[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips October 3, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
- Subject: Clips October 3, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Thu, 03 Oct 2002 11:47:34 -0400
Clips October 3, 2002
ARTICLES
Californians Seek Spam Shelter
Technology lag is key to longshore dispute
Light holds key to uncrackable codes [Encryption]
FBI, SANS update list of systems vulnerabilities
House panel creates Office of Electronic Government
Bugbear virus a bugaboo for PCs; spreading rapidly
Atomic memory developed
Net piracy tackled by free music day
*********************
Wired News
Californians Seek Spam Shelter
By Julia Scheeres
In an attempt to crack down on unsolicited commercial e-mail, California
Attorney General Bill Lockyer is asking residents of the Golden State to
send him samples of the illegal spam clogging their inboxes.
The state plans to use the spam samples to prosecute bulk e-mailers
operating out of California, a Lockyer spokeswoman said.
But one expert cautioned that the effort will do little to reduce the
state's e-mail headaches because California spammers only generate about 5
percent of the spam sent worldwide.
Lockyer's office has set up a Web page providing instructions on how to
report illegal spam sent by California individuals or companies.
The state's 4-year-old spam law mandates that unsolicited commercial e-mail
must contain the letters "ADV" (indicating an advertisement) at the
beginning of the subject line and place a toll-free number or working
e-mail address at the top of the message to allow consumers to request
removal from the mailing lists.
"We are soliciting illegal spam to let unscrupulous businesses know that we
will enforce California statutes, launch investigations and prosecute when
appropriate," said Hallye Jordan, a spokeswoman for the attorney general's
office.
Last week Lockyer filed the state's first spam lawsuit against a Los
Angeles County marketing firm that allegedly spewed out millions of
unsolicited e-mails advertising books, software and lists of private e-mail
addresses. The state is seeking an injunction to stop the company, PW
Marketing, from sending more spam and civil penalties of at least $2
million, according to court documents.
In one spam message, the company offered 25 million e-mail addresses for $149.
Spam cases are tricky to investigate because savvy spammers hide their
identities by forging e-mail headers and illegally using open relays to
send e-mail using third-party network connections.
And although 26 states have passed anti-spam laws, prosecuting violators
proves difficult because of the global nature of the Internet; foreign
companies are responsible for many mass e-mails.
About 95 percent of spam is generated outside California, estimated Steve
Atkins, a partner at Word to the Wise, the company that is helping the
attorney general's office sift through spam samples. He said he has
received more than 10,000 pieces of spam to investigate since the end of
August.
One page, for example, shows spam statistics for two small domains. The
amount of unsolicited commercial e-mails they received jumped from 20 a day
in the summer of 2001 to 950 a day last week.
*****************************
Los Angeles Times
Feds Subpoena Firm Controlled by News Corp.
Technology: Documents are requested from smart-card developer NDS amid
allegations of corporate sabotage.
By DAVID STREITFELD
TIMES STAFF WRITER
October 3 2002
NDS Group, a company controlled by Rupert Murdoch's News Corp., was hit
with 31 grand jury subpoenas Wednesday in a federal probe involving
allegations of high-tech sabotage.
NDS, a British company whose U.S. offices are in Newport Beach, makes smart
cards that prevent piracy of digital television signals. The company's
cards are used in 27 million television sets worldwide. The federal
criminal probe, and a separate civil suit, involve allegations that NDS
hacked competitors' cards, abetting widespread piracy.
An NDS spokeswoman said Wednesday that the company would cooperate fully
with the government's investigation.
A Justice Department spokesman declined to comment. The subpoenas demand
that the company hand over a variety of documents.
NDS was sued in March by a competing smart-card developer, Canal Plus
Technologies. Last week, two other companies, EchoStar Communications Corp.
and NagraStar, filed papers in U.S. District Court in San Francisco
declaring they intended to join the suit.
News Corp., which owns 80% of NDS, has been trying to get the case
dismissed or dropped. This week, it announced a new deal with Canal Plus'
parent, troubled French media company Vivendi Universal, to buy Vivendi's
Italian pay-TV system. One clause in the deal: The lawsuit dies.
That is looking increasingly unlikely, however, because of the government
inquiry and the widening civil suit.
The case, experts say, moves to the forefront the issue of whether
companies can be electronically secure in a world where hacking is all too
easy--and often untraceable. The financial stakes are high. Canal Plus, for
example, is seeking $1 billion in damages.
"None of these allegations are surprising. All the pieces are out there to
do things like this," said computer security consultant Bruce Schneier.
"This is a harbinger of things to come."
The allegations rank among the biggest public accusations ever of
intellectual property theft, experts said. In 2001, according to the Trends
in Proprietary Information Loss Survey, 40% of the companies responding
reported the theft, loss, destruction or misappropriation of their
intellectual property. Total reported losses were $56 billion to $59 billion.
The entertainment and technology industries have been watching the case
with particular interest. Television is moving quickly toward digital
delivery, which offers both superior images and improved reception over the
traditional analog transmissions.
To restrict access to authorized viewers, digital systems will need to
scramble their transmissions. Only customers with paid-up smart cards will
be able to get a clear signal. That's the plan, but the economics will get
murky if consumers find it cheaper to buy counterfeit cards. Many viewers
have been doing exactly that. In the U.S., EchoStar and DirecTV count about
18 million subscribers--and 1 million pirates.
Federal investigators first became interested in NDS late in 2000 when one
of the company's engineers, Christopher Tarnovsky, was informed by police
that he had received two packages at a commercial mailbox he rented in San
Marcos, Texas. According to court documents, one package contained a DVD
player that had $20,000 hidden inside; the other contained a CD player that
had a hidden $20,100. The packages were mailed from Canada.
Tarnovsky's lawyer believes he was set up.
"That is the only theory that makes sense," said San Diego attorney Pamela
Naughton. No charges have been filed in the matter. Naughton said she
hadn't seen the subpoenas issued Wednesday. "The government is being used
as a tool by the people who want to bring down NDS for their own personal
financial reasons," she said.
Tarnovsky is the central figure in the civil case. Canal Plus and, more
extensively, EchoStar and NagraStar allege that NDS hacked their encryption
systems and Tarnovsky then transmitted their secret codes to a Canadian Web
site frequented by digital pirates. NDS denied in court that Tarnovsky
transmitted the codes, as did Naughton.
"We don't believe there is any evidence he was responsible for posting any
codes, and there is no proof," she said.
NDS' goal, the plaintiffs in the civil case allege, was to weaken its
competitors. At one point, NDS was on the verge of losing a contract to
NagraStar, court filings claim. So NDS hacked the Nagra- Star system,
encouraging a host of pirates and discouraging a TV system customer from
switching services, the filings claim.
EchoStar and NagraStar asked the court to protect all documents filed and
depositions taken in the case, even if Canal Plus were to drop out. Vivendi
is selling Canal Plus to consumer electronics maker Thomson Multimedia for
$186 million. It was unknown whether Thomson would have any interest in
keeping the suit alive.
EchoStar, the second-largest U.S. satellite TV company, is struggling to
salvage its takeover of the largest, DirecTV, a unit of Hughes Electronics
Corp. NagraStar is a joint venture of EchoStar and Switzerland's Kudelski
Group, another major smart-card developer.
NDS Chief Executive Abe Peled said Monday that the new allegations by
EchoStar and NagraStar were "basically a repetition" of Canal Plus'
"groundless lawsuit" and "an attempt to harm NDS and thwart legitimate
competition."
Meanwhile, NDS is the defendant in another suit, filed last month by
DirecTV, which hired NDS in 1999 to provide smart-card encryption for its
11 million customers.
The sealed lawsuit accuses NDS of breach of contract, fraud, breach of
warranty and misappropriation of trade secrets, DirecTV said. NDS denies
the charges.
As part of its attempt to get the civil case dismissed, NDS in August asked
U.S. District Judge Vaughn Walker for a preliminary injunction, a request
that he called "almost silly" in court.
"You haven't even come close" to establishing the legal grounds for an
injunction, Walker told NDS lawyers. Those grounds include a likelihood
that NDS would prevail in the case. "No way in the world I can make a
declaration on the record that you're likely to prevail," the judge said.
"You're dead right out of the box."
Over the protests of NDS lawyers, the judge allowed depositions to proceed.
Two weeks ago, Canal Plus lawyers deposed NDS chief Peled as well as the
company's security chief and a key engineer.
Digital pirates frequently bought their counterfeit cards in Canada, where
it was legal to pirate American broadcasts until last spring. Reprogrammed
cards were sold openly in border cities. Even now, after a Canadian Supreme
Court ruling that made the piracy illegal, trade is still brisk, if more
clandestine.
In Europe, piracy is even worse. AEPOC, the European anti-piracy group,
estimates that viewers there spend about $1 billion a year on pirated
television. Legitimate revenue is about $5 billion.
"There is a general attitude that piracy is not a crime, particularly in
Italy," said Davide Rossi, the group's secretary-general.
Telepiu, one of the two Italian pay-TV systems, had as many as three
freeloaders for every one paying customer. Partly as a result, Telepiu lost
about $200 million in 2001. That proved a big drain on its owner, Vivendi,
which announced a deal in June to sell Telepiu to News Corp., owner of the
other platform. Negotiations faltered over the summer but now seem to have
been finalized.
*************************
Seattle Times
Technology lag is key to longshore dispute
By Luke Timmerman
Seattle Times business reporter
Technology has been marching into West Coast ports at a much slower pace
than in the rest of the world, and now it is driving the ports' biggest
labor dispute in 30 years.
Engineers who design ports to improve efficiency say West Coast ports are
far behind the state of the art. It is common in Singapore and Rotterdam,
The Netherlands, for shipping containers to be tracked by a network of
electronic tags, scanners and global positioning systems as they shuttle
between truck, storage yard and boat. Robotic cranes work almost
independently, moving cargo around terminals.
Some of this technology has made its way to the West Coast, but with
limited benefit.
Because of the labor contract with the International Longshore and
Warehouse Union, workers must retype the same computerized information at
several points as containers move around the waterfront.
The union says it is willing to embrace technological advancements, but
wants union workers to handle the data. It hasn't been able to agree on
terms with employers.
"The West Coast of the United States is one of only a handful of places in
the world where this kind of technology can't go in," said Tom Ward, a
principal engineer with JWD Group in Oakland, Calif., a port designer and
consultant to the Pacific Maritime Association (PMA). "There is no other
place in the world where there is so much resistance."
John Dacquisto, business agent for the union's Local 52 in Seattle, said it
welcomes computerized systems as long as the people needed to verify
information, fix inaccuracies and update booking changes remain union workers.
The PMA, which represents employers, hasn't been specific about what
technologies it wants to implement, but industry consultants say models of
efficiency in Europe and Asia and in U.S. railroad yards are being studied.
In Rotterdam, for example, several cranes each with a crew of fewer than
six people can unload a ship full of containers. On West Coast ports, it
typically can take 18 to 25 people per crane, Ward said.
In Hamburg, Germany, a single person can run up to four storage-yard cranes
remotely by looking at a video screen. On the West Coast, up to four people
are required to run a storage-yard crane, said Larry Nye, a vice president
a Moffatt and Nichol Engineers in Long Beach, Calif.
Even in West Coast ports with computerized tickets that tell truckers where
to pick up a container, union workers in some cases get paid to pull the
ticket out of the printer and hand it to the trucker, Nye said.
Technology would change significant chunks of the process.
As it works now on the West Coast, Ward said, the system might begin when a
company decides to ship computer parts to Taiwan. A shipping container is
sent to the company, which records vital booking information such as sender
name, receiver name, trucking company, contents of the container and
container number.
The information is sent electronically to the port terminal so gatekeepers
know what to expect.
A trucker hauls the container to the port gate, where the information is
scanned by a union worker. A union clerk stops the driver, weighs the
truck, walks around it to make sure there's no damage to the container, and
verifies the trucker's information to ensure it matches that from the
computer parts company.
The clerk instructs the trucker on where to take the container in the
storage yard; it is lifted off the truck and stored, with the location
recorded by a clerk on paper or in a handheld computer.
Next, a plan is drawn up to stack containers on the freighter.
When a ship is ready to load, a clerk with an updated map of containers in
the yard tells a truck driver which containers to get. The container is
taken out and the location change is recorded by a clerk.
Another clerk radios to the crane operator to pick up the container and
stack it on the ship.
By contrast, here's how it works at more high-tech ports in Europe and Asia:
A truck arriving at a port gate drives through a digital or radio scanner
that reads all the vital information, and it rolls over a weigh-in-motion
scale. A clerk verifies the driver's name and container information
automatically.
The trucker receives a ticket with instructions on where to take the
container. A computer picks out the most appropriate lifting equipment to
take the container off the truck.
Once the container is stacked, its vital information and precise location
is automatically recorded, and the truck drives off.
The precise location is automatically shared with the clerk who loads the
ship and the crane operator.
Ward, the engineer with JWD Group, said the more modern system allows for
nearly twice as many trucks to pass through gates in an hour's time.
That's important because ports are running out of space To keep up with
trade growth over time, they will need to improve efficiency because they
can't get more land.
Automation also cuts down on expensive labor costs for shuffling and
re-stacking containers, and the wasted motion and diesel emissions from
forklifts and cranes that go with it.
"This is really about who's in control," Ward said.
"Right now, control of information is distributed throughout the clerical
work force. In the future, it will be in a centrally directed
communications center that acts remotely, and many more decisions will be
made automatically by machines," Ward said.
"That's the real question; the union doesn't want to give up control, and
the PMA would like to take control of the terminals."
Nye said the two sides need to find a balance between technology and labor.
"I don't ever see a terminal being completely automated," he said. "There
are some serious deficiencies with that, and there is always a place for
people to verify and change information," Nye said.
"But there is a reasonable use of technology that is appropriate, and now
we aren't getting all the benefits of the technology."
Luke Timmerman: 206-515-5644 or ltimmerman@xxxxxxxxxxxxxxxxx
***************************
MSNBC
Quantum system keeps secrets safe
Encryption key transmitted via mountaintop light beam
Oct. 2 Satellites are increasingly relied upon for military and
intelligence use but securely transmitting voice, image and other
communications remains troublesome. Now, British military researchers have
improved an emerging method of secure transmission for the encryption keys
that protect such data a method that relies upon quantum physics.
IN A DEMONSTRATION reported in this week's issue of the journal
Nature, the researchers say they successfully exchanged encryption keys
transmitted on a beam of invisible light.
The researchers completed the exchange from the summits of
mountaintops in southern Germany that are 14 miles (23.4 kilometers) apart.
Within seven years, the technique ought to be able to transmit
encryption keys to any receiving point on the planet, via low-orbiting
satellite, said John Rarity, a scientist with QinetiQ, the commercial arm
of Britain's defense research lab.
NEXT-GENERATION ENCRYPTION
Current encryption technology uses mathematical "keys" that are
exchanged between trusting users. The keys are used to unscramble messages,
video and other data.
Such keys, made of random strings of digits, can be intercepted on
conventional networks. So they're routinely sent by less efficient means.
"At the moment, highly secure encryption keys are typically sent by
a man on a motorbike or a guy with a diplomatic bag," Rarity told The
Associated Press.
Rarity and other researchers believe keys can be more reliably
exchanged using methods of quantum physics rather than mathematics.
QinetiQ's experiment in quantum cryptography involved attaching the
key's digits to individual light particles, or photons, which are sent as a
weak beam of light. The practice is believed to be safe because
intercepting and reading the key noticeably alters the state of the
photons, tipping off the intended recipient that the key has been compromised.
QinetiQ isn't the only group researching the concept.
Rarity said his team and a similar outfit at the U.S. Department of
Energy's lab at Los Alamos, N.M., have been leapfrogging each other in the
distances they've been able to send and receive their encryption key-toting
light beams. Fourteen miles is the longest-yet transmission, he said.
Only the keys used to unscramble the data must be sent via the
light beams. The actual data could be sent in scrambled form via satellite
or any sort of conveyance, Rarity said.
"Once you've got your key, you can use your mobile phone or any
other method," he said.
MILITARY AND COMMERCIAL APPLICATIONS
Rarity told MSNBC.com that the first users of quantum cryptography
would likely be military personnel. Although a good deal of military
information is already sent in encrypted form, some satellite signals
currently have to be transmitted "in the clear." In June, for instance,
European satellite TV viewers could watch surveillance video of American
military bases in Bosnia that was being broadcast in an unencrypted stream,
via satellite.
Rarity said quantum crypto would also provide an "insurance policy"
in case current encryption technology becomes obsolete.
"There are people who are interested in using it, mainly on the
government level, where they want to keep their secrets secure for more
than the few days it takes for a bank transaction," he said. Some agencies
specify that their secrets should remain secure for 50 years, Rarity noted.
Rarity told MSNBC.com that quantum cryptography systems are already
becoming available for hard-wired systems: "We already have, in Europe, a
little company that will sell you a fiber-based system, and we're looking
into commercialization of a free-space system (that would work over)
shorter ranges rooftop to rooftop."
But quantum-encrypted satellite systems pose more difficult
technical challenges, Rarity said. In order to send light streams to
low-orbiting satellites, he said scientists would need to improve the
system's tolerance to loss of some of the data-carrying light particles,
which "leak" in increasing amounts the farther the beam travels.
No current satellite can handle such transmissions. Rarity said the
system would require construction and launch of new satellites.
MSNBC's Alan Boyle and The Associated Press contributed to this report.
****************************
Government Computer News
FBI, SANS update list of systems vulnerabilities
By William Jackson
The FBI's National Infrastructure Protection Center and the SANS Institute
of Bethesda, Md., have updated their list of the top vulnerabilities for
Windows and Unix systems, and announced that five companies have released
tools to scan for them.
Sallie McDonald, the Federal Technology Service's assistant commissioner
for information assurance and critical infrastructure protection, also said
FTS expected to award a contract this week for a patch management service
to help IT administrators keep systems up-to-date. The service will notify
subscribing agencies of new vulnerabilities specific to their systems and
what protective actions to take. Users also will be alerted when patches
for the problems are available, but the service will not download patches
automatically.
The contract will be awarded by the Federal Computer Incident Response
Center, and the service will be free to subscribers.
Richard Clarke, chairman of the president's Critical Infrastructure
Protection Board, said the vulnerabilities list represents a common
consensus by experts in and out of government on the most commonly
exploited weaknesses in computer systems. He said focusing on these
problems is an effective way to close loopholes.
"People do use known vulnerabilities," he said. "Look at your systems the
way an attacker would look at it."
Last year's list was expanded from 10 to 20 vulnerabilities and was
separated into categories for Microsoft Windows, Unix and general. This
year's list is divided into only Windows and Unix. It has consolidated some
entries from last year's list, removed others and added a few. The
vulnerabilities usually are listed as services, each of which may contain a
number of weaknesses.
New in this year's list are Microsoft's SQL Server, Internet Explorer and
remote registry access for Windows platforms; and the Apache Web server,
Secure Shell and File Transfer Protocol for Unix.
The overall list of top vulnerabilities for Windows:
1. Internet Information Services
2. Microsoft Data Access Components
3. SQL Server
4. NetBIOSunprotected Windows networking shares
5. Anonymous logonnull sessions
6. Weak hashing in LAN manager authentication
7. Weak passwords for general Windows authentication
8. Internet Explorer
9. Remote registry access
10. Windows Scripting Host
For Unix:
1. Remote procedure calls
2. Apache Web Server
3. Secure Shell
4. SNMP
5. STP
6. Trust relationships in remote services
7. Line printer daemon
8. Sendmail
9. BIND/DNS
10. Weak passwords for authentication
Many companies have developed tools or services that will scan for these
vulnerabilities. Alan Paller, director of research for the SANS Institute,
said the tools will be updated at least monthly for new problems with the
vulnerable services.
Commercial scanners for top vulnerabilities are available from Foundstone
Inc. of Mission Viejo, Calif., and Internet Security Systems Inc. of
Atlanta. Open-source software scanners are available as free downloads from
Advanced Research Corp. of Vienna, Va., at www-arc.com, and the Nessus
Organization at www.nessus.org. Qualys Inc. of Redwood Shores, Calif.,
offers a free Web scanning service at sans20.qualys.com.
Details on the vulnerabilities are posted at www.sans.org/top20.
***************************
Government Executive
House panel creates Office of Electronic Government
By Molly M. Peterson, CongressDaily
A bipartisan compromise bill creating a new Office of Electronic Government
within the Office of Management and Budget won quick approval Tuesday from
a House Government Reform subcommittee.
The Electronic Government Act of 2002 (H.R. 2458), which the Technology and
Procurement Policy Subcommittee passed by voice vote, aims to improve
coordination and deployment of information technology across the federal
government, and help agencies to achieve the IT management reforms required
under the 1996 Clinger-Cohen Act.
"In the wake of the Clinger-Cohen Act, it has become readily apparent that
the lack of a centralized focus on information management has significantly
harmed the government's capability to manage information technology [and]
information security, and develop effective business plans for acquisition
of IT products and services," said Subcommittee Chairman Tom Davis, R-Va.
Davis said the proposed "e-gov" office is based largely on the
administrative structure established in June 2001, when Mark Forman was
appointed associate director of OMB for Information Technology and
Electronic Government.
"While I have strong reservations about creating an office of e-government
without appropriately addressing the functions of that office in the
context of the [1995] Paperwork Reduction Act and the existing Office of
Information and Regulatory Affairs at OMB, the urgency for Congress to
signal that e-government is a top priority for federal agencies is
crucial," Davis said.
As introduced by the ranking Democrat, Rep. Jim Turner of Texas, the
legislation called for a Senate-confirmed federal chief information officer
to be appointed within OMB. But Davis unveiled a bipartisan substitute
Tuesday that calls for an "e-gov administrator" instead of a new federal CIO.
The substitute also includes a provision based on Davis' Federal
Information Security Management Act (FISMA), H.R. 3844. That legislation
would reauthorize the Government Information Security Reform Act (GISRA) of
2000, and would allow OMB to develop performance-based standards to protect
federal information security systems. "This legislation will force the
federal government to more effectively address pervasive information
security weaknesses," Davis said of the FISMA provision.
Turner supported the substitute, but he opposed another amendment by Davis
that would allow the e-gov administrator to be appointed without Senate
confirmation, as Forman was.
Davis said his amendment would recognize OMB's deputy director of
managementan existing, Senate-confirmed positionas the federal CIO who
would delegate some of his authorities to the e-gov administrator. "It does
not make any significant structural changes to OMB's operations," Davis
said. "In the absence of that type of change, I do not believe Senate
confirmation is necessary."
Despite objections from Turner, Davis' amendment passed by voice vote. But
Davis said lawmakers would revisit the issue of whether the e-gov
administrator should be Senate-confirmed next year, when Congress
reauthorizes the Paperwork Reduction Act.
The panel also adopted, by voice vote, a Davis amendment creating an
exchange program that would allow federal agencies and private sector
companies to "exchange" mid-level information technology managers for
one-year assignments with an optional one-year extension. That amendment is
identical to Davis' Digital Tech Corps Act, H.R. 3925, which the House
approved last April.
Another Davis amendment would authorize the government-wide use of
"share-in-savings" contracts. Under such an arrangement, a federal agency
could obtain a product or service from a contractor without paying large
up-front costs. Rather, the agency would agree to pay the contractor a
certain percentage of whatever savings are achieved over a five-year period
by using the new product or service.
"These contracts represent an innovative approach to encourage industry to
share creative technology and management solutions with the government,"
Davis said. "Through these contracts, agencies can lower their costs and
improve service delivery without large up-front investments as the
contractor provides the technology and is compensated by receiving a
portion of savings achieved."
Turner opposed that amendment, calling share-in-savings contracts an
"untried and unproven" practice. He noted that the Clinger-Cohen law allows
federal agencies to take part in share-in-savings pilot projects, but very
few such contracts have been awarded. "It's a very complicated contracting
procedure," Turner said. Nevertheless, Davis' amendment passed by voice vote.
**************************
Computerworld
Bugbear virus a bugaboo for PCs; spreading rapidly
By Paul Roberts, IDG News Service
OCTOBER 02, 2002
The Bugbear virus is spreading quickly around the world since it first
appeared on Monday, according to alerts issued by antivirus companies and
computer security experts.
The virus comes as an e-mail attachment with a variety of subject lines
including "bad news," "Membership Confirmation," "Market Update Report,"
and "Your Gift." Code in the virus generates random attachment names and
subject lines to avoid easy detection by antivirus software and assigns
multiple file extensions to the virus to disguise the fact that it is an
executable file, according to Vincent Gullotto, vice president of the
McAfee Anti-Virus Emergency Response Team at Network Associates Inc. in
Santa Clara, Calif.
Once activated, the virus shuts down vital processes used by antivirus and
firewall software, records user keystrokes to capture passwords, sends
copies of itself as e-mail attachments, and copies itself on to directories
shared by networks that are accessible to the computers it infects.
The virus appears to forward copies of itself as attachments to old e-mail
messages on the computers it infects to randomly selected third parties,
according to a statement released by F-Secure Corp. in Helsinki. In
addition to propagating the virus, this feature discloses otherwise
personal e-mail correspondence to third parties.
As it attempts to access shared directories on computer networks, the virus
may also send copies of itself to shared network printers, which will begin
printing the binary code of the virus executable, according to F-Secure.
Finally, Bugbear opens a backdoor to the machines that it infects. Using a
Web browser, the virus author or malicious hackers can access a Web
interface created by the virus, browse local files on an infected machine
and execute programs on that machine, according to F-Secure.
While initial reports indicated that Bugbear's code might have contained
flaws that prevented it from being able to mail itself out to new
recipients, the rapid spread of the virus in the past two days indicates
the virus is more than capable of reproducing itself.
Symantec Corp. announced today that it's upgrading Bugbear to a level four
virus on a scale of one to five, with five being the most serious. Symantec
pointed to a rapid increase in reports of the virus from customers, from
157 submissions Tuesday to more than 2,000 by this morning.
In its statement, F-Secure indicated that incidents of the Bugbear
infection had surpassed incidents of infection by the Klez virus, which had
been the most widely circulated virus this year.
Reports of new infections are higher in Europe and Asia than in the U.S.,
according to Chris Wraight, technology consultant at antivirus software
maker Sophos PLC. in Oxford, England. Bugbear is a far less formidable
threat than predecessors like Klez, Wraight said.
"We're still looking at infections in the thousands. At this point with
[the Klez virus] we were talking about millions of infections," Wraight said.
Leading antivirus software vendors have posted updated virus definitions
covering the Bugbear worm. Antivirus software vendors are encouraging
customers whose computers have not yet been infected to update their
antivirus software.
Customers whose computers have been infected need to remove all files
related to the virus from their machines and are encouraged to update any
passwords that might have been exposed to the virus, according to F-Secure.
***************************
BBC
Atomic memory developed
Imagine a CD with a storage capacity not of 650 MB but 650 million MB. Such
a storage capacity is theoretically possible because of experiments using
individual atoms to store data.
But do not expect it soon; the gap between theory and practice is wide.
In 1959, physicist Richard Feynman pointed out that all the words written
in the history of the world could be contained in a cube of material one
tenth of a millimetre wide - provided those words were written with atoms.
Now, scientists have done just that, creating an atomic-scale memory by
using atoms of silicon in place of the 1s and 0s that computers use to
store data.
Proof of concept
The research is reported in the journal Nanotechnology. Scientists say it
represents a first crude step toward a practical storage device in which
atoms represent bits of information.
"This is proof of concept of what Feynman was saying 40 years ago," says
Franz Himpsel of the University of Wisconsin.
The memory created by Himpsel provides a storage density a million times
greater than a CD-Rom.
Atoms may be among the smallest physical things that can be used to store
binary data. The potential of their storage capacity is awesome. For
example, a grain of sand contains about 10 million billion atoms.
Too slow
The new memory was made on a silicon surface by lifting out single silicon
atoms with the tip of a scanning tunnelling microscope. The gaps left
behind represent the bits of data storage.
Conventional data storage uses millions of atoms per bit.
But while theoretically it is possible to use single atoms as storage bits,
in practice it may take decades to make a practical version of atomic memory.
This is because of the problems of working with individual atoms at room
temperature and the data rate at which the information is laid down, and
subsequently read out again, is far too slow to be of any use at the moment.
DNA data
Researchers say that an intriguing aspect of the latest work is that memory
density is comparable to the way nature stores data in DNA molecules.
The Wisconsin atomic-scale silicon memory uses 20 atoms to store one bit of
information, including the space around the single atom bits.
DNA uses 32 atoms to store information in one half of the chemical base
pair that is the fundamental unit that makes up genetic information.
"Compared to conventional storage media, both DNA and the silicon surface
excel by their storage density," says Himpsel.
**********************
The Guardian
Net piracy tackled by free music day
Plummeting sales prompt record industry campaign
Stuart Millar
Thursday October 3, 2002
The British recording industry today launches its latest attempt to stem
the flood of consumers who are abandoning the legitimate CD market and
turning to pirate internet services to download music for free.
Rocked by plummeting global sales and the growing realisation that previous
anti-piracy efforts have proved woefully inadequate, labels and
distributors will try to tempt back customers with an initiative dubbed the
"biggest ever official giveaway of digital music".
Digital Download Day, masterminded by the rock musician Peter Gabriel's
distribution company OD2, will today offer consumers £5 worth of free
downloads from one of five official music sites.
More than 100,000 tracks will be available, ranging from Elvis and Coldplay
to Kylie and Gareth Gates.
For £5, users will be able to listen to 500 tracks online, download 50
tracks on to their hard disk or burn five tracks on to a CD.
The launch of the scheme illustrates the depth of concern in the industry
about the threat to sales posed by file sharing services such as Kazaa and
Bear Share, which allow music and other files to be swapped between computers.
Digital piracy has hit hardest in the US, the world's biggest music market.
The British market has bucked the global trend and shown slight growth, but
even here the first signs of crisis are emerging.
Music sales in Britain fell by more than 15% in the second quarter of this
year, according to the British Phonographic Industry (BPI), the trade body,
which described the outlook as gloomy.
While attempts to establish a market in legitimate music download sites
have failed, the illicit sites have continued to rack up millions of
customers.
A report by the independent consultants OC&C earlier this year found that
almost 3 million people were logging on to free file swapping services at
any one time. In contrast, legitimate downloads brought in only about $1m
(£660,000) last year.
But yesterday the backers of the scheme insisted it would succeed. Gabriel
said: "It is time for the record industry to come out fighting. This
heralds the end of the beginning for the digital music industry as we move
out of the pirate stage and into something more workable."
Charles Grimsdale, chairman of OD2, said consumers could be convinced to
pay for music they could get for free elsewhere if they could be shown it
was more convenient and of a higher quality.
"File sharing services are becoming more and more time consuming to use,
it's getting more and more difficult to find the recording you really want.
We have to offer a better service."
He said that it had taken so long for a scheme such as this to come along
because labels had been reluctant to release their catalogues.
Andrew Yeates, director general of the BPI, also welcomed the move.
"Put simply, paying for music has to be a better option than stealing it.
Any initiative that helps create that atmosphere is to be welcomed," he said.
The latest initiative also represents a change of tack by the industry,
which had concentrated its anti-piracy efforts on setting their lawyers on
the offending music sites in an attempt to put them out of business.
Stuart Rowe, HMV's e-commerce director, said cracking down on pirate
services was not enough. "It's increasingly apparent that along with the
stick we need to offer a carrot so that over time we develop a new culture
where music consumers come to recognise the value of paid-for downloads and
don't automatically expect to get them for free."
**************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx