University of Michigan Identifying Students to RIAA?
Eliot Van Buskirk writes on Wired's Listening Post:
Today, I received an email apparently sent by Paul Howell, Chief Information Technology Security Officer of the University of Michigan to all of the university's faculty and staff.
In the email, Howell writes that the university is in the process of identifying to the RIAA the twelve students belonging to the IP addresses on the RIAA's hit list, in cooperation with the organization's new anti-file-sharing initiative. The email also said that the university will be notifying the students that their names are being turned over to the RIAA.
Although Howell had already left the office by the time I called, University of Michigan staff confirmed to me that a letter regarding file sharing was in fact sent to students; I hope to speak with Howell tomorrow for more detail.
More
here.
U.S. Toll in Iraq
Via The Boston Globe (AP).
As of Wednesday, March 14, 2007, at least 3,200 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,579 died as a result of hostile action, according to the military's numbers.
The AP count is six higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.
More
here.
And as always,
cryptome.org keeps a very, very extensive list
here, as does the
Iraq Coalition Casualty Count website
here.
UK: Spam Storm Needs ISP Action
Will Sturgeon writes on Silicon.com:
ISPA, the UK's internet service providers' association, will today make a presentation to the House of Lords science and technology committee on computer security and spam.
The session, which follows the submission of a written response, coincides with claims the number of compromised PCs – known as botnets – in the UK has tripled over the past year.
And one security expert claims ISPs are still shirking their responsibilities.
More
here.
Google Logs New Data Privacy Policy
Rob Hof writes on Businessweek's The Tech Beat Blog:
Google and other online services have long been criticized for collecting unimaginable amounts of data on its users, such as what they've searched for. And many of them keep that personally identifiable data indefinitely, raising privacy concerns. That's about to change, at least in Google's case.
Good thing, since there have been recent incidents that highlight the privacy threats that data pose, such as AOL's release of private data on individuals last year and the Department of Justice's 2005 subpoena requesting months of search data from several search sites, which Google refused to do.
So what Google's announcing now is a change in its privacy policies intended to reduce the potential for misuse of data. By the end of the year or so, it plans to make the data in its server logs anonymous after 18 to 24 months.
More
here.
Dingell: FCC Not a 'Legislative Body'
An AP newswire article by John Dunbar, via The Washington Post, reports that:
The chairman of a congressional panel that oversees the Federal Communications Commission accused the agency of overstepping its authority in approving an order meant to create more competition in cable television.
Rep. John Dingell, D-Mich., who heads the House Commerce Committee said at a subcommittee meeting Wednesday that "the FCC is not a legislative body - that role resides here in this room with the people's elected representatives."
More
here.
Web Censorship Spreading Globally, Report Finds
Richard Waters writes on FT.com:
Internet censorship is spreading rapidly, being practised by about two dozen countries and applied to a far wider range of online information and applications, according to research by a transatlantic group of academics.
The warning comes a week after a Turkish court ordered the blocking of YouTube to silence offensive comments about Mustafa Kemal Ataturk, the founder of modern Turkey, marking the most visible attack yet on a website that has been widely adopted around the world.
A recent six-month investigation into whether 40 countries use censorship shows the practice is spreading, with new countries learning from experienced practitioners such as China and benefiting from technological improvements.
More
here.
Trend Micro Acquires HijackThis! Antispyware
Ellen Messmer writes on NetworkWorld:
Trend Micro Wednesday announced it has acquired the antispyware freeware tool HijackThis from its Netherlands-based creator, Merijn Bellekom, for an undisclosed price.
The free HijackThis tool is used to create a log file of text and registry settings to pinpoint spyware on an infected desktop and enable technically minded users to make the decision to eradicate it.
Trend Micro CTO Ed English says the security firm intends to maintain HijackThis as freeware for public use, though it is adding an AnalyzeThis button that would let users submit files to Trend Micro for analysis.
HijackThis beta version 2.0 will be available at the TrendSecure.com security portal, where Trend Micro also is introducing a free service called TrendProtect that combines Web site reputation monitoring and URL filtering for consumers.
More
here.
Canada: Rogers Warns Customers on Vista
Michael Geist:
Several people have written to note that Rogers is warning customers about incompatiblities between Microsoft Vista and Rogers Yahoo Online Protection 2.0. The company is advising customers to uninstall the security protection when upgrading to Vista.
Further, Rogers acknowledges that there are security risks because of the incompatibilities.
More
here.
Happy Pi Day
Via Wikipedia.
Pi Day and Pi Approximation Day are two unofficial holidays held to celebrate the mathematical constant π (Pi). Pi Day is observed on March 14 (3/14 in American date format), sometimes at 1:59pm; Pi Approximation Day may be observed on any of several dates, most often July 22 (22/7 - in European date format - is a popular approximation of π).
March 14 happens to be Albert Einstein's birthday, among others, and it is common to sing "Happy birthday Dear Albert". Massachusetts Institute of Technology often mails out its acceptance letters to be delivered to prospective students on Pi Day.
More
here.
FBI Slips Demand Patriot Act Cuts
Jennifer Granick writes on Wired News:
The Department of Justice Inspector General issued a report last week detailing the FBI's misuse of national security letters to collect information about innocent Americans without any connection to terrorism.
A national security letter, or NSL, is a special request for records that (unlike a search warrant) is never seen by a judge. Under the expanded powers granted by the USA Patriot Act, any FBI field supervisor can lawfully issue an NSL and serve it on libraries, telephone companies and businesses to get records on anyone in the country.
All that's required is an FBI certification that that the records are "sought for" or "relevant to" an investigation "to protect against international terrorism or clandestine intelligence activities." There is no judicial or Department of Justice review, and the agency can keep the information it obtains forever.
With power like that, you wouldn't think that the FBI could push the envelope even further. But it has.
More
here.
Yahoo! Inc. Cleared in Hong Kong Case
An AP newswire article by Syvlia Hui, via The Washington Post, reports that:
Yahoo Inc. did not violate Hong Kong's privacy laws when it provided prosecutors with information about a Chinese reporter accused of leaking state secrets, authorities said Wednesday.
Shi Tao, a former journalist for the Dangdai Shangbao or Contemporary Business Newspaper in the central province of Hunan, was sentenced last year to 10 years on charges of leaking state secrets.
Shi was alleged to have e-mailed the contents of a secret official memo about media restrictions to the U.S.-based Democracy Forum Web site.
Journalism activists criticized Yahoo Inc. after it emerged that the Hong Kong branch had given prosecutors e-mail from Shi's account.
More
here.
Telecoms Wait Nervously On $20 Billion Contract
Kim Hart writes in The Washington Post:
Over the past 3 1/2 years, AT&T has spent several million dollars putting together two 5,000-page proposals detailing how it can upgrade phone lines, wireless networks and fire walls for the federal government. At one point, about 100 people toiled through the night in a Northern Virginia basement to put the final touches on a bid that would guarantee the company's survival in federal market for the next decade.
Executives from AT&T and other companies are anxiously awaiting the General Services Administration's announcement of the largest telecommunications contract ever awarded. The winner of the biggest and most lucrative piece of the project, known as Networx Universal, could be named as early as this week.
More
here.
Medical Data on 75,000 Empire Blue Cross Members May Be Lost - UPDATE
Milt Freudenheim writes in The New York Times:
WellPoint, one of the nation’s largest health insurers, has begun notifying 75,000 members of its Empire Blue Cross and Blue Shield unit in New York that a compact disc holding their vital medical and other personal information had disappeared.
The information was on an unencrypted disc that a subcontractor recently sent to Magellan Behavioral Services, a company in Avon, Conn., that specializes in monitoring and coordinating mental health and substance abuse treatments for insurance companies.
Empire began notifying the affected consumers by mail on Saturday that their records — including their names, Social Security numbers, health plan identification numbers and description of medical services back to 2003 — had been lost.
More
here.
UPDATE: 15:43 PDT: Empire Blue Cross Blue Shield was just informed that Magellan Behavioral Health Services
has located the CD sent via UPS by Health Data Management Solutions (HDMS), a third party vendor to Magellan, an Empire benefit program administrator, that included some members' personal health information. The CD was lost in transit and was located this afternoon.
Advertising Through Spyware -- After Promising To Stop
Ben Edelman:
...despite their duties to the NY AG, both Cingular and Travelocity have failed to sever their ties with spyware vendors. As shown in the six examples below, Cingular and Travelocity continue to receive spyware-originating traffic, including traffic from some of the web's most notorious and most widespread spyware, in direct violation of their respective Assurances of Discontinuance.
That said, Priceline seems to have succeeded in substantially reducing these relationships -- suggesting that Cingular and Travelocity could do better if they put forth appropriate effort.
More
here.
FCC Killed Study That Found E911 Flaws
Leslie Cauley writes in USA Today:
Satellite-based emergency 911 technology often can't pinpoint the location of cellphone users dialing 911 from homes, offices, sports arenas and other indoor locations, a never-released report commissioned by the Federal Communications Commission concluded last year.
More than 60% of wireless usage now takes place inside buildings. The report's author, Dale Hatfield, found that the rush to embrace wireless has only exacerbated the problem with the 911 service designed for mobile phones.
So what happened? Hatfield's report says the public never heard about his concerns because the FCC decided to terminate the study a few days later. His report, details of which were presented to FCC staff, was never finished or released. He never presented the report directly to Chairman Kevin Martin or the other commissioners.
More
here.
Security Fix: Tracking the Password Thieves
Image source: The Washington Post Brian Krebs
writes on
Security Fix:
The Washington Post today ran a story I wrote about an epidemic of data theft being fueled by password-stealing viruses and phishing attacks. In some ways, the story behind the reporting that went into the piece is just as interesting, so I'd like to share a few of those details.
I based the story in part on a cache of stolen data I found online (more on how I obtained it in a bit). The data was being compiled by a password-stealing virus that had infected many thousands of computers worldwide; the particular text file that I found included personal information on 3,221 victims scattered across all 50 U.S. states.
More
here.
Toon of the Day: Truth of the Day
Click for larger image.
U.S. Public Losing Access to Government Documents
An AP newswire article, via MSNBC, reports that:
More than 1 million pages of historical government documents — a stack taller than the U.S. Capitol — have been removed from public view since the September 2001 terror attacks, according to records obtained by The Associated Press. Some of the papers are more than a century old.
In some cases, entire file boxes were removed without significant review because the government’s central record-keeping agency, the National Archives and Records Administration, did not have time for a more thorough audit.
More
here.
Digital Scarlet Letter: Once a Criminal, Always a Criminal
Bob Sullivan writes in The Red Tape Chronicles:
We've become a nation of digital scarlet letters.
Nearly every crime is now entered into massive databases that track transgressions nationwide. Increasingly, these databases are available to almost anyone for the asking -- law enforcement, border agents, foreign governments, future employers, even nosy neighbors.
Because of these perpetually available records, there is sometimes no way to put a crime behind you, even after you've paid your debt to society. A short prison sentence for a felony assault -- or for throwing a cup of soda at a passing car – can become a lifetime criminal record, complete with public disgrace in our era's town square, the Internet.
Computers know no gray areas. In the digital world, bits are either on or off. So it is with digital justice. To a database, if you've ever been a criminal, you are a criminal.
More
here.
Microsoft to Sue More 'Cybersquatters'
A Bloomberg News article, via The Seattle Post-Intelligencer, reports that:
Microsoft Corp. said it plans to file a new round of lawsuits in the U.S. and Britain this week against people it says are profiting from registering Internet domain names that contain the company's trademarked terms.
Called "cybersquatters" or "typosquatters," the targets of Microsoft's lawsuits use Web addresses containing terms such as Xbox or Microsoft, or slight misspellings of those words, to lure consumers to Web sites loaded with clickable advertisements. The Web-site operators profit when consumers click on an ad.
Microsoft sued more than 200 people last year, accusing them of running bogus sites. The Web-site operators illegally profit from Microsoft's trademarked names and create confusion for people seeking the company's legitimate Web sites, Microsoft said in August.
More
here.
The Pathetic Story of One Request for Total Info Awareness
Ryan Singel writes on 27B Stroke 6:
This week is Sunshine Week, an open government initiative sponsored by American Society of Newspaper Editors, that celebrates and advocates for more transparency in American government, especially as it relates to official requests for documents from government agencies.
So this might be a good time to talk about my long-standing Freedom of Information Act request that the government has stymied, lost and bounced from component to component.
More
here.
Apple Megapatch Plugs 45 Security Holes
Joris Evers writes on C|Net News:
Apple on Tuesday issued a security update for its Mac OS X to plug 45 security holes, including several zero-day vulnerabilities.
The megapatch is the seventh Apple security patch release in three months. It deals with vulnerabilities in Apple's own software, as well as third-party components such as Adobe Systems' Flash Player, OpenSSH and MySQL. Sixteen of the vulnerabilities addressed by the update were previously released as part of two high-profile bug-hunting campaigns.
The vulnerabilities pose varying risks to Macs. Several of the flaws could be exploited to gain full control over a Mac running the vulnerable component, according to Apple's advisory.
More
here.
China to Expand 'Great Internet Firewall'
An AFP newswire article, via Middle East Times, reports that:
China will tighten controls on Internet blogs and Webcasts in a response to new technologies that have allowed cyber citizens to avoid government censorship efforts, state press reported Tuesday.
Following a call from President Hu Jintao in January to "purify" the Internet, the ruling Communist Party will introduce new regulations targeting blogs and Webcasts, one of the nation's chief censors was cited as saying.
"Advanced network technologies such as blogging and Webcasting have been mounting new challenges to the government's ability to supervise the Internet," Press and Publication Administration head Long Xinmin said, according to Xinhua news agency.
Long said the government was in the middle of drafting the new regulations.
More
here.
Note: ...and you can check whether or not you've been blocked by the
Great Firewall here.
Seven Microsoft Patches We Want Today (But Won't Get)
Robert Vamosi writes on the C|Net Security Blog:
This month Microsoft did not release any patches within its March 2007 security bulletin, though it did update its Malicious Software Removal Tool. Where we'd ordinarily call your attention to important patches from Microsoft, we thought we'd highlight a few important open vulnerabilities.
Four are of high-level concern, two of medium concern and one of low concern. Four flaws affect Internet Explorer, one affects Windows and two affect Office. The oldest flaw here dates back to July 2006.
More
here.
American Studios' Secret Plan to Lock Down European TV Devices
Via The EFF.
An international consortium of television and technology companies is devising draconian anti-consumer restrictions for the next generation of TVs in Europe and beyond, at the behest of American entertainment giants.
The Electronic Frontier Foundation (EFF) is the only public interest group to have gained entrance into the secretive meetings of the Digital Video Broadcasting Project (DVB), a group that creates the television and video specifications used in Europe, Australia, and much of Asia and Africa. In a report released today, EFF shows how U.S. movie and television companies have convinced DVB to create new technical specifications that would build digital rights management technologies into televisions.
These specifications are likely to take away consumers' rights, which will subsequently be sold back to them piecemeal -- so entertainment fans will have to pay again and again for legitimate uses of lawfully acquired digital television content.
More
here.
Hackers Get Bum Rap for Corporate America's Digital Delinquency
Via PhysOrg.com.
If Phil Howard’s calculations prove true, by year’s end the 2 billionth personal record – some American’s social-security or credit-card number, academic grades or medical history – will become compromised, and it’s corporate America, not rogue hackers, who are primarily to blame. By his reckoning, electronic records in the United States are bleeding at the rate of 6 million a month in 2007, up some 200,000 a month from last year.
Howard, an assistant professor of communication at the University of Washington, bases his projections on a review of breached-record incidents as reported in major U.S. news media from 1980 to 2006. The total through last year stood at 1.9 billion – or roughly nine records per American adult.
His report delving into the flood of escaping records and some of the related dynamics, co-authored with Kris Erickson, a UW geography doctoral student, will appear in the July edition of the Journal of Computer-Mediated Communication. If anything, Howard contends the numbers they collected are conservative.
More
here.
Viacom in $1B Copyright Suit vs Google, YouTube
Kenneth Li and Michele Gershberg write for Reuters:
Media conglomerate Viacom Inc. sued Google Inc. and its Internet video-sharing site YouTube for more than $1 billion on Tuesday in the biggest challenge yet to the Web search leader's strategy to dominate the online video market.
The lawsuit accuses Google and its popular online video unit of "massive intentional copyright infringement," threatening its ambitions to turn YouTube into a major distributor of entertainment and outlet for advertising.
More
here.
Vyatta Open Source Router Has Dell in Tow
Sean Michael Kerner writes on internetnews.com:
Dell might not be offering Linux pre-installed on its PCs yet, but that doesn't mean you can't get Dell hardware for running a Linux router. It's all in Vyatta's latest commercial release of its routing software, which the company said is proof the open source model can work where networking is concerned.
Vyatta, an enterprise-grade, open-source router platform, offers a number of enhancements in version 2.0 over the first version, which debuted in July. For starters, there is a community and a commercial edition, with the commercial edition offering enterprise support options. The company also shifted from a plain vanilla Linux base it built to a Debian GNU/Linux base for its distribution.
More
here.
Quote of the Day: Nicole Belle
"I swear, this guy just oozes slime."
- Nicole Belle
AT&T, U.S. Government: Spying Too Secret For Your Court
Ryan Singel writes on 27B Stroke 6:
AT&T told an appeals court in a written brief Monday that the case against it for allegedly helping the government spy on its customers should be thrown out, because it cannot defend itself -- even by showing a signed order from the government -- without endangering national security.
A government brief filed simultaneously backed AT&T's claims and said a lower court judge had exceeded his authority by not dismissing the suit outright.
Because plaintiffs' entire action rests upon alleged secret espionage activities, including an alleged secret espionage relationship between AT&T and the Government concerning the alleged activities, this suit must be dismissed now as a matter of law," the government argued in its brief.
The telecom giant and the government are appealing a June ruling in a federal district court that allowed the suit brought by the Electronic Frontier Foundation against the telecom to proceed, despite the government's invocation of a powerful tool called the "states secrets privilege," which allows it to have civil cases dismissed when national secrets are involved.
More
here.
U.S. Toll in Iraq
Via The Boston Globe (AP).
As of Monday, March 12, 2007, at least 3,193 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,576 died as a result of hostile action, according to the military's numbers.
The AP count is three higher than the Defense Department's tally, last updated Monday at 10 a.m. EDT.
More
here.
And as always,
cryptome.org keeps a very, very extensive list
here, as does the
Iraq Coalition Casualty Count website
here.
Mr. Fish: They Hate Me For My Freedom
Click for larger image. Via Truthdig.
Microsoft Australia Blames ISP for Domain Failure
Munir Kotadia writes on ZDNet Australia:
Microsoft is denying its Australian domain is suffering a DDoS attack and has instead pointed the finger at its ISP after suffering around 24 hours of downtime on the microsoft.com.au domain.
Microsoft.com.au usually redirects to microsoft.com/australia but for at least 18 hours, possibly longer, the redirect has not been functioning. Instead, visitors to Microsoft's Australian domain are kept waiting till their system times out and delivers an error message.
A spokesperson for Microsoft Australia said the ISP -- which they chose not to name -- was to blame for the downtime.
More
here.
Will Heather Mills' Leg Fall Off On Dance Show? Place Your Bets
Heather Mills An AFP newswire
article, via
Yahoo! News, reports that:
An online gambling site is inviting macabre bets on whether Heather Mills' prosthetic leg will fall off during her participation in US television show "Dancing with the Stars."
The Antigua-based Bodog.com is inviting punters to lay money on whether Mills, the estranged wife of Beatle Sir Paul McCartney who lost her leg in a 1993 traffic accident, would suffer a mishap in the show.
The site made a "No" outcome the heavy favorite, and said Mills's leg "must fall off, not be purposely taken off, during a dance routine for all 'Yes' wagers to be graded a win."
Other bets on the site included: "Will a contestant throw up on stage during American Idol 6?"
More
here.
Electronic Access to Government Records Flunks Test
Beth Daley writes on The Project On Government Oversight (POGO):
A new -- very excellent -- report from the National Security Archive finds that ten years after the Electronic Freedom of Information Act Amendments, “Only one in five federal agencies (21 percent) posts on the Web all four categories of records that the law specifically requires.”
The National Security Archive makes the excellent point that, if government agencies would post more of the kinds of information the public seeks through FOIA, they would save money by avoiding the staffing costs needed to answer the public’s requests.
More
here.
Microsoft Suffers Latest Blow As NIST Bans Windows Vista
Paul McDougall writes on InformationWeek:
In a new setback to Microsoft's public sector business, the influential National Institute of Standards and Technology has banned the software maker's Windows Vista operating system from its internal computing networks, according to an agency document obtained by InformationWeek.
Tech staffers at the NIST, a part of the Department of Commerce charged with promulgating technology standards, are scheduled to meet on April 10 in Gaithersburg, Md., to discuss their concerns about the new operating system, which Microsoft released to consumers in January amid much fanfare and to businesses in December with lesser flair.
According to the formal agenda for the meeting, NIST technology workers will attend a session entitled "Windows Vista Security" to discuss "the current ban of this operating system on NIST networks." NIST officials weren't immediately available to comment.
More
here.
Not So Fast, Broadband Providers Tell Big Users
Carolyn Y. Johnson writes in The Boston Globe:
Amanda Lee of Cambridge received a call from Comcast Corp. in December ordering her to curtail her Web use or lose her high-speed Internet connection for a year.
Lee, who said she had been using the same broadband connection for years without a problem, was taken aback. But when she asked what the download limit was, she was told there was no limit, that she was just downloading too much.
Then in mid-February, her Internet service was cut off without further warning.
More
here.
GoDaddy Experiences Denial-of-Service Attack
Grant Gross writes on PC World:
Domain registrar and hosting company GoDaddy.com was hit with "significant and sustained" distributed denial-of-service attacks Sunday, the company said.
The attacks caused four to five hours of intermittent service disruptions, including hosting and e-mail, said Neil Warner, GoDaddy's chief information security officer, in an e-mail forwarded by the company's public-relations department. The services were back by later in the day.
More
here.
Google Earth Highlights Destruction
Via BetaNews.
While Google Earth has primarily been touted for its uncanny ability to take users on a tour of the world's most beautiful sights right from their desktop, a new feature added Monday highlights the immense destruction human beings leave in their wake.
Environmental advocacy group Appalachian Voices has joined to Google to deliver a special interactive layer for Google Earth that tells the stories of over 470 mountains that have been destroyed from coal mining, and its impact on nearby ecosystems. Separately, the World Wildlife Fund has added the ability to visit its 150 project sites using Google Earth.
More
here.
Maryland Porn Investigation Nabs Cops, State Workers
Sharon Guadin writes on InformationWeek:
Maryland authorities have nabbed 22 state employees who were visiting pornographic Web sites -- sometimes a few thousand times a week -- on the job. The culprits, who were not named, were disciplined, various state agencies said.
The majority of the 22 employees are Transportation Authority police officers, who patrol state highways, tunnels, and bridges, and maintenance workers.
Members of Maryland's Office of Legislative Audits reported that the number of employees involved is understated, since many "improper accesses" to the Internet were not identified by an employee's name and because the investigation was limited to a 31-day period. Auditors found hundreds of instances of employees accessing pornographic Web sites in just a two-day period but could not immediately tie them to specific users.
More
here.
Al-Qaeda Plot to Bring Down UK Internet?
David Leppard writes in The Sunday Times Online:
Scotland Yard has uncovered evidence that Al-Qaeda has been plotting to bring down the internet in Britain, causing chaos to business and the London Stock Exchange.
In a series of raids, detectives have recovered computer files revealing that terrorist suspects had targeted a high-security internet “hub” in London.
The facility, in Docklands, houses the channel through which almost every bit of information on the internet passes in or out of Britain.
The suspects, who were arrested, had targeted the headquarters of Telehouse Europe, which houses Europe’s biggest “web hotel”, containing dozens of “servers”, the boxes which contain the information that makes up the web.
From the description, it sound like an
exchange point was being targeted.
More
here.
(
Props, Bruce Schneier.)
Chinese Hackers Seek U.S. Access
Jon Swartz writes in USA Today:
The cyberattack of a U.S. military computer system has deepened concern about cyberspying and the security of the Internet's infrastructure.
Chinese hackers were most likely behind an intrusion in November that disabled the Naval War College's network, forcing it to disconnect from the Internet for several weeks, says Lt. Cmdr. Doug Gabos, a spokesman for the Navy Cyber Defense Operations Command in Norfolk, Va.
Forensic analysis indicates the hackers may have sought information on war games in development at the naval college, he said. The college was vulnerable because it did not have the latest security protections, Gabos said.
The November attack was part of an ongoing campaign by Chinese hackers to penetrate government computers. The attacks often come in the form of "spear phishing," scams where attackers craft e-mail messages that seem to originate from the recipient's organization in a ploy to gain unauthorized access to confidential data.
More
here.
UK: Pipex Up for Sale
Via Web Hosting Industry Review (WHIR).
UK telecommunications giant Pipex Communications (pipex.co.uk) announced on Monday it has put its company up for sale, following its appointing of an investment bank UBS to advise on strategic options.
Pipex currently has an estimated 1.1 million customers following a series of recent acquisitions, and generated revenues of £133m last year. It has also been trying out WiMax, a high-speed wireless technology that has drawn interest from major companies including BT.
More
here.
McAfee Maps Malware Risk Domains
John Leyden writes on The Register:
A global road map of the riskiest and safest places to surf online found Russian and Romanian sites among the top-level domains most commonly hosting malicious downloads, browser exploits, and scams.
A survey of 265 top-level domains by McAfee, dubbed Mapping the Mal Web, revealed large differences in safety from one domain to another. The worst haven for malware belonged to the the tiny Pacific island of Tokelau (.tk), where 10.1 per cent of websites contained dodgy content. The most risky large country domains were Romania (.ro, 5.6 per cent risky sites) and Russia (.ru, 4.5 per cent risky sites). These East European country domains were the most likely to host exploit or "drive-by-download" sites run by hackers.
More
here.
WIPO: Internet Name System in Growing Danger
Robert Evans writes for Reuters:
The Internet's key site identity system is in mounting danger from new techniques that could cause havoc by turning it into a free-for-all market, the World Intellectual Property Organisation WIPO warned on Monday.
And the United Nations' agency said the latest trends in registering top-level domain names (TLDs) -- like www.reuters.com -- could undermine dispute procedures under which patent holders can pursue "cybersquatters."
"Domain names used to be primarily specific identifiers of businesses and other Internet users, but many names nowadays are mere commodities for speculative gain," senior WIPO official Francis Gurry told a news conference.
Gurry, who runs the agency's own site-name dispute system, said the growth of computer-driven practices, like automatic mass harvesting of expired TLDs and "domain-name tasting", risks turning the system "into a mostly speculative market."
More
here.
3 Men Indicted in Stock Hacking Scheme - UPDATE
An AP newswire article, via Yahoo! News, reports that:
Three men from India were indicted Monday on federal charges of hacking into online brokerage accounts and pumping up stock values to turn a hefty profit for themselves, the Justice Department said.
The alleged "hack, pump and dump" scheme has cost one brokerage firm at least $2 million in losses, prosecutors said. An estimated 60 customers and nine U.S. brokerage firms were duped in the case during a four-month period last year, prosecutors said.
According to the 23-count indictment, unsealed in Omaha, Neb., the three men bought stocks through the U.S. online firms with their own accounts. Operating from Thailand and India, the men then allegedly used stolen identity information to pose as other online share-buyers — inflating the value of the stock.
The men then sold their own shares at a higher price — turning a substantial profit, prosecutors said.
More
here.
UPDATE: 13:19 PDT: Additional detail in
InformationWeek here.
Egyptian Court Rejects Blogger's Appeal
Via Reuters.
An Egyptian appeals court on Monday upheld a 4-year jail sentence against a blogger convicted of insulting Islam and President Hosni Mubarak.
Abdel-Karim Suleiman, 22, last month became the first Egyptian to be jailed for his writing on the Internet in what human rights groups and bloggers described as a dangerous precedent that could limit online freedom in the country.
"This was not a verdict issued on a legal basis," said Gamal Eid, a human rights activist and one of Suleiman's lawyers.
"This is a religious verdict similar to those of the Inquisition," he told Reuters.
More
here.
Game Over for China's Net Addicts
Via Reuters.
Combining sympathy with discipline, a military-style boot camp near Beijing is at the front-line of China's battle against Internet addiction, a disorder afflicting millions of the nation's youth.
The Internet Addiction Treatment Center (IATC) in Daxing county uses a blend of therapy and military drills to treat the children of China's nouveau riche addicted to online games, Internet pornography, cybersex and chats.
More
here.
U.S. Toll in Iraq
Via The Boston Globe (AP).
As of Sunday, March 11, 2007, at least 3,193 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,572 died as a result of hostile action, according to the military's numbers.
The AP count is seven higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.
More
here.
And as always,
cryptome.org keeps a very, very extensive list
here, as does the
Iraq Coalition Casualty Count website
here.
Australian Hosting Company Hit by Hack Attack
Darren Pauli writes on Computerworld.com.au:
E-mail hosting company Servers Australia was the victim of a hack attack on Friday which spammed its customers with offensive e-mails by assuming the company's domain name.
A company source said the company is "almost 100 percent sure" the attack exploited a flaw in its Kayako security appliances which allowed the attacker to spam its users.
According to the source, the hacker blindly injected the HTML spam into the support system but was denied access to client information.
More
here.
User Friendly: Daylight Savings Headaches
Via UserFriendly.org.
Click for larger image.
The Great Firewall of China: The Web as a Weapon
Rowan Callick writes in The Australian:
A US businessman negotiating in Beijing with a large state-owned Chinese company was startled to discover that the morning after he sent an email back to head office about a certain issue, his counterpart opened their discussion with that same topic. This happened day after day, and he was convinced that his emails were being intercepted and passed on.
It shows that while China is building a relentless case that it is the rising global superpower of the 21st century, progress is being deliberately constrained within that most 21st century of institutions, the internet.
More
here.
Another Computer Security Breach at University of Idaho
Via KLEWTV.com.
The University of Idaho says a data file posted to the school's web site may have put at risk the personal information of approximately 2,700 university employees.
It's the third time in almost a year that the personal information of people affiliated with the school has been compromised.
UI officials said in a news release Friday that, to date, there is no indication that "the information was successfully read or used for any purpose other than the reason for which it was created."
More
here.
China Lawmaker Warns of Defense Leaks via Internet
Via Reuters.
Chinese Internet users should keep national security in mind and not reveal military secrets through online chat rooms, emails or blogs, Xinhua news agency said on Sunday citing a warning from a member of parliament.
Lin Kang, a National People's Congress deputy from the second artillery corps, said the Internet has made the exchanges of military information easier, as many Web portals have set up special military columns and some military experts have opened blogs.
More
here.