Saturday, October 01, 2005

California makes phishing punishable by law

A Reuters newswire article, via MSNBC, reports that:

California Gov. Arnold Schwarzenegger signed a bill Friday making Internet "phishing" identity theft scams punishable by law.

The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes "phishing" — getting people to divulge personal information via e-mail by representing oneself as a business without the approval or authority of the business — a civil violation.

Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater. Phishing often involves the use of names of legitimate banks, retailers and financial institutions to convince recipients of bogus e-mail offers to respond.

Google proposes free Wi-Fi for San Francisco

A Reuters newswire article, via MSNBC, reports that:

Google Inc. has offered to provide free wireless Internet services in the city of San Francisco, the Wall Street Journal reported on its Web site on Friday.

Citing a Google executive, the Journal said that in response to a request for information from the city of San Francisco the company proposed offering Web access using Wi-Fi, a short range wireless technology that is built into most laptop computers.

According to the story Google is proposing a free service that could potentially be funded through online advertising.

Free wireless communications could move Google into the fiercely competitive world of Internet access providers and telecommunications companies.

Politicians want to raise broadcast flag

Declan McCullagh writes in C|Net News:

Twenty members of Congress are calling for the reinstatement of the "broadcast flag," a controversial form of copy prevention technology for digital TV broadcasts.

In a letter Thursday, the politicians called for rapid approval of a federal law adopting the broadcast flag, which would outlaw over-the-air digital TV receivers and computer tuner cards that don't follow strict anticopying standards.

"Program producers will naturally be reluctant to license their high value programs for digital distribution without protection from widespread acts of infringement over the Internet," said the letter, sent to Rep. Fred Upton, R-Mich., chairman of the House of Representatives panel on Internet and commerce.

No legislation has advanced in either the House or the Senate, but opponents of the broadcast flag have been warning that the proposal could be attached to spending bills. The bill funding the Federal Communications Commission through 2006, for instance, is still before a conference committee.

Tunisia warned over liberties ahead of UN information summit

An AFP newswire article, via Yahoo! News, reports that:

Western countries have called on Tunisia to guarantee freedom of expression and independent media access during the UN World Summit on the Information Society it will host next month.

"We expect Tunisia, as host of this UN Summit, to demonstrate that it strongly upholds and promotes these rights," read a declaration moved by Canada and backed by the European Union, the United States and a dozen other countries at a preparatory meeting on Friday night.

Tunis will host the second phase of the summit from November 16 to 18, following a first phase held in Geneva in December 2003.

Friday, September 30, 2005

More Turbulence for Secure Flight

This seems like a good time to mention

An AP newswire article, via Wired News, reports that:

Lawmakers are looking to put more checks on the Transportation Security Administration's long-running effort to come up with a new way to conduct background checks on airline passengers.

The project, Secure Flight, is supposed to allow the government to take over from the airlines the daily duty of checking about 1.8 million air travelers' names against terrorist watch lists.

That goal has proven elusive. Since work began on it shortly after the Sept. 11, 2001, terrorist attacks, Secure Flight has been hampered by concerns about privacy and management.

As a result, Congress has ordered an unusual amount of scrutiny over the project. Twice lawmakers have prohibited the Transportation Security Administration from going live with Secure Flight until the Government Accountability Office reports that it meets several conditions.

Verizon ramps up on TV deployment

Marguerite Reardon writes in the C|Net Broadband Blog:

More Texans will soon have access to Verizon's TV service.

On Friday the company announced that it has filed for a statewide franchise to offer TV service in 21 North Texas communities. In total the service will be available to nearly 400,000 households.

Last week, Verizon launched the new TV service, which runs over its fiber-to-the-home network called Fios, in Keller, Texas. The company, which has been building the fiber network throughout the country, has been lobbying state and federal officials to change laws to make it easier for new players to enter the market. This summer it won a major victory when the Texas legislature passed a law granting statewide franchises.

Verizon hopes that other states will pass similar laws. But until that happens, the company is plugging away at striking franchise deals with local officials in towns all across the U.S. It recently announced agreements for Fairfax, Va. and Massapequa, N.Y.

RISKS: Software hijacks jet airliner ... again?

Via RISKS Digest.

The Australian (17 Sep 2005) has a chilling story about the pilots of a Malaysian Airlines 777 flying from Perth to Kuala Lumpur last month battling to regain control after an "unknown computer error" caused the aircraft to pitch violently, and brought it close to stalling.

An Australian Transport Safety Bureau report released yesterday reveals the pilot in command disconnected the autopilot and lowered the plane's nose to prevent a stall, after incorrect data from a supposedly fail-safe device caused the plane to pitch up and climb 3000ft, cutting its indicated air speed from 500kmh to 292kmh, activating a stall warning and a "stickshaker". [A stickshaker vibrates the aircraft's controls to warn the piot when he is approaching stall speed ... which, you know, means the plane is about to fall out of the air.]

The system refused to give up control, however. It increased the power on the automatic throttle, forcing the pilot to counter by pushing the thrust levers to the idle position. The aircraft immediately pitched up again, and climbed 2000ft.

The pilot turned back to Perth under manual control. When he kicked in the two autopilot systems, the plane banked to the right, and the nose pitched down.

Internet users say debate over control misses point

Hear! Hear!

Tom Wright writes in The International Herald Tribune:

Talks on regulating the digital traffic of the 21st century ended without agreement on Friday, but the United States won some backing for its refusal to cede its sole control to an international body from groups representing ordinary Internet users.

Many Web surfers may not like the effective control the United States has over the Internet through its supervision of the Internet addressing system. But few of the user groups at the talks support involving the United Nations, which they say could lead to the politicization of the Internet.

"The UN is not a good body to run the Internet," said Jeanette Hofmann, a German academic representing the Internet Governance Caucus, a nongovernmental group. "We don't want nondemocratic countries to have influence over a system that is so important to the freedom of expression."

The European Union late Wednesday joined calls from other nations for giving supervisory power to an intergovernmental body, but the idea was rejected by Washington as leading to unnecessary bureaucratization. The uncompromising U.S. stance has led to a deadlock in the talks, called the World Summit on the Information Society, which started in 2003 and are set to conclude in Tunisia next month.

Groups representing Web surfers at the talks complained that the dispute between the United States and the rest of the world over administration is overshadowing more important issues, such as cleaning up spam from e-mail systems and combating cyber crime and identity theft, areas where they say governments should play a more active role.

Central Texan (and former Cisco employee) sentenced in tax case

Via The Austin Business Journal.

Central Texas resident Steven Dale Shanklin was sentenced Friday to five years in federal prison for failing to pay more than $425,000 in taxes, U.S. Attorney Johnny Sutton says.

According to Sutton, Shanklin filed a false tax return for 1998 when he was an employee of Cisco Systems Sales and Services Inc. Sutton says Shanklin also failed to file returns for 1999-2003. Shanklin pleaded guilty May 20.

In addition to a five-year prison term, U.S. District Judge Sam Sparks ordered Shanklin to serve three years of supervised release after prison.

Auditors hack Interior's financial and personal data -- again

Aliya Sternstein writes in

Lapses in the Interior Department's oversight allowed government-hired hackers to infiltrate the agency’s systems, according to a Sept. 6 Interior memo.

Since November 2004, Interior’s inspector general has been independently testing the department’s network security.

“Due to vulnerabilities in several bureaus’ information technology systems, [Interior] internal networks, as a whole, are vulnerable to unauthorized access,” Earl Devaney, Interior’s IG, wrote in his most recent assessment.

The agency has not welcomed the IG's findings so far, Devaney said. “Rather than simply accepting the results of our testing and promptly addressing the underlying vulnerabilities, the department and bureaus have, to date, expended considerable time and energy debating our findings, challenging our methodology and impugning the credentials and integrity of our staff and contractors," he wrote.

Most recently, IG employees hacked National Park Service (NPS) systems and personal and financial data on National Business Center (NBC) systems -- again. They had broken into the center’s systems last spring.

Data-security bill may move forward next week

I view passage of this bill into law a Good Thing.

Anne Broache writes in C|Net News:

A sweeping U.S. Senate measure that would stiffen security requirements and penalties for so-called brokers of personal data may go up for a committee vote next week, a representative said Friday.

Sen. Arlen Specter, a Pennsylvania Republican, and Sen. Patrick Leahy, a Vermont Democrat, originally introduced the Personal Data Security and Privacy Act in June as part of a legislative outcry directed at a series of breaches by big-name companies such as ChoicePoint, Bank of America and Visa.

A number of related proposals also surfaced during this congressional term, including one approved by the Senate Commerce Committee just before the summer recess that has yet to head to floor debate. And in the Senate Judiciary Committee, where Specter is chairman and Leahy is the highest ranking Democrat, action on the matter has been delayed for months because of other business, including the nomination of now-Chief Justice John Roberts to the Supreme Court.

On Wednesday, Specter and Leahy introduced an amended version of their June proposal. The new version omits a section that would have severely restricted the sale and use of social security numbers by businesses and other entities. According to a committee representative, the provision was dropped because another congressional committee has jurisdiction over such regulations.

Malicious code could trick ZoneAlarm firewall

Joris Evers writes in C|Net News:

Malicious code masquerading as a trusted application could trick a firewall from ZoneAlarm into letting it connect to the Internet, security experts have warned.

The issue affects the popular free ZoneAlarm firewall and default installations of version 5.5 and earlier of the paid ZoneAlarm products, Zone Labs said in a security advisory on Thursday. Default installations of the Check Point Integrity Client are also affected, but the paid ZoneAlarm 6.0 products, released in July, are not, the company said.

"If successfully exploited, a malicious program may be able to access the network via a trusted program," Zone Labs, which is part of Check Point Software, said in its advisory. If the malicious program attempted a direct connection to the Internet, it would be blocked by the firewall.

An example of the technique was published earlier this week by security researcher Debasis Mohanty. The method uses a Windows mechanism for linking applications, according to Mohanty, who also said the problem may exist in other firewall products.

An attacker could trick the firewall by linking a malicious program, such as a keystroke logger, to another application, for example, Internet Explorer. When the keystroke logger subsequently sends its captured data out, the firewall would see IE accessing the Internet, not the spyware, and allow the connection.

Dilbert: Buy my loyalty

Click on image for enlargement.

Law Enforcement Net goes IP

A "highly secure system". Righto... ;-)

Dibya Sarkar writes in

The National Law Enforcement Telecommunication System (NLETS), a highly secure system that shares private information among public safety and justice agencies, has upgraded to an IP-based network, making it possible to encrypt the 41 million-plus transmissions the network carries each month.

Established 38 years ago as a nonprofit organization and jointly owned by the 50 states, NLETS has been making improvements in recent years to keep current with technological advances. About 30,000 agencies in the United States and Canada use the system.

Law enforcement and public safety officials can query databases for vehicle data and motorist histories, criminal records, citizenship and immigration information, and aircraft tracking and registration data, among other types of information.

NLETS administrators decided to upgrade the network from a frame relay infrastructure to an IP-based one after the FBI mandated that all public safety agencies must provide end-to-end encryption by today. Cisco Systems routers, switches and firewalls were deployed at the organization’s Phoenix headquarters and at a backup facility in Idaho. The company also deployed an intrusion-prevention system.

Trojan Targets Unpatched Windows Flaw

Ryan Naraine writes in eWeek:

Virus writers are actively exploiting a security vulnerability in the Microsoft Jet Database Engine that remains unpatched more than five months after it was first reported to the software giant.

The mail-borne exploit, which camouflages itself as a Microsoft Access file, infects Windows machines through a "highly critical" flaw in the Microsoft Jet database engine—the lightweight database widely used by applications such as Microsoft Office 2000, Office 2003, Access 2000 and Access 2003.

The vulnerability—along with proof-of-concept exploits—was first reported to Microsoft in March along with a warning that it could be used by malicious hackers to take complete control of a victim's computer.

Microsoft has never publicly acknowledged the existence of the bug, which affects fully patched systems with Microsoft Access 2003 and Microsoft Windows XP, including Service Pack 2.

However, according to an advisory from Symantec Corp.'s security response unit, the unpatched hole is being exploited to drop a malicious Trojan horse identified as "Backdoor.Hesive."

The exploit has been discovered in the wild. Symantec rates the distribution of the Trojan as "low" but warned that the potential for damage is significant.

Austin No. 9 hottest city for entrepreneurs

Via The Austin Business Journal.

Austin ranks No. 9 in a new ranking of "Hot Cities" for entrepreneurs by and the National Policy Research Council.

Austin took the No. 8 spot for "young companies" and the No. 10 spot for companies experiencing "rapid growth."

The Phoenix-Mesa, Arizona area claimed the No. 1 spot, thanks to startups representing a larger percentage of its total number of companies than any other city. More Phoenix-Mesa small companies also reported robust growth than businesses in any other city, according to

Cassini's Doubleheader Flybys Score Home Run

Hyperion's unusual cratered surface.
Image source: NASA / JPL / Space Science Institute


Cassini performed back-to-back flybys of Saturn moons Tethys and Hyperion last weekend, coming closer than ever before to each of them. Tethys has a scarred, ancient surface, while Hyperion is a strange, spongy-looking body with dark-floored craters that speckle its surface.

New images, mosaics and a movie of these bodies are available at , and

Next Generation DVD War Heats Up

Ed Oswald writes in BetaNews:

The argument between next-generation DVD formats Blu-ray and HD DVD got even more heated on Thursday. Blu-ray supporters Dell and Hewlett Packard shot back at comments made Tuesday by Microsoft and Intel in an announcement of support for HD DVD, calling the two companies statements on Blu-ray "inaccurate."

At issue were comments made regarding Blu-ray's storage capacity, copyright protection and the format's "backward compatibility."

Thursday's statements could be seen as damage control for the Blu-ray side, as the group enjoyed months of positive press coverage while its competitor HD DVD appeared listless, and without direction.

However, Tuesday's announcement won the backing of both the biggest operating system vendor and CPU vendor in the world, a huge win for the format that could be hard to counter.

U.K. town a global contender in bot battle

Jeremy Kirk writes in InfoWorld:

If you told residents of Winsford, England, that their personal computers had been turned into an invisible electronic army, they'd probably think you're mad.

But the 33,000-person town in northwest part of the country reportedly has one of the highest rates of computers infected with programs that receive and respond to commands from other remote computers. These "bot" networks can then be used by attackers to perform DoS (denial of service) attacks on other computers and act as spam generators.

According to Symantec's Internet Security Threat Report released earlier this month, the small town of Winsford had 5 percent of the world's infected computers, second only behind London at 8 percent and ahead of Seoul at 4 percent. Overall, the U.K. had about one-third of the 1 million to 2 million infected computers worldwide, Symantec reported.

Symantec speculated in a March report that the size of a city and the rate of broadband growth are related to the number of computers infected by bots. The rapid expansion of broadband facilitates the distribution of malicious software, including bots, it said.

But why would Winsford -- a town that initially developed because of the salt mining industry -- hold rank with London and Seoul, two cities with populations many, many times greater than its own?

Microsoft confirms next XP service pack

Via C|Net News.

Microsoft has revealed plans to release a third service pack for its Windows XP operating system.

"There will be a Service Pack 3 for Windows XP," Bernard Ourghanlian, technical and security director at Microsoft France, confirmed, revealing that Microsoft's OS is set for another major update.

Windows XP's Service Pack 2, which came out last September, deeply modified the operating system by updating its security.

Windows XP SP3 will be available sometime next year--after the launch of Windows Vista, which "is the priority for the development teams," according to Microsoft France.

Microsoft has yet to reveal details about the contents of the service pack. Laurent Delaporte of Microsoft France said: "Historically, certain functions of new versions of Windows are integrated in the service packs of previous versions."

Quote of the Day: Internet Governance

On the whole EU/UN/US Internet Governance issue (thanks to the C|Net Blogma Blog):

"Let's see if I've got this straight. Keep the Internet under the control of the U.S., which has given the world almost all of the technological advancements that people on this planet take for granted. Or, turn it over to an organization that gave us the oil-for-food scandal? The choice couldn't be more clear."

-- Glenn J. Kalinoski, Business Intelligence Watch Blog

EU outlines future net governance

Well, we can expect the whole nasty mess of Internet Governance to be a hot issue for the foreseeable future...

Kieren McCarthy in Geneva writes for The Register:

An oversight body of international governments will decide the top-level of the internet from now on, pulling it away from the US government and enshrining the revolutionary medium in international law.

That is the position taken by the EU, which is currently cutting a deal with other nations including Brazil, Canada and China, to end two weeks of argument at the PrepCom3 conference in Geneva.

The UK/EU representative, David Hendon told us that a new co-operative model would build on the existing ICANN organisation but that "its legal status has to change. It will need to be established under international law rather than US law".

"At the moment," he continued, "ICANN works to a contract from one government, and the governments advise it what to do. It's kind of strange for governments to be advising a public sector body and for that body to be doing things for the whole world under the instruction of one government."

That is not a criticism of the US' stewardship of the internet up to now, Hendon stressed, which has "done a good job", but "you can see for some countries it is impossible to leave their country's bit of the internet in the hands of a government where they quite often have disagreements."

EU Wants International Control of Internet

An AP newswire article by Aoife White, via ABC News, reports that:

The European Union insisted Friday the job of Internet traffic cop must be shared by governments and the private sector.

The U.S. wants to remain the Internet's ultimate authority, rejecting calls in a United Nations meeting in Geneva for a U.N. body to take over.

EU spokesman Martin Selmayr rejected American claims the EU had changed direction.

"We are looking for a new cooperation model, a model that allows Internet governance and the laying down of public policy principles in coordination by all countries which are interested in the governance of the Internet because the Internet is a global resource," he said.

"The EU … is very firm on this position."

The Geneva talks were the last preparatory meeting before November's World Summit on the Information Society in Tunisia.

Visa gives CardSystems three-month reprieve

Robert McMillan writes in InfoWorld:

Visa U.S.A. is giving CardSystems Solutions a little more time to get its act together. On Thursday, Visa announced that it has delayed plans to sever ties with the Atlanta payment processor by three months, in order to facilitate a planned sale of CardSystems to electronic payment vendor CyberSource Corp.

CardSystems processes credit card transactions totalling about $18 billion per year for approximately 120,000 merchants. Both Visa and American Express Co. had planned to cut ties with the Atlanta company at the end of October, after a CardSystems security breach exposed some 40 million credit card numbers to online thieves. CardSystems Chief Executive Officer John Perry later admitted that some of the stolen records had been improperly stored by his company.

Visa said it will now wait until Jan. 31, 2006, before requiring merchants to move to another credit card processor. "Visa is granting an extension... for the sole purpose of helping facilitate CyberSource's planned acquisition of (CardSystems) assets," the company said in a statement.

Last week, CyberSource signed a letter of intent to acquire CardSystems, but the company hinted that the acquisition would be contingent on Visa and American Express's continued business.

Hackers fail to break into Via's "StrongBox"

Dan Nystedt writes in InfoWorld:

Hackers at a security conference in Malaysia failed to break into Via Technologies' StrongBox security application during a competition, Via officials said Friday, but the company gathered some valuable feedback from participants.

The Taiwanese microprocessor vendor offered a $5,000 prize to any hacker that could break into StrongBox, which is a secure virtual hard drive of up to 40GB designed to protect data from computer intruders. Announced on Tuesday, the application is made using a combination of hardware-based SHA-1 and 256-bit AES encryption.

The company ignored a one-hour time limit rule it had in place for the contest, and allowed conference attendees as much time as they wanted to try to break into StrongBox.

One useful piece of advice Via took away from the show was regarding the password login. The software asks users to choose how many failed password attempts it should accept, with a maximum of five, before freezing a user out for an unspecified period of time.

But one hacker pointed out he could figure out a way to set the number at zero, giving a potential data thief unlimited tries to guess the correct password. Without such a limit, someone could use a custom CD with every word in the dictionary and word/number combinations to find the right password. Such CDs take only a few minutes to run.

Shopaholic 'eBay hacker' menaces German pensioner

Now this is a bizarre story...

John Leyden writes in The Register:

A German pensioner was sent an eclectic mix of goods including four boats, 12 bicycles and a mobile home after an impostor posing as the senior citizen spent € 400,000 ($477,000) on a series of eBay auctions in one night of shopping debauchery.

Horst Lukas from Iserlohn near Dortmund also ordered dozens of rock concert and football match tickets as a result of the bizarre hacking attack. Why he was targeted remains a mystery; but whether the pensioner was a victim of a shopaholic, a prankster or an incompetent fraudster is the least of his worries just now. Lukas is fielding dozens of complaints and even threats after refusing to take goods fraudulently ordered in his name.

"I am at the end of my tether. I've been cursed at in letters and emails because I haven't been in touch about my purchases or have sent things back," he said, Ananova reports. eBay Germany is to cancel the results of auctions supposedly won by Lukas. German police are investigating the case.

Thursday, September 29, 2005

FBI to get veto power over PC software?

Declan McCullagh writes in the C|Net VoIP Blog:

The Federal Communications Commission thinks you have the right to use software on your computer only if the FBI approves.

No, really. In an obscure "policy" document released around 9 p.m. ET last Friday, the FCC announced this remarkable decision.

According to the three-page document, to preserve the openness that characterizes today's Internet, "consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement." Read the last seven words again.

The FCC didn't offer much in the way of clarification. But the clearest reading of the pronouncement is that some unelected bureaucrats at the commission have decreeed that Americans don't have the right to use software such as Skype or PGPfone if it doesn't support mandatory backdoors for wiretapping. (That interpretation was confirmed by an FCC spokesman on Monday, who asked not to be identified by name. Also, the announcement came at the same time as the FCC posted its wiretapping rules for Internet telephony.)

RIAA sues new group of 757 college kids

Tim Gray writes in

The music industry's syndicate of major record labels today announced it has filed another round of copyright infringement lawsuits against 757 individuals accused of Internet theft, including computer network users at 17 different colleges.

The lawsuits -- filed by the Recording Industry Association of America (RIAA), which represents over 90 percent of all record labels in the United States and all four major labels -- claim the unidentified individuals illegally distributed copyrighted music on the Internet through unauthorized peer-to-peer (P2P) services, such as eDonkey, Grokster, Kazaa and LimeWire.

The names of these individuals, whose IP addresses were previously identified in "John Doe" lawsuits, have been subpoenaed from their ISPs, according to officials at RIAA.

In addition, lawsuits were filed against university network users at 17 universities who allegedly use the file-sharing application i2hub to download and distribute music on the advanced network infrastructure of Internet2, the RIAA said.

France Wants Its Own MIT

Via Red Herring.

Seeking to attract more researchers and funding in fields like nanotechnology and biotechnology, French scientists said Thursday they would create a Paris research center that will one day rival the Massachusetts Institute of Technology or Oxford University.

Proposed by the Strategic Innovation Council (SIC), an independent think tank, the European Institute of Technology of Paris is expected to draw about 300 high-level researchers to a 148-acre campus, possibly in a southwestern suburb of the capital.

Building 860,000 square feet of “ultramodern” labs would cost as much as €200 million ($240 million) and the institute’s operating budget would be about €800 million ($960 million) per year, the council said, with money coming from the French government and other sources.

Yahoo accused of hijacking voice technology

An AP newswire article by David Kravets, via, reports that:

A Menlo Park technology company is suing Yahoo Inc. for allegedly stealing trade secrets by hiring away 13 key engineers who had nearly completed its interactive speech technology project.

Nuance Communications Inc. said it would ask a Santa Clara County judge Friday to block Yahoo from allowing the engineers to work on the technology it intended to market to Yahoo and other Internet companies.

The California case concerns voice recognition technology that Nuance says was at least 75 percent complete before its vice president of research and development, Larry Heck, took a job at Santa Clara-based Yahoo. About a dozen Nuance engineers on the project followed him to Yahoo this month, leading Nuance to conclude that Yahoo is attempting to swipe its technology.

"Yahoo and Heck now plan to replicate this technology for Yahoo, depriving Nuance of a valuable corporate opportunity, and positioning Yahoo as a competitor," Jeffrey Chanin, Nuance's attorney, said in court documents.

Sprint Nextel seeks more time to find 911 callers

A Reuters newswire article, via Yahoo! News, reports that:

Sprint Nextel Corp. on Thursday asked regulators for more time to meet a December 31 deadline that 95 percent of its customers' wireless phones be capable of identifying the location of a user making a 911 emergency call.

The No. 3 U.S. wireless carrier will only reach 80 percent by the end of this year and will need until the end of 2007 to reach the 95 percent goal, according to its waiver request filed with the Federal Communications Commission.

The industry's lobbying organization, CTIA, has asked the FCC to suspend the December 31 deadline for 95 percent of all wireless handsets to be able to pinpoint the location of a caller to 911 emergency services.

Sprint Nextel said part of the difficulty with complying with the deadline was a software problem, as well as some customers who have not bought newer handsets that have location technology embedded such as the Global Positioning System.

DHS plans to beef up cybersecurity

God, let's hope they do a better job with cybersecurity issues than FEMA did with the hurricane relief efforts.

Alice Lipowicz writes in

The Homeland Security Department has drafted a set of key scenarios for possible cyberattacks against the Internet and critical IT systems and is seeking comments from the private sector on how to best prepare and respond to such attacks, according to Andy Purdy, acting director of DHS’ National Cyber Security Division.

DHS officials and the White House also are putting the finishing touches on a new national cybersecurity research and development plan, Purdy said earlier this week at a seminar on Capitol Hill. The event was sponsored by Nortel Networks Corp., a global telecommunications equipment manufacturer based in Brampton, Ontario.

“At DHS, we recognize the importance of cybersecurity risks and we are energized by that risk,” Purdy said.

Homeland Security secretary Michael Chertoff also is preparing to name an assistant secretary for cybersecurity and telecommunications, he said.

Aaland islands in internet secession from Finland

An AFP newswire article, via Yahoo! News, reports that:

The tiny Finnish autonomous Aaland island group in the Baltic is to receive its own internet address country identification, ".ax" to replace the current use of Finland's ".fi", the government in Helsinki revealed.

The Internet Assigned Numbers Authority already recognizes the ".ax" suffix, which will go into use in March next year, when the island's official website is free to change its address from to, it said.

The Aaland islands, located at the entrance of the Gulf of Bothnia between Sweden and Finland, count 26,530 mostly Swedish-speaking inhabitants and have been autonomous since 1920.

A status that the islands, which unlike Finland are not part of the European Union, have turned into an economic asset: One of the Aalands' main sources of income is duty-free stops by busy Baltic ferries cruising between countries along the Baltic rim.

China hands over American jailed for selling pirated DVDs

An AFP newswire article, via Yahoo! News, reports that:

China has expelled one of two Americans convicted of selling pirated DVDs on the Internet and handed him over to US police.

"US citizen Randolph Hobson Guthrie III was expelled out of China for selling pirated DVDs Thursday and handed over to the US police," the Xinhua news agency cited the Chinese Ministry of Public Security saying.

A US embassy spokesman confirmed Guthrie was put on a plane to be repatriated to the United States Thursday, but said she did not have further details.

Guthrie, 38, was one of two Americans convicted in April in Shanghai.

He was sentenced to up to two-and-a-half years in prison and ordered to pay a 500,000 yuan (60,000 dollar) fine.

Does the ITU really understand the internet?

Kieren McCarthy writes in The Register:

The International Telecommunications Union (ITU) is angling for a wider role in running the internet, to the extent that it is hosting the WSIS meeting taking place in Geneva at the moment.

Situated in the United Nations' Palais des Nations and just over the road from the ITU three-building complex, delegates from across the world have been complaining about the low-tech environment featuring unrecordable audio and a severe shortage of power sockets.

However, the one area where the ITU has managed to get its act together is in the provision of wireless internet links for the hundreds of laptops here. There is only one problem: if we were following the strict rules that the ITU would seek to impose on the internet's infrastructure, this network would not exist at all.

The ITU's chunk of the internet - its IP block - is to, allowing for over 65,000 individual IP addresses. All of the ITU's internet connections (including the one this laptop is using to file stories) are run through this block. But if you do a search on this IP block at overseers RIPE, you'll see that it is actually locked for failing to comply with regulations.

Why? Because the ITU is using a "NONE" authentication system. That isn't a fancy acronymn, it means that there is no authentication on the system. The internet has changed so significantly in the past five years that RIPE put an end to the ability to run IP blocks without some form of security. It discussed, agreed and put an end to the "none" system back in April 2004.

The ITU however - the foremost communications organisation in the world - remains unauthenticated and as such is on lock.

U.S. Insists on Keeping Control of Internet

An AP newswire article by Bradley S. Klapper, via ABC News, reports that:

The United States refuses to relinquish its role as the Internet's principal traffic policeman, rejecting calls in a United Nations meeting for a U.N. body to take over, a top U.S. official said Thursday.

"We will not agree to the U.N. taking over the management of the Internet," said Ambassador David Gross, the U.S. coordinator for international communications and information policy at the State Department. "Some countries want that. We think that's unacceptable."

Speaking on the sidelines of the last preparatory meeting before November's World Summit on the Information Society in Tunisia, Gross said that progress was being made on a number of issues, but not on the question of Internet governance.

The stalemate over who should serve as the principal traffic cops for Internet routing and addressing could derail the summit which aims to ensure a fair sharing of the Internet for the benefit of the whole world.

Microsoft gets hacker feedback on IE7 Beta 2

Dan Nystedt writes in InfoWorld:

Microsoft showed off the preliminary work it has done on the second beta version of its popular Internet Explorer, version 7, at the Hack in the Box Security Conference in Kuala Lumpur, Malaysia, and came away with some good feedback, managers at the company said Thursday.

"It's the first time we've ever come out ahead of a product release to present and get feedback," said Tony Chor, group program manager at Microsoft's Internet Explorer team, referring to the company's presentation to a hacker-specific group.

Chor, and colleague Andrew Cushman, director of Microsoft's security engineering and communication group, spoke highly of the feedback they heard at the presentation, and preferred the term "security research community" for attendees, instead of "hacker."

"Hacker has a negative connotation, like a criminal," said Cushman. People such as attendees of the Hack in the Box conference approach security from a very different, very valuable perspective, he added.

"This community is a good source of information and we haven't availed ourselves of that source," said Cushman.

Practical Tech: Smart beer mat orders refills

Image source: NewScientist

And now for some really useful tech... (actually, any tech involving beer gets my vote :-)

Will Knight writes in NewScientist:

A beer mat that knows when a glass is nearly empty and automatically asks for a refill has been created by thirsty researchers in Germany.

Andreas Butz at the University of Munich and Michael Schmitz from Saarland University came up with the idea while out drinking with their students.

The disc-shaped mat can be attached to a normal beer mat so that it still soaks up spilt liquid and displays an advertisement. But it also contains a pressure sensor and radio transmitter to alert bar staff of the need for a refill.

The device weighs 110 grams and costs $100 to make, but Butz and Schmitz think the weight and cost would shrink if the mat were to be mass-produced.

eDonkey seeks sanctuary

Andrew Orlowski writes in The Register:

The company behind eDonkey, MetaMachine, is getting out of the file sharing business according to its boss Sam Yagan.

Yagan disclosed the news in testimony to Congress, Extreme Tech reports. Yagan said he is responding to a cease-and-desist notice served by the Recording Industry Association of America to several P2P networks.

"I have personally committed to Mr. Sherman – which I reiterate today – that we are in the process of complying with their request," said Yagan. "Therefore I am not here as an active participant in the future of P2P, but rather as one who has thrown in his towel."

Yagan blamed the Supreme Court's June judgement which suggested that a P2P company's copyright liability rested on its intent to infringe. As a consequence, small companies were being forced out of business because they couldn't afford to litigate. As a result, he said, innovation was being stifled and the US economy would suffer.

Telecoms spend big to try to sway rules

Leslie Cauley writes in USA Today:

Telecom companies spent at least $78 million over the past two years to try to influence state officials who were considering new rules of competition, according to a report by the Center for Public Integrity, a non-partisan watchdog group.

The report, to be released Thursday, singles out SBC, Verizon and AT&T as the top spenders among the big telecoms. SBC and Verizon have been pushing to wrest free of state regulations, hopeful of using those victories to influence legislation at the federal level.

Congress is preparing to rewrite the landmark Telecommunications Act of 1996, which established new rules of competition for phone and cable companies. AT&T had a key role in drafting the 1996 rules. But now AT&T is being acquired by SBC. (Verizon is buying MCI.)

With AT&T out of the picture, John Dunbar, the report's author, worries that the Bells, strengthened by their political donations, could unfairly influence the revision of the telecom act. That could lead to rules that don't offer adequate protection for consumers, he says.

"In the past, we could take comfort in knowing that (AT&T and the Bells) were beating each other bloody," Dunbar says. "That goes away."

U. of Ga.: Hacker May Have Student Info

An AP newswire article, via The Washington Post, reports that:

The University of Georgia said a computer hacker may have accessed the names and Social Security numbers of at least 1,600 current and former employees.

The university was working with state and federal authorities to investigate the breach, which was discovered Sept. 19.

"To this point there has been no evidence, direct or indirect, that any of this information has actually been misused," said Arnett C. Mace Jr., the school's provost.

University officials say 2,429 Social Security numbers were exposed, but there was some repetition and the number of affected people is expected to be smaller.
Last year, a hacker broke into a UGA computer and may have accessed credit card information for about 32,000 students. The university never caught the hacker, but was not aware of any misuse of that information, said Tom Jackson, a UGA spokesman.

NASA and Google launch research alliance

An AFP newswire article, via Yahoo! News, reports that:

Internet search powerhouse Google has teamed up with the US space agency NASA to do space age research at a sprawling new campus at a former military air base in Silicon Valley, officials announced.

Google will build a one million-square-foot (92,903-square-meter) complex of offices and worker housing in the NASA Research Park at Moffett Field and join forces with National Aeronautics and Space Administration scientists, according to Google.

"Our planned partnership presents an enormous range of potential benefits to the space program," said NASA Ames Center director Scott Hubbard.

Researchers will collaborate in areas including new materials, "bio-info-nano convergence, supercomputing, data mining, and bringing entrepreneurs into the space program," Hubbard said.

"Google and NASA share a common desire to bring a universe of information to people around the world," said Google chief executive officer Eric Schmidt.

Wednesday, September 28, 2005

Novell server hacked

A ComputerWorld article by Jaikumar Vijayan, via NetworkWorld, reports that:

A company server that some workers at Novell apparently used for gaming purposes was hacked into and then used to scan for vulnerable ports on potentially millions of computers worldwide, according to an Internet security consultant.

The scans, which have been going on since Sept. 21, are targeted at TCP Port 22 -- the default port for Secure Shell (SSH) services. SSH programs are used to log into other computers over a network or to execute remote commands and move files between machines in a secure fashion. Scans against the port are often an indication that hackers are looking for vulnerable SSH systems that they can break into and take control of.

Kevan Barney, a Novell spokesman, Wednesday confirmed that one of the company’s systems had been compromised. But he added that the server was not part of the company’s corporate network nor was it a production server.

Chris Brandon, president of Brandon Internet Security, an Alexandria Va.-based firm that reported the problem to Novell Tuesday, said he was first alerted to the hack when a client reported scanning activity several days ago.

Scams Targeting Online Games: Old Phish With Fresh Bait

Via Netcraft.

Are phishing crews paying more attention to virtual worlds? Phishing attacks on massively multiplayer online role-playing games (MMORPGs) have been around since at least 2002, and perhaps earlier. But some observers of online games say the growing market for virtual currency and player accounts may be attracting fresh attention from phishing scams, which are mass-mailing "bait" e-mails seeking to capture gamers' account logins.

Phishing attacks most commonly target banks, credit card companies and payment sites such as Paypal. This year phishers have expanded their target list to include smaller regional banks and credit unions. While phishing attacks on online games aren't new, they may represent a logical area of expansion for these scams, given the growing value of player accounts, the youthful demographics of online gaming, and a recent influx of new players due to the popularity of World of Warcraft.

A recent phishing attack targeting users of EVE Online was reported by Terra Nova, a blog that follows trends in virtual worlds. The bait email purports to be from the game's security team, investigating unusual account activity and sending victims to a spoof site at a server in Spain.

Early phishes on MMORPGs date to 2002, when Dark Age of Camelot began warning users about bait emails, while other early efforts targeted Everquest. In January Netcraft received reports of a phishing attack seeking to steal user account details for Runescape, a free virtual world popular with younger gamers.

FCC CALEA Order Challenges Continue

Roy Mark writes in

The Federal Communications Commission's (FCC) decision to expand wiretap accessibility requirements to broadband providers and Internet telephone companies continued to come under legal fire today.

Fewer than 24 hours after the Center for Democracy and Technology announced it plans to challenge the FCC's ruling, the Electronic Frontier Foundation (EFF) said it has similar intentions.

Both organizations question the FCC's legal authority to extend the Communications Assistance to Law Enforcement Act (CALEA) to the Internet. CALEA requires all telephone companies to build surveillance backdoors into their networks, but specifically exempts information services, such as cable modem and DSL services.

Japanese carriers brace for VoIP competition


VoIP still is considered something of a novelty in the United States, but mainstream Japanese telecommunications groups and software companies have been quick to enter the market -- and are seeking to expand their share. In fact, Japan constitutes the world's biggest VoIP market today, and some of the biggest names in the industry are preparing to work together in order to ensure their dominance in the potentially lucrative business.

The Japanese daily Asahi Shimbun reported Wednesday that Softbank, Japan's largest software developer and the country's biggest VoIP provider, will be working with NTT Communications, the biggest Japanese telecom group and second-largest VoIP provider, as early as next month to further the Internet telecommunications network.

Since it entered the VoIP market in 2002 Softbank has dominated the domestic market, but it is facing increasingly stiff competition from outside Japan, particularly from Skype. The Luxembourg company is the world's biggest VoIP provider and recently was bought by online-auction giant eBay.

At the same time, companies that have traditionally played no role in telecommunications, including Microsoft and Time Warner, as well as Internet companies such as Yahoo! and Google, have made significant investments in recent months in their bid to become major players in the increasingly lucrative VoIP market.

As such, industry analysts broadly agree it would be in the best interest of major Japanese VoIP providers to join forces in order to keep a firm hold on the domestic market amid increasing competition from abroad.

Symantec Wins Piracy Case

Via Red Herring.

Symantec, maker of the popular Norton antivirus software, said Wednesday that it won more than $1 million in restitution in a case of software piracy, one of the largest amounts ever awarded to the company in a criminal case.

Li Chen, a Houston-based wholesale distributor of software products, agreed to pay the amount as part of a plea bargain in which he entered a guilty plea to one count of trademark infringement. Mr. Li was accused of distributing counterfeit versions of Symantec’s Norton Antivirus software and other popular security-related applications.

“He was a tier-1 distributor, moving millions of dollars worth of our products every year,” said William Baird, Symantec’s Global Investigations manager. “We had been watching him for nearly two and a half years before we could gather all the evidence needed to move against him.”

Between April 2002 and October 2004, Mr. Li sold counterfeit Symantec software with a retail value of more than $9.9 million, according to documents seized during the raid.

UN defends Tunisia tech summit

An AP newswire article, via The Globe and Mail, reports that:

Facing heated protest, the United Nations on Wednesday defended Tunisia's hosting of a UN summit about Internet access in the developing world, even though the north African nation has been repeatedly accused of rights abuses that include blocking Web sites it dislikes.

Earlier this week, a coalition of human rights groups known as the Tunisia Monitoring Group issued a report that declared Tunisia unfit to hold the World Summit on the Information Society, set for November, because of reports that the government has stepped up attacks on the press and civil society.

The group, which has frequently criticized the selection of Tunisia as the host country, said the government has blocked access to Web sites belonging to Reporters Without Borders, other human rights watchdogs, and the independent press, while police monitor e-mails and Internet cafes.

"It does question to some extent the UN's credibility that a world summit on the information society is taking place in a society where access to some Web sites is restricted," said Alexis Krikorian, of the International Publishers' Association. "It's amazing that such a summit would take place in a country like this."

Congress to attempt legislation of P2P file-sharing?

Yeah, that's right -- outlaw it. It'll just thrive in the networking underground. This idea wins my personal "Asinine Proposal of the Day" award.

Anne Broache writes in C|Net News:

A California senator has suggested that because file-sharing networks continue to house illegal files, they should be shut down.

Intellectual property protection "can't function in a country where the high-tech services become such that you can't protect copyright," Sen. Dianne Feinstein, D-Calif., said Wednesday at a U.S. Senate Judiciary Committee hearing. The session centered on the landmark Supreme Court decision on MGM v. Grokster, which ruled that file-sharing services can be liable for their users' infringing behavior.

Pointing to what she called a "rise in peer to peers" since the Grokster decision, Feinstein said current law is not effective enough to deter illegal file swapping and the government must enact stronger enforcement measures. "If we don't stop it," she said, "it's going to destroy these intellectual property industries."

It remained unclear what remedies the senator would seek, though she said she didn't think any lawmakers supported an approach that would involve "going out and arresting high schoolers" who subvert copyright rules. Even so, her statements marked somewhat of a departure: When the Grokster decision initially came out, members of Congress said they were inclined to take a hands-off, wait-and-see approach.

Microsoft probes report of IE flaw

Joris Evers writes in C|Net News:

A new flaw in Internet Explorer could be exploited to launch spoof-based attacks, or access and change data on vulnerable PCs, security experts have warned.

The problem lies in the way Microsoft has implemented a JavaScript component in its Web browser, security researcher Amit Klein wrote in a research document. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used, he wrote.

The vulnerability could be exploited with specially crafted code. An attacker could spoof a legitimate Web site, access data from the Web browser's cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web site, according to Klein's write-up.

Fully-patched computers running Windows XP with Service Pack 2 and Internet Explorer 6.0 are vulnerable to this issue, security monitoring company Secunia said in an advisory. Secunia rates the problem as "moderately critical" but says people can avoid the risk by setting the security level in IE to "high."

Woman convicted in software theft ring

An AP newswire article, via The Globe and Mail, reports that:

A Pennsylvania woman was convicted Tuesday of being part of what U.S. federal prosecutors said was a widespread software piracy ring.

Carol Szoke, 62, of Nazareth, Pa., pleaded guilty in U.S. District Court in New Haven to one count of conspiracy to commit criminal copyright infringement.

Federal prosecutors said Szoke was a participant in the "warez scene" an underground on-line community that illegally distributed copyrighted software on the Internet. Certain participants were able to access the software, video games, DVD movies and MP3 music files, often before they were made available to the public. Authorities said other participants then reproduced and distributed the pirated software.

"Stealing the intellectual property of others is no different from any other form of thievery," U.S. Attorney Kevin J. O'Connor stated. "It is a priority of this Office and the Department of Justice to protect the intellectual property rights of our nation's inventors and creators."

World Wide (Web) Takeover

A National Review Online article, via CBS News, reports that:

"In my opinion, freedom of speech seems to be a politically sensitive issue. A lot of policy matters are behind it." So observed Houlin Zhao, the man who wants to control the greatest forum for free expression in history.

Zhao, a director of the U.N.'s International Telecommunication Union (ITU) and a former senior Chinese-government official, is a leader in the United Nations's effort to supplant the United States government in the supervision of the Internet. At a series of conferences called the World Summit on the Information Society (WSIS), held under the aegis of the ITU, and set to culminate in Tunis this November, the U.N. has floated a series of proposals for doing exactly that.

The U.N.'s professed goals, which include expanding Internet access in developing countries and fighting spam, are laudable. However, the substance of its proposals — shifting Internet governance from the U.S. to a U.N. body — would produce an Internet in which regulations smother free speech, strangle net-driven economic growth, and threaten America's online security.

A typical U.N. enterprise, in other words.

Dell altering delivery system for consumers' computers

Via The Austin Business Journal.

Round Rock-based Dell plans to ship many of its computers to U.S. post offices for customer pickup, instead of straight to buyers' homes, the Atlanta Journal-Constitution reported Wednesday. Sandy Springs, Ga.-based United Parcel Service Inc. now is the main deliverer of Dell computers.

The world's largest computer manufacturer is uncertain how many shipments will be affected, Dell spokesman Andy North says.

UPS will continue to handle Dell computer shipments to businesses and some residential customers, North says.

"We have had a long-standing relationship with UPS. That's not going to change," he tells the Journal-Constitution.

The U.S. Postal Service plans to expand beyond Dell with the new service, called Hold For Pickup, by providing it to other shippers, the newspaper says.

BT snaps up Infonet Germany

Tim Richardson writes in The Register:

BT is to snap up all of Infonet Germany which is majority owned by T-Systems, a subsidiary of Deutsche Telekom, the British telco announced today.

Financial details were not disclosed.

Earlier this year BT completed the $965m (£510m) acquisition of California-based voice and data network services outfit Infonet Services Corporation.

At the time, BT only owned 18 per cent of Frankfurt-based Infonet Germany.

Now it's managed to agree a deal with T-Systems to acquire the remaining 82 per cent.

Apple Reportedly Offers to Fix iPod Nanos

An AP newswire article, via Yahoo! News, reports that:

Three weeks after introducing the pencil-thin iPod Nano portable music player, Apple Computer is reportedly ready to respond to complaints about defective screens.

The Wall Street Journal reports Apple will offer to replace the screens that cracked too easily. Users have been posting complaints on the Internet about cracked screens and scratched cases.

Apple has high hopes for the Nano music player designed to replace the iPod mini and the product, which sells for about $200 and up. It has received largely favorable reviews.

A spokesman for Apple tells the Journal that the problem has affected less than 0.1 percent of the devices shipped.

Venus Express spacecraft ready for launch

Image source: NewScientist / ESA

Maggie McKee writes in NewScientist:

The European Space Agency is set to launch a spacecraft to Venus. It will be the first mission to the swelteringly hot and corrosive planet in 15 years.

Called Venus Express, it is scheduled to lift off aboard a Soyuz rocket from Baikonur, Kazakhstan, on 26 October. When it arrives at Venus in April 2006, it will study the planet from a polar orbit stretching from an altitude of 250 to 60,000 kilometres.

Seven instruments will scrutinise the planet at a range of wavelengths. Astronomers hope to understand how a planet that has more in common with Earth than any other in terms of distance from the Sun, size and mass could have evolved into such an inhospitable world.

Temperatures hover at 450°C, while the thick, carbon dioxide atmosphere produces crushing surface pressures 90 times those on Earth and sulphuric acid rains from the sky. "We're still struggling to understand why Venus is so radically different from Earth," says Fred Taylor, an astronomer at the University of Oxford, UK.

Microsoft Office 2003 SP2 released

Dawn Kawamoto writes in C|Net News:

Microsoft on Tuesday released Microsoft Office 2003 Service Pack 2. The service pack is aimed at beefing up security, enhancing application stability and adding support for Microsoft SQL Server 2005 and Microsoft Visual Studio 2005.

Microsoft Office 2003 SP2 is designed to prevent "phishing" attacks and improve the handling of junk mail in Outlook, as well as enhance the stability of Office applications and servers. Office 2003 SP2 also adds support to Windows SharePoint Services and Microsoft Office InfoPath 2003 for upcoming releases of SQL Server 2005 and Visual Studio 2005.

FCC Introduces New Round of Regulatory Uncertainty

Roy Mark writes in

The Federal Communications Commission's (FCC) rules on Voice over IP wiretapping accessibility is likely to set off another round of regulatory uncertainty, all in the name of regulatory certainty.

Since the FCC began investigative proceedings on VoIP almost two years ago, the agency has promised a light regulatory approach but stressed that Internet telephone services would have certain legal obligations, particularly in the areas of law enforcement and public safety.

The FCC first took up public safety, ordering Internet telephone companies provide the same E911 calling services as traditional telephone firms. One lawsuit is already pending on that order.
In early August, the FCC mandated that wireline broadband providers and Internet telephone companies have 18 months to comply with the network wiretap accessibility rules of the Communications Assistance for Law Enforcement Act (CALEA).

Last weekend, the FCC quietly released the actual rules backing up its unanimous August vote. The issuance of the rules is likely to set in motion months, if not years, of even more litigation, a possibility not overlooked by the commissioners.

AT&T to double Internet capacity

Rhasheema A. Sweeting writes in The Mercury News:

AT&T said Tuesday that it will open a San Jose data center to double its Bay Area capacity for handling customers' Internet traffic.

The company declined to say how many employees the data center will have when it opens in November.

The center will ``host'' data traffic for thousands of businesses in Silicon Valley and the Bay Area. Demand for such capacity is increasing as individuals and businesses do more and more through computers and the Internet.

AT&T already has a Redwood City data center and two others in Southern California. The Redwood City facility has several dozen employees, who are on-site 24 hours a day year-round.

AT&T also said it is opening a data center in Shanghai, China. With the addition of the San Jose and Shanghai centers, the Bedminster, N.J.-based company will have 28 data centers worldwide.

Rolling Stones' Album to Come on Memory Card

An AP newswire article by Alex Veiga, via The Washington Post, reports that:

Virgin Records said Tuesday it would release the Rolling Stones' latest album on a new encrypted flash memory card that will allow users to preview and buy locked tracks from four of the veteran rockers' previous albums.

The memory card, dubbed Gruvi, is manufactured by Sunnyvale, Calif.-based SanDisk Corp., and will be available in November at select U.S. stores for $39.95, SanDisk and the label said in a statement.

By comparison, the Stones' latest album, "A Bigger Bang," costs about $14 on CD.

SanDisk spokesman Ken Castle said the value for consumers is in being able to use the thumbnail-sized memory card to move music and other media between compatible mobile phones, electronic organizers, computers and other devices.

To keep that content from ending up on Internet file-swapping sites or otherwise distributed without permission, the card comes with copy-protection technology, or firmware, built in.

Happy Birthday, Adam!

Twenty-one years ago today, my youngest son, Adam, was born. Happy birthday, son.

Tonight, we'll go to the venerable Hill's Cafe and enjoy a couple of steaks and copious amounts of cold beer, and enjoy some South Austin entertainment. :-)

Tuesday, September 27, 2005

Anti-Spyware Suits Signal Possible New Era

Ryan Naraine writes in eWeek:

The legal battle against adware and spyware programs has taken a new turn with a pair of putative class action complaints against Direct Revenue and 180Solutions, two companies facing allegations of installing online tracking software through security holes and making it virtually impossible for computer users to remove the unwanted programs.

Now that a judge has issued a preliminary order to allow one of the cases to proceed to trial, anti-spyware advocates say they believe the tide has shifted dramatically in favor of exasperated computer users.

In the Direct Revenue LLC suit, in which the actions alleged range from installing ad-serving software without user consent to privacy invasion and computer tampering, District Court judge Robert Gettleman ruled that the case can proceed on four of the five counts.

The order was a major blow to Direct Revenue's request to have the case thrown out. It also may open the floodgates to similar suits against other adware vendors.

The 11 commandments of the Internet in China

Via Reporters sans Frontières.

"You shall not spread rumours", "You shall not damage state security”, “You shall not destroy the country’s reputation”. There are just three of the 11 commandments ordered by Beijing, on 25 September, aimed at bloggers and websites managers.

Reporters Without Borders expressed concern at this latest turn of the screw in an ongoing crackdown on freedom of expression.

"The Chinese authorities never seem to let up on their desire to regulate the Web and their determination to control information available on it ever more tightly,” the worldwide press freedom organisation said.

“These new rules, announced with a fanfare by the official media, are certainly more intended to frighten Internet-users than to codify the use of the Net,” it said. “In fact there is nothing really new in these 11 commandments, which simply repeat that the party has the monopoly of the dissemination of information and that the media’s task is not to be objective but to relay state propaganda.

“These moves to filter the Internet are nevertheless a sign that the Internet frightens those in power, in particular during a period of ever greater social unrest. It’s noticeable that the only new elements in the text relate to banning the calling of strikes or gatherings though the Net,” it said.

Targeting the Net's Online Criminal Underground

Thanks to Roland Dobbins for pointing out this article.

Via Enterprise Security Today.

Larry Johnson, the special agent in charge of the Secret Service's criminal investigative division, knows how to catch a thief -- even ones who try to hide behind a computer screen.

Last October, in an operation that he supervised, Secret Service agents netted 28 individuals for credit card fraud, identity theft, computer fraud, and conspiracy. The operation, dubbed Operation Firewall, involved the first ever wiretap on acomputer network Latest News about computer network, which agents used to locate the thieves.

"Not only did we learn lessons, but they learned lessons about what to do and what not to do," Johnson said. "A lot of things have changed, but we have a lot of other operations like Firewall going on that I think will be as successful if not more successful."

At a Senate hearing in March, Senator Charles E. Schumer, a New York Democrat, compared the free-floating nature of personal financial information to the "wild, wild West." In that paradigm, Johnson, and agents like him, would be the cowboys who try to foil modern-day bank robbers.

Judge looks for links in credit card case

Joris Evers writes in C|Net News:

A judge has asked Visa and MasterCard to disclose details about their relationship with CardSystems Solutions, the payment processor that was the subject of a high-profile data security breach.

The information, such as contracts between the companies, should help determine whether the credit card companies have responsibility under California law to notify consumers whose personal details was exposed in the CardSystems breach, San Francisco Superior Court Judge Richard Kramer said Tuesday during a court hearing here.

Visa, MasterCard, Merrick Bank and CardSystems were sued in June on behalf of California credit card holders and card-accepting merchants. The suit seeks to test a state law that requires consumer notification after personal information stored on computers is lost, stolen or breached.

On Friday, Kramer denied a request for a preliminary injunction that would have required the credit card companies to tell individual California credit card holders that their account information was exposed in the CardSystems breach.

U.S. Army Probes Complaints of Corpse Photos

An AP newswire article, via Yahoo! News, reoprts that:

The Army is investigating complaints that soldiers posted photographs of Iraqi corpses on an Internet site in exchange for access to pornographic images on the site, officials said Tuesday.

An Islamic civil rights group said it wrote to Defense Secretary Donald H. Rumsfeld objecting to the practice, which it said may violate international laws of war, and urging the Pentagon to bring it to an end.

"This disgusting trade in human misery is an insult to all those who have served in our nation's military," Arsalan Iftikhar, legal director for the Council on American-Islamic Relations, said in his letter to Rumsfeld.

Bryan Whitman, a spokesman for Rumsfeld, said the Pentagon had recently become aware of Internet postings and is looking into it.

Internet governance remains sticking point

John Blau writes in InfoWorld:

Internet governance was a contentious issue at the first phase of the World Summit on the Information Society (WSIS) in December 2003 and, judging by the preparatory talks currently under way in Geneva, the issue will remain red hot at the second phase of the summit in November.

"The talks were off to a very slow start on Monday of last week but have since gained some momentum," said Sarah Parkes, a spokeswoman for the International Telecommunication Union (ITU), an arm of the United Nations (U.N.), which is hosting the final preparatory meeting (PrepCom-3) for the second phase of WSIS in Tunis, Tunisia.

"Today is crucial. If the delegates continue to disagree on Internet governance as they have until now, they may not have enough time to reach a final agreement by Friday when the meeting officially ends," Parkes said

Internet governance was one of two issues, the other funding, that split delegates attending the first WSIS in Geneva nearly two years ago and forced U.N. Secretary-General Kofi Annan to establish separate tasks forces to study them.

The final report the Working Group on Internet Governance (WGIG) and another paper drafted specifically for the preparatory meeting in Geneva are fueling the current debate. A particularly touchy element of the latter document is a section that focuses on "possible future arrangements," according to Parkes.

Cybercafes walloped by French anti terror plans

Nick Ferrell writes in The Inquirer:

FRENCH PLANS to make the world safer from terrorists will prove to be a nightmare for Internet cafes in the country, it's being claimed.

Besides surrounding businesses and homes with more video survaliance cameras than that lot have in Blighty, the law demands that internet caffs and telephone operators keep records of connections for three years.

The law is going through, even though police admit that it will not stop terrorist attacks. The police say it will provide them with a paper trail after the attackers have blown themselves up.

Meanwhile the average internet café will have to go through the rigmarole of recording every person who rents a computer and where they surf.

This will stop terrorists using caffs because they had guaranteed anonymity there, the French government says here.