[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips July 9, 2002

Clips July 9, 2002

ARTICLES

FBI uneasy about plan to deregulate fast Net
Changing Federal Buying Habits
Telecom firm leaks student data to Web
Study: Israel, Hong Kong hotbeds for cyber attacks
The Code of the Cosmos
Web rebels profit from net controls
Workers sacked for surfing porn
Grocer's digital receipts pay off
Notorious Net thief pleads guilty
New worm eats into Kazaa
Internet privacy laws flagged
Net Guard shuts up shop after inquiry
New Technology Searches Internet in Chinese
Chinese to Check E-mails by Phone
Spam-Cramming Foils Vacationers
EU report calls for widespread open source adoption
Hacker to Apple: Watch those downloads

**************************
USA Today
FBI uneasy about plan to deregulate fast Net
By Paul Davidson, USA TODAY

A federal plan to deregulate high-speed Internet access might have an unintended consequence: The FBI is worried it could hamper the fight against terrorism.

The FBI and Justice Department are concerned that the Federal Communications Commission's decision to classify broadband as an "information" service could disrupt their ability to trace the e-mail and Internet activity of terrorists and other criminals.

Only "telecommunications" services are required by law to design their networks so that the government can easily tap into suspects' communications.

If phone company DSL and cable-modem providers read the law literally, authorities "may be hobbled in their ability to enforce the laws and protect national security," the FBI wrote to the FCC.

The agencies do not oppose the FCC proposal. They want the FCC to say that electronic-surveillance access rules also apply to the broadband information offerings of phone and cable companies.

The controversy centers on the collision of two ostensibly unrelated federal laws. Earlier this year, the FCC tentatively concluded that DSL and cable-modem services are information rather than telecommunications services, because they mainly entail storing and generating data rather than transmitting it.

As a result, analysts expect that the FCC will rule that they need not open their networks to rivals. Consumer advocates say that will drive up prices.

The Telecommunications Act currently forces the regional Bells to open their DSL networks to rivals; cable operators are under no such obligation.

The mandate on industry to design networks that can be wiretapped, however, is in the Communications Assistance for Law Enforcement Act (CALEA).

Such a design can cost several hundred million dollars. Without it, wiretaps are difficult, FBI officials say.

That law, however, applies only to telecommunications, not information services. The FBI argues, however, that it includes "joint-use" services, such as broadband, that have information and telecommunications pieces.

Critics of deregulation are skeptical. "They can't have their cake and eat it, too," says Jonathan Askin, general counsel for the Association for Local Telecommunications Services, which represent Bell rivals.

In other words, Askin believes that if the FCC upholds CALEA requirements with regard to wiretaps, at least on DSL companies, that could give open-access proponents such as his group ammunition for a possible court battle on its issue.

CALEA now applies to DSL, but not cable-modem service, FCC officials say. They would not comment on the FBI's petitions, which say CALEA covers both.

The United States Telecom Association, which represents Bells and other local phone monopolies, would not comment.

Verizon Communications, the largest Bell, believes its DSL still would be subject to CALEA, according to assistant general counsel John Goodman.
************************
New York Times
Changing Federal Buying Habits
By REBECCA FAIRLEY RANEY

IF you wanted to find out how much money the federal government was spending to clean up toxic waste, you might run into difficulty. The question is simple enough, but the answer could take months to find.

For one thing, half a dozen agencies handle toxic cleanup. But the greatest problem is that those agencies' computers cannot communicate with one another. Their reports cannot be scanned in a single search.

The problem is magnified by decades of uncoordinated computer purchases by the government. Federal agencies have historically bought computers and software on their own, producing a rat's nest of technology, from mainframes to I.B.M. clones to Wang computers.

In an attempt to address the issue, the Senate passed a bill recently that would require federal agencies to learn to speak the same language. The E-Government Act, introduced by Senator Joseph I. Lieberman, Democrat of Connecticut, would require the federal government to make information easy for citizens to use.

"It's really a way of busting bureaucracy, which makes it very appealing," said Patricia McGinnis, president and chief executive of the Council for Excellence in Government, a nonprofit group in Washington. "Basically, we don't have a seamless system of data collection, analysis and use."

The bill would allocate $345 million over four years to establish a fund to help federal agencies work together on projects to improve their online services. It would also establish an Office of Electronic Government, which would be part of the Office of Management and Budget, and its top administrator would be appointed by the president.

Among other things, the bill would require federal agencies to set standards for the use of electronic signatures, to seek public comment on what information to post on the Internet and to assess how to protect citizens' personal information from abuse.

The bill stretches the definition of e-government. Typically, the term has referred to the practice of government agencies' placing information and services within easy reach of the public on the Internet. The E-Government Act would expand that definition to include how well agencies use technology to improve the efficiency of government.

Kevin Landy, counsel on Senator Lieberman's staff, says that federal agencies spend more than $1 billion a year on such e-government efforts and that the new office would help them spend that money more efficiently.

Though the problem of diverse computer systems may never be solved completely, government technologists see a partial solution in extensible markup language, known as XML, a method of coding information so that it can be transmitted on the Internet and read by different computer systems. In theory, if agencies could translate their data into the same language, they could read one another's documents.

"XML is a theoretical answer," said John de Ferrari, assistant director of the information technology team at the General Accounting Office. "It serves as an overlay that should allow you to get really precise searches."

As the accounting office pointed out in a report in April, however, XML presents inherent problems as well. The language sets standards for tagging information but does not dictate which commands should be used. For example, agencies could choose to tag purchase orders in several ways: , , or .

As the agencies independently create tags for their documents, they could make a bigger data mess.

"We could end up creating a Tower of Babel," Mr. de Ferrari said.

Though individual agencies are already working to develop standards for XML codes, the E-Government Act would require that agencies centrally coordinate the development of standards for XML.

But the very idea of developing standards creates its own issues. In the past, the government's haphazard approach to computer purchasing may have benefited a number of technology companies, but now that agencies have started establishing standards to allow their systems to communicate, the companies are worried that government programmers might create proprietary software instead of using commercial products.

Jeanne Foust, director of governmental affairs for ESRI, a company in Redlands, Calif., that makes computer mapping software, said it was pleased that the E-Government Act was giving this area of computing a higher status in Washington. But she said the company would like some clarification in the bill on whether federal agencies would use commercial software to share information among systems or create their own.

"The best way to go down that path is to let the commercial marketplace develop those tools," Ms. Foust said. "We don't need the federal government to develop interoperability."

David LeDuc, director of public policy for the Software and Information Industry Association in Washington, added that although new standards can present opportunities for software companies, they can also inadvertently limit the advancement of technology. "Standards can inhibit growth in the industry," he said. "The standards the government sets are big enough to affect the industry."

Mr. de Ferrari of the General Accounting Office said that adhering to XML, a nonproprietary technology, would open the market to many software vendors.

"That's the beauty of XML," he said. "It is an open standard. It's really just saying, `We want software that has these capabilities.' It's not locking into any particular product."

The plan to create common codes among federal agencies is a cost-cutting move, he said.

"A concern that was raised when we did our study was, if the government didn't get its act together, we would be playing up to the middleware vendors when all these systems can't talk to each other," he said. "In terms of translation, that could become very expensive."

Of course, the process of translation could take years.

Information officers at the Defense Department, Mr. de Ferrari said, are now sorting out how to handle a single piece of information: the format for names. The format is not consistent even within the department, and information officers are deliberating over whether to spell names out, use a middle initial or just list the first and last names. The process is tedious, he said.

In the end, federal information officers hope to create a system that will allow feats that sound simple but are now impractical. The Office of Management and Budget wants, for example, to extract data from all federal agencies to compare their budgets.

Such a system could leave agencies feeling exposed, of course.

"In general," Mr. de Ferrari said, "the idea of sharing your data is threatening."
************************
News.com
Telecom firm leaks student data to Web
By Robert Lemos
Staff Writer, CNET News.com

A company that provides intra-campus telephone services to small colleges inadvertently posted online the names, addresses and social security numbers of thousands of its student customers, the firm acknowledged on Monday.
In the latest of what has become a common Internet problem, the information about more than 2,000 students whose schools use telecommunications management firm Resicom may have leaked out from the company's Web site. Database files containing students' personal information had the wrong permission settings and could have been accessed using any Web browser as late as Monday afternoon.

David Horn, the network and billing manager for the Doylestown, Penn., company was working to turn off access to the files Monday afternoon.


"This is a big deal for us; it has never happened before," he said. "It's embarrassing, not to mention serious."

The company's customers include Texas A&M University, Ottawa University, Indiana Wesleyan University and almost 70 other schools. In total, the firm provides phone services for more than 100,000 students, though the problem only affects a small fraction, said Horn.

Resicom provides its student customers with easy access to their records via the Web. In this case, however, access may have been too easy.

A staff member first notified his school of the problem after a friend searched for his name on the Internet and suddenly had access to a database record that included the staff member's social security number, the person said in an e-mail message to CNET News.com. On Saturday, the staff member, who asked not to be identified, contacted the dean of the school and attempted to reach the company, but to no avail.

Resicom didn't get the message until Monday, Horn said. "We first heard about it this morning," he said. "We got an e-mail from a customer."

The company immediately contacted its Internet service provider and by the afternoon had access to the files blocked. Horn said that the firm uses a local Internet service provider to maintain much of its Web site including the parts that had the permission problems. Horn suggested that the arrangement may stop after this incident. He would not identify the Internet service provider.

"It may change the way we handle online information," he said. "I handle the in-house Web site, and we keep a pretty tight grip on that information."
*************************
USA Today
Study: Israel, Hong Kong hotbeds for cyber attacks

SAN FRANCISCO (Reuters) Which part of the world has the dubious distinction of being the most active hotbed of computer hacking?

Among the most highly wired economies, more cyber attacks originate from Israel and Hong Kong on a per-Internet-user basis than anywhere else, while Kuwait and Iran top the list of the category of countries with fewer Internet users, according to a study released Monday.

Overall, the United States generates by far the most cyber attacks, followed by Germany, South Korea, China and France, according to a report from Riptech, a managed security service provider based in Alexandria, Va.

The most likely corporate targets were power and energy companies, the study said. Political analysts have expressed concern hackers target such companies to try to maximize the impact of any attack.

The Riptech study was based on a minuscule sample compared to the number of companies connected to the Internet, but because it was based on computer logs of attacks, which are not widely tracked or aggregated, it provides useful insight into global trends, industry analysts said.

Riptech declined to speculate on why some countries were more active as the launchpads of computer attacks.

"We try not to speculate as to motive," said Elad Yoran, co-founder and executive vice president of Riptech. "We want to keep the report as objective as possible."

But he said, "it's interesting that countries that are less well-developed attack at a 50% higher rate on a per-person basis." Cyber attacks, which include everything from the spread of viruses to hacks used to cripple Web sites, were 28% higher in the first half of the year than attacks recorded during the second half of last year, a projected annual growth rate of 64%, the study found.

Companies, on average, suffered 32 attacks per week, up from 25 attacks per week during the second half of last year. Most attacks happened on Wednesdays and Thursdays, the study said, without offering an explanation as to why.

The report was based on data collected from computer logs at about 400 Riptech customers spread across more than 30 countries. Riptech monitors customer logs and traces attacks back to their purported source.

Determining where attacks come from is complicated, said Tim Belcher, chief technology officer at Riptech. While most attacks can be traced back to what is believed to be the source country, it is possible for malicious hackers to hide their exact location.

Still, 93% of the attackers monitored in the study were only active on one day, leading the company to believe they were launching attacks directly rather than going through another "zombie" system to hide their tracks, Belcher said.

Forty percent of the attacks in the first half of this year appeared to have come from the United States, followed by 7.6% from Germany, 7.4% from South Korea and 6.9% from China.

Although the United States is the source of most of the attacks, it also has the largest economy and a large share of Internet users. To get a more fair representation, the study also looked at attacks based on population of Internet users in each country, Belcher said.

Of countries with more than 1 million Internet users, Israel had about 33 attacks per 10,000 users, followed by Hong Kong with 22 attacks per 10,000 users.

Of countries with fewer than 1 million Internet users but more than 100,000, Kuwait had 50 attacks per 10,000 users, followed by Iran with 30 attacks per 10,000 users.

Attacks down in the USA

A second survey, also released Monday, showed reports of cyberattacks may be waning in the United States.

Of the nearly 3,500 U.S. companies and security professionals polled for the InformationWeek magazine survey, 44% said they experienced a virus, worm or Trojan horse attack, in which malicious software masquerades as a legitimate program, down from 70% a year ago.

Reports of denial of service attacks, another common attack method that is the Internet equivalent to getting a busy signal from too many phone calls, were also down slightly, the survey found.

"Although three in five firms report a security breach or espionage in the last year, the frequency of security incidents in the United States regardless of type is down in 2002," the InformationWeek survey said.
***********************
USA Today
Audio copy protection prevents 'ripping' of songs

By James Bickers, Gannett News Service

Last year, Music City Records released A Tribute to Jim Reeves, a CD from country music legend Charley Pride.

The CD didn't look different from other CDs. But it was the first music CD released worldwide that would not play in a PC.

The disc was manufactured using MediaCloQ, created by Phoenix-based SunnComm. MediaCloQ is among the new technologies aiming to diminish illegal music duplication.

The goal of audio copy protection is to prevent a user from copying or "ripping" songs from the CD to his PC hard drive. Once songs are on the hard drive, they can be shared via the Internet.

While technologies differ, they all try to trick the PC into thinking it is looking at a CD-ROM, rather than a music CD.

CD-ROM devices are digital, so they scrutinize every single bit of data on a disc. If something is not in the right place, it stops whatever the PC is doing.

Regular CD players convert digital information into analog to play on the speakers. Analog devices skip over small bits of garbage data, so the players keep playing. Listeners never even hear small errors.

The result of the newest technology: a CD, peppered with small errors to prevent copying. It plays fine in your stereo but won't work properly in PCs.

A handful of companies are working on digital audio copy protection.

Sony's proprietary format, called Key2audio, has been put in place on about 10 million discs worldwide, showing up on releases by Celine Dion, Shakira, Destiny's Child and Jennifer Lopez.

Another product is SafeAudio, developed by TTR.

The side effects of copy protection are usually benign gibberish audio or songs that can't be ripped but they can be more troublesome. Some Macintosh users have said some protected discs freeze their machines.

The European edition of Dion's album, A New Day Has Come, was made using Key2audio protection. The CD bore a warning label urging users not to attempt to play the disc in their PC or MP3-compatible car stereo.

"That doesn't necessarily absolve the record label in the consumer's mind of the responsibility for what might happen to their PCs or car stereos," said Aram Sinnreich, senior analyst at Jupiter Media Metrix.

Noam Zur, vice president of Midbar, estimates that more than 16 million copy-protected CDs have been released worldwide.

Record labels, for now, seem to be betting that digital audio copy protection is a viable way to curtail music piracy, which they blame, in part, for declining record sales.

But even record industry executives acknowledge that consumers expect to be able to play purchased CDs on a variety of devices. "We want to be confident that any type of copy protection would allow the CD to be able to be played on computers, DVD players, CD players, etc.," said Gary Himelfarb, president of RAS Records and a board member of the Association for Independent Music.

Himelfarb also said it is important that consumers be allowed to make legal copies for their own use.
*************************
Los Angeles Times
The Code of the Cosmos
A genius to some, a crackpot to others, Stephen Wolfram says it's all very simple: The universe can be reduced to a computer program.
By CHARLES PILLER
TIMES STAFF WRITER

July 9 2002

Stephen Wolfram was in his Caltech office more than 20 years ago, working late on an autumn evening, when he saw something on his computer screen that shocked and confused him.

The 21-year-old physicist, already a member of the Caltech faculty, had been experimenting with elementary computer programs. He expected them to generate simple, predictable patterns: checkerboards or nested triangles.

Instead, one of the programs spawned complex images that resembled the veins in a leaf. Another filled the screen with what looked like the elegant lace of snowflakes. A third spun out wave after wave of shapes that grew increasingly intricate and varied. Wolfram had stumbled onto a few lines of computer code that mimicked the ordered chaos of nature. Infinite complexity seemed to arise from ultimate simplicity.

Two decades later, that revelation has blossomed into a grand theory that has raised a furor in the scientific world and sparked a rush by laymen to grasp Wolfram's audacious thesis: The universe is no more than a computer playing out a program of stupefying simplicity.

"If things work out as I expect, there will come a day when one can hold the lines of code that created the whole universe in one's hand," said Wolfram, who revealed his big idea in a 1,200-page self-published opus titled "A New Kind of Science."

Released in May, the tome has soared to the top of Amazon.com's bestseller list, selling out its first printing of 50,000 at $44.95 each.

To Wolfram, a British-born prodigy who earned a doctorate in theoretical physics at age 20 and won a MacArthur "genius" fellowship at 21, rules as simple as tick-tack-toe are the driving force behind all of nature--from single-cell amoebas to the Rev. Martin Luther King Jr.

The universe began, he maintains, with a few basic instructions that played themselves out over billions of years to produce everything that exists today. This simple code, he says, underlies consciousness itself, giving rise to our every thought--from the sudden desire for a scoop of chocolate ice cream to Wolfram's own theory.

Like a literary big bang, Wolfram's book has stimulated dozens of reviews and articles in the general and scientific press and has lit up Internet discussion groups. Much of the scientific world is howling in protest, calling his theory the product of a monumental ego unleashed from reality.

For centuries, scientists have sought to explain the natural world--from the rotations of galaxies to the spin of subatomic particles--with mathematical equations. From Isaac Newton's epiphany about gravity and a falling apple to the building of the atomic bomb, the arcane abstractions of calculus have been the key to the universe.

But math falls short when it comes to describing the soft-edged diversity of the natural world. Scientists could fill all the chalkboards in all the universities in the world with equations and still fail to explain the brilliant spots on tropical fish, the contours of wind-blown sand or the shifting shape of a plume of cigar smoke. Mathematics is even more inadequate when it comes to simulating intangibles such as the economy, let alone the vagaries of human thought.

Wolfram, 42, says the answers lie not in the limited tools of old science but in simple computer programs.

He does not pretend to know what lines of code would create a sausage, let alone a solar system. His point is that the basic instructions that create intricate patterns on a computer screen will help us understand what creates similar patterns in nature.

His book is packed with images of Sumerian mosaics and strawberries, earthquake fissures and leopard spots, thermonuclear mushroom clouds and streams of clear water--all modeled with uncanny precision, he says, by shimmering dot patterns generated on a computer screen by a few simple rules.

These pictures, Wolfram argues, reveal a pervasive truth that has been hiding in plain sight.

In presenting this notion to the world, Wolfram has sidestepped time-honored scientific procedures. Instead of submitting a paper to a peer-reviewed scholarly journal and letting colleagues try to pick it apart, he is making his case directly to a mass audience in simple, nontechnical language. This fall, he plans a road show to proselytize about his ideas.

"There just isn't a mechanism within the current structure of science to present things as big as what I'm trying to do," he said.

Actually, "big" doesn't begin to capture it, Wolfram says. He describes his theory as "one of the more important single discoveries in the whole history of theoretical science," akin to those of Copernicus, who overturned centuries of orthodoxy by proving in 1530 that the Earth was not the center of the universe, and Charles Darwin, whose 1859 theory of natural selection shattered religious dogma about creation.

A Leap of Faith?

Raymond Kurzweil, a celebrated inventor and expert in artificial intelligence, has posted on his Web site a stinging 8,000-word critique that faults Wolfram for an outrageous leap of faith--for concluding that because simple rules can spin out beguiling complexity, they must be behind the deepest mysteries of life.

Kurzweil finds elements of Wolfram's theory intriguing but says he fails to prove that the unending variation of dots on a page explains higher orders of complexity. "How do we get from these interesting but limited patterns," Kurzweil asks, "to those of insects or humans or Chopin preludes?"

Chris Adami, a Caltech theoretical physicist who is a leader in using computers to model complex living systems, dismissed Wolfram's work as "pathetic" and "exasperating."

"Wolfram's naivete about biological complexity is stunning," Adami said. "We call this 'crackpot science.' "

But amid the criticism is a persistent murmur of curiosity from general readers and scientists alike.

Wolfram's premise is particularly seductive for anyone who has ever struggled in physics or math class. Instead of relying on impenetrable equations to describe the universe, he sees the boundless complexity of the natural world--from the coloration of seashells to worldwide weather patterns--as the result of inherent rules simple enough for anyone to understand.

Sequestered near Boston--his precise location kept secret to foil "the next Unabomber"--he talked nonstop recently for nearly two hours, with the unique confidence of a millionaire genius who has been building his case for two decades.

"There will come a time when we can emulate the essence of human thinking in machines," he said, characteristically racing ahead to the outer edge of his idea. "What does that mean for the future of the human condition?"

Wolfram's theory traces its roots to a computer game created by Princeton University mathematician John Conway more than 30 years ago. The game, called simply Life, became a cult classic after it was reviewed in Scientific American magazine.

Players begin by using their cursors to blacken selected squares on a grid. Then they click on the "go" button and the game unfolds according to three rules. Any blackened square with two or three blackened neighbors "lives." Any square with four neighbors "dies"--that is, disappears from the screen. An empty square bordered by three blackened squares gives birth to a new blackened square.

The ensuing patterns, basic at first, soon develop mesmerizing complexity as the game's logic plays itself out. As successive generations of blackened squares breed and die, the computer screen becomes a roiling stew of activity that looks like a petri dish of bacteria blooming at high speed.

Each game varies according to how many squares were darkened at the beginning and in what pattern. Most starting points end up as static patterns after bubbling through many generations. But others cause unending growth and perpetual motion.

Initially, Wolfram had dismissed Life as a toy. Then he began to experiment with his own simple computer programs, called "cellular automata" for their property of automatically generating cells, or squares. By 1981, he came to see Life as a validation of his budding theory.

The programs with which Wolfram was tinkering are slightly more complex than Life, governed by eight rules, rather than Life's three, for determining whether squares "live" or "die." These programs come in 256 variations. Wolfram began testing all 256 of them.

He discovered that some--such as Rule 30, on which many of his conclusions are based--build infinitely varying patterns. He gradually came to believe that the frenetic disorder generated by Rule 30 was as complex as anything in the universe.

Credibility an Issue

Wolfram nurtured his obsession as he migrated from Caltech to Princeton's Institute for Advanced Studies, where colleagues expected him to expand his promising career in cosmology and particle physics. Instead, Wolfram stubbornly pursued his research in the obscure field of automata, working in an office upstairs from one Albert Einstein had occupied two generations earlier.

His ideas would have been ignored as the ravings of a crank, were he not Stephen Wolfram.

His staggering intellect had long set him apart. Aside from his early theoretical achievements, at age 27 Wolfram created Mathematica, a software program widely used to perform complex mathematical functions and analyze and display data. It became the dominant software for math and physics and made Wolfram rich.

With Mathematica, "Wolfram's already taken over a large part of how science is done," said Mott Greene, another MacArthur fellow and a science historian at the University of Puget Sound in Tacoma, Wash. "His influence is felt everywhere."

Unshakable confidence and financial independence freed Wolfram to follow his passion. For 10 years he became a recluse--a phantom whose occasional appearances sparked the question: "What is Stephen Wolfram really up to?"

On the first page of his long-awaited book, he answers:

"Three centuries ago, science was transformed by the dramatic new idea that rules based on mathematical equations could be used to describe the natural world. My purpose in this book is to initiate another such transformation, and to introduce a new kind of science that is based on the much more general types of rules that can be embodied in simple computer programs."

The first part of the book lays out how cellular automata model natural phenomena, such as the shapes of snowflakes. Wolfram then extends the idea to living or dynamic systems--from wasp nests to water jets--and argues that these too can be simulated by simple computer programs.

Next, he moves on to human-designed systems and says that he was able to mimic the gyrations of financial markets with a program that uses just four rules for buying and selling securities.

The heart of his argument is that his computer patterns are as intricate as any object in nature, and that, therefore, the screen images and the objects in nature must have a common origin.

This idea finds its most ambitious expression as Wolfram's "principle of computational equivalence." It holds that a leaf, a star, a human being and one of Wolfram's cellular automata are all equivalent in that they arise from the same kind of simple rules.

"If we compare ourselves with other systems in nature, we might ask, 'What's special about us?' " he said.

Wolfram believes his ideas will transform science and engineering and influence philosophy, economics, even art.

"It seems so easy for nature to produce forms of great beauty," he writes. "In the past, art has mostly just had to be content to imitate such forms." But with his discoveries, he says, "extremely simple rules will often be able to generate pictures that have striking aesthetic qualities--sometimes reminiscent of nature, but often unlike anything ever seen before."

Simple programs, he says, may one day unlock problems too complex to solve even with today's massive computer power, such as how traffic jams form and how they can be unwound. Basic rules that model the growth of a tumor could explain how to stop cancer. Programs that simulate neural pathways might lead to super-intelligent machines.

"One can imagine building things that capture the essential purposes achieved by natural systems," even the brain, Wolfram said, "but without the extra baggage of, for example, having the actual hairy animal."

No leading scientist has endorsed Wolfram's theory wholesale, but many say his ideas are provocative.

"The feeling is that this is written by a genius," said H. Eugene Stanley, a physicist at Boston University. Maybe not all of nature is as described by Wolfram, he said, "but at least a big part of it is."

Wolfram's "new kind of science" entices specialists frustrated with mathematical formulas that explain hydrogen atoms or planetary orbits but "fail miserably" in fields such as biology, where systems are much more diverse, said Terry Sejnowski, director of the Computational Neurobiology Laboratory at UC San Diego and a Wolfram confidant.

Raymond Jeanloz, a UC Berkeley geophysicist, says Wolfram's hypothesis has revolutionary potential.

"The modern approach in much of science has been reductionist: You take a complicated thing and split it up into units that are less complicated," he said. "Wolfram's approach is the direct opposite: Start with simplicity instead of complexity. If he's right, this could be a huge step forward in the way we approach scientific problems--and maybe most complicated issues in life as a whole."

Links to Chaos Theory

Other scholars regard many of Wolfram's "discoveries" as uncredited borrowings. They note that physicist Richard Feynman and mathematician Norbert Weiner described the universe as kind of a giant digital computer decades ago, and that physicist Edward Fredkin explored biological processes and consciousness through the framework of simple computer programs.

Some experts say Wolfram also borrows heavily from chaos theory--the study of complex interactive systems.

Paradoxically, Wolfram's hypothesis also embraces one of humanity's earliest attempts to comprehend the natural world--the pre-Christian creed of animism, which considers living beings and inanimate objects equal in that all possess a soul.

In Wolfram's "new science," a person, a dog and a rock all emerge from the same kind of simple rules and therefore are, in an essential way, the same.

Wolfram's theory also could bolster the age-old belief in predestination. The idea that God preordains all things is uncannily similar to simple computer programs playing out in inevitable, though unpredictable, ways.

During a recent interview, Wolfram acknowledged that the implications of his theory sometimes scare even him. He began to sputter, stumbling over his words in an effort to explain. Gradually, he regained his footing. He said he expects, before he dies, to discover the simple source code from which all works of creation have flowed.

"Will that be fundamentally disappointing?" he asked softly. "That this is all there is, a few lines of code?"

Then he fell silent.
**********************
BBC
Web rebels profit from net controls

A crumbling concrete anti-aircraft tower off the east coast of England is home to a dot.com venture with a difference.
The military platform, dubbed Sealand, is the base of internet hosting company HavenCo which is bucking the downturn of the dot.com economy.

The company has been exploiting Sealand's self-proclaimed sovereignty to offer an offshore data haven, free of government interference.

"We believe that people have a right to communicate freely," said Ryan Lackey, co-founder of HavenCo. "If they want to operate certain kinds of business that don't hurt anybody else, they should be able to do so."

The venture comes at a time when governments across the world are tightening controls on the internet.

New laws both in the US and Europe are giving officials greater powers to snoop on online activities.

Self-styled nation

Mr Lackey came up with the idea for HavenCo two years ago and started looking for somewhere to create an electronic refuge.

"We looked all around the world for somewhere that would have secure internet hosting, outside of government regulation and we could not really find any," Mr Lackey told the BBC programme Go Digital.

In the end, he settled on the self-styled sovereign principality of Sealand.

Britain built the anti-aircraft platform during the Second World War.

It remained derelict until the 1960s when a retired Army major, Paddy Roy Bates, took over the 10,000 square foot platform and declared it the independent nation of Sealand.

At the time, the platform was beyond the then three-mile limit of British territorial waters. All this changed in 1987, when the UK extended its territorial waters from three to 12 miles.

Little regulation

Britain does not recognise the sovereignty of Sealand but this has not deterred HavenCo.

It has installed internet servers on the platform, linked to the outside world via satellite links.

There are few controls on the kind of websites that HavenCo is prepared to host.

"We have a strict policy of three things we prohibit here," explained Mr Lackey. "We prohibit child pornography, spamming and hacking from our machines to other machines."

So far many of the sites are online gambling ventures. But a growing number of political groups banned in their own countries have turned to HavenCo, such as the website of the Tibetan Government in exile.

"We also permit any sort of free debate about issues whereas a country or company might try to censor this or sue you," said Mr Lackey.

Providing a service to companies or groups who want to keep their data secret or publish it on the web without censorship is proving a worthwhile enterprise.

"We've been profitable since the summer of 2001 so from a commercial standpoint we can continue forever," said Mr Lackey.

"Regulations in other countries simply increase demand."

However, how long HavenCo will escape the attention of the authorities is uncertain, with officials insisting that any site hosted on Sealand will have to comply with British internet regulations.
**********************
BBC
Hate flourishes on the net

Hate has flourished on the internet since the 11 September attacks, according to the Simon Wiesenthal Center.
The Jewish rights organisation said that websites promoting violence and racism had proliferated over the past year.

"Extremist groups are undoubtedly spending more of their efforts online," said Rabbi Abraham Cooper, at a seminar in Berlin, Germany, where he was presenting the findings of the organisation's Digital Hate 2002 report.

In particular, the centre found that the number of internet sites supporting suicide bombers had grown in the last six to nine months to around 100.

Targeting minorities

The Simon Wiesenthal Center monitors global racist activity against a range of groups.

In its report, it identifies 3,300 websites as "problematic", up from 2,600 a year ago.

"The biggest difference now is that we're seeing more websites enlisting suicide bombers and those that validate or encourage terrorism and more games targeting minorities," said Dr Cooper, associate dean of the Center.

Of particular concern was a game called Kaboom!, which features a suicide bomber trying to cause maximum casualties.

The Center also noticed a change in the tactics used by racist and violent groups on the internet.

It said these groups were now focusing on spreading their messages and enticing people with games and music, rather than trying to recruit them directly.

Researchers found that the internet was creating alliances, such as between white supremacists and Islamic extremists against a perceived common Jewish enemy.

Many groups had used images of the burning World Trade Center towers to criticise US policy and condemn Jews.
*************************
BBC
Workers sacked for surfing porn

The majority of sackings for internet misuse are due to workers downloading porn, says a new survey.
A quarter of UK companies have dismissed employees for internet misconduct.

And 40% of all complaints came from co-workers, a survey of more than 500 personnel managers found.

A total of 69% of dismissals were for workers surfing pornographic websites, according to the research published on Tuesday.

Nearly three quarters of firms questioned had dealt with internet misuse, with chat rooms and personal e-mails coming second and third respectively in terms of most frequent complaints.

Warnings issued

Researchers found that more than half of managers preferred to deal with these complaints by having a "quiet word" with workers.


But 29% favoured using verbal warnings.

The study - carried out for magazine Personnel Today and employee internet management firm Websense - interviewed 544 human resources managers and officers from companies employing an average of 2,500 people.

Jonathan Naylor, a barrister in the employment, pensions and benefits division of law firm Morgan Cole said: "Dismissing an employee for Internet misuse is a substantial cost to the employer."

"While there are the obvious costs of advertising for new hires, recruitment, training and supervision, there are also additional financial burdens caused by the interruption to work patterns, the damage to morale and the negative publicity to the organisation as a result of the dismissal."
************************
Computerworld
Grocer's digital receipts pay off

Smart & Final Stores Corp.'s IT department last night went live with the final systems in a trailblazing one-year project to bring digital receipts to its small-business customers.
But the Commerce, Calif.-based warehouse grocery chain's back-office IT systems stand to benefit even more than customers who lose their paper receipts. Point-of-sale data will now be channeled through one server for use by multiple applications, addressing a long-standing integration headache and paving the way for near real-time access to data.

Before, Smart & Final had relied on 18 interfaces feeding its IBM S/390 mainframe and needed many more interfaces to extract data for use by various applications, such as the accounts receivable and sales audit systems, said Avraham Isaacs, vice president of development.

"It was just really complex," said Zeke Duge, CIO at Smart & Final. "The data that accounting had looked different than the data that marketing had, which would look different from this or that or the other."

IT executives knew they needed to improve the system. But, Duge said, it was tough to go to his executive committee and say, "Hey, guys, I want to change your data."

Then, Bob Graham, vice president of stores technology, told Duge about a new digital-receipt standard he had heard about at a National Retail Federation (NRF) conference. Digital receipts could help relieve some of the stress on Smart & Final's accounting department, which had to spend an "enormous amount of hours" ferreting out purchase histories for key customers, Graham said.

Duge took the digital-receipt proposal to the executives and said, "I can save real, honest-to-God, countable, touchable head count, and you can redeploy the assets into more efficient use."

"It juiced up the IT department," Graham said, "because we had the opportunity to do some things that others hadn't done before."

To make the digital receipts possible, Smart & Final had to put in middleware that could grab the information collected at its NCR cash registers, transform that raw data into the XML model approved earlier this year by the NRF's Association for Retail Technology Standards, and send it to its Microsoft SQL Server database.

Software from AfterBot Inc. in Norcross, Ga., takes that data and assembles it into the digital receipts, which customers can view via Web browsers. The receipts are composed internally and delivered via e-mail or fax, Graham said.

But it was the middleware piece, from Matra Systems Inc. in Duluth, Ga., that gave Smart & Final the flexibility to leverage its digital-receipt project to other applications. The middleware can unlock the raw data from the NCR point-of-sale systems and transform it into the format needed by not only the digital-receipt software, but also by all of Smart & Final's applications.

"We wanted one single place where we can interpret the data," said Isaacs.

In the past, the data got interpreted at each store, and the flat ASCII files were moved at day's end to the home office's host system, where they were interpreted and processed again, Graham said.

Now, the data is fed in near real time to the Matra Freedom-Server, which runs on a Hewlett-Packard eight-way ProLiant server. In addition to improving data integrity, the system enables problems to be fixed just once, Isaacs said.

Now that Smart & Final has near real-time access to its point-of-sale data, the grocery chain can constantly feed its NCR Teradata warehouse, as well as offer digital receipts in its 230 stores. That gives the company the potential to view the effectiveness of promotions, measure customer satisfaction and deliver customized offers through cash registers, all in real time, Graham said.

"Hopefully, that will create brand loyalty for us," said Duge.

Smart & Final IT executives said head count will remain roughly the same, because it gained responsibility for 52 more stores through acquisitions and store openings. They declined to provide project cost figures, noting that as an early adopter of digital receipts, Smart & Final got special pricing that might not apply to other retailers.

Not every retailer will be able to justify a digital-receipt initiative, according to Peter Abell, an analyst at Boston-based AMR Research Inc. Abell said digital receipts are "nice to have" for customer service and increased operating efficiency, but they're not a "must have" that would bring substantial payoffs in revenue increases and cost savings.
************************
MSNBC
Notorious Net thief pleads guilty
Jay Nelson admits scamming 1,700 auction users

July 8 Jay Nelson, the man hundreds of Internet auction users learned to hate last year, pleaded guilty Monday to several counts of wire and mail fraud. Nelson, once calling "the Internet's John Dillinger," spent 13 months scamming over 1,700 eBay and Yahoo auction users, netting more than $200,000.
NELSON USED DOZENS of fake personas he created on eBay and Yahoo, and multiple accounts on online payment service PayPal, to dupe auction users. The fraud was simple: accept payment from an auction winner and never deliver the merchandise.
Nelson was first charged with fraud in February 2001, but skipped his arraignment in New Hampshire. He then spent six months on the run as a wanted fugitive, moving from hotel to hotel, funding his escapades by committing more fraud. Eventually, he was placed on the U.S. Postal Inspection Service's Most Wanted list.
Nelson was finally nabbed after he was recognized by an alert coin shop owner, Ann Fetig. Nelson had been using her Kissimme, Fla., store to pawn gold coins as part of his money laundering scheme. Fetig heard a local radio station discussing an MSNBC.com story about the Nelson manhunt and called the authorities.
"She is a very conscientious person," said Michael Gunnison, supervisor of the white collar section of the U.S. Attorney's office in New Hampshire. "She won't purchase coins unless someone produces their real driver's license. And here, he's probably saying 'What's the chance she's going be plugged in?' Well, she wasn't at first. Then she heard the radio program."

NABBED AT COIN STORE
Nelson was arrested almost exactly a year ago, after Fetig called the Postal Inspection office, saying she had their man. On July 11, when Fettig arrived to unlock the door of her coin store, Nelson was already waiting outside. So were U.S. Marshals.
"It all happened rather quick," she told MSNBC.com last year. "I unlocked the door and held it open. Instead of Nelson coming in, the marshal went flying out with gun drawn and said, 'Jay, get on the ground!' I wish I could have seen the look on Jay's face, but all I could see was the gun. Then he was spread-eagled on the ground, and the marshal frisked him. [Nelson] kept saying, 'I'm not going anywhere.' "
Nelson's long history of alleged Net-based scamming began in Illinois in 1998 the Illinois Attorney General's office filed a complaint against Nelson and his wife, Krista, for online auction fraud in 2000. But by then, he had already moved to Gilsum, N.H., where he began a new string of scams that would eventually lead to Monday's guilty plea.
In June of 2000, he christened an eBay account called "harddrives4sale." Using that name, he scammed 247 people out of $32,000, according to Monday's guilty plea.
He continued creating fake personas and running more scams until January of last year, when federal authorities filed a criminal complaint against him with the U.S. District Court in New Hampshire.
Soon after, Nelson went on the run.

MANY PAYPAL ACCOUNTS
By the time he'd moved to Florida last summer, Nelson knew federal authorities were watching his various bank accounts for activity. So when he defrauded an auction user, he had the victim pay using PayPal. He then transferred the money through various PayPal accounts. But even then, he couldn't withdraw any of the money into a bank account so he traded PayPal funds for gold coins, which he then pawned for cash.
"When they found him in Florida, he said he was tired of running," Gunnison said.
Nelson will be sentenced in October. Under federal sentencing guidelines, Nelson should be sentenced to about 5 years in jail, Gunnison said.
While the U.S. Attorney's office has attempted to contact victims for restitution, many can't be found, Gunnison said. Many others have already been reimbursed by PayPal.
Despite the prosecution of Nelson and other Net criminals, auction site fraud is still on the rise, said U.S. postal inspector Tom Higgins. Just last week, MSNBC.com revealed a set of more complex frauds involving Western Union payments and even the creation of fake escrow or shipping sites.
"The number of complaints have increased," Higgins said. "But from when all this started going on in 2000, both eBay and PayPal have evolved and made great strides. They are good companies that have put a lot of controls in place."
************************
MSNBC
New worm eats into Kazaa
KWBot second worm to hit file-sharing network
By Matt Loney

July 8 The Kazaa file-swapping network has been hit by another worm, just months after the first such attack, according to antivirus vendors. Antivirus company Sophos said it had received several reports of the KWBot worm in the wild. KWBot appears to be the second worm to hit the Kazaa network, which fell prey to the Benjamin worm in May.
KWBOT SPREADS in a similar way to Benjamin in that it alters Windows registry keys and then disguises itself as files that are likely to prove popular with file-swappers. It makes particular use of the names of movies and applications. When first executed, the worm copies itself to the Windows system folder as xplorer32.exe, said Sophos. It will then create two registry entries so that the copy is run each time Windows is started.
The worm may also allow attackers to gain control of an infected computer using commands transmitted over Internet Relay Chat, said Sophos.
Kazaa is not the only file-swapping network to have been targeted by virus writers. The Gnutella file-swapping network was hit by a proof-of-concept worm in February.
There have also been threats from other quarters. In April, a bug was found in the popular Winamp software for playing digital music files. The bug could allow an attacker to embed malicious code into an MP3 file, potentially damaging the user's PC and infecting other MP3s.
In addition, the music industry recently began planting "decoys" on free peer-to-peer services in its fight against online piracy, according to sources. This practice, known as "spoofing," entails the hiring of companies to distribute "decoy" files that are empty or do not work in order to frustrate would-be downloaders of movies and music.
Overpeer, a New York-based software firm funded by South Korea's SK Group, is understood to be one of the firms helping the industry disguise online files to thwart unauthorized swapping.
*************************
Nando Times
Study names 'best-connected' cities
Agence France-Presse


WASHINGTON (July 8, 2002 9:43 a.m. EDT) - Chicago, Washington and Dallas top the list of "best-connected" cities, according to a new study on Internet use and Web access to be made public Monday.

The next three are Atlanta, New York and U.S. technology capital San Francisco, which posted a surprisingly low fifth-place ranking, according to the National Science Foundation.

The West Coast showed the most growth in Internet access between 1997 and 2000, according to the study, which placed eight western U.S. cities among the top 20.

Cities with a sophisticated Internet infrastructure have the best chance of economic growth over the next several years, said Morton O'Kelly, a geography professor at Ohio State University and co-author of the study.

Swift and efficient access to the Web by businesses was a strategic and financially beneficial investment for U.S. companies, the study found.

**************************
Sydney Morning Herald
Internet privacy laws flagged

The Victorian government today flagged new internet privacy laws to prevent people's photos being published on websites without their consent.

Premier Steve Bracks announced the move after photos of Victorian Surf Lifesavers again appeared on a gay website.

The incident follows two cases earlier this year in which pictures of young Victorian boys were posted on similar websites.

Mr Bracks said he was outraged the photos had been used without consent, and the government would introduce new legislation to tackle the problem.

"We are framing up legislation ... to prevent images going on without the approval and support of those people who are going on the internet," Mr Bracks said.

He said the laws would be modelled on US legislation, and be completed after the Law Reform Commission completed its current investigation on the issue.

But he said the federal government would have to enact similar laws, and he would write to Prime Minister John Howard requesting his assistance.

"We need the support of the Commonwealth government, with its external powers obligations, to have this ban to ensure that images are not put on without consent," Mr Bracks said.

He said if the matter was not resolved in coming weeks, he would seek to have it discussed at the next Council of Australian Governments (COAG) meeting.
************************
New Zealand Herald
Net Guard shuts up shop after inquiry

Auckland-based Net Guard (New Zealand) has following a Commerce Commission investigation.

The commission had received complaints that Net Guard, formerly known as World4Vision, was operating a sophisticated pyramid scheme in breach of section 24 of the Fair Trading Act.

Net Guard described itself on its website as a "technology-driven international membership organisation focused on becoming a market leader in the design and development of wireless internet-enabled tracking and location systems".

The commission began investigating Net Guard last month after receiving more than 30 complaints about the business.

Commission chairman John Belgrave said Malcolm Stockdale and Stuart Baldwin, two of the people who set up the scheme in New Zealand, were linked to the Alpha Club - an alleged pyramid scheme the commission is taking civil action against.

"The commission found that more than 60 people had joined Net Guard and that the business had already generated up to half a million dollars in membership fees," Mr Belgrave said.

Net Guard recruited "agents" through invitation-only presentations around Auckland.

Agents paid $6800 to become members and received $1200 for each new recruit they brought to the organisation.

Mr Stockdale and Mr Baldwin left the country last month and are thought to have set up a similar scheme in Australia.

Net Guard members can contact the Commerce Commission on 0800 943-600 in business hours.
***********************
Peoples Daily China
New Technology Searches Internet in Chinese

A Beijing-based network company has worked out a "real name" technology that has made Chinese a "universal" language of the Internet.

A Beijing-based network company has worked out a "real name" technology that has made Chinese a "universal" language of the Internet.

The technology, a major breakthrough of 3721.com, allows Chinese users to find a full list of relevant organizations and products by simply typing in the address column their names in Chinese characters.

More than 25 million Chinese "netizens" were using the real name technology to locate the Internet databank each day, said 3721.com's chief executive officer Zhou Hongwei here Tuesday.

"You don't have to remember complex domain names in English andtype out all the 'www', 'com' and 'net'," said Zhou. "A name -- and in Chinese characters -- is enough."

While the Internet normally searches for websites through a combination of the 26 English letters or the 10 Arabic numerals, the real name technology has made the network more user-friendly to English-illiterate Chinese.

The real name, a new generation network technology following the Internet protocol and domain name, had surpassed all search engines in locating network resources in China, statistics showed.

"The fast-growing Internet has provided a new platform for enterprises, most of which are likely to put their conventional business transactions online," said Zhou. "The new technology can help protect their brands and reputations and even attract potential customers."

The technology also benefited small and medium-sized enterprises, which could generate a company profile when registering themselves with 3721.com.

"In this way, you don't have to spend heavily on a company website, but the customers will find you easily when they use the real name technology to locate relevant network resources," said Zhou.

After four years of operation, 3721.com now has 250,000 membership enterprises worldwide and covers 95 percent of China's netizens.
***********************
Peoples Daily China
Chinese to Check E-mails by Phone

China's leading personal computer maker, Legend Holdings, has developed an interactive voice operation system to check and reply to e-mails by phone.

China's leading personal computer maker, Legend Holdings, has developed an interactive voice operation system to check and reply to e-mails by phone.

This system was displayed at Monday's Beijing International Exhibition of Digital Info-Service and Technology.

Legend's software design engineer Ren Wenjie said that users are able to access their e-mails by simply talking to a telephone.

By dialing the service number, users can hear the phone tellingthem content of their e-mails according to their request by mailing time, senders, subjects, slugs, order and attachments.

Meanwhile, the system can record users' voice mails, which willbe sent as attachments to replies. Saying "exit" or simply hangingup will allow users to exit the system.

The intelligent voice system serves as a personal secretary, Ren said.

However, she admitted that the technology still lags behind itsforeign counterparts due to the syllable difference between Chinese and Western languages.

The engineer told Xinhua that Legend has tried to apply this system to news navigation on the Internet. "But it will take some time before the experimental technology will be applied in industry," she said.

Zhang Zijiao, a teacher of network programming at Zhengzhou University in central China, said, after his e-mail checking trial,the industrialization of the system would have a tremendous future,"at least as a great help to the elderly and blind people in browsing the Internet."

Legend is currently negotiating with Beijing Civil Affairs Bureau to apply the technology to community services, Ren added.
*********************
Wired News
Spam-Cramming Foils Vacationers
By Michelle Delio

Vacationers with a sudden yearning to get away from it all are discovering that cyberspace isn't an easy place to escape.

After making a bold decision not to check e-mail frequently or at all during vacations, many find that when they do log on again they are greeted by a mailbox crammed with spam -- as well as a message from their Internet Service Provider informing them that their account has reached its allotted capacity and no further e-mail will be delivered until the box has been purged.


"This was the first time in about 10 years that I hadn't checked my e-mail every day," grumbled Peter Grummel, a programmer from Richmond, Virginia. "With everything that happened this year, I needed real down-time. But when I got home, I discovered that slews of spam had totally overwhelmed my server space allotment. The spam got through, of course, but important business and personal e-mail bounced."

Many ISPs set limits on the amount of e-mail messages that can be stored on their servers, conflicting with seemingly ever-increasing amounts of spam and many people's newfound desire to really get away from it all. If e-mail isn't regularly downloaded and removed from the server, new messages will bounce back to the sender.

"It's like you have to baby-sit your e-mail account," Nadine Gormell, a London investment counselor, said. "I get so much junk mail that I am forced to log on a few times a day while on holiday, just to clean up the spammers' mess."

ISP representatives also agree that spam has become more than a mere nuisance. Major ISPs have had to pour significant amounts of resources and attention into spam-stopping, according to the representatives who add that unsolicited commercial bulk e-mails also result in increased costs for labor, servers, storage and network capacity.

"This is what many of us have been saying for years: Spam causes real harm and also prevents real mail from being delivered," Laura Atkins, president of the SpamCon Foundation, an anti-spam organization, said.

Atkins feels that spam has become such an "ugly, ugly problem" that she is unsure what sort of technology or legislation would now be able to completely stop the ever-increasing flow of unwanted commercial e-mail.

"The current technical fixes don't address the problem of mailboxes filling up, as ISPs don't want to delete customer mail automatically," Atkins explained. "The current legal fixes won't actually address this problem since most state laws require the end user to opt-out to stop the mail. And if you're on vacation you can't opt-out."

New technology may help to at least slash spam totals in the near future. EarthLink is considering offering a user-selected scale of screening, according to Steve Dougherty, director of systems vendor management for the ISP. Stricter filters may delete innocent e-mail, Dougherty said, but it's a tradeoff that some users might be willing to make.

"Spam is fundamentally a growing nuisance," Dougherty said. "Swatting a couple of mosquitoes isn't particularly onerous -- but when you're enveloped in clouds of them, it requires significant changes in behavior."

Some users now opt to use multiple layers of filters, using a public e-mail address offered by services such as SpamCom or WhiteIce, which filter messages for spam and then pass legitimate e-mails along to a private address, where it is often filtered yet again.

After that, some users say e-mail still needs to pass through their personal filtering system before it appears in their inboxes.

"And despite three layers of filters, I still get 20 or so spams a day," fumed Toronto-based technical freelance writer Mikal McCormick. "It's totally, utterly, completely spiraling out of control."

Some services, like Hotmail and America Online, allow the user to "whitelist" mail. A whitelist only allows mail to be delivered if the user has specifically selected to receive e-mail from that sender.

Some ISPs are also investigating the new peer-to-peer anti-spam programs, such as the one offered by Cloudmark, to see if the technology and concepts are viable.

Functioning like a file-sharing program, peer-to-peer spam-blockers use the combined power of individual computers to stop spam. After a piece of spam is identified, it's tagged and forwarded to other computers running the networked spam filtering software, automatically updating each application's blocking filters.

Constant scanning and filter updating is necessary in the battle against spam. Despite protests from most spammers that theirs is a legitimate business, many bulk e-mailers constantly develop new ways to sneak their unwanted mail through spam-fighting filters.

"We zap millions and millions of spam mails a day from our servers," AOL spokesman Nicholas Graham said. "But spam is a cat-and-mouse game that can be stopped only through collaborative efforts between users, ISPs, the law and technology."

AOL's Graham said that when users get spam that includes a new filter-foiling trick, they should forward it to the appropriate address at their ISP, so that filters can be updated.

"We really do want and need your spam," Graham said.
**************************
The Register  UK
EU report calls for widespread open source adoption
By John Lettice
Posted: 09/07/2002 at 10:14 GMT

A European Commission funded report into the pooling of software across the EU's administrations has recommended that governments share and adapt software via the Open Source model. The study, conducted by (arf arf) sometime Microsoft buddies Unisys, calls for a development program lasting six years, starting with a clearing house to which governments could 'donate' software for reuse, with a total investment of E6 million over the period.

The report, Pooling Open Source Software, was commissioned via the IDA (Interchange of Data between Administrations), the body set up with the brief of investigating the Interchange of... Well, it's pretty obvious, isn't it? It would however be absolutely incorrect to say (as we're sure the more rabid insurrectionists in Brussels and environs will) that proprietary and/or Microsoft software lost out in a head-to-head evaluation, because the IDA effectivey handed Unisys a loaded pistol, with instructions to go pull the trigger.

That, of course, is worse news for Microsoft than just some pesky report recommending wholesale deployment of open source software, because it means the people who're driving have already decided. The study deals largely with software developed by government departments for their own administrative services, and starts from the premise that if such software is to be transferred to and adapted for other adminstrative departments in other countries, then the open source model "comes naturally."

Which does have a compelling logic to it, although you can see why Microsoft's government sales people might start complaining that the IDA's playing with a stacked deck here. But it's specifically not a case of loose evangelists (not writing the study, anyway): "The study purpose is... not of the advantages or disadvantages of open source and proprietary software... It is not to take position in the commercial or sometimes ideological conflict between the advocates of free software distribution and the advocates of reinforcing intellectual and industrial property on software.

"It is just to examine the pre-requisites and conditions (functional, legal, technical) of a pan-European pooling service."

Which it then proceeds to do. Clearly, not a lot, possibly very close to none, of software used by governments in the EU today is open source. Much of it however is bespoke, and more receptive to being at least moved towards open source, with the caveat that software that doesn't start development under an open source licence regime is generally difficult to convert to one, because multiple IP ownerships have to be tracked down first. Conversion and adaptation alone would therefore be likely to run into the sand, so to really get to interchangeable open source software, European administrations will also have to move to making new projects open source, and resist implementing new projects based on proprietary software.

Depending on how hot to trot Brussels is, governments could come under severe pressure to conform to this, which might be awkward for the UK's own dear E-Envoy, who is currently clutching a number of Microsoft-based e-government projects. If open source became the lingua franca of Europe (and by George, we need one), then individual governments would be faced with the choice of joining in or becoming more and more isolated. Open source as IT's Euro? Could be.

The study does not recommend any specific software platform or open source licence variant. But it does seem to take the view that pooled software should be exchanged between administrations, rather than being available to all and sundry, which suggests that the GPL won't be the way European goverment goes. It also considers the BSD licence and MPL, whereby "the code and the executable binary may be disassociated." This would allow the executable to be distributed with a proprietary licence, and hence would allow it to be restricted.

According to the IDA, the report was welcomed by a specialist hearing in Brussels last month. EU Enterprise and Information Society Commissioner Erkki Liikanen commented: "Good practice is built on proven solutions that work. Software and concrete applications that work in practice are an important element of these. They could be usefully used as source of inspiration for Member States to develop good and interactive public services in the future to the benefit of Europe's citizens." No, we've no idea what that's supposed to mean either, but the hapless Commission press release writers claim Erkki was "Commenting on the potential benefits of greater re-use of public sector software," OK?
************************
Wired News
Hacker to Apple: Watch those downloads
By Matt Loney
Special to CNET News.com

A security mailing list has alerted Apple Computer OS X users to a program that could let a hacker piggyback malicious code on downloads from the company's SoftwareUpdate service.
According to the BugTraq mailing list, a hacker named Russell Harding has posted full instructions online for how to fool Apple's SoftwareUpdate feature to allowing a hacker to install a backdoor on any Mac running OS X.

The exploit takes advantage of SoftwareUpdate, Apple's software updating mechanism in OS X, which checks weekly for new updates from the company. According to Harding, who claims to have discovered the exploit, the feature downloads updates over the Web with no authentication and installs them on a system. So far, there are no patches available for this problem.


"Apple takes all security notifications seriously and is actively investigating this report," a company representative said.

Harding stressed that the exploit is a simple one if using several well-known techniques, including domain-name service (DNS) spoofing and DNS cache poisoning.

DNS spoofing is an attack where an individual seeks out a numerical IP (Internet Protocol) address (for example, 1.2.3.4) corresponding to a specific Internet address (for example, www.cnet.com), but an attacker's computer intercepts the request. The attacker then sends back a false IP address that corresponds to a hostile server.

DNS cache poisoning has similar results, but instead of intercepting a request for an IP address, the attacker uses a variety of techniques to replace the valid address in an official DNS server with an address pointing to the attacker's computer.

When SoftwareUpdate runs normally, a person's computer connects via HTTP to an Apple.com page and sends a simple request for an XML document containing the latest inventory of OS X software. The Apple.com site returns the document, which the person's computer then cross-checks against what it has installed.

After the check, OS X sends a list of software that needs to be updated to another page on Apple.com. If an update for the software is available, the SoftwareUpdate server responds with the location of the software, its size, and a brief description. If not, the server sends a blank page with the information, "No Updates."

On his Web site, Harding provides two programs that he says have been customized for carrying such an attack. One program listens for DNS queries for updates, and when it receives them replies with spoofed packets rerouting them to the attacker's computer.

The second program, which is downloaded onto a victim's Mac and masquerades as a security update, contains a copy of the encrypted communications program, Secure Shell.

Automatic updates of software--particularly operating system software--is a growing trend. Several Linux companies offer this feature for their distributions of the open-source operating system, and Microsoft recently launched a similar service called Microsoft Software Update Services.
*************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx