[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips September 4, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;, mguitonxlt@xxxxxxxxxxx;
- Subject: Clips September 4, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Thu, 04 Sep 2003 11:33:29 -0400
Clips September 4,
2003
ARTICLES
Spelling It 'Dinsey,' Children on Web Got XXX
France rules anti-copy CDs faulty [DRM]
Australian Judge Finds L.A. Webmaster Liable
Office users at risk from 'critical' flaw
*******************************
New York Times
September 4, 2003
Spelling It 'Dinsey,' Children on Web Got XXX
By BENJAMIN WEISER
Be sure to spell Britney Spears's name correctly when you type it into an
Internet browser.
Federal prosecutors in Manhattan charged a Florida man yesterday with
violating a new law that makes it illegal to use misleading Internet
domain names to entice minors onto pornographic Web sites.
Prosecutors said that as part of the scheme, the defendant, John
Zuccarini, had registered 3,000 domain names that included misspellings
or slight variations of popular names like Disneyland, Bob the Builder
and Teen magazine. Mr. Zuccarini used more than a dozen variations of the
name Britney Spears, the prosecutors said.
A child who accidentally mistyped a name into an Internet browser would
be directed to a Web page controlled by Mr. Zuccarini and barraged with
X-rated advertising, the authorities said. The child would also be
"mousetrapped," they said; that is, unable to exit from the Web
site.
"Few of us would imagine that there was someone out there who was,
in effect, reaching through cyberspace to take that child by the hand to
one of the seediest corners of the Internet," said James B. Comey,
the United States attorney in Manhattan.
Mr. Zuccarini was arrested yesterday morning by federal postal inspectors
in a hotel room in Hollywood, Fla., where he had been living for the last
few months, Mr. Comey said. He is being held in Florida pending further
court proceedings, a spokesman for Mr. Comey said. A lawyer for Mr.
Zuccarini could not be immediately identified yesterday.
Mr. Zuccarini is the first person in the nation charged with committing a
crime under the Truth in Domain Names Law, Mr. Comey said. The provision
is part of a comprehensive legislative package signed by President Bush
in the spring that included the creation of the national Amber Alert
network for child abduction cases.
"Children make mistakes," Mr. Comey said. "The idea that
someone would take advantage of that, of a young girl, for example,
trying to go to the American Girl Web site to look at dolls or a child
trying to visit the Teletubbies Web site, and mistypes, to take advantage
of those mistakes to direct those children to pornography sites is beyond
offensive."
Mr. Zuccarini has long been the subject of complaints, including
lawsuits, over his use of domain names, records and news reports show. In
about 100 complaints raised in arbitration proceedings to resolve domain
name disputes, panels have ruled against him almost every time,
prosecutors said, and ordered him to transfer the names at issue to the
legitimate holder.
In 2002, the Federal Trade Commission got a permanent injunction against
Mr. Zuccarini, ordering him to end his activities, dismantle certain Web
sites and pay a $1.9 million judgment. But he continued to use misleading
domain names to promote advertising for pornography to minors, according
to a criminal complaint filed in Federal District Court in
Manhattan.
It added that Mr. Zuccarini got a referral fee of 10 to 25 cents each
time a visitor to one of his Web sites moved to the site of one of the
advertisers. He earned $800,000 to $1 million a year through the scheme,
the complaint said.
Representative Mike Pence, a Republican from Indiana who wrote the domain
names law, said by telephone that he saw the issue less as one of
indecency than as one of fraud. "I found in sitting down with my
kids to do their homework on the Internet," he said, "that you
could type in the most innocuous phrases, and that you literally had to
cover their eyes before you activated the Web site."
In the misspelled domain names, Mr. Zuccarini used spellings like
"Dinseyland," "Bobthebiulder," "Teltubbies"
and "Britnyspears," prosecutors said.
Once a person was directed to a pornographic Web site, Mr. Comey said,
"the usual tools that we use to close a Web site would not
work."
Clicking on the X in the corner, or pressing the back button, he said,
would "simply open more screens, bombarding the user with an endless
stream of hard-core pornography."
"Zuccarini did this so he could profit from the fact that people,
and especially children, frequently misspell or mistype names on the
browser line on their computer," Mr. Comey added.
*******************************
Australian IT
France rules anti-copy CDs faulty
Correspondents in Paris
SEPTEMBER 04, 2003
A FRENCH court has ruled that music compact discs which include functions
to prevent copying amount to faulty goods and that buyers must be
reimbursed.
The court made its decision on Tuesday on the basis of a CD produced by
EMI France of a song by the French singer Alain Suchon entitled
"J'veux du live" (I want it live).
French consumer group UFC-Que Choisir is campaigning against the use of
technical devices by manufacturers to prevent their CDs from being read
by, or played on, computers, car radios or even some hi-fi audio systems.
The association also objects to the fact that manufacturers protect CDs
in Europe against copying but do not do so in the United States, fearing
legal action against them there.
Another association, the CLCV confederation concerned with consumers,
housing and quality of life, won a similar victory in June when a French
court decided that a protected CD must carry a warning that it cannot be
read by certain players.
*******************************
Los Angeles Times
Australian Judge Finds L.A. Webmaster Liable
Jurist says Net sites defamed a professor. The accused calls an order for
damages unenforceable.
By Steve Hymon
September 4, 2003
In an unusual Internet case crossing international borders, an Australian
judge imposed $61,000 in damages against a Los Angeles man earlier this
week for defaming a Perth journalism professor on a series of Web sites.
Bill White, 60, of Los Angeles, did not attend the civil trial in the
Supreme Court of Western Australia in Perth and was found by default to
have defamed Trevor Cullen, of Edith Cowan University.
White has accused Cullen of being a child molester and an academic fraud
on several Web sites.
The judge agreed with Cullen that the allegations are untrue.
"The conduct of the defendant can be attributed only to a conscious
desire on his part to cause the plaintiff the maximum amount of damage,
hurt and embarrassment by what amounts to a campaign of deliberately
offensive vilification," said Master David Wallace Newnes in his
decision.
White has built dozens of similar sites about people across the globe who
White alleges have refused to help him uncover an alleged sex scandal at
a small Catholic university in Papua New Guinea in 1996.
White said in an e-mail Wednesday to a Times reporter that he was unaware
of the judgment against him, but that if such a ruling occurred, it
"is not enforceable in the United States. It is void."
*******************************
CNET News.com
Office users at risk from 'critical' flaw
By David Becker
Staff Writer, CNET News.com
September 3, 2003, 12:33 PM PT
Microsoft issued another flock of security alerts Wednesday, including
notice of a "critical" flaw that affects many of its Office
applications.
The most serious flaw, in the Visual Basic for Applications (VBA)
software, could allow an attacker to gain control of a vulnerable PC. VBA
is used to develop desktop applications that tie into other Microsoft
products.
As detailed in Microsoft's security bulletin, a malicious user could
create a document with a VBA application that's designed to overflow the
buffer--the chunk of memory that's allocated to a program--and then run
other code.
The flaw affects recent versions of Office applications that support VBA
scripting, including the 2002, 2000 and 97 versions of Access, Excel,
PowerPoint and Word. It can also be used with Project 2002 and 2000,
Visio 2002 and 2000 and Works Suite 2002, 2001 and 2000. Several
applications sold under Microsoft's Business Solutions brand also are at
risk, including version 7.5 of the Great Plains accounting software.
In most cases, a person would have to receive and open a maliciously
crafted document to trigger an attack. If Microsoft's Outlook e-mail
client is set up to use Word as the default program for editing HTML Web
code, however, the vulnerability could be exploited by responding to or
forwarding a message with a malicious attachment.
Microsoft representatives urged customers to apply the proper patches--as
detailed in the security bulletin and at the Office Update site--and to
use sound e-mail handling procedures.
"If you receive an attachment from someone you don't know, something
you're not expecting, you should be very cautious," said Simon
Marks, Microsoft product manager for Office.
Several other alerts also involve Office applications. A vulnerability in
recent versions of Word could allow hackers to automatically run macros,
which are mini-programs typically used to automate routine tasks. The
flaw--classified as "important"--requires opening a maliciously
crafted document, according to the security bulletin. Customers using
Word 2002, 2000, 98 or 97 or Works Suite 2003, 2002 or 2001 are urged to
apply the patch, as described in the bulletin.
Another flaw exploits a potential buffer overflow arising from the way
Office applications convert documents created in formats associated with
Corel's WordPerfect software. The security hole--described as
"important"--appears in recent versions of Office, FrontPage,
Publisher and Works Suite, according to the alert. It could allow a
malicious user to arbitrarily run code on a comprised PC. Patches are
available via the bulletin.
Another Office-related buffer overflow vulnerability--ranked
"moderate"--could also allow arbitrary code execution after a
PC user opens a maliciously crafted document by using the "Snapshot
Viewer" tool that's included in Microsoft's Access database
application. The flaw affects Access 2002, 2000 and 97 and is fixed by a
patch.
The final flaw--ranked as a "low" threat--involves the NetBIOS
(Network Basic Input/Output System) networking component included in
recent versions of the Windows operating system. Under certain
conditions, a response to a network query could include random data from
the PC's memory, possibly revealing sensitive data. The flaw uses PC
resources normally blocked by the Internet Connection Firewall security
software included in recent versions of Windows, according to the
bulletin.
Microsoft has come under increasing scrutiny for its frequent security
alerts, as the Redmond, Wash.-based software giant tries to build
confidence in its software through its Trustworthy Computing initiative.
*******************************