nation, deals with the "appropriate use of the Internet and smooth communication with adolescent children," the China Daily said.
"Some students choose to indulge themselves in virtual reality, where they believe they can find relaxation, entertainment, self-esteem and friendship, and not face real life," said Shi Xuehai, the director.
The movie's story line has a teacher coach a group of problem children who also happen to be "high-tech geniuses," according to the paper.
US Senate turns aside Web gambling ban for now
A Reuters newswire article, via Yahoo! News, reports that:
The U.S. Senate on Thursday turned aside an attempt to restrict Internet gambling in a procedural move, but Sen. Jon Kyl vowed he would try again and said he expected the legislation would become law eventually.
The Arizona Republican tried to attach language restricting Internet gambling to an annual spending bill that must be passed this year, but an unnamed Democrat objected to attaching an unrelated matter to the spending measure under consideration.
Kyl said his legislation would require banks and credit card companies to block payments to online Internet gambling sites. He said some firms were already voluntarily blocking money transfers.
"We will proceed with this, it will become law at some point at some time," the Arizona Republican said on the Senate floor. "There should be no reason why we can't move forward on this."
Massive sunspot has Earth in its sights
Lucy Sherriff
writes in
The Register:
A sunspot five times the size of Earth could wreak havoc with satellites and radio communication systems, scientists warn, as it moves across the face of the sun and Earth moves directly into its firing line.
Seven huge X-class flares have already erupted from the spot, including one of magnitude X17 last Wednesday that made it into the record books as the fourth largest ever seen.
The US National Oceanic and Atmospheric Administration (NOAA) said that the flares have already caused problems with some electric power systems, radio communications and global positioning equipment.
It went on to warn that further flares are likely in the next week, and because the sunspot is moving into line with Earth, the risk of disruptions is even greater as the solar activity will strike the planet head-on.
Verizon Wireless Wins Injunction Against Data Thieves
David Haskin writes in Mobile Pipeline:
Verizon Wireless said Thursday that it has received a court order preventing a Tennessee company continuing what Verizon calls the theft of subscriber information.
The wireless operator received an injunction against Source Resources of Cookeville, Tennessee. The permanent injunction prevents Source Resources from acquiring, possessing or selling customer account information without either a court order or the subscriber's permission.
"They call themselves private investigators," Verizon Wireless spokesman Jeffrey Nelson said in an interview. "They are common identity theft crooks."
In its initial court filing in July, Verizon Wireless claimed that Source Resources used "deceit, trickery and dishonesty" to obtain customer records. Specifically, the wireless operator claimed that Source Resources "is engaged in wrongfully obtaining confidential customer information (such as the customer's calling records) … by posing as a customer of Verizon Wireless seeking information about his or her own account."
The Source Resources "investigators" provided Verizon Wireless customer service agents with security information, such as the victim's social security number of mother's maiden name. That information was, according to Verizon's brief, "wrongfully obtained."
USA Today Calls for ICANN to Adopt .XXX
Thanks to Bret Fausett for pointing this out. Bret writes in his ICANN Blog:
This has to be a first: a major U.S. newspaper has an unsigned editorial recommending that the ICANN Board take a certain action. In this case, implement.XXX. Here's an excerpt:
"The [ICANN] Board shouldn't bow to the pressure. Internet porn is big business driven by big demand. It can't be eradicated. But trying to improve the protections for parents is a good idea — including a .xxx domain experiment."
Blockbuster Probing Online Video-On-Demand
David Koenig writes in The Washington Post:
Movie-rental giant Blockbuster Inc. continues to take small steps toward a rollout of online video-on-demand in the United Kingdom while rival Netflix Inc. plans a small-scale test in the United States this year.
Blockbuster demonstrated an online video service at a trade show in Europe last week and has completed a test involving 5,000 British households, but officials downplay talk of service in the very near future.
Spyware getting nastier
Guy Matthews writes in The Inquirer:
SECURITY VENDOR Aladdin Knowledge Systems says 15% of spyware is successfully stealing passwords and logging keystrokes.
It says spyware is increasingly used to steal logged-on user names and administrator passwords, as well as tamper with instant messaging and email addresses. Aladdin’s study illustrates that a growing amount of spyware is specifically designed for identity theft and continues to compromise both personal and commercial privacy, with potentially dangerous effects for large organizations in need of protecting proprietary information.
The vendor classifies spyware into three clear types:
Severe Threat – 15% of spyware threats send private information gathered from the end user currently logged on to the infected system, logging the user's keystrokes, logged-on user name, hash of administrator passwords, email addresses, contacts, instant messengers login and usage, and more.
Moderate Threat – 25% of spyware sends information gathered from the victim's operating system, including the host name, domain name, and logs all processes running in memory.
Minor Threat – 60% of spyware transmits gathered commercial information about the end user's browsing habits, including keywords used in search engines, browsing habits and ratings of frequently visited websites.
Time Warner, Microsoft in talks on AOL
A Reuters newswire article, via Yahoo! News, reports that:
Time Warner Inc. and Microsoft Corp. are in advanced talks over Microsoft buying a stake in Time Warner's America Online unit, the New York Post reported on Thursday.
Citing two unnamed sources familiar with the matter, the Post said the talks concern Microsoft acquiring an AOL stake and then combining it with Microsoft's Web unit MSN.
Microsoft would pay some money to Time Warner for the AOL stake, leaving the two companies approximately equal partners in the venture, the Post said.
A Time Warner spokeswoman declined to comment. Microsoft was not immediately available for comment.
Dutch to Create Cradle-To-Grave Database
An AP newswire article by Toby Sterling, via Yahoo! News, reports that:
The Dutch government will begin tracking every citizen from cradle to grave in a single database, opening a personal electronic dossier for every child at birth with health and family data, and eventually adding school and police records.
The Health Ministry says the new database will begin Jan. 1, 2007.
As a privacy safeguard, no single person will be able to access someone's entire file. And each agency that contributes to the records will maintain its own files as well.
But organizations can raise "red flags" in the dossier to caution other agencies of potential problems with children, said ministry spokesman Jan Brouwer. Until now, schools and police have been unable to communicate with each other about truancy records and criminality, which are often linked.
Daily gapingvoid.com fix....
Via gapingvoid.com. Enjoy!
Austin American-Statesman Launches Community Blogs
An Editor & Publisher Online article, via Yahoo! News, reports that:
The Austin American-Statesman became the latest newspaper to embrace citizen journalism this week with the launch of StatesmanBlogs.com and Austin360Blogs.com.
The citizen-blog sites act as companions to the news-centric Statesman.com and entertainment-focused Austin360.com. Both use software developed by Austin-based Pluck.
"The mutual launch is to build audience, create loyalty, and make us the information authority people turn to in the market," says Jim Debth, Internet General Manager for the American-Statesman, which is owned by Cox Newspapers. "Since the beginning of time newspapers have been community resources, and this helps us keep our community connection and grow our audience participation."
The Statesman has launched the blogs using existing resources, and currently has no plans to increase staff to manage the new sites. "Since this is a new venture for us, we're helping to seed the initial blogging" with "friends of friends," Debth says, before adding that the eventual plan is for users to contribute 100% of the content.
White House Deed Winds Up in Casino's Hands
Via PR Newswire.
The only known deed to exist for America's most famous address has been bought by Internet casino and poker room GoldenPalace.com for an unbelievable $43.45 through online auction house http://www.eBid.tv.
While conducting research for his upcoming book "Night of the Realtors", in which a Canadian realtor sells the White House, seller David Jenneson discovered that the U.S. Government has no deed recording the property ownership for 1600 Pennsylvania Avenue.
According to Jenneson's eBid page, he sent a written request to the U.S.National Archives regarding the deed. A two-month search resulted in the archives office sending a letter stating they could not find the deed for the White House. After an extensive amount of legal survey and analysis, Jenneson acquired the only known deed in existence.
"The winning bid will acquire a Quitclaim Deed for the famous property, plus a signed copy of my book Night of the Realtors," said Jenneson on his eBid page.
FCC to probe Katrina telecom failures
George Leopold writes in the EE Times:
The Federal Communications Commission will meet in Atlanta on Thursday (Sept. 15) to determine how telecommunications networks collapsed in the aftermath of Hurricance Katrina and to find ways to prevent future failures.
The agency said it will empanel a broad range of telecom industry executives, communications workers, broadcasters and industry groups during its monthly meeting in the Georgia state capital. The FCC seldom holds monthly open meetings outside of Washington.
The meeting appears to have been convened in response to widespread criticism of the federal response to the devastation caused by Hurricane Katrina. As of earlier this week, reports found that many local Internet networks in the region remained offline.
On Wednesday (Sept. 14), members of the commission investigating the 9/11 attacks called the lack of interoperable communications across the Gulf region after the storm a "scandal." In its final report, the 9/11 commission highlighted emergency communications as a key priority.
Among those scheduled to participate in the FCC meeting are: Rod Odom, president of network services at BellSouth Corp.; Booker Lester of the Communications Workers of America; former congressmen Steve Largent, now president of the CTIA Wireless Association; Willis Carter of the Shreveport, La., fire department; and executives from TV and radio broadcasters.
Live audio coverage of the meeting will be broadcast on the FCC's Audio Events Page.
Senators request $5 billion for emergency networks
Anne Broache writes in C|Net News:
In the wake of Hurricane Katrina, senators are clamoring for billions of dollars to enhance the communications network that first responders rely on during emergencies.
Sen. Debbie Stabenow, a Michigan Democrat, has proposed that Congress provide $5 billion in "immediate" funds intended "for the basic hardware that allows emergency responders to talk with one another and coordinate their efforts," according to a press release from her office.
The proposal, co-sponsored by eight Senate Democrats, is one of a slew of proposed amendments to the Commerce, Justice and Science appropriations bill, which is currently under debate and could go to a vote later this week.
The brief, broadly phrased amendment would place the funding in the hands of the Department of Homeland Security, which would then pass it on as grants to state and local entities. Two months ago, Stabenow offered a similar addition to the Homeland Security appropriations bill, but her measure was defeated.
India prods telecoms to interconnect
A UPI newswire article, via PhysOrg.com, reports that:
The Indian government is urging the country's telecom companies to speed up the process of interconnecting with one another.
Telecom Secretary J.S. Sarma said he would hold monthly meetings on the effort among India's public and private companies.
Press Trust India said Wednesday that the absence of such interconnections was seriously hampering expansion of the telecom network in both urban and rural areas.
Some private operators contend that some 2,000 applications for interconnections have been pending with telecom giant Bharat Sanchar Nigam Limited for as long as two years.
Let's Hope eBay's Lawyers Have Read Up On Network Neutrality...
Over on techdirt.com, Mike writes:
Someone at eBay might not be happy about this bit of news today. Just days after spending billions of dollars to buy Skype, a company that makes traffic management technology for broadband providers is offering up a Skype filter that will let broadband providers block out Skype traffic.
They're not the first, obviously, as some operators and even countries have looked at or implemented various Skype-banning systems. However, it is interesting to see the Skype blocking feature being so prominently mentioned. This probably means that eBay is going to have to become a bit more proactive in the whole network neutrality discussion -- otherwise they may just discover that operators (especially outside the US, which was one of the main reasons cited by eBay for buying Skype) are making their latest purchase worthless.
FU Cheney: See Movie, Buy Shirt
Jenn Shreve writes in Wired News:
In the past two weeks, Dr. Ben Marble of Gulfport, Mississippi, lost his house, saw his wife give birth by flashlight, and became an instant celebrity for telling Vice President Dick Cheney to go fuck himself.
"I tell you it was a good feeling at the time. It did feel really good. Wasn't quite as good as having sex or something, but it was good," Marble said of the Sept. 8 event, captured live on CNN.
Seconds later, however, he noticed this "panic stricken look on the Secret Service guys' faces, like they were about to tackle me or I didn't know what." Marble walked briskly from the scene, leaving his friend Jay, who'd captured the whole thing on video camera. Marble told the man who'd just patted him down to "have a nice day," before heading home. He was later detained by two men in fatigues, questioned and released.
But that wasn't the end of it. The incident, remarkable for an administration renowned for screening its audiences, was not only captured live on CNN but replayed on numerous websites and blogs, and even earned a Daily Show screening.
Ben Edelman: How Affiliate Programs Fund Spyware
Ben Edelman, wherever you are -- you're one of my heros. Keep Fightin' the Good Fight (tm).
Ben writes in his blog:
Affiliate networks offer an appealing promise for supporting free, independent content on the web: Any ordinary user can sign up to promote any interested merchant via a special affiliate tracking link. When a user clicks the link and makes a purchase from the merchant, the referring web site ("affiliate") gets a payment from the merchant. Since merchants only pay affiliates when users actually make purchases, merchants feel free to partner with smaller affiliate sites -- sites that might otherwise be too small or quirky to get advertisers' attention.
Despite the promise of affiliate marketing, these casual marketing arrangements entail serious risks. If merchants sign up affiliates without investigation or monitoring, merchants risk accepting partners with undesirable business practices. Consider an affiliate who sends spam, or whose site is so controversial that no reasonable merchant would want to be seen there. So, experienced merchants have learned, they must monitor their affiliates for these kinds of dubious behaviors.
Sprint employees blog on hurricane relief efforts
Michael Hardy writes in FCW.com:
Sprint Nextel employees have established "Sprint City," a six-acre home for hurricane relief workers at the Baton Rouge, La., fairgrounds.
According to the company, the camp was established within 48 hours of Hurricane Katrina's landfall in late August, and since then it has served as a base from which employees are working to re-establish wireless and wired service for those in the areas hit by the storm. About 300 Sprint Nextel employees and contractors are temporarily living there, protected by armed guards.
Employees based there are filing Web log entries on their experiences in a Sprint-hosted blog called "Dispatches from Sprint City."
Bill Expands Monitoring of Sex Offenders
An AP newswire article by Jim Abrams, via Yahoo! News, reports that:
Congress would create a national Web site for child sex offenders and sex felons would face up to 20 years in prison for failing to comply with registration requirements under far-reaching legislation the House took up Wednesday.
The measure, which also requires felony sex offenders to register for life and authorizes the death penalty for sex crimes resulting in the killing of a child, responds to what House Judiciary Committee Chairman James Sensenbrenner, R-Wis., said was a "national crisis" in child sex offenses. He said that of some 550,000 convicted sex offenders in the nation, 100,000 are "lost," with their whereabouts unknown.
Sensenbrenner said the legislation, certain to pass the House, would get favorable treatment in the Senate and he expected it to be signed into law by the end of the year.
The White House, in a statement, expressed support, saying that even though sex crimes against children have declined significantly in recent years, more needs to be done. It noted that the legislation codified the online National Sex Offender Public Registry that the Justice Department launched earlier this year.
Security Professionals: Does this sound familiar?
Jon Oltsik writes in the C|Net Corporate Security Blog:
[...]
Andre felt like he'd done his job and proudly reported his findings to upper management. Rather than act to adhere to compliance regulations or improve corporate governanace, they seemed to resent the bad news and simply swept it under the rug.
Not surprisingly, Andre, is quite disillusioned and sees his current job as a dead end. Meanwhile the management team continues to make a fool's bet the bad guys won't find the multitude of open doors and windows. This is bound to get ugly.
When I tell stories like this to other security professionals they respond with looks of acknowledgement and despair. Alas, Andre's dilemma is not unique. I hear stories like this one constantly.
Will things ever improve? Maybe, but it won't be pretty. Either more companies get breached and the laggards finally respond or Washington gets really tough with both new regulations and enforcement. Either way we are likely to see a lot more frustrated CSOs and costly security breaches in the short term.
MCI completes Totality acquisition
MCI announced their intent to acquire Totality back in early August. Now, Michael Hardy writes in FCW.com that:
MCI has completed its acquisition of Totality, a privately held firm that provides remote managed services.
MCI officials see the acquisition as a major step toward satisfying the growing demand from enterprise and government customers to manage a wider array of information technology functions.
Airgo Claims WLAN Speeds Of 240 Mbps
Via Mobile Pipeline.
WLAN technology vendor Airgo Networks said Wednesday that its next generation of Multiple Input, Multiple Output (MIMO) wireless LAN chipsets will provide data rates of as high as 240 Mbps.
The company said it is currently sampling the new chipset, which is the third generation of its MIMO technology, with WLAN equipment vendors. It said it expected the first products based on the chipset will be released later this year.
Fed Exposes Health Records Of Evacuees Online
Jonathan Krim writes in The Washington Post:
The federal government is making medical information on Hurricane Katrina evacuees available online to doctors, the first time private records from various pharmacies and other health care providers have been compiled into centralized databases.
The data contain records from 150 Zip codes in areas hit by Katrina. Starting yesterday, doctors in eight shelters for evacuees could go to the Internet to search prescription drug records on more than 800,000 people from the storm-racked region.
Officials hope to soon add computerized records from Medicaid in Mississippi and Louisiana, Department of Veterans Affairs health facilities, laboratories and benefits managers.
The records are one step in reconstructing medical files on more than 1 million people disconnected from their regular doctors and drug stores. Officials fear that many medical records in the region, especially those that were not computerized, were lost to the storm and its aftermath.
Baidu plunges as IPO bankers call stock overvalued
A Reuters newswire article, via Yahoo! News, reports that:
Baidu.com shares plunged as much as 21 percent on Wednesday after two of the investment banks that managed the Chinese Internet company's meteoric initial public offering said the stock price was overblown.
Goldman Sachs and Piper Jaffray both rated the stock "underperform," given its extraordinary debut on August 5, when it rose more than fourfold.
The eagerly anticipated IPO of Baidu, known as the Chinese Google, recalled the dot-com heyday, when first-day price rise records were broken weekly.
The debut of China's largest Web search company eclipsed even that of Google Inc., but a steady drumbeat of critiques over its valuation has surfaced since then.
Off Topic: Katrina Confusion?
Security Threats Rise 22%
Via Red Herring.
Computer worms, viruses, and other security-related threats have increased more than 22 percent year-to-date, with more companies reporting losses from cyber break-ins and insider attacks on networks and data, a study said Tuesday.
So far this year, companies reported 862 incidents, up 22.4 percent from 704 during the same period in 2004, according to an annual study released by IDG and PricewaterhouseCoopers. Cyber crime seems to be on the upswing, with 22 percent of companies surveyed reporting financial losses from attacks on their systems, up from only 7 percent in 2004.
The study surveyed more than 8,200 information security executives in 63 countries and covers a range of industries including computer-related manufacturing and software, consulting and professional services, financial services and banking, government, healthcare, and education.
Syria: Internet-user Abdel Rahman Shaguri released from prison
Via Reporters sans Frontières.
Reporters Without Borders noted the release from jail of Internet-user Abdel Rahman Shaguri on 31 August 2005 one week after completing his sentence for “publishing lies” but condemned his conviction as “utterly unjustified”.
"This man spent more than two and a half years in prison and was tortured just for sending news by email,” the worldwide press freedom organisation said.
"We also want to use this occasion to repeat our call for the release of cyberdissident Massud Hamid, imprisoned in Syria since July 2003", it added.
Intelligence officials arrested Shaguri on 23 February 2003, for emailing a newsletter taken from the website thisissyria.net, which is banned in Syria. The supreme state security court sentenced him on 20 June 2004 to two and a half years in prison. The charge against him specified that the articles he sent had “harmed the image and security of Syria”.
Shaguri served his entire sentence at the Saidnaya military prison where he was reportedly tortured by members of the military secret services.
Google Launches Blog Search Beta
Nate Mook writes in BetaNews:
Google on Wednesday took the wraps off a new search engine devoted to Web logs, or blogs, which is also integrated with the company's Blogger publishing tool. The Blog Search uses RSS feeds to index blog content, and Google says it intends to include as many blogs as possible, including those in foreign languages.
"Whether you're looking for Harry Potter reviews, political commentary, summer salad recipes or anything else, Blog Search enables you to find out what people are saying on any subject of your choice," Google says. Soon the company will offer a form for bloggers to manually submit their site, if it isn't automatically picked up.
TiVo copy protection bug irks users
Daniel Terdiman writes in C|Net News:
A bug in the latest version of TiVo's operating system has some users concerned that the service's content protection mechanisms--supposedly intended solely for pay-per-view and video-on-demand content--may someday be applied to broadcast television programming.
According to PVRBlog, a blog about TiVo and other digital video recorder companies and technology, some TiVo customers recently found that a recorded episode of "The Simpsons" had been red-flagged for content protection.
WebMD Files $90M IPO
Via Red Herring.
WebMD Health said on Wednesday it plans to file for an initial public offering of 6.9 million shares to generate more working capital and for general corporate expenses.
The subsidiary of online health advice site WebMD estimates the price will be between $13.50 to $15.50 per share of the Class A stock. WebMD plans to officially change its corporate name to Emdeon on September 29 but began using the new name on August 4. It will continue to use the WebMD brand, however.
Morgan Stanley, Citigroup, and Goldman Sachs will be underwriting the offering. The underwriters also have the option to buy another 1.03 million shares to cover their over-allotments.
WebMD Health provides “health information services to consumers, physicians, healthcare professionals, employers, and health plans through our public and private online portals and health-focused publications,” according to the company’s filing with the U.S. Securities and Exchange Commission.
UK: Redbus and Demon founder appears in court
Via OUT-LAW.com.
Internet pioneer Cliff Stanford yesterday went on trial at Southwark Crown Court on charges of unlawfully intercepting emails at his former company, Redbus Interhouse, according to reports.
Stanford resigned from the company in 2002.
Cliff Stanford is a well-known figure in the internet industry. He founded Demon Internet in 1992 and sold it in 1998 to Scottish Telecom for £66 million (Scottish Telecom subsequently re-branded as Thus), netting Stanford around £30 million.
According to reports, allegations surfaced in October 2003 that Stanford had been involved in hacking the email system of Redbus. He and another man, George Nelson Liddell, were questioned by police over the interception of emails between Redbus' former chairman John Porter, and Porter's mother, the former Westminster council leader, Dame Shirley Porter.
Both men were charged with offences under the Computer Misuse Act and the Regulation of Investigatory Powers Act (RIPA) of 2000, say reports. They deny the charges.
Computer engineer lost job over two pieces of pizza
An AP newswire article, via The Globe and Mail, reports that:
A computer engineer who lost his job because he ate two pieces of pepperoni pizza has been named the winner of an offbeat Internet contest that solicited stories about outrageous firings.
A panel of Silicon Valley judges picked Jim Garrison's strange tale from more than 1,000 entries submitted during the past month. The reward: a free Caribbean cruise.
Garrison, 39, prevailed over some tough competition.
The runners-up included a furniture mover who got fired after he and a co-worker were caught fencing with some adult sex toys found in a customer's bedroom; a worker who misunderstood a manager's instructions to send some sensitive data to microfilm and e-mailed it to a "Michael Finn" instead; and a warehouse worker found doing perverse things with the prosthetics made by his employer.
Watchtower sues website
Nick Farrell writes in The Inquirer:
A SITE which quotes bits of the Jehovah’s Witness rag Watchtower for the general amusement and edification of its readers has been sued by the magazine for bringing it into disrepute.
The magazine, which is usually seen in the pious paws of a Jehovah’s Witness knocking on your door, is apparently miffed at the antics of [the] site.
According to the writ, which can be seen here, Watchtower is claiming that the publication of selected quotes embarrasses the outfit.
The site provides a search engine of quotes about what has been said in Watchtower. When we tapped in the word ‘the Inquirer’ we found the quote “idi"ot"es, 'one without understanding,' the 'inquirer' are both in the unbeliever class in contrast to the saved of the Christian church".
Besides the obvious claim that the site breaches its copyright, Watchtower says the site might be confused with the real Watchtower because it has the domain name "watchtower.ca" which is trademarked.
World Bank site shows best countries to do business in
Via The Inquirer.
THE WORLD Bank has released data and tables showing how easy it is to do business in different countries around the world.
Entrepreneurs in Sierra Leone are likely to have a problem because if you pay all the business taxes you ought to, it will consume 164 per cent of your company's gross profit.
In Syria, said the World Bank, to start a business you need to invest $61,000 in capital which is 51 times the average annual income.
A league table of countries reveals that New Zealand is the easiest place to do business, followed by Singapore, the US, Canada and Norway. The UK is number nine in the table.
Don't go to law in Guatamela, because according to the World Bank, it takes around 1,500 days to resolve a simple dispute.
All this, and a heap of very useful information cann be found on the World Bank's Doing Business site.
Uk.com wildcard raises Net stability worries
Kieren McCarthy writes in The Register:
A decision by British company CentralNic to make all unregistered domains ending with "uk.com" direct to its own webpage has raised concerns over the future stability of the Internet.
CentralNic owns a series of valuable dotcoms including uk.com, us.com, eu.com and de.com and sells third-level domains e.g. www.theregister.uk.com to anyone for £32.50 a year. It runs around 100,000 domains.
However, no matter what domain you type in your browser (i.e. www.fskjsdkjkjsd.uk.com), so long as it hasn't been sold, you will redirected to CentralNic's own webpage, featuring advertising and an offer to buy that domain through its system.
The benefit to the company is clear - increased sales and advertising revenue - but the system by which the redirection is carried out, called wildcard, has been criticised by the Security and Stability Advisory Committee (SSAC) of Internet overseeing organisation ICANN as putting the stability of the Internet at risk.
Telstra sale given go-ahead
Here's a developing story that I've pointed out here on the the blog a few times in the past couple of weeks.
Tim Richardson writes in The Register:
The Australian Government has moved a step closer to flogging its 51.8 per cent state in incumbent telco Telstra after winning a key vote earlier today.
The Australian Senate backed plans to flog the Government's stake in the business despite a concerted campaign by opposition MPs and trade unions.
The Government is set to raise around A$30bn (£14bn) from the sale of its share in the firm, which is expected to go ahead next year.
In a bid to ease concerns about the future the Government has agreed to set aside more than A$3bn to help protect and improve services in rural areas.
As part of the sell-off, the Government also plans to separate Telstra's retail, wholesale and network business to ensure that the telco "treats its wholesale customers fairly".
More tech fails to exorcise security risks
John Leyden writes in The Register:
Current IT systems are inherently insecure and growing complexity will simply increase these risks, a leading academic has warned.
Users should rebel and demand vendors compensate them for security foul-ups, said pugnacisous Professor Klaus Brunnstein of the University of Hamburg
Brunnstein told delegates to an IT security conference in London on Wednesday that attempting to protect against IT risks - such as hacking attacks - by increasing the complexity of systems is futile. "That would be like trying to expel the devil with Beelzebub," he said.
The present wave of IT security incidents is caused by inherently insecure assumptions, including overly complex systems. The interoperation of these systems with other insecure technologies magnifies the problem, the applied informatics academic argued.
Sprint Nextel sees cost from Katrina
A Reuters newswire article, via Yahoo! News, reports that:
Sprint Nextel on Wednesday said Hurricane Katrina will cost it between $150 million and $200 million after insurance payments. It also said portions of its wireless network in the U.S. Gulf Coast remain out of service.
The telecommunications company said it has restored wireless service to all regions in Alabama affected by the storm, and more than 90 percent of its network in Mississippi and more than 70 percent in Louisiana.
Its estimated cost from the storm includes capital and operating costs associated with restoring service and its retail operations, as well as what it termed "billing relief" for affected customers.
Microsoft Offers to Settle Suit Vs. Google
An AP newswire article by Gene Johnson, via Yahoo! News, reports that:
Hours after a state judge ruled that a former Microsoft Corp. executive may begin doing limited work for rival Google Inc., a top Microsoft lawyer said the software giant was prepared to settle its lawsuit if the restrictions on Kai-Fu Lee remain in effect until next summer.
Microsoft general counsel Brad Smith said Tuesday night the company was pleased with the restrictions and would end all litigation if Google and Lee agree to abide by the judge's order until next July, when Lee's noncompete agreement expires.
"We can settle this lawsuit tomorrow," Smith said. "We can get back to ... competing in the marketplace."
Lee still cannot work on products, services or projects he worked on at Microsoft, including computer search technology, pending a trial set for January. Superior Court Judge Steven Gonzalez said Tuesday that the noncompete agreement Lee signed with Microsoft is valid.
Yahoo! upgrading webmail
Via Reuters.
Yahoo Inc. said it is upgrading Yahoo Mail, the most popular Web e-mail program, to make it run more efficiently than other Web-based systems and nearly as fast as desktop e-mail.
The new version of Yahoo Mail works in a browser, just as existing versions of the program do, but Yahoo has developed ways to short-circuit the multi-second delays that typically delay any action taken in Web-based e-mail programs.
It replaces the need to repeatedly refresh a browser to open e-mail, move it into folders or take other actions that require the user to wait for the browser to redraw the page.
Instead, it works similarly to desktop computer e-mail clients, with features such as drag-and-drop organization of e-mails into folders and a message preview window that displays selected messages nearly instantaneously.
Today's Dilbert: Blame the Absent
Click on image for enlargement.
iTunes upgrade has users griping
Alorie Gilbert writes in C|Net News:
A new version of Apple Computer's iTunes software released last week appears to be giving many iPod owners headaches, according to reports from across the Web.
Complaints about iTunes 5 for Windows have surfaced over the past few day on numerous blogs and discussion boards, including the company's own discussion board at Apple.com. iTunes is a desktop computer program that comes with the iPod music player and allows people to transfer music to the device. It also represents Apple's first big foray into designing software that works with Microsoft Windows.
People have reported a range of problems with the updated program, while others said the software works fine. Among those reporting problems, many say that trying to install the program causes their computers to crash. Others report that once they install the program, it won't transfer music purchased at the iTunes Music Store to their iPod, deletes playlists, interferes with other programs or generally wreaks havoc on their computers.
"What's worse, rolling back (to a previous version) can be difficult or impossible, and Apple's lack of official recognition or public response regarding these problems is driving many users up the wall," Lauren Weinstein, co-founder of People for Internet Responsibility, wrote in a letter posted online.
Years of Research Ruined in Katrina Flood
An AP newswire article by Paul Elias and Alicia Chang, via ABC News, reports that:
As rising floodwaters swamped New Orleans, Louisiana's chief epidemiologist enlisted state police on a mission to break into a high-security government lab and destroy any dangerous germs before they could escape or fall into the wrong hands.
Armed with bolt cutters and bleach, Dr. Raoult Ratard's team entered the state's so-called "hot lab," and killed all the living samples.
"This is what had to be done," said Ratard, who matter-of-factly put a sudden end to his lab's work on dangerous germs, which he wouldn't name.
At least Ratard's team was able to retrieve laptop computers containing vital scientific data. Many other scientists in the region weren't so fortunate, losing years of research, either through storm damage or voluntary destruction.
EFF wins right to unseal Apple court documents
A MacCentral article by Jim Dalrymple, via Yahoo! News, reports that:
The Electronic Frontier Foundation (EFF) on Tuesday won the right to unseal court documents from Apple Computer. The documents show that Apple planned to subpoena the anonymous sources of two reporters from AppleInsider and PowerPage before conducting an investigation inside the company.
The lawsuit was brought against the sites when they printed articles about “Asteroid,” rumored to be a FireWire audio interface for GarageBand — Apple claimed violation of trade secret law.
The First Amendment and the California Constitution require that Apple exhaust all other alternatives before trying to subpoena journalists. Lawyers claimed the journalists should be protected by the First Amendment, an argument the group lost in court and appealed earlier this year.
Documents in the case show that Apple never took depositions, never issued subpoenas (other than to the journalists) and never asked for signed declarations or information under oath from its own employees, according to the EFF.
Apple argued that the internal investigation itself was a trade secret and should be sealed from opposing counsel. EFF lawyers successfully argued to have the documents unsealed.
Zotob worm suspect in court
A Reuters newswire article, via CNN, reports that:
A Moroccan magistrate questioned an 18-year-old science student in court on Tuesday about his alleged role in unleashing computer worms that disrupted networks across the United States last month.
Farid Essebar appeared before the investigating magistrate in Rabat for three hours of questioning about the Zotob worm, his lawyer said.
The worm caused computer outages at more than 100 U.S. companies, including major media outlets like CNN and The New York Times.
"My client Farid Essebar was interrogated by a Rabat court investigating judge over the Zotob worm release on the Internet. He was returned back to detention in a Rabat jail," said his lawyer, Mohamed Fertat.
Essebar, an experimental science student who has been in jail since his arrest on August 25, was remanded in custody and will be questioned again on September 21, Fertat added.
Essebar's arrest in Morocco was part of a coordinated operation involving Turkish authorities who detained 21-year-old Attila Ekici, also suspected of involvement in the release of the Zotob worm, the FBI said in Washington.
Good Technology cuts more than a fifth of work force
An AP newswire article, via The Mercury News (obnoxious, but free registration required -- or use BugMeNot.com), reports that:
Good Technology Inc. has cut more than 100 jobs, or one-fifth of its work force, in recent weeks as part of the mobile e-mail company's growing emphasis on partnering with cellular operators such as Cingular Wireless and Sprint Nextel Corp. rather than direct sales.
Good, whose GoodLink service is a small but fast-growing rival to BlackBerry from Research In Motion Ltd., told The Associated Press on Tuesday that its total staff has fallen from about 500 positions to 400. The new tally includes an undisclosed number of hires in roles other than direct sales.
The restructuring comes about three months after Good announced a deal in which Cingular, the nation's biggest cell phone provider, began selling GoodLink directly to its subscribers at a sizable discount. A similar deal with Sprint was announced in July.
The two carrier deals have provided a big boost for Good as it wrestles for market share with the dominant BlackBerry service, which has more than 3 million users. Good, a private company based in Santa Clara, Calif., last reported that it has 7,000 corporate accounts, up from 4,000 at the end of last year, but doesn't disclose how many individual users it has.
Brief L.A. Blackout Fells More Nets Than Hurricane Katrina
Gregg Keizer writes in TechWeb News:
While the brief blackout in Los Angeles Monday was caused by an errant worker snipping wires, not Mother Nature and a wall of water, the incident actually brought down more Internet networks than failed during Hurricane Katrina, a Web monitoring firm said Tuesday.
"Los Angeles is a much more network-dense place than the Gulf Coast," said Todd Underwood, the director of operations for Renesys, a Manchester, New Hampshire-based firm that monitors Internet routing traffic. "Up to 301 networks were outaged during the [power blackout] event." That was substantially more than went down during the Hurricane Katrina storm that hit Louisiana, Mississippi, and Alabama on August 29.
"The outages were contained locally," said Underwood, "and for the most part, redundant power structures worked. There were a couple facilities where significant networks failed, however. Backup power infrastructure seldom gets a full workup, so there are always some that fail [to kick in]."
None of the long-haul lines that connect Los Angeles to the rest of the Internet, and direct traffic through the city from other parts of the western U.S. or the Pacific Rim, were affected by the power blackout.
OMB: No new money for IPv6
David Perera writes in FCW.com:
Federal agencies have all the money they need to make a mandatory transition to the next generation of IP, a top Office of Management and Budget official said today.
“The good news, you have all the money you need. [IP Version 6] is a technology refresh,” said Glenn Schlarman, information policy branch chief in OMB's Office of Information and Regulatory Affairs. Schlarman spoke at a Potomac Forum event on IPv6. "You have to adapt, reallocate," he added.
Under the requirements of an Aug. 2 OMB memo, agencies have until the middle of 2008 to become IPv6 compatible.
“We’re talking about the foundational elements, the foundational backbone,” Schlarman said. Agencies have the option of operating networks that simultaneously support the current protocol, IPv4, and IPv6.
But agencies that don’t have a plan to routinely update technology will encounter some problems, Schlarman said. Agencies that do will find that they are much closer than they perhaps realize to IPv6 compatibility, he added.
Microsoft Reissues Update Rollup For Windows 2000
Gregg Keizer writes in TechWeb News:
More than a month after Microsoft acknowledged that its final Windows 2000 update was flawed, on Tuesday the Redmond, Wash.-based giant released a revised version and says it solves compatibility problems with other software.
Update Rollup 1 for Windows 2000 SP4 -- v2 was posted Tuesday for downloading from Microsoft's Download Center for multiple machines, or via the Windows Update service for individual PCs.
The second edition of Update Rollup 1 -- the final major update Microsoft intends for the aging but still popular Windows 2000 operating system -- was necessary because of problems some users encountered with third-party software after installing version 1.
Among the headaches that Microsoft confirmed in early August were compatibility issues with several prominent vendors' applications, including ones from Citrix, Sophos, Internet Security Systems, and even Microsoft itself. The latter's Microsoft Office, for example, wouldn't save files directly to floppy disks after the rollup had been installed.
Phoney Anti-Spyware Software Lures Unsuspecting Users
Gregg Keizer writes on TechWeb News:
A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk, a security expert said Tuesday.
Like the most dangerous and devious phishing attacks, this one is based on a Web site. Users enticed here face a fake portrayal of Microsoft's Windows Security Center.
The bogus site displays such factual information as the user's IP address, the browser being used, operating system, and country of origin. Along with that, however, the page claims that an attacker "has gained access to your computer and is collecting the information about the sites you've visited and the files contained in the folder 'My Documents.'" A pop-up also alleges that the PC has been infected with a rogue .dll -- a piece of spyware dubbed "W32.Sinnaka.a" -- that's collecting private data.
It's all a lie, said Patrick Hinojosa, the chief technology officer of Panda Software.
There's no such online edition of Windows Security Center -- that's actually an on-disk utility in Windows XP -- nor is there any legit malware by the name of Sinnaka.a.
Teen Pleads Guilty to Hacking Paris Hilton's Phone
Brian Krebs writes in The Washington Post:
A Massachusetts teenager has pleaded guilty to hacking into the cell-phone account of hotel heiress and Hollywood celebrity Paris Hilton, a high-profile stunt by the youngest member of the same hacking group federal investigators say was responsible for a series of electronic break-ins at data giant LexisNexis.
The 17-year-old boy was sentenced to 11 months' detention at a juvenile facility for a string of crimes that include the online posting of revealing photos and celebrity contact numbers from Hilton's phone. As an adult, he will then undergo two years of supervised release in which he will be barred from possessing or using any computer, cell phone or other electronic equipment capable of accessing the Internet.
The U.S. Attorney's Office for Massachusetts and the state district court declined to identify the teen, noting that federal juvenile proceedings and the identity of juvenile defendants are under seal. But a law enforcement official close to the case confirmed that the crimes admitted to by the teen included the hacking of Hilton's account.
The teen also pleaded guilty to making bomb threats at two high schools and for breaking into a telephone company's computer system to set up free wireless-phone accounts for friends. He also participated in an attack on data-collection firm LexisNexis Group that exposed personal records of more than 300,000 consumers. Prosecutors said victims of the teen's actions have suffered about $1 million in damages.
U.S. Lacks Unified Emergency Radio System
This is NOT a test....
An AP newswire article by Matthew Fordahl and Bruce Meyerson, via MSNBC, reports that:
After surviving Hurricane Katrina's initial blow, the radio communications system for the New Orleans police and fire departments dissolved as its radio towers lost their backup power generators in the ensuing flood.
Some of the equipment could have been brought back up quickly, except that technicians were blocked from entering the submerged city for three days by state troopers who were themselves struggling with an overwhelmed radio system from a different manufacturer.
"I didn't get a chance to plead my case," said Jan Edwards, service manager for the New Orleans radio system's maker, Tyco International Ltd. subsidiary M/A-Com Inc.
While Edwards and his team were detained on its outskirts, emergency workers inside the city were mostly limited to a handful of CB-like "mutual aid" radio channels, which were quickly overwhelmed.
Four years after the 2001 terror attacks exposed the need for more robust, interconnected communications during such calamities, with nearly a billion dollars appropriated by Congress for the task last year, the United States still lacks uniform systems that can keep all emergency responders in touch.
"We're no better off than we were then," Louisiana state Sen. Robert Barham said last week.
Officials Warn of Katrina Relief Web Scams
We've been hearing about scams since Katrina made landfall on the Gulf Coast -- here it is again, this time from Attorney General Alberto Gonzales.
An AP newswire article, via Yahoo! News, reports that:
At least 4,000 Web sites claiming to be Hurricane Katrina relief funds have popped up on the Internet and top U.S. law enforcement officials warned Tuesday that many could be fraudulent.
The number of Katrina-related sites has more than quadrupled in the past week, according to FBI officials.
"A devious few have sought to take advantage of our collective generosity," Attorney General Alberto Gonzales said at a news conference to highlight the government's efforts to combat fraud.
The FBI has so far reviewed 2,100 sites, of which 60 percent are foreign and thus more likely to be bogus, said FBI assistant director Chris Swecker.
There have so far been no arrests. As of last week, the FBI had opened eight criminal investigations of suspect domestic sites. Swecker said the number of probes has grown a lot in recent days, but he declined to be specific.
Austin among 'coolest cities' for young professionals
Right on.
Via The Austin Business Journal.
Kiplinger.com named Austin as one of the coolest cities for young professionals.
Kiplinger.com took a look at cities across the nation and picked the top seven most exciting locations for young people. The Web site chose the coolest cities based on affordability and availability of jobs.
Kiplinger.com cited the University of Texas as well as the city's musicians, margaritas and cheap rents all as reasons the Capital City is considered cool.
Other cities included in the list were Athens, Ga.; Atlanta; Denver; Minneapolis; Nashville, Tenn.; and Raleigh, N.C. These were all cities Kiplinger says had plenty of jobs and rents low enough to leave a little extra cash to go out.
Ex-Microsoft exec cleared for most Google work
An AP newswire article, via MSNBC, reports that:
A state judge, ruling in a case that exposed the behind-the-scenes animosity between two high-tech titans, cleared the way Tuesday for a former Microsoft Corp. executive to perform most of the tasks rival Google Inc. had hired him to do.
King County Superior Court Judge Steven Gonzalez's decision supersedes a temporary restraining order he imposed this summer and remains in effect until Microsoft's lawsuit against Google goes to trial in January.
Kai-Fu Lee remains barred from working on products, services or projects he worked on at Microsoft, including computer search technology. But while the judge said that a noncompete agreement Lee signed with Microsoft is valid, he said recruiting and staffing a Google center in China would not violate that agreement.
Lee cannot set budget or compensation levels or define the research that Google will do in China, but he can hire people to work there, the judge said.
State Department wants 'hands off' global Internet regulation
Rob Thormeyer writes in GCN.com:
State department officials plan to lobby the United Nations to continue taking a hands-off approach to regulating the Internet on a worldwide basis.
David Gross, ambassador and coordinator of the State Department’s international communications and information policy, said Monday that the government is negotiating with other countries to develop a definition of “Internet governance” ahead of a major United Nations summit in November.
Gross said the definition needs to strike a delicate balance, providing an appropriate amount of oversight while not restraining the private sector. “I am very optimistic we will find the path forward … [and] encourage the growth of the Internet,” Gross said Monday at a briefing sponsored by the Advisory Committee to the Congressional Internet Caucus.
The UN’s Working Group on Internet Governance in June released a preliminary report on the issue, which will be discussed at the November summit in Tunisia.
Gross said he hopes debate over Internet governance does not overshadow the real crux of the summit—how to promote widespread Internet usage across the globe. “It’s a real challenge, but the stakes are high,” Gross said after his speech. The summit should focus on the using and promoting—not regulating—the Internet.
IP address typo leads to a false arrest in Kansas
Pointer provided by Declan McCullagh's PoliTech Blog.
Ron Sylvester writes in The Witchita Eagle:
Brian and Sarah Doom were shocked when police showed up at their Wichita home accusing them of child pornography.
The Dooms had never been in trouble with the law. On Aug. 12, 2004, they found themselves being accused of activity that disgusted them.
But the police had the wrong house, based on mistaken information from the Dooms' Internet service provider, Cox Communications.
Now, Brian and Sarah Doom are suing Cox for invasion of privacy, breach of contract, defamation of character and "outrageous conduct."
The lawsuit emphasizes the tension emerging in recent years between the privacy of Internet customers and the ability of police to chase crimes down the electronic information highway.
"Cox did make a mistake, and we are sorry for that action," said Sarah Kauffman, Cox spokeswoman. "But due to the pending lawsuit, we are prevented from commenting further."
The suit was filed both in Kansas and in Georgia, where Cox maintains its headquarters.
Hackers hit U.S. Army computers
An AP newswire article by Jon Sarche, via The Globe and Mail, reports that:
Thieves stole computer equipment from Fort Carson containing soldiers' Social Security numbers and other personal records, the Army said Monday.
Post spokeswoman Dee McNutt said she did not know how many soldiers' records were involved but that no cases of identity theft had been reported.
Among Fort Carson's soldiers are thousands who are serving in Iraq, including members of the 3rd Armored Cavalry Regiment.
Computers or hard drives were stolen in mid-August from a building on the post in Colorado Springs where soldiers get identification cards and update their personnel records, McNutt said.
Records taken also included soldiers' date of birth, rank, unit, citizenship and job.
eBuyer admits problems
John Oates writes in The Channel Register:
Online retailer eBuyer has apologised to customers forced to wait for purchases and blamed a problem with its inventory management system for the problems.
The Register started getting emails late last week complaining of renewed problems with eBuyer. Back in July the site had a series of problems which led to 282 complaints to Sheffield Trading Standards. A quick look at tribute sites ebuyersucks.org and ebuyersucks.com showed complaints had increased. The administrator of ebuyersucks.com said she had a further 38 complaints to post up on the site.
Emails sent to us complained of seven day delays for answers to queries.
Helen Slinger, marketing manager at eBuyer, told us: "On Friday we found a problem with the inventory management system. It wasn't dispatching orders but items would appear to be in stock to customers. Volumes of enotes (emails the company uses for customer service) increased and the phone system was hitting full capacity."
Slinger said the problem was now fixed. She said the problems happened at a busy time with the company dealing with 6,000 orders a day. She apologised to customers for any inconvience caused and said service would improve in the next week.
Singapore bloggers charged with sedition
Margaret Kane writes in the C|Net News Blogma blog:
Two men in Singapore have been charged with sedition and face jail for allegedly making anti-Muslim comments on the Internet.
The incident took place after a woman wrote a letter to the editor of a local paper complaining about dogs traveling in taxis, complaining that the dogs leave behind drool, which she said Muslims are forbidden to touch. The men reportedly posted anti-Muslim remarks in response on a dog-lover Web site and on a personal site.
According to news reports, the Sedition Act prohibits "promoting feelings of ill-will and hostility between races in Singapore." If convicted, the men could be fined up to $5,000 and jailed for up to three years.
While many bloggers expressed concerns about the chilling effects this could have on speech online, a few said the men deserved their fate.
FCC mandates seen as aid to telecoms in disasters
A ComputerWorld article by Matt Hamblen, via NetworkWorld, reports that:
An FCC mandate on network providers and related emergency communications policies would help telecommunications companies prepare for future disasters similar to Hurricane Katrina, industry experts said last week.
Hossein Eslambolchi, AT&T's CIO, called on the FCC to require every communications provider to adopt crisis management plans. AT&T has had a crisis management plan in place for several years and has invested $350 million on 160 emergency vehicles containing repair equipment that it has stationed throughout the U.S. for any network disaster, he said.
"Like the way the U.S. responded to the Y2K problem, there needs to be mandate by the FCC for crisis management," Eslambolchi said. "It wasn't clear to me whether a lot of crisis management [by private carriers] was done here [with Katrina]. We cannot afford to have another of these disasters."
A related improvement would be a coordinated information delivery system that provides updated information about disaster response tactics. That way, Eslambolchi said, if officials are forced to close off roads or highways, for example, repair crews carrying materials and fuel would know to find alternate routes, Eslambolchi said.
Reporters face long FOIA delays
An AP newswire article, via MSNBC, reports that:
After badgering the Environmental Protection Agency for days to learn where dangerous chemicals were leaking after Hurricane Katrina, Mark Schleifstein still couldn’t get a clear answer.
The top hurricane reporter of The Times-Picayune of New Orleans filed a request under the federal Freedom of Information Act, asking for any reports on spills, accidents or fires.
More than a week later, he has received no response.
“On one hand, they need time to make sure the information is accurate, but if they are sure enough to release to the public, they should release all information as quickly as possible,” he said.
This sort of delayed non-response to a FOIA request is becoming commonplace, according to a report released Monday by the Society of Environmental Journalists. The report, drawn from 55 interviews with environmental reporters nationwide, shows government compliance with FOIA has worsened considerably since the Sept. 11 terrorist attacks.
Businesses And Networks Are Unprepared For Disasters: AT&T Survey
Matthew Friedman writes in Networking Pipeline:
Is your network prepared for a disaster like hurricane Katrina? A new report done by AT&T and the International Association of Emergency Managers (IAEM) suggests that many enterprise networks are not, and that a surprisingly large proportion of companies have made continuity planning a low priority.
The study, "Disaster Planning in the Private Sector: A Look at the State of Business Continuity in the U.S.," found that almost one third of U.S. businesses do not have continuity plans, and that nearly 40% of the 1200 companies surveyed reported that continuity planning was not a priority. More than 40% of the companies surveyed do not have off-site back-up or redundant servers and almost a third have failed to implement basic network security measures.
Considering the costs involved, AT&T chief marketing officer Kathleen Flaherty commented that this kind of attitude was shortsighted. "With today's heavy reliance on constant access to information, even a few hours of downtime can have catastrophic consequences, including huge financial losses, a tarnished reputation and lost customer goodwill," she said in a statement.
Tin foil hat alert: They're watching you...
William Illsey Atkinson writes in The Globe and Mail:
On the fourth anniversary of 9/11, the world not only recalls the carnage, it also finds itself face to face with the social and technological changes that the terrorist attacks began. The biggest of these -- arguably more important than any military issue -- is surveillance. Whoever you are, wherever you are, at any given moment some friend or foe may be watching you. That's today's reality.
We take some surveillance for granted. Airplanes and satellites with remote-sensing equipment constantly fly over Canada to monitor pollutants and illegal fishing, enforce Arctic sovereignty and inspect our territory for the movement of illegal goods.
Yet the main target of Big Brother is not acreage, but people. Personal surveillance is of two kinds, public and private. Public surveillance covers people and organizations that the state deems to be a real or potential danger. Private surveillance covers threats that an individual fears.
Although public surveillance has many times the scope of private surveillance, the two realms' technologies constantly overlap: The same devices may entrap the frisky husband and the errant embassy official.
F-Secure gets into the hardware business...
Having been strictly a software company for 17 years, F-Secure Corp. enters the hardware business with their new F-Secure Messaging Security Gateway. It's a 1U-sized rack-mountable appliance that sits next to your email server and filters spam and viruses from the message traffic.
Product pages available here.
Daily gapingvoid.com fix...
Via gapingvoid.com. Enjoy.
Katrina Knocks Out 100+ Networks, But Few Relocate
Via Netcraft.
Few of the data networks knocked offline by Hurricane Katrina have relocated their operations to backup sites outside the disaster zone, according to a new report [.pdf] examining the disaster's impact on infrastructure. More than 100 local networks on the U.S. Gulf Coast remain offline two weeks after Katrina, but major Internet networks saw only brief disruptions from the storm, according to the report from Renesys, which monitors Internet routing traffic.
"It is suprising to note how few of the networks in the region saw any service restored through disaster recovery services," the analysis noted. "Many networks in the affected region, especially those in Louisiana, have been unreachable for a prolonged period of time. These networks may not see service restored for some time to come, unless they can be brought back online at disaster recovery sites outside of the region."
The local outages had no major impact on the Internet because New Orleans isn't a major hub for Internet connectivity. A fiber route from Atlanta to Houston travels north of the city, and experienced only minor problems during Katrina, while a Qwest route through New Orleans serving Internet2 experienced more significant outages.
Some New Orleans providers stayed online using generators, including domain registrar DirectNIC, whose employee weblog documenting conditions in New Orleans attracted widespread media coverage, including live interviews with DirectNIC staff on NBC news channels. Datasync, a hosting provider based in Biloxi, Mississippi, was offline for more than 24 hours on Sept. 1-2, but came back online and has remained available.
Computer systems blamed for feeble hurricane response
Via The Inquirer.
REPORTERS at the Wall Street Journal said they have seen documents which show that a swift response by the US federal government to Hurricane Katrina was hampered because FEMA computer servers crashed.
Michael Brown, FEMA's head, resigned yesterday after being recalled by the Department of Homeland Security to Washington DC.
Attempts by agencies to spur the Federal Emergency Management Agency into urgent action were met with bouncing emails, the Journal said.
It quoted a Department of Health official as saying every email it had sent to FEMA staff bounced. "They need a better internet provider during disasters," the Journal quoted her or him as saying.
A number of US agencies made desperate calls to the Department of Homeland Security and to Congresswomen and men, the article claimed. [Subscription required.]
The newspaper did not say which computer systems FEMA uses.
Smut and personal data left on resold PCs
John Leyden writes in The Register:
Seven in 10 re-sold hard-drives and memory cards contain pornographic material, according to research by a UK-based data recovery firm based on the inspection of 1,000 hard disk drives over the last year.
Disklabs knows this because one of the best ways of checking the integrity of files is by viewing images or movies. The firm comes across approximately two paedophile cases per year. These are immediately passed over to the relevant police authorities.
In addition to findings from its regular work, Disklabs recently purchased 100 hard-disk drives and 50 memory cards from eBay and tested a sample batch to find what data was still retrievable from them. Documents such as CVs and accounting spreadsheets (including names and mobile numbers) were easily accessible.
Previous owners regularly failed to delete temporary Internet files either, potentially creating a means for unscrupulous purchasers to access sensitive content in internet caches. Many of the sampled selection also contained pornographic matter.
14,000 Telstra jobs at risk
Tim Richardson writes in The Register:
There are fears that as many as 14,000 telecoms jobs could be axed in Australia following the privatisation of incumbent telco Telstra.
The Community and Public Sector Union (CPSU) has called on Telstra management and the Government to release a confidential 104-page document which it says details the job cuts and other cost cutting measures.
"The document is believed to detail plans to cut more than ten thousand Telstra jobs, many in rural and regional Australia," said the CPSU in a statement.
The union is concerned that in a bid to cut overheads and maximise profits for shareholders, the quality of Telstra's service will dip especially in rural areas. It has also raised concerns about whether other jobs will be offshored to countries such as India and China.
Phishers cast net for CompuServe users
Ken Young writes on vnunet.com:
CompuServe subscribers are being targeted in a phishing scam based on a spoofed email message claiming that their CompuServe account has expired and will be frozen if their account information is not updated.
The scam was reported in an alert from Websense Security Labs.
The spoofed email includes a link to a US-based phishing site that attempts to collect the user's screen name, password, billing address and credit card information.
Websense has also received reports of several key-logger attacks posing as emails from Playboy magazine.
Sony recalls 3.5 million Playstation power adaptors
A Reuters newswire article by Adam Pasick, via The Washington Post, reports that:
Sony Corp. is recalling 3.5 million faulty power adaptors for its popular PlayStation 2 video game console because they may overheat and cause injury, the Japanese consumer electronics manufacturer said on Tuesday.
The adaptors were made between August and December of 2004 for the slimline PlayStation 2, which has a free-standing power adaptor to save space. About 2.3 million of the devices were sold in Europe, with the remainder going to Asia and North America.
Judge Splits Enron Broadband Case
An AP newswire article by Kristen Hays, via The Washington Post, reports that:
Five former executives from Enron Corp.'s defunct broadband unit whose trial ended with jurors unable to reach verdicts on most charges will be retried in three separate cases next year.
Nearly two months ago a jury returned acquittals on some charges after a three-month trial but was deadlocked on dozens more. U.S. District Judge Vanessa Gilmore declared a mistrial on those charges and set retrial dates Monday.
Snort SACK TCP Option Handling Remote Denial of Service Issue
Via FrSIRT.
FrSIRT Advisory : FrSIRT/ADV-2005-1721
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-12
* Technical Description *
A vulnerability has been identified in Snort, which could be exploited by remote attackers to cause a denial of service. This flaw is due to an error in the "PrintTcpOptions()" function [log.c] that does not properly handle specially crafted TCP packets containing malformed SACK options, which could be exploited by remote attackers to crash a vulnerable application. Note : This vulnerability exists only when snort is run in verbose mode.
* Affected Products *
Snort version 2.4.0 and prior
* Solution *
A fix is available via CVS :
http://www.snort.org/pub-bin/snapshots.cgi
* References *
http://www.frsirt.com/english/advisories/2005/1721
http://www.vulnfact.com/advisories/snort_adv.html
Update: Utility worker error spurs huge L.A. blackout
An update to an earlier post.
An AP newswire article, via MSNBC, reports that:
Utility workers connected the wrong wires and caused a blackout across major portions of Los Angeles on Monday afternoon, trapping people in elevators and snarling traffic at intersections, authorities said.
Hundreds of thousands of people were affected by the resulting power surge and outages, which were reported from downtown west to the Pacific Coast and north into the San Fernando Valley.
Several workers who were installing an automated transmission system hooked up the wrong wires, according to Ron Deaton, general manager of the Los Angeles Department of Water and Power.
Firefox Rebounds Against Internet Explorer
Antone Gonsalves writes in InternetWeek:
The Firefox web browser rebounded in August from a small decline in market share the previous month, but the biggest gain was recorded by Netscape, a web-site analysis company said Monday.
FireFox, offered through the Mozilla Corp., rose a fifth of a point in market share in August to 8.27 percent from 8.07 percent in July, NetApplications said. Microsoft's IE, on the other hand, continued its slide in the market, dropping to 86.31 percent from 87.2 percent.
IE lost market share as Firefox, Apple Computer Inc.'s Safari; and America Online Inc.'s Netscape gained. Safari rose to 2.2 percent from 2.13 percent in July, while Netscape posted the biggest gain to 2.02 percent from 1.5 percent.
“FireFox isn’t the only interesting story in August, with Safari and Netscape on the rise, Internet Explorer faced an offensive on three separate fronts,” Phil Vizzaccaro, chief executive of NetApplications, said in a statement.
VoIP provider Packet8 spills customer email addresses
Tom Sanders writes for vnunet.com:
Internet telephony provider Packet8 has accidentally disclosed the email addresses of 21,000 of its subscribers.
Packet8 sells internet telephony services to consumers and businesses in North America, allowing them to place telephone calls to regular phone numbers at a discounted rate. The VoIP provider as of June 30 had 73,000 subscribers.
The data leak occurred when an employee accidentally attached a spreadsheet containing the email addresses to its monthly email newsletter that was sent out last Thursday, director of corporate communications Joan Citelli told vnunet.com. The file only contained the email addresses of subscribers of the opt-in newsletter.
The leak was a result of a human error, said Citelli. Packet8 has instituted additional checks to prevent future security lapses.
Investors Hot for Penthouse TV
Via Red Herring.
In further proof that sex sells, Penthouse Media Group received $48 million from more than ten investors to develop high-tech distribution channels for its adult entertainment.
The New York City-based company will use the money to start broadcast networks to compete with Playboy, which has turned broadcast entertainment into one of its most profitable ventures.
To help extend its broadcasting reach, Penthouse hired the former president of the Playboy Entertainment Group, James English.
Under the initiative, the company will deliver high-definition broadcasts via video-on-demand and pay-per-view.
UPS Working To Retore Networks Felled By Katrina
Laurie Sullivan writes in InformationWeek:
UPS Inc. is still working to restore telecommunications at several shipping and receiving facilities in Louisiana and Mississippi more than two weeks after Hurricane Katrina.
UPS' meteorological team had been tracking Katrina since before it hit land and was able to plan shutdowns at its package-sorting facilities in the storm's path. Still, primary data networks failed at 53 sites across Alabama, Florida, Louisiana, Mississippi, and Texas. Thirty-one of those locations also lost their backup networks.
Data that UPS employees and customers use to track package status and deliveries depend on those networks. "If these locations can't send or receive data, we and our customers don't have visibility into the delivery status of packages," says Jim Medeiros, VP of Shared Services at UPS. "We first needed to reestablish communications, and we've done this with all but four sites that have power."
Information on shipments for every UPS package is stored in databases at a Mahwah, N.J., facility, which is backed-up by a second data center outside Atlanta. Besides allowing UPS to track packages, the databases allow for rerouting as necessary. But the value of those databases is limited if the information stored in them isn't continually updated from facilities across the country.
The best security of all: L.A. Power outage unplugs Microsoft conference
As I mentioned to some colleagues, this is "the best security of all". Bwwhahahahaha. ;-)
Ina Fried writes in C|Net News:
Parts of the city[Los Angeles], including the location of Microsoft's Professional Developers Conference, plunged into darkness Monday afternoon as a result of a major power outage in the region.
The outage struck at about 12:30 p.m. and continued past 2 p.m. Microsoft group product manager Greg Sullivan was giving a briefing about Windows Vista when his Powerpoint presentation and most of the lights at the Los Angeles Convention Center went dark. "We haven't figured out a software solution to this one--yet," Sullivan joked.
"Damn Linux-based power supplies," one attendee remarked before it became known that the outage extended beyond the convention center.
A spokesman for the Los Angeles Fire Department told Fox News that employees of the Department of Water & Power had accidentally cut a power line and were working to fix it.
VMware Workstation 5.5 Released
Nate Mook writes in BetaNews:
VMware on Monday introduced version 5.5 of its desktop virtualization software, which adds 64-bit support for the latest AMD and Intel chips. The upgrade also adds virtual SMP support that makes it possible for a virtual machine to span two processors, and an enhanced importer.
With version 5.5 VMware has added an enhanced command line interface for automating repetitive testing tasks. "VMware Workstation 5.5 gives developers a powerful platform to accelerate the development, testing and support of their next-generation applications," said Karthik Rau, director of product management at VMware. The new release is available for $189 USD in electronic download form.
Cingular Gets Kicked Out of the BBB
Over on techdirt.com, Carlo writes that:
Following word that US consumers' satisfaction with mobile operators continued its downward trend last year comes word that the country's biggest carrier, Cingular, has been kicked out of the Better Business Bureau in upstate New York for poorly handling customer complaints. The BBB requires members to answer all complaints, whereas Cingular had 20 outstanding as unanswered or unresolved (and 200 total) over the past three years. While the move is more symbolic than it is meaningful, it highlights the growing complaints people have with mobile carriers. The BBB says its largest segment of complaints in 2004 was against carriers, but as long as the US market and carriers' business keep growing, it seems doubtful that things will change much.
Large Portion of Los Angeles Loses Power
Sharon Bernstein writes in The LA Times:
A wide ranging power outage caused by an accidently cut cable darkened large sections of downtown Los Angeles and many parts of the San Fernando valley shortly after noon today, authorities said.
Lee Sapaden, a spokesman for the county Office of Emergency Management, said the massive power failure was caused after an employee "inadvertenly cut a power cable" at a DWP substation in West Los Angeles.
Today's Dilbert: "You call dat a firewall?"
Click on image for enlargement.
Cingular, Sprint Give Katrina Victims Bill Breaks
A Reuters newswire article, via eWeek, reports that:
Cingular Wireless, the No. 1 U.S. wireless carrier, has said it would give customers in the areas devastated by Hurricane Katrina discounts on their cell phone bills, including roaming charges and text messages.
Customers in the New Orleans and Biloxi, Mississippi, markets will receive a one-time 50 percent credit on their monthly fee and will not be charged for roaming, extra minutes, long-distance or text messaging from late August through September 30, according to a September 8 letter made available on Friday.
Cingular's subscribers in the markets of Mobile, Alabama, Jackson, Mississippi, Baton Rouge and Lafayette, Louisiana, will get a one-time 25 percent discount on their monthly charge as well as unspecified discounts on roaming and text messages.
The company, a joint venture of BellSouth Corp. and SBC Communications Inc., said the expiration date for prepaid customers will be extended to October 31 and will replace any that expired since August 29.
The Telecrapper 2000
Gotta love it. :-)
Ryan Block writes over on Engadget:
It’s not really all that close to what kind of device it sounds like it could be, but the Telecrapper 2000 (TC2K) may be as vindicating and satisfying experience as we can imagine. Do Not Call Registry be damned, the TC2K identifies incoming telemarketer calls and using caller ID (or more specifically, their lack thereof), and is programmed to ensnare the caller in a software-driven conversation in order to keep them on the line as long as possible—the theory is that by decreasing their overall productivity, and telemarketing becomes an undesirable business proposition. But for your trouble you get something out of the deal, too—a tidy recording of the “conversation,” which we might call both painful and hilarious.
P.S. You may just want to peep this flash rendition of a recording.
[Via hackaday]
CNN, Time Inc. to merge business Web sites
A Reuters newswire article, via Yahoo! News, reports that:
Cable news network CNN and magazine publisher Time Inc. plan to consolidate their business and finance-related Web sites divisions, which will be relaunched in January 2006.
The new site brings together Time Inc.'s Fortune.com, FSB.com and Business2.com with CNN's CNNMoney.com. It will retain the CNNMoney.com name.
CNN and Time Inc. are divisions of global media conglomerate Time Warner Inc.
India: IT industry protests Bangalore infrastructure
John Ribeiro writes in InfoWorld:
Concerned about India's deteriorating infrastructure, key IT companies in the city have threatened to boycott Bangalore IT.in, an annual conference and exhibition to be hosted by the local state government in October.
Bangalore's potholed roads and electricity and water shortages have been a cause of concern for about five years, as the city grapples with rapid urbanization, primarily driven by the offshoring boom to the city by U.S. and European companies.
Beijing summit ponders innovation, IP and rise of China
Richard Wallace writes in the EE Times:
The rise of China as a global force for technology innovation emerged as a keynote theme at the World Economic Forum’s China Business Summit held here over the weekend.
But in interactive discussions throughout the summit, delegates cautioned that taking China’s technology companies global poses challenges due to several critical factors. Among these are a lack of innovation in product development, an immature domestic capital structure, and a critical shortage of talent in the ranks of top management.
The economic overtones of China’s technology development ambitions heard at the 2005 China Business Summit echo concerns voiced by tech industry analysts in the run up to the government/industry sponsored International Creative Industry Forum that took place earlier in the week across town, in northwestern Beijing’ Haidian District’s Zhongguancun Technology Zone.
Yahoo! Plans War Coverage
Via Red Herring.
Yahoo! said Monday it will add the role of online news generator to its familiar role as news aggregator with firsthand reports from areas of armed conflict around the world.
Starting later this month, the portal company plans to feature reports by Kevin Sites, a veteran television correspondent, to be the single source of news for “Kevin Sites in the Hot Zone.”
Mr. Sites, 42, is a self-styled multimedia journalist who often works as a one-man unit, using portable, digital technology to report, write, edit, and transmit his stories from conflict areas around the world. He has covered war zones in Latin America, Eastern Europe, the Middle East, and Central Asia for NBC, MSNBC, and CNN.
As a non-embedded correspondent for CNN, Mr. Sites broadcasted live as coalition air strikes hit Iraqi positions in Chamchamal and Kirkuk.
He was subsequently captured by Iraqi Fedayeen militia outside of Tikrit. He and his team were stripped of all their equipment and threatened with death until their Kurdish translator negotiated their release after four hours in captivity.
Navy: Don’t access personal e-mail at work
Frank Tiboni writes in FCW.com:
Navy employees can no longer access personal e-mail accounts, including Yahoo Mail and Microsoft Hotmail, from the service’s networks without approval.
That is one of six rules in the Navy’s new acceptable use of information technology policy issued in July. The “Effective Use of Department of Navy IT Resources,” states that the service’s military, civilian and contractor users cannot:
* Automatically forward official Navy e-mail to a commercial account or use a commercial account for official government business without approval.
* Install or modify computer hardware or software without approval.
* Circumvent or disable security measures, countermeasures or safeguards, such as firewalls, content filters and antivirus programs.
* Participate in or contribute to activity that causes a disruption or denial of service.
* Write, code, compile, store, transmit, transfer or introduce malicious software, programs or code.
* Use peer-to-peer (P2P) file sharing applications, such as Kazaa, Shareaza and OpenP2P without approval and only in support of Navy missions.
Qwest suing city of Portland, Oregon, over muni network
Thanks to David Isenberg for pointing this out.
Mike Rogoway writes in The (Portland) Oregonian reports on September 8, 2005:
Qwest Communications International Inc. has opened a new front in its long-running legal battle with the city of Portland, suing to rein in the city's internal telecommunications system.
Portland launched its network in 2002 to get around the rates Qwest and other telecom companies charge for phone lines and high-speed Internet connections. Portland's $14 million system links several city offices, and a few government agencies outside the city, to a network of fiber-optic cable that carries city phone calls and Internet traffic.
The Integrated Regional Network Enterprise is known by its initials, IRNE, pronounced "Ernie." Portland says IRNE provides super-fast Internet connections the city couldn't otherwise afford. The city, however, estimates it has already spent $150,000 on legal fees defending the system against earlier challenges from Qwest and others.
Deutsche Telekom Selling Stake in OJSC
An AP newswire article, via Yahoo! News, reports that:
Deutsche Telekom AG will sell its stake of about 10 percent in Russia's OJSC Mobile TeleSystems, the German company said Monday.
The sale will begin Monday on the Russian capital markets, Deutsche Telekom said in a brief statement.
UBS Investment Bank and Deutsche UFG have been appointed jointly responsible for managing the sale of the stake, Deutsche Telekom said.
Last month Russian financial-industrial holding company AFK Sistema said it was still talking to Deutsche Telekom about buying the 10 percent stake in Mobile TeleSystems, or MTS.
Bill Cosby Wins Fight Over Domain Name
An AP newswire article, via ABC News, reports that:
Comedian Bill Cosby won control of an Internet domain name including the name of the Fat Albert cartoon he created in the 1960s, under a ruling issued Monday by a United Nations panel.
Arbitrators for the World Intellectual Property Organization ordered the transfer of the domain name "fatalbert.org" to the American actor, who had complained that it infringed his trademark rights and was being used in bad faith to divert Internet traffic to a commercial search engine and a Web site selling sexually explicit products.
The ruling upheld Cosby's complaint against the individual that registered the name Sterling Davenport, of Loretto, Tennessee.
Cosby created the Fat Albert cartoon character of the late 1960s as part of his standup comedy routine about his childhood in Philadelphia. The children's series Fat Albert and the Cosby Kids first appeared on the U.S. television network CBS in 1972 and a Fat Albert movie was released last year.
Arbitrator John Kidd noted he had no response from Davenport, but said that "the respondent has no rights or legitimate interests in the domain name."
Oracle to buy Siebel in deal worth $5.8 billion
Margaret Kane writes in C|Net News:
Software maker Oracle has agreed to acquire competitor Siebel Systems in a deal worth around $5.8 billion, the companies said Monday.
Siebel makes software for handling customer relationship management, or CRM. Oracle said its acquisition will add 4,000 customers and 3.4 million CRM users.
Oracle will offer $10.66 for each share of Siebel stock, a nearly 17 percent premium over the company's $9.13 closing price Friday.
Siebel has been a subject of takeover rumors for a while, particularly since the departure of CEO Mike Lawrie. Oracle CEO Larry Ellison included the company in a list of takeover targets during Oracle's contentious battle over the acquisition of PeopleSoft.
Chinese woman murders fiancé over videogames
Aaron McKenna writes in The Inquirer:
A CHINESE woman has been charged with the murder of her fiancé for spending "too much time playing online games."
On August 6th the young woman murdered her jobless fiancé as he was spending too much time playing online videogames and not enough searching for a job in order to pay for the couples wedding, according to Action Trip, here.
This comes on the heels of the Chinese government’s attempts to curb online videogaming by placing a cap on the amount of time which players can spend on MMORPGs. While their restrictions may be a tad harsh we would say that considering the increasing number of crimes related to MMORPGs, including several murders, operators of the games should perhaps take it upon themselves to monitor players for excessive play.
Yahoo Says It Gave China Internet Data
Peter S. Goodman writes in The Washington Post:
A co-founder and senior executive of Yahoo Inc., the global Internet giant, confirmed Saturday that his company gave Chinese authorities information later used to convict a Chinese journalist now imprisoned for leaking state secrets.
The journalist, Shi Tao, was sentenced last spring to 10 years in prison for sending foreign-based Web sites a copy of a message from Chinese authorities warning domestic journalists about reporting on sensitive issues, according to a translation of the verdict disseminated by the watchdog group Reporters Without Borders.
In China's cyberspace, many do not know the dangers of a careless phrase
An AFP newswire article, via Yahoo! News, reports that:
Liu Di, a 24-year-old Beijing translator, uses encryption software whenever she sends off emails, but not everyone is that careful.
"People aren't aware of the risks that are involved when they receive or send emails," she said. "But most emails are in fact monitored."
Liu Di, whose online web identity 'Stainless Steel Mouse' is famous throughout China's cyberspace, knows what she is talking about.
In late 2002, she was detained and held in confinement for nearly a year, apparently for posting articles on Chinese Internet sites that criticized the government for refusing to protect freedoms of speech and the press.
The Chinese government's determination to keep the Internet on a tight leash has now again come into focus after Shi Tao, a journalist, was sentenced to 10 years in jail.
Fraud Reveals Workings of Internet Theft
An AP newswire article by Ted Bridis, via Yahoo! News, reports that:
The illicit haul arrived each day by e-mail, the personal details of computer users tricked by an Internet thief: a victim's name, credit card number, date of birth, Social Security number, mother's maiden name.
One more Internet "phishing" scam was operating. But this time, private sleuths soon were hot on the electronic trail of a thief whose online alias indicated an affinity for the dark side. The case moved ahead in part because of an underground tipster and the thief's penchant for repeatedly using the same two passwords — "syerwerz" and "r00tm3."
Unraveling a scheme that also had hacked Kenyon College in Ohio leapt across continents and ultimately pointed toward a neighborhood in Granby, Quebec. It offers an extraordinary glimpse behind an Internet fraud that targets the most trusting computer users.
"This is really lousy," said Johan Fabris of Holmes, Pa. The 82-year-old grandmother had her online bank account hijacked. Her teenage grandson set up the account for her to sell hand-sewn doll clothes in Internet auctions.
"This was my first foray into the modern computer world. These damn people, life is complicated enough," Fabris said.
Court rules barcode scanner patents invalid
Via Reuters.
A federal appeals court on Friday upheld a lower court ruling that struck down barcode scanning patents claimed by the estate of late inventor Jerome Lemelson.
The U.S. Court of Appeals for the Federal Circuit sided with a federal judge in Nevada, who concluded in January 2004 that the patents held by Lemelson Medical, Education & Research Foundation LP were invalid and unenforceable.
The appeals court ruling is a victory for a consortium of companies, led by barcode technology companies like Symbol Technologies, who mounted a legal challenge to the Lemelson patents.
eBay buying Skype for $2.6B
A Reuters newswire article, via CNN/Money, reports that:
Online auction house eBay Inc. has agreed to buy Internet telephone firm Skype Technologies SA for $2.6 billion, the online auction house said Monday.
eBay plans initially to pay $1.3 billion in cash and $1.3 billion in stock and to make a further payout of up to $1.5 billion by 2008 or 2009 if financial targets are met, giving the deal a total value of up to $4.1 billion, eBay said.
Skype, whose software allows consumers to make free or low-cost phone calls anywhere in the world via the Internet, would be the biggest acquisition so far for 10-year-old eBay.
It tops the $1.5 billion eBay paid in 2002 for PayPal, which thrust eBay into the lead in the online-payment market. This year PayPal is on track to become a $1 billion business.
Clinton sidesteps China's Internet jailings at web summit
An AFP newswire article, via Yahoo! News, reports that:
Former US president Bill Clinton sidestepped talk of China's jailing of Internet political dissidents, but indicated web censorship could have a commercial backlash in the future.
"In China, I think, that so far the political system and restraint on political speech in the Internet has not seemed to have any adverse commercial consequences," Clinton said at the China Internet Summit.
"It will be interesting to see whether that is true of the future."
Clinton was in Hangzhou at the invitation of Yahoo Inc., which last month bought a one-billion-dollar 40 percent stake in Chinese online retailer Alibaba.com, the summit host.
"In America, the Internet is this wild cauldron of dissenting voices, we have now whole different media over the Internet with all the blog sites in America," he said.
