[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips November 24-December 4, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;, mguitonxlt@xxxxxxxxxxx, sairy@xxxxxxxxx;
- Subject: Clips November 24-December 4, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Thu, 04 Dec 2003 14:14:53 -0500
Clips November 24-December 4,
2003
ARTICLES
Republicans Back E-Vote Bill
Gov't Simulates Terrorist Cyberattack
Program points way to iTunes DRM hack
Student Group Lists Professors It Considers Too Politicized
Senate Opens Inquiry Into Leaked Memos
FCC to Look at Phone Firms' Use of Internet to Carry Calls
Marketers Adjust as Spam Clogs the Arteries of E-Commerce
April Fool?s e-mail freed detained kidnapper
Police arrest man in bank PC theft
Nigeria sets up panel to fight Internet fraudsters
China Releases 3 Internet Writers, but Convicts 1 Other
New flaws reported in IE 6
Music Industry Reluctantly Yielding to Internet Reality
Homeland Security ends foreigner registration program
Diebold retreats; lawmaker demands inquiry
DVD-copying firm sued by Warners
Lack of Backup Sank High-Tech Reporting System
China battles world's IT trash
Flaw in Linux kernel allows attack
Group seeks political power for P2P
How Much Is Privacy Worth?
Sexual spam could spark lawsuits
Pirated Movies Flourish Despite Security Measures
Report: A third of spam spread by RAT-infested PCs
*******************************
Wired News
Republicans Back E-Vote Bill
12:07 AM Nov. 19, 2003 PT
As criticism of electronic voting systems heats up across the nation,
three Republicans have signed on to support a bill that would force
e-voting machines to produce a paper trail. Previously only Democrats had
vowed to support the bill.
Republican congressmen Tom Davis of Virginia, Christopher Shays of
Connecticut and New Hampshire's Charles Bass have agreed to co-sponsor
the Voter Confidence and Increased Accessibility Act of 2003, which was
introduced to the House in May by Rush Holt (D-N.J.).
The bill would require electronic voting machines that currently don't
offer a paper trail, such as touch-screen voting machines, to produce a
receipt. The receipts would allow voters to verify that a machine
recorded their vote correctly and would be used as an audit trail in case
of a computer malfunction or other election irregularity.
There are currently 74 co-sponsors of the bill. Davis, Shays and Bass,
however, are the first Republicans to sign on as co-sponsors. Davis is
the former chair of the Republican Congressional Campaign Committee.
Congressman Holt said voter receipts should not be a partisan issue, as
all parties should be concerned about the integrity of voting systems.
"I am very pleased that my Republican colleagues have joined my
effort to protect the future integrity of our elections. There's clearly
momentum building in Congress and across the country to see this
legislation pass.... I am confident that more Republicans will join me so
that together we can pass this legislation and make sure that every vote
cast in every future election is counted accurately," he said in a
written statement released Wednesday.
Critics of electronic voting have been calling for a voter-verifiable
receipt for some time to give voters confidence in the election process
in general and voting systems in particular. They propose that the
receipt could either scroll behind a glass partition so voters couldn't
touch it, or pop out of the machine like an ATM receipt so voters could
deposit it into a secure ballot box.
The bill would require that voting machines used for disabled voters
provide a mechanism for voter verification as well. Advocates for
disabled voters have balked at a voter receipt because they say it would
disenfranchise voters with impaired sight. But the Holt bill says the
mechanism for disabled voters would not necessarily be a paper receipt.
Current touch-screen machines for disabled voters are equipped with
headphones and audio to help voters cast their ballot.
In addition to a voter-verified receipt, the bill would ban the use of
wireless communication devices, such as cell phones and wireless modems,
to transfer votes from voting machines to election precincts. It would
ban the use of undisclosed software in voting systems. This means voting
machine companies would have to make their software code open to public
scrutiny on request.
The bill requires all voting systems to meet these requirements by the
general election in November 2004.
*******************************
Associated Press
Gov't Simulates Terrorist Cyberattack
Tue Nov 25,10:28 AM ET
By TED BRIDIS, AP Technology Writer
WASHINGTON - The Homeland Security Department's first simulation of a
terrorist attack on computer, banking and utility systems exposed
problems with the ways victimized industries communicated vital
information during the crisis, the government's new cybersecurity chief
said Monday.
Experts inside government and the Institute for Security Technology
Studies at Dartmouth College are still formally evaluating results of the
so-called "Livewire" exercise, carried out over five days late
in October. It simulated physical and computer attacks on banks, power
companies and the oil and gas industry, among others.
"There were some gaps," said Amit Yoran, the newly hired chief
of the agency's National Cyber-Security Division. "The information
flow between various sectors was not as smooth as we would perhaps have
liked." He assessed government's performance as "certainly a
B+, better than my personal expectations."
Yoran said mock attacks during the exercise tried to broadly disrupt
services and communications across major industrial sectors, enough to
make consumers to lose economic confidence. It modeled bombings at
communications facilities outside Washington and cyberattacks aimed at
companies and other networks.
Even before the Sept. 11, 2001, terror attacks, the government organized
its cyber-protection efforts around early-warning centers operated
separately by banks, water utilities, technology companies and the
electric industry.
But critics have long pointed to problems with the ways that these
centers exchange information with each other, making it far more
difficult for banks to describe their internal problems with a power
utility than with other financial institutions that also may be under
attack.
Yoran said that in some cases, the exercise exposed problems as simple as
uncertainty about which companies and industries can be contacted in the
middle of the night with urgent information about an ongoing attack; most
mock failures occurred during the day.
In some cases, victim companies weren't told explicitly about an attack;
organizers might send them clues, such as e-mails purportedly from
customers who mysteriously couldn't access their bank accounts.
Yoran said the exercise affirmed that troublesome interdependencies exist
throughout the nation's most important systems. A broad power outage
could also bring down key telephone or computer networks, disrupting
repair efforts.
Homeland Security officials said it was the first large-scale exercise
carried out with the agency. Officials at the National Security Council
and departments of Defense and Treasury also were involved.
*******************************
CNET News.com
Program points way to iTunes DRM hack
Last modified: November 24, 2003, 5:05 PM PST
By John Borland
Staff Writer, CNET News.com
The Norwegian programmer who distributed the first widely used tool for
cracking the copy protection technology found on DVDs has turned his
attention to Apple Computer's iTunes.
Late last week, programmer Jon Johansen posted a small program called
QTFairUse to his Web site, with little in the way of instruction and even
less explanation. But during the next few days, it became clear that the
program served as a demonstration of how to evade, if not exactly break,
the anticopying technology wrapped around the songs sold by Apple in its
iTunes store.
Johansen's software isn't for technology novices. In its current form, it
requires several complicated steps to create a working program from
source code, and it doesn't create a working song file that can be
immediately or simply played from a digital music program like Winamp or
Microsoft's Windows Media Player.
But if other developers--or Johansen himself--pursue the project, it
could herald the arrival of simple ripping programs that could create
unprotected music files from iTunes songs as simply as from an ordinary
compact disc.
Apple representatives did not return calls for comment. Johansen did not
respond to an e-mail asking for comment.
Johansen's latest program, which works only for the Windows version of
iTunes, is just the most recent move in the ongoing game of cat and mouse
being played by digital rights management technology creators and
hackers, who see the copy locks as a challenge.
The Norwegian's 1999 program, called DeCSS, ignited a debate over the
legality of copying DVDs that has yet to end. Now widely distributed,
DeCSS and similar tools are the foundation for much of Hollywood's fear
that digital versions of movies will be copied and distributed online.
Johansen was sued in Norway for releasing the software, but a court there
ruled that he had the right to decode a DVD he had purchased so that he
could play it on a Linux-based computer.
Microsoft's copy-protection technologies have also come under consistent
attack from hackers. One attempt was successful in breaking through the
Windows Media rights management, but updates from Microsoft quickly
defanged the hack.
More recently, a Princeton University student showed how to evade the
copy-protection technique placed on a compact disc released by BMG simply
by pushing the computer's shift key while loading the CD.
Johansen's program works by patching Apple's QuickTime software with a
new software component of his own. Because he called the program a
"memory dumper," programmers on message boards around the Web
speculated that QTFairUse made a copy of the raw, unprotected song data
from the computer's temporary memory after it was unprotected for
playback, rather than simply recording the audio stream as it played. But
this was not independently verified by Apple or Johansen.
If that is indeed the approach Johansen took, it's possible Apple could
release an update to QuickTime that nullifies Johansen's work, much as
Microsoft did for the early break of its digital rights management tools.
In several CNET News.com experiments, the unprotected file created by
Johansen's program was not playable. Several people on Web message boards
reported using a series of other MPEG 4 audio tools to create a usable
song from the resulting file, however.
Another Windows iTunes add-on called MyTunes was released several weeks
ago, which allowed computers to capture and save copies of songs streamed
through iTunes from another computer on a local network. That program did
not work with the copy-protected songs purchased from the iTunes store,
however.
*******************************
Washington Post
Student Group Lists Professors It Considers Too Politicized
Texas Conservative Organization Claims Fair Notice; Opponents Fear
Academic Censorship
By Karin Brulliard
Special to The Washington Post
Monday, November 24, 2003; Page A03
AUSTIN -- Two days after the Sept. 11, 2001, terrorist attacks, Austin
Kinghorn, then a sophomore at the University of Texas here, sat down in a
journalism class and heard the professor pose the question "What is
terrorism?"
The professor proceeded to "explain why America is a worse terrorist
threat than the 9/11 terrorists," said Kinghorn, who calls himself a
right-wing conservative. "There was no opposing view
presented."
Kinghorn says he got an A in the course, but the experience soured him.
"I didn't feel like it was worth listening to a litany of professors
who believe the same views," he said. He dropped his intended major
in journalism. Today, Kinghorn, 21, is a senior and chairman of the Young
Conservatives of Texas at UT, the nation's largest university. And the
professor, Robert Jensen, tops the conservative group's "watch
list."
The list, published on the group's Web site,
www.yct.org, and
distributed on campus, criticizes 10 professors -- nine of them liberals,
in Kinghorn's view -- for using their classrooms to promote personal
agendas and "indoctrinate" students. Kinghorn insists the list
is a tool for students to make informed course choices. Critics call it a
blacklist whose goal is to intimidate liberal professors and cramp
academic freedom.
The list censures Jensen, for instance, for subjecting "the
unsuspecting student to a crash course in socialism, white privilege, the
'truth' " and "using class time . . . to 'come out' and
analogize gay rights with the civil rights movement."
In response, Jensen, who said he is bisexual, said the list could have an
ominous effect on the faculty: "If professors are constantly worried
about being branded liberal, and not just liberal but inappropriately
executing their duties, then it's going to make people a little nervous
and there's a self-censorship effect."
The list bashes government professor Jennifer Suchland and sociology
professor Gretchen Webber for focusing on inequalities in American
gender, race and class. Clement Henry, a government professor, is
criticized for alleged pro-Palestinian views. Thomas Garza, a professor
of Slavic languages, is named for criticizing American foreign policy and
the Bush administration. Government professor David Edwards earned a
place on the list for his "hatred of conservatism and
capitalism." Edmund T. Gordon, a black professor of anthropology, is
accused of overemphasizing white oppression of blacks. Economics
professor Harry Cleaver is singled out for an anti-free-market,
"postmodernist agenda." Penne Restad, a history professor, is
accused of embracing a "far left interpretation of American
history."
"Regardless of whether they want to or not, they have sent us a
message," said Suchland, one of three professors on the list who do
not have tenure. "I'm feeling like anything is possible. That at
some point, someone can say, 'We think you're anti-American and we think
you should shut up' -- that it's not appropriate to talk about these
things."
Jensen denies that he ever equated the United States and al Qaeda. But he
has used a broad definition of terrorism -- the threat of force against
civilians to achieve political goals -- to condemn U.S. actions in
Vietnam, Nicaragua and the first Persian Gulf War.
Many professors see the list as manifesting an intolerance for criticism
under the banner of post-Sept. 11 patriotism. They point to the USA
Patriot Act and to legislation that has passed the House that could grant
the federal government increased monitoring power over university
international studies programs that receive federal funding.
"This is part of a trend of blacklisting us, of making sure that we
know we're under surveillance," said Gordon, the anthropology
professor, who teaches a course on African American culture. "I do
worry that what this is moving towards is some sort of
censoring."
The publication of the list comes as conservatives are reasserting
themselves on college campuses that they believe have been liberal
bastions for at least three decades.
Since 1999, College Republican chapters have nearly tripled, according to
the College Republican National Committee. In just two months this fall,
the Campus Leadership Program, a Washington organization that helps
right-leaning students organize on campuses, added 45 groups to its
membership roster, which now totals 216. The Collegiate Network, which
trains conservative student journalists, says there are now at least 80
conservative campus newspapers, more than double the number in
1995.
In 2001, the American Council of Trustees and Alumni, a conservative
group, published a report accusing more than 100 college scholars,
administrators and students of making anti-American statements.
But the UT list is apparently the first published by a student group. It
has inspired at least one other chapter of the Young Conservatives of
Texas, at Stephen F. Austin State University in Nacogdoches, to start
working on one.
Kinghorn said he was impelled to act by Jensen's class as well as
complaints from other conservative students who felt railroaded by
liberal professors. He said that on racial issues, for instance, liberals
had harped on slavery, civil rights violations and ill treatment of
blacks to the extent that "whites feel guilty for breathing
air."
To compile the list, one or two members of his group visited classes and
analyzed syllabuses of about 20 UT professors, keeping an eye out for
professors who use the classroom as a one-sided "bully pulpit,"
Kinghorn said. He said he expects the list to grow as group members
continue to visit classes.
Economics professor Steve Bronars, a free-market proponent, is the list's
lone conservative. Bronars speculates that he was added so "it's not
looking like they're picking on professors who have a more liberal
approach." In addition to the list, the conservative group also
posted an "honor roll," lauding three professors, one termed a
liberal, for running "an intellectually honest
classroom."
In response to studies that have shown that Democrats outnumber
Republicans on university faculties, Rep. Jack Kingston (R-Ga.) last
month introduced a resolution urging universities to adopt an
"Academic Bill of Rights" under which professors would teach
opposing views and grade students without regard to their political
views.
The idea behind the proposal was pioneered by David Horowitz, a 1960s
activist who once edited the leftist magazine Ramparts. Now a
conservative, Horowitz in September formed a group called Students for
Academic Freedom to combat what he calls the grip that liberals have
exercised at universities since the '60s.
"When you go to the doctor, you don't expect to see political
slogans on his wall," Horowitz said. "We all trust our doctors
to be professional and to minister to us regardless of our religion or
our politics. There's a large contingent of professors who no longer
behave like professionals."
Most of the UT professors named on the list said it was unsettling. Some
said they are open to dissenting voices. "People are free to speak
during class," said Restad, the history professor. Others said that
they were unfazed and that the list is unlikely to scare more than a few
students away from some classes.
"I've been getting e-mails from all over the state, from people
congratulating me for being on it," Edwards said.
*******************************
Washington Post
Senate Opens Inquiry Into Leaked Memos
Computer Files Discussed Democrats' Strategy on Bush Judicial Nominations
By Walter Pincus
Friday, November 28, 2003; Page A10
The Senate sergeant-at-arms has opened an investigation into Republicans
obtaining and publicizing internal memos from the computer and network
resources of two Democrats on the Senate Judiciary Committee.
Late Tuesday, Judiciary Committee Chairman Orrin G. Hatch (R-Utah)
confirmed that his inquiry had found that a member of his staff "had
improperly accessed some of the documents" and a second former staff
member "may also have been involved."
Hatch said the current staff member, who was not named publicly and has
been put on administrative leave, denied releasing to the media the
strategy memos written for Sens. Edward M. Kennedy (D-Mass.) and Richard
J. Durbin (D-Ill.). Excerpts of the memos were first published Nov. 14 by
the Wall Street Journal and the next day in the Washington
Times.
The 15 memos written from 2001 to 2003 promote strategies for opposing
judicial nominees of President Bush and occasionally report the views of
outside organizations that have made suggestions on how to respond. Since
the first disclosure, House and Senate Republicans, along with
conservative groups, have continued to publicize the memos, using them to
criticize the Democrats for their tactics.
On Nov. 17, the Independent Women's Forum, a conservative advocacy group,
issued a press release in which it said the memos show the "immense
power they [special interest groups] exert over Democratic
legislators." The press release goes on to identify Manuel Miranda,
a senior aide to Senate Majority Leader Bill Frist (R-Tenn.), as
circulating the memos .
"Manuel Miranda, counsel in Senate Majority Leader Bill Frist's
office, recently sent around an e-mail composed of strategy memos that
had been obtained from the 2001-2002 period when Democrats ran the
Judiciary Committee," the Women's Forum release said. "The
'real bosses' of Democratic legislators, Miranda concluded, are the
liberal interest groups that more or less tell the senators when to sit,
speak and roll over -- and which Bush judges to confirm or
not."
Miranda, who worked for the Judiciary panel's Republican staff until
joining Frist in February, said in an interview Wednesday that he had
sent the Women's Forum and other groups an e-mail copy of the Wall Street
Journal article but nothing more. Asked about the Democratic strategy
memos, he said they "have never touched my office. . . . I have
never distributed any memos to anyone."
Rieva Holycross, the Women's Forum official who said she was responsible
for the Nov. 17 press release, described it as "a terrible
mistake." The group never received the memos, she said, and only had
the Wall Street Journal article that Miranda had sent. Holycross said the
quote attributed to Miranda in the press release was a rewrite of a
sentence in the Journal article, something that Miranda had also
suggested.
Miranda refused to say whether he had been questioned by the
sergeant-at-arms investigators. "I can't comment on an ongoing
investigation," he said. When asked whether any of Hatch's
investigators had talked to him, he said he had "not met with them
at all."
Frist spokeswoman Amy Call said the office was cooperating with the
investigation but would have no further comment.
Five committee Republicans have objected to Sergeant-at-Arms William H.
Pickle allowing anyone to read their backup tapes without their consent.
They also want the inquiry to be limited to examining the "memoranda
in question and no other files."
Three days after the Wall Street Journal article appeared, Sen. Patrick
J. Leahy (Vt.), ranking Democrat on the Judiciary Committee along with
Kennedy and Durbin, requested that Pickle hire security experts to
determine who retrieved the documents.
They also asked for an audit of logs to determine who may have been
trying to access the files or directories from which the memos had been
copied. Two days later, the senators complained to Hatch that he had not
yet given consent for the committee hard drives to be turned over to
Pickle.
On Wednesday, Leahy issued a statement saying he believed Pickle's
investigation "is being handled in good faith" and "with
the intent of identifying and solving this problem."
That same day, Sen. John Cornyn (R-Tex.), a Judiciary Committee member
who asked Pickle to get his permission before accessing his computer
files, took the Senate floor to discuss the memos.
After saying he awaited the outcome of the investigation to see how the
memos were obtained, he said that now they have "entered into the
public domain, and I think it is important that we address these memos
and what, in fact, they confirm about the obstruction and destructive
politics that have taken hold of the judicial confirmation process and
which have left me concerned that there is no foreseeable end to the
current gridlock."
*******************************
Washington Post
FCC to Look at Phone Firms' Use of Internet to Carry Calls
By Christopher Stern
Saturday, November 29, 2003; Page E01
The telecommunications industry, eager to find a route around a
100-year-old regulatory regime, has turned to a new path: the
Internet.
In the month since a federal court in Minnesota ruled that calls
delivered over the Internet are not subject to state regulation, Qwest
Communications International Inc., Verizon Communications Inc. and SBC
Communications Inc. have announced intentions to beef up their ability to
deliver phone calls over their data networks.
The Federal Communications Commission traditionally has had a hands-off
policy when it comes to regulating the Internet. But on Monday, it will
hold its first hearing in its effort to decide whether it needs to step
into an issue that has the potential to transform the industry.
The stakes in the debate are huge. Federal and state governments could
lose billions of dollars in revenue from regulatory fees if calls moved
onto the Internet are no longer subject to the charges. And if the FCC
chooses not to regulate Internet calls, it could raise questions about
the future of the Universal Service Fund, a $6 billion federal program
funded by telephone fees that subsidizes phone service in rural areas and
Internet service for schools.
In moving more voice calls over the Internet, the telephone companies are
taking advantage of a new technology that translates the sound of a voice
into small packets of data and sends them over the Internet like a batch
of tiny e-mail messages. Because e-mail isn't regulated, the telephone
companies argue that neither should calls completed via the
Internet.
Local and long-distance companies are migrating quickly to the new
technology to avoid the cost of maintaining separate voice and data
networks. Nortel Networks, the Canadian telecommunications equipment
maker, estimates that local telephone companies could cut their costs of
running a network by 30 percent by shifting to a Internet-based network.
Nortel also contends that carriers can cut their capital investment costs
by 50 percent. "The market is absolutely moving in the direction of
the convergence of these networks," said Martha Bejar, president of
carrier solutions at Nortel.
Long-distance companies also hope to reap huge savings by using the
Internet to bypass local telephone networks. Long-distance companies now
pay local companies $25 billion a year in "access charges." The
fees cover the cost of connecting long-distance customers to the local
network. The long-distance companies argue they should not have to pay
access charges for calls that travel over the Internet.
FCC Chairman Michael K. Powell had initially been reluctant to jump into
the debate. As recently as October, he had said the agency would launch a
notice of inquiry, an agency proceeding designed to invite public comment
on an issue without reaching a final decision. But earlier this month,
Powell suggested in a letter to Sen. Ron Wyden (D-Ore.) that the agency
could issue a final rule within the next 12 months.
Powell lost a battle at the FCC earlier this year to preempt state
regulation of local telephone companies. Now the Minnesota federal court
decision could give him an opportunity to reverse that ruling -- at least
for calls that are delivered over the Internet. Although Powell has said
he has an open mind on the issue, he has indicated publicly that he is
reluctant to impose traditional telephone regulations on Internet calls.
"I think the worst thing we could do is, again, regulate it like a
telephone, regulate it by an accident for no other reason than that's
what we know and that's what we understand," Powell said in a speech
last month.
In addition to getting answers about regulation of Internet calls,
companies are eager to set guidelines that define when a call is moved
over the Internet and when it moves over traditional voice circuits. For
instance, local telephone companies worry that long-distance companies
will seek to avoid paying fees for connecting local customers to the
long-distance network if any part of the call touches the Internet. Long
distance companies fear local companies won't open their networks to
rivals if a call touches even a piece of Internet-related
equipment.
*******************************
New York Times
December 1, 2003
Marketers Adjust as Spam Clogs the Arteries of E-Commerce
By SAUL HANSELL
AFTER two decades in the garment business in New York, Allan Levy started
an Internet company. His first idea - gifts delivered with custom
greeting cards - did not catch on. So he tried selling gifts without the
cards. Still no home run. But that led to a crucial insight: the real
money on the Internet was in gathering e-mail addresses and using them to
sell products.
So his company, renamed Silver Carrot, sent half a billion e-mail
messages each month offering small prizes - a box of Kraft macaroni and
cheese or a Burger King Whopper - to people who would register some
personal information and agree to receive e-mail. The company gathered 50
million addresses in two years and mailed them offers for diet programs,
credit cards, vitamins and such.
It was a good business, but now, caught in the fury aimed at those who
send unsolicited e-mail, or spam, Mr. Levy must reinvent the company
again.
"We are really looking to build our business outside of
e-mail," he said. "Response rates are much lower than they were
two years ago, and there is a consumer backlash on privacy."
So the company is doing more marketing for its clients on its Web site
and on others. Its remaining e-mail campaigns are to smaller, specialized
lists of people who have agreed to receive his e-mail. Mr. Levy says that
because his mail goes only to those who agree to receive it, it is not
spam.
E-mail marketing is perhaps an embodiment of the "tragedy of the
commons," the bleak vision of an overpopulated future articulated by
Garrett Hardin, an ecologist. He observed that shared pastures, or
commons, in the 19th century became depleted because no individual farmer
had an incentive to moderate the size of his herd.
E-mail is everything a direct marketer could want - fast, flexible and,
most of all, cheap. It is, in fact, far too cheap. That makes it possible
for marketers of all sorts to send lots of it - even for products like
miracle pills that only one person in a million buys - until recipients
are swamped with spam.
The inevitable has happened. E-mail marketers are finding their
electronic fields so despoiled and barren of paying customers that they
must move on.
"There are only so many e-mail addresses and so many people who opt
onto lists," said Timothy C. Choate, chief executive of Aptimus, an
online advertising concern based in Seattle. "You can only contact
people so many times."
Aptimus, like many marketing firms, is returning to buying advertising on
other Web sites for its clients, a marketing format that was all but
abandoned as ineffectual a few years ago. Many of those ads are small
text links on search engines like Google. Some are the more traditional
rectangular banner ads, as well as the hated pop-up ads.
"The vast majority of our business today is on Web sites," Mr.
Choate said. "A year ago, a majority was e-mail."
At the moment, the war on spam seems to be in a phase similar to mutual
assured destruction, with e-mail users and legitimate companies caught in
the cross-fire. Internet providers are creating ever tougher spam
filters. The hard-core spammers are trying to break through the filters
with an ever-expanding number of messages, each with more unusual
spelling and phrasing, turning offers for V1@xxxx and Home Loan$ for Le$$
into puzzles as much as sales pitches.
Congress is considering legislation that would ban many of the fraudulent
practices used by spammers, but few predict that this will do much more
than lead to a handful of prosecutions meant to send messages to
spammers. The big Internet providers are discussing technical changes to
e-mail formats that will allow legitimate senders to be identified and
presumably all other mail to be discarded. But these may well take years
to be adopted.
David W. Kenny, the chief executive of Digitas, a Boston-based direct
marketing agency that represents big marketers like American Express and
AT&T, said most of his clients had stopped using e-mail to find new
customers.
"A lot of e-mail gets lost in the spam," he said. What is not
lost sits in an in-box among offers for illegal cable de-scramblers and
Nigerian money transfer scams. "That's not good for a brand,"
he said.
But marketers need the Internet. Postal mail is becoming more expensive.
Telemarketing is increasingly difficult because of the new national
do-not-call list. And young people are shifting their attention from
television to the Internet.
So clients are forced to be more creative, Mr. Kenny said. American
Express, for instance, gathered credit card applications from links on
the site of the TriBeCa Film Festival; it is one of the festival's
sponsors.
Johnson & Johnson, another Digitas client, has found that people will
read e-mail pitches sent by people they know. So a Web site created for
its Clean and Clear brand of acne remedies encourages people to send
talking e-mail postcards to their friends. Each contains a coupon for the
product.
Of course, not all advertising e-mail is unwanted, and consumers still
sign up to receive e-mail from companies they already do business with,
like notices of new releases from a bookstore or fare sales from an
airline.
"Our survey data is very clear that as annoyed as people are with
spam, they draw a bright line between porn and body-part enlargement
scams and the stuff they signed up for," said James Nail, a senior
analyst at Forrester Research. The challenge for businesses that try to
use e-mail, even to reach willing customers, is that more and more is
being caught in ever-stronger spam filters.
"The big problem for e-mail now is getting it delivered," Mr.
Nail said.
*******************************
Government Computer News
11/28/03
April Fool?s e-mail freed detained kidnapper
By Wilson P. Dizard III
A homeland department employee?s prank e-mail prompted the release of an
immigration agency detainee who had been convicted of kidnapping,
according to the department?s inspector general.
The detainee, whom the IG?s brief report on the incident did not name,
turned himself in to Immigration and Customs Enforcement deportation
officers two days after his improper release.
According to the IG?s description of the incident, a homeland department
employee sent an April Fool?s e-mail to 16 ICE detention officers and
supervisors advising them that the detainee?s citizenship had been
established with a Puerto Rican birth certificate, which authorized his
release.
?At the end of the e-mail, the employee wrote, ?Now about that bridge I?m
selling. April Fools!?? according to the IG. ?Nine minutes later, the
employee sent a second e-mail that began by saying, ?In case you didn?t
get to the end of my previous message, here?s what really happened
today.?? The second message said that the detainee had been ordered
deported to the Dominican Republic.
A homeland officer who read the first prank e-mail but did not note the
April Fool?s reference, and did not read the second e-mail, processed
paperwork that authorized the detainee?s release from a county jail on
April 2. The detention officer realized the mistake on April 3 but did
not report it until the morning of April 4.
?Our investigation further revealed that there is no written authority,
policy and/or procedure for the approval of detainee release documents,?
according to the IG. ?Practices were found to vary between groups in the
same office.?
The report recommended that officials adopt written procedures
Officials of the Border and Transportation Security Directorate, which
oversees ICE, placed the author of the prank on paid administrative leave
between April 4 and Oct. 20, and later suspended the employee without pay
from Oct. 20 through Nov. 19.
A DHS spokesman did not immediately respond to a request for
comment.
*******************************
CNET News.com
Police arrest man in bank PC theft
Last modified: November 27, 2003, 1:10 PM PST
By Reuters
Police have arrested a California man in connection with a burglary in
which a computer with sensitive information about Wells Fargo customers
was stolen, officials said Wednesday.
Edward Jonathan Krastof, 38, was arrested at his home late on Tuesday in
Concord, Calif., the same town where the computer was stolen earlier this
month, said Concord Police Sergeant Steve White.
Krastof, who works at Home Depot, confessed to stealing the computer, as
well as another computer and a laptop, after breaking into the office of
an analyst for Wells Fargo, White said.
Police recovered the equipment at Krastof's home, along with equipment
used for scanning identity cards and checks, he said.
"He is a low-level ID theft kind of guy," White said of
Krastof.
Krastof told police that he did not know that sensitive data was on the
computer, White said.
Wells Fargo will be able to keep the $100,000 reward it had offered in
the case, since the arrest was made from regular police work and not a
tip, White said.
Investigators traced the computer to Krastof when he logged onto his
America Online account at home through one of the stolen computers, White
said. That enabled authorities to connect the computer's Internet
Protocol address, a number that identifies a computer on the Internet, to
Krastof's home address through his AOL account, White said.
Data on the computer included names, addresses, account and social
security numbers for people with personal lines of credit used for
consumer loans and overdraft protection.
The bank has declined to say how many customers might be affected, but
said it is a small percentage of their total 22 million customers.
Under a California law enacted earlier this year aimed at curtailing
identity theft, companies are required to notify customers when their
computerized personal information is believed to have been stolen.
*******************************
Associated Press France
Nigeria sets up panel to fight Internet fraudsters
Thu Nov 27,11:38 AM ET
LAGOS (AFP) - Nigeria has set up a presidential panel to tackle so-called
"advance fee" fraud and other economic crimes committed via the
Internet, officials said.
"The Internet has become the home of scammers who busy themselves
sending all sorts of computer and cyber crimes," said President
Olusegun Obasanjo at the inauguration of the 15-member committee in Abuja
Wednesday.
He said the government has stepped up measures against the fraudsters,
and the new committee would collaborate with existing anti-fraud agencies
to stem Internet fraud (news - web sites), which has harmed Nigeria's
image interationally.
For the past 15 to 20 years, hundreds of thousands of people in Nigeria
and around the world have been targeted by fraudsters who contact them by
email or fax and offer them high returns if they "help" the
fraudsters illegally transfer funds.
Often, the recipients are asked by fraudsters posing as officials of the
Central Bank or another government ministry to provide bank details so
that money can be transferred out of the country via the victim's
account.
At some point, the victim is asked to pay an advance fee. If they agree,
there are often many "complications" which require still more
advance payments to be paid until the victim either quits, runs out of
money, or both.
The frauds, often called "419" scams, have been perpetrated
worldwide and can often be traced back to Nigeria.
*******************************
Washington Post
China Releases 3 Internet Writers, but Convicts 1 Other
By Philip P. Pan
Monday, December 1, 2003; Page A14
BEIJING, Nov. 30 -- China released three Internet essayists who were
detained a year ago for criticizing the government, including a college
student in Beijing whose arrest on subversion charges had attracted
international attention, a human rights group based in Hong Kong reported
Sunday.
Liu Di, 23, a psychology student at Beijing Normal University known
online by the pen name "Stainless Steel Mouse," and the two
other writers were released Friday afternoon, the group reported. The
same day, a court convicted a fourth writer charged in the case, Jiang
Lijun, of subversion and sentenced him to four years in prison, his
lawyer said.
Liu's father, Liu Qinghua, said by telephone that his daughter was
released on bail but ordered not to speak to journalists. Frank Lu,
director of the Information Center for Human Rights and Democracy, said
he spoke by telephone with one of the other writers, Wu Yiran, 34, and
confirmed the release on bail of the third, Li Yibin, 29, through
friends.
The releases come days before German Chancellor Gerhard Schroeder is
scheduled to visit China and little more than a week before Premier Wen
Jiabao's first state trip to the United States. China often releases
political prisoners before or after important meetings with U.S. and
European leaders to blunt criticism of its human rights record.
Before her Nov. 7 arrest last year, Liu managed a popular Web site and
was known for posting satirical notes about the hypocrisy of China's
ruling Communist Party. In one essay, she suggested that people sell
Marxist literature on the streets like "real Communists." In
another, she argued that China's repressive national security laws make
the country less secure.
She also wrote essays pressing for the release of Huang Qi, a businessman
who was arrested in 2000 for running an Internet site that carried items
about the 1989 Tiananmen Square crackdown and was sentenced to five years
in prison for subversion.
News of the arrest of the "Stainless Steel Mouse" spread
quickly across cyberspace. Internet users in China and abroad had
campaigned aggressively for her release.
In October, police arrested Du Daobin, 39, who organized a petition in
Liu's behalf, and charged him with subversion. The organizer of another
petition, Luo Changfu, was reportedly sentenced to three years in prison
earlier this month. Altogether, China has tried, sentenced or denied the
appeals of 13 Internet essayists since mid-October.
Prosecutors have said they will decide whether to indict Liu on any
charges by mid-December, according to her father. Asked whether she had
admitted wrongdoing, he replied: "She did some things that she
shouldn't have. But whether it constitutes a crime, we can't say because
she hasn't been indicted. . . . If she hasn't been indicted of any
charges, how can she plead innocent or guilty?"
*******************************
CNET News.com
New flaws reported in IE 6
Last modified: November 28, 2003, 5:55 PM PST
By Matthew Broersma
Special to CNET News.com
Newly discovered security flaws in Microsoft's Internet Explorer could
let attackers invade a user's PC, but a fix is not yet available.
Danish security firm Secunia warned that when used together, the flaws
could allow an attacker to execute malicious code on a user's PC.
The flaws were reported this week by researcher Liu Die Yu, who posted
the information on public security messaging boards, and appear to exist
on PCs that are patched with the latest Microsoft security updates. Users
are advised to switch off active scripting in Internet Explorer until a
patch becomes available, or to use a non-IE browser.
Instructions on disabling active scripting, which may keep some sites
from functioning properly, are available from the Computer Emergency
Response Team.
One of the flaws is a cross-site scripting vulnerability, allowing
scripts from one security domain (such as the Internet) to execute with
the security privileges of another domain (such as My
Computer).
Secunia said it had verified the flaw on IE 6, but the problems may
affect earlier versions of the browser. "Other versions may also be
affected, and have been added (to the advisory) due to the criticality of
these issues," the company said in a statement.
Microsoft has said it is investigating the issue, and may issue a fix as
part of its monthly patch release, or separately, depending on the
severity of the problem. Microsoft's last cumulative monthly patch was
issued on Nov. 12.
Matthew Broersma of ZDNet UK reported from London.
Directions on how to close security loop holes
http://www.cert.org/tech_tips/malicious_code_FAQ.html#steps
*******************************
Washington Post
Music Industry Reluctantly Yielding to Internet Reality
By Frank Ahrens
Thursday, November 27, 2003; Page E01
Superstar rapper Jay-Z's new album was supposed to hit record stores
tomorrow, but instead his label rushed out the music two weeks ago. Why?
Because pirated copies of the CD, "The Black Album," already
had surfaced on unauthorized song-swapping Internet services.
Jay-Z had big plans for the release. The album is being promoted as the
career-capping effort of an artist who has sold more than 20 million
records worldwide. It kicks off a multi-city farewell tour, months in the
planning. But once executives from Jay-Z's label, Roc-A-Fella Records,
saw the stolen songs on the Internet, they decided to move quickly.
"You plan to do one thing, and you just have to go to plan B,"
Jay-Z said. The rapper encouraged his fans to buy the CD at record stores
or digitally download it from authorized online music stores, such as
BuyMusic.com, where it sells for 99 cents per song.
The battle over online song trading is over; the Internet has won. The
music industry is grudgingly giving up on the idea that it can preserve
the tightly controlled business practices that once made record companies
and artists flush with cash. Instead, a transformation is underway.
Media companies, record labels and retailers are looking for new
opportunities to commercialize online music and assimilate that which
started out free. The change has been fitful. Revenue across the industry
continues to decline -- and layoffs continue to pile up -- as companies
race to catch up to unauthorized services such as Kazaa and Morpheus,
which have millions of devotees. Yet the established companies have made
progress by waging a two-pronged fight, tackling the issue simultaneously
in the marketplace and on the legal front.
New online music stores seem to pop up every day on the Internet, giving
digital-music consumers a chance to legally buy select songs and albums
for listening on their computers, MP3 players and recordable CDs -- in
some cases for as little as 79 cents a song.
On the legal front, the record companies have launched a high-profile
campaign to sue people who distribute songs for free over the Internet in
violation of copyright laws. At the same time they are working to plug
the holes in existing laws. Earlier this month, Sens. John Cornyn
(R-Tex.) and Dianne Feinstein (D-Calif.) introduced legislation to create
the Artists' Rights and Theft Prevention Act, an amendment to existing
copyright law that would make it illegal to use a camcorder to record a
film in a movie theater for illegal distribution. For the music industry,
however, the legislation aims to prevent exactly what happened to Jay-Z,
making it illegal for anyone to distribute songs before their release
date -- a loophole not explicitly covered by copyright law.
The clearest sign of how much things have changed in only three years can
be summed up in one word: Napster. The service that first popularized
peer-to-peer song swapping, Napster was shut down by the courts for
violating copyrights. Late last month, a new, legal service bearing the
Napster name launched, but this one is sanctioned by the music industry.
The birth of so many commercial online services is one of many changes
roiling the music industry. A shakeout is underway among the world's five
major record companies, two of which -- Sony Music Entertainment and BMG
Entertainment -- plan to merge, and a third, Warner Music Group, that is
being bought by an investment team led by Seagram heir Edgar Bronfman Jr.
Meanwhile, retailing giants such as Wal-Mart Stores Inc. and Best Buy Co.
now dominate store sales, overtaking chains such as Tower Records, and
the big retailers are becoming forces unto themselves in determining what
sells and for how much.
The two big-box retailers also are getting into the online-music
business, joining a parade of companies big and small that are seeking to
design a service that becomes the de facto standard among Internet music
buyers -- at least those who want to acquire music legally.
*******************************
Associated Press
Digital Broadcasting Launched in Japan
Mon Dec 1,12:37 AM ET
TOKYO - Digital broadcasting was launched in Japan Monday a step
the government is hoping will provide a much-needed boost to the
country's laggard economy.
The Japanese government is determined to make digital broadcast, which
can deliver vivid, theater-like pictures to television screens, the
nation's standard. It is vowing to make it available nationwide by the
end of 2006.
Standing atop a stage framed by giant television screens, Prime Minister
Junichiro Koizumi led a countdown at a kickoff ceremony that was
broadcast live by major television networks across the country.
"As we mark 50 years since the start of analog television
broadcasting in 1953, I believe we are at a historic moment as television
evolves one step further," Koizumi said.
"Congratulations!"
For now, it only reaches three major cities and potential viewers are
estimated at 12 million households, though actual viewers may be as low
as 300,000, according to industry experts.
The government has invested $1.6 billion to help get the system started.
It hopes the economic perks will total $1.8 trillion over the next decade
as people rush out to buy digital TVs, broadcasters invest in equipment
and new kinds of services blossom.
Digital signals allows much larger amounts of information to be relayed.
Benefits include dazzling cinema-quality images or hundreds of channels
of lesser-quality programs to be relayed.
Another feature of digital TVs is viewer participation, such as surveys,
contest balloting or educational programs, although such programs have
yet to be developed in Japan.
The United States has had terrestrial digital broadcasting since 1998,
and other nations such as England, Sweden, Australia and South Korea
(news - web sites) also already have it. The reception has been mixed.
The commercial terrestrial digital broadcasting outfit in Spain went
bust.
*******************************
USA Today
Homeland Security ends foreigner registration program
Posted 12/1/2003 12:10 PM Updated 12/2/2003 9:35
AM
WASHINGTON (AP) The government is scrapping a rule imposed after
the Sept. 11 attacks that required men and boys from countries with
suspected links to terrorism to register multiple times with U.S.
officials.
The rule forced tens of thousands of Middle Easterners and others
visiting America to provide personal information to government officials.
Asa Hutchinson, the Homeland Security Department's undersecretary for
border and transportation security, said a new registration system that
will apply to more foreigners will be in place next month, making the
current program unnecessary.
The program will end Tuesday when a notice is published in the Federal
Register. Hutchinson said it could be used again if there is another
terrorist attack linked to a foreign country.
Critics who contend the rule infringed on the rights of law-abiding
citizens welcomed its end. But they tempered their response with warnings
that the requirement already had caused damage in Arab and Muslim
communities and that the government still has rules in place that
discriminate against those groups.
"There's more that would have to be done to right this wrong, but it
is one step toward making the program less discriminatory in the
future," said Tim Edgar, American Civil Liberties Union legislative
counsel.
The rule is part of a program known as National Security Entry Exit
Registration System, or NSEERS. It established a national registry for
foreign visitors from 25 mainly Middle Eastern countries.
People from those nations were fingerprinted, photographed and
interviewed by U.S. immigration officials. They had to re-register with
the government after being in the country for 30 days and again after one
year. A total of 83,519 people already in the United States complied with
the order.
Nearly 14,000 people with suspected immigration violations were
identified through NSEERS, and 2,870 were detained. However, just 23
remain in custody, the government says.
People from the 25 countries still will be required to register when they
enter the country and must check in at immigration offices at specific
airports when they leave.
"The Department of Homeland Security will utilize a more tailored
system that is individual-specific rather than the broad categories by
geography," Hutchinson said.
He said the decision to terminate the program was not influenced by harsh
criticism from advocacy groups.
Hutchinson said it was made unnecessary by other programs such as a
foreign student tracking system that began operating in August and the
planned Jan. 5 launch of US-VISIT, which will digitally photograph and
fingerprint millions of people who visit the United States each year on
tourist, business and student visas.
Azhar Azeez, who sits on the board of directors of the Counsel on
American Islamic Relations in Dallas, predicted the withdrawal of the
re-registration rule could provide momentum for the end of other
post-Sept. 11 government policies.
"There's a very huge opposition across the country of the Patriot
Act too, so this whole thing is picking up speed and that's a good thing,
because in my personal opinion, the Patriot Act is the most unpatriotic
act this country has ever written," Azeez said.
The Patriot Act gave government broader surveillance authority, such as
giving it more leeway to use wiretaps and monitor e-mail.
*******************************
CNET News.com
Diebold retreats; lawmaker demands inquiry
Last modified: December 1, 2003, 5:12 PM PST
By Paul Festa
Staff Writer, CNET News.com
Diebold is facing threats on two fronts as free-speech advocates pursue
monetary damages against it and a presidential candidate urges a
congressional inquiry into the company.
Diebold, which makes touch-screen voting machines in use around the
world, on Monday reiterated its withdrawal of copyright takedown notices
directed at numerous Internet service providers with subscribers who
posted copies of its internal e-mail correspondence--and in some cases
links to those copies.
Those takedown notices, issued under a provision of the Digital
Millennium Copyright Act (DMCA), earned Diebold a lawsuit by an ISP with
a client who linked to the documents and by two Swarthmore students whose
school--acting as their ISP--had removed copies under takedown
threat.
The DMCA takedown provision is designed to let copyright holders warn
ISPs of copyright violations and ask that they be taken down before
filing suit against them. Free-speech advocates argued that Diebold's
notices had less to do with copyright protection than with damage
control.
The internal Diebold e-mail correspondence in question criticized the
company's software, security, certification and sales
practices.
Diebold indicated in a Nov. 24 filing with the U.S. District Court in San
Jose, Calif., that it would retract the DMCA notices and would not sue
those who posted the e-mail correspondence or their ISPs. On Monday, the
company restated that promise in the courtroom.
But lawyers who represent the Online Policy Group, an ISP whose client
Indymedia had linked to the Diebold e-mails without posting them,
indicated that they had not finished pressing their case against
Diebold.
Instead, they pledged to seek a court order spelling out that publishing
or linking to the Diebold e-mails doesn't amount to copyright
infringement, as well as monetary damages under the DMCA on grounds of
misrepresentation.
"It's a tremendous victory for free speech, for the Internet as a
communications forum, and it's reaffirming the public side of the balance
that copyright is supposed to embody," Wendy Seltzer, an attorney
with the Electronic Frontier Foundation (EFF), said in an interview after
Monday's hearing.
Seltzer, who represented the Swarthmore students, said the plaintiffs
would seek monetary damages to dissuade companies from using DMCA
takedown notices lightly.
"We've been saying from the beginning that Diebold shouldn't be able
to use copyright law to stop discussion of technologies that are at the
heart of our democracy, and Diebold has finally acknowledged that by
dropping its threats of suit," Seltzer said. "And we plan to
drive that point home to Diebold and anyone else who might be tempted to
misuse copyright similarly."
Diebold did not return calls seeking comment.
Diebold's retreat in the courtroom comes as U.S. congressional
representative Dennis Kucinich, who is seeking the Democratic Party's
presidential nomination, jumped onto the anti-Diebold bandwagon by
providing links to the Diebold e-mail correspondence from his House of
Representatives Web site.
The Web site, launched Nov. 20, criticizes Diebold for both its product
and its conduct in pursuing the Swarthmore students.
"Diebold has been using coercive legal claims to intimidate Internet
service providers and even universities to shut down Web sites with links
to its memos and remove the memo content," the site reads. "By
abusing the Digital Millennium Copyright Act, Diebold has intimidated
numerous Internet service providers to comply with its
requests...Congressman Kucinich is working to address these problems by
providing some of Diebold's internal memos on this site to increase
public access..."
Kucinich also asked the U.S. House Judiciary Committee to investigate
Diebold's DMCA takedown notices.
"Diebold's actions are representative of a growing body of abuses
through which large and powerful parties unfairly intimidate ISPs to
remove information those parties do not like," Kucinich wrote in a
letter dated Nov. 21. "Powerful parties should not be permitted to
misuse copyright as a tool for limiting bad press and barring access to
legitimate consumer information."
The court hearing the students' and ISP's case against Diebold sent the
case for mediation, scheduled hearings for motions in January, and
scheduled a final hearing for Feb. 9.
*******************************
BBC Online
DVD-copying firm sued by Warners
Film giant Warners is taking legal action against a US-based firm that
distributes DVD-copying software.
Warner Home Video UK said the product sold by 321 Studios Europe gets
around the anti-copying protection on DVDs.
It is seeking an injunction to block the sale and distribution of the
software, which it says is in breach of new EU anti-piracy laws.
321 - already the subject of a similar lawsuit - previously said it
welcomed the prospect of a legal case.
Warners said the new move had been prompted by the Copyright and Related
Rights Regulations 2003, which came into force at the end of October.
Previous laws
This law strengthens copyright protection in the UK and amends the
Copyright, Designs and Patents Act 1988.
It follows an earlier injunction filed against the company by Warners in
September under the previous laws. This is still pending.
The latest lawsuit has been filed on behalf of the Motion Picture
Association, which represents the major Hollywood studios.
In a previous statement, 321 Studios has said it welcomes the opportunity
in court to clarify the position of copying DVDs for personal use.
The firm sees itself as a leading proponent in the fair use of
copyrighted material, fighting its case on both sides of the
Atlantic.
*******************************
Washington Post
Storm KO'd Va. Disaster Plan
Lack of Backup Sank High-Tech Reporting System
By Michael D. Shear
Tuesday, December 2, 2003; Page B03
RICHMOND, Dec. 1 -- Virginia's top emergency official said Monday that a
computer designed to track requests for help from local governments
failed repeatedly during Hurricane Isabel, delaying the distribution of
ice, water, generators and other assistance.
Michael Cline, the director of the state's Department of Emergency
Management, told lawmakers at a hearing that the state's "Action
Tracking" computer system did not have a battery backup. When the
power went out, requests for help were lost.
"There were a lot of breakdowns in communications," Cline told
members of the Senate and House commerce committees. "We are trying
to work with each of those local governments. Communication was obviously
a major issue."
In the days after the storm swept across Virginia, officials in Hampton
Roads and other parts of the state complained that their pleas for
assistance were going unheeded. Some blamed the Federal Emergency
Management Agency, while others pointed to problems in the state's
emergency operations center.
Cline said that some state workers were not trained properly and did not
know how to use the computer system when it was operational. And he said
some requests for help that were entered into the tracking system
languished there for days.
Several lawmakers said they were concerned about the problems but also
praised state workers for their effort in responding to Hurricane
Isabel.
"Did they do it perfectly? No," said state Sen. Thomas K.
Norment Jr. (R-James City). "Did they make a yeoman's effort? Yes.
Just like any natural disaster, there are agencies of state government
that performed marvelously, and there are certainly some who could
improve."
Monday's hearing was open to the public, but few residents testified
during the afternoon session. Instead, committee members heard updates
from representatives of state agencies, insurance companies and
utilities.
Cline said damage from the storm totaled $1.6 billion, not including its
impact on the Virginia economy. He said 5 million people were without
power, and 231 communities issued boil-water advisories.
The storm left 20 million cubic yards of debris, Cline said, enough to
cover 200,000 football fields.
"It left an unprecedented scope of destruction," he said,
"and extreme destruction in many areas."
*******************************
Australian IT
China battles world's IT trash
Correspondents in Beijing
DECEMBER 02, 2003
MOST of the world's electronic trash - especially old computers - is
dumped in China, causing severe environmental problems and illnesses
among residents, state media reported.
About 80 per cent of the world's electronic rubbish is imported to Asia
every year, 90 per cent of which ends up in China, the Xinhua news agency
said.
Originally, only south China's Guangdong province was seriously
threatened by imported electronic trash, but now dozens of the country's
provinces and municipalities are affected, the agency said.
The large amount of trash dumped in Chinese cities has created serious
health hazards for residents, environmental activists warned.
Lai Yun, a leading environmentalist in China, who visited Guiyu town in
Guangdong province 10 times last year, said about 80 per cent of local
children, as well as some local migrant workers, suffered respiratory
diseases and skin diseases due to pollution from electronic
trash.
And she said she believes what she saw in Guiyu was just "the tip of
the iceberg" in China.
Chinese authorities have listed Guangdong's towns of Guiyu, Longtang and
Dali and other areas as the country's major collection and distribution
centers for electronic trash, Xinhua said.
The other areas are the Taizhou region of east China's Zhejiang province;
Huanghua city of north China's Hebei province as well as some areas in
Hunan and Jiangxi provinces.
Some developed countries still allow the export of electronic trash,
leading to little effort by computer manufacturers and others to try to
retrieve used computers. Signs the problem could be curbed have emerged,
however.
The European Union has drafted laws to require its computer producers to
take the retrieval of used computers into consideration when estimating
production costs.
And all computer producers are required not to use any environmentally
hazardous material in computer production.
China is also preparing to draft laws to regulate the country's
electronic rubbish retrieval and recycling system to make clear that it
is the computer producer's duty to retrieve and deal with used electronic
products.
Agence France-Presse
*******************************
CNET News.com
Flaw in Linux kernel allows attack
Last modified: December 1, 2003, 4:58 PM PST
By Robert Lemos
Staff Writer
The Debian Project warned on Monday that a flaw in the Linux kernel
helped attackers compromise four of the open-source software project's
development servers.
During several intrusions Nov. 19, the flaw enabled an attacker who
already had access to a server to remove the limitations that protected
the system from everyday users. The technique is known as a privilege
escalation.
Members of the development team found the flaw in September and fixed the
latest version of the core Linux software, or kernel. The fix came a bit
late, however. The latest version of the kernel, 2.4.23, was released
Friday, eight days after the Debian breach.
The Debian Project, which uses only truly open-source software in its
make-up, stressed that the breaches hadn't affected the project's code
base.
"Fortunately, we require developers to sign the upload (software)
digitally," said Martin Schulze, a developer and member of the
project. "These files are stored off-site as well, which were used
as a basis for a recheck."
The development team promised to lock all developer accounts until the
flaw had been found and fixed. The team published patches for the flaw on
Monday as well but didn't specify when the accounts would be unlocked.
The unknown attacker compromised at least four servers. The
systems--known as Master, Murphy, Gluck and Klecker--had maintained the
open-source project's bug tracking system, source code database, mailing
lists, Web site and security patches.
The attacker gained access to one of the systems by compromising a
developer's computer and installing a program to sniff out the characters
typed on the developer's keyboard, according to a postmortem analysis the
team published Friday. When the programmer logged into the klecker
system, the attacker recorded his password.
Using the September flaw, the attacker gained owner privileges on
Klecker. This is frequently referred to as "owning" the system.
The flaw--in a part of the kernel that manages memory--allows only users
that already have access to the system to raise their privileges. Such
flaws are less critical than vulnerabilities that give an outside
attacker access to a server and so are fixed less quickly.
The attacks have been the latest leveled at open-source software. In
early November, an attacker attempted to corrupt the Linux kernel with a
coding error that would have created a flaw similar to the one that
affected the Debian Project. A year ago, malicious attackers placed
spyware into a popular open-source tool, Tcpdump. Several other known
attacks have also been executed against other open-source projects.
The latest bug has been fixed in the most recent version of the Linux
kernel, 2.4.23, and has also been patched in the next generation of Linux
since 2.6.0-test6, which was released in late September.
Despite a two-month delay in releasing a patch, Ian Murdock, the founder
of Debian and the chairman of Linux distribution maintenance provider
Progeny, praised the project team.
"All in all, the way the Debian guys handled the situation has been
admirable: They have been open with what they found out, and the speed at
which they have found things out has been quite quick," he said.
Murdock is a developer on the team but no longer has day-to-day
administration duties.
*******************************
CNET News.com
Group seeks political power for P2P
Last modified: December 2, 2003, 5:28 PM PST
By John Borland
Staff Writer, CNET News.com
A new nonprofit organization aimed at welding file-swapping and
open-source computing advocates into a political force is launching
online this week.
Dubbed "Click The Vote," an allusion to the successful Rock the
Vote efforts focused at the MTV generation, the group hopes to make
digital copyright and computing matters an issue in the 2004 election
campaigns.
While not yet backing specific policies, the group's early statements
include support for legalizing music sharing along with a mechanism for
paying artists, and support of "open computing" as opposed to
the "trusted computing" initiatives supported by Microsoft and
others. These technology issues should be viewed as policy issues in a
modern, digital world, the group says.
"Openness and free speech is what has made this democracy
thrive," said organizer John Parres, a onetime advisor to Hollywood
power broker Michael Ovitz and co-founder of the influential Pho digital
music e-mail discussion group. "We're concerned that things are
going in the wrong direction, that we're heading towards closed
computing, encrypting speech, and those things are not conducive to a
thriving democracy."
The group hopes to tap into the momentum several online organizing
efforts have gained this year, including the early stages of presidential
candidate Howard Dean's campaign, and the fundraising efforts of the
political action committee MoveOn.
It's targeted at the technologically savvy audience of file swappers and
open-source programmers--a demographic perhaps best represented by the
extraordinarily active Slashdot technology news site community. That is a
vocal group in online circles, but it has not yet been felt as a powerful
political force.
This isn't the first attempt to turn the widespread dissatisfaction with
digital copyright law--along with campaigns such as the Recording
Industry Association of America's lawsuits against file swappers--into
political action.
In the declining days of the original Napster, the company beseeched its
users to write their legislators and sing the virtues of file trading.
The campaign did raise some awareness of the issue in Washington, D.C.,
but that did not save the company from crippling legal rulings and
bankruptcy.
More recently, Kazaa parent Sharman Networks spent $1 million last month
on a print advertisement campaign, touting its own organizing Web site.
Click The Vote is starting without corporate backers and will rely
largely on donations for funding, Parres said. But the group is looking
to focus on exerting influence through galvanizing voters rather than
through political contributions.
"I think there is a pool of energy out there that we're going to
harden and focus and bring to bear on these issues," Parres said.
"What needs to happen to push this thing forward is for people to
start communicating in a coherent voice with their
legislators."
*******************************
Wired News
How Much Is Privacy Worth?
02:00 AM Dec. 03, 2003 PT
The Supreme Court will hear oral arguments Wednesday over whether the
federal government should reimburse individuals whose sensitive data was
disclosed illegally, even if no harm can be proven.
At issue before the court, according to privacy advocates, is how
valuable privacy really is.
The Privacy Act of 1974 prohibits the government from disclosing private
information intentionally, without the individual's consent, and provides
for a $1,000 minimum fine if the individual is "adversely
affected."
In the case, known as Doe v. Chao, to be argued Wednesday, the Department
of Labor distributed the Social Security number of a coal miner who was
appealing for black lung benefits.
Since 1969, the Labor Department has used miners' Social Security numbers
as their case numbers on documents shared with coal companies, insurance
companies and lawyers for all sides. Those documents also were published
in court filings that later ended up in legal databases.
In 1997, seven anonymous coal miners sued, alleging the government had
flagrantly violated the Privacy Act and put them at risk of identity
theft.
Only one of those miners, known as Buck Doe, prevailed in the original
case, winning $1,000 by arguing that he suffered emotional distress from
the fear that the data leak would lead to identity theft. The government,
arguing that the plaintiff needed to show real injury, appealed the
decision to the 4th U.S. Circuit Court of Appeals and won.
Buck Doe argues that the leak itself causes enough distress to warrant an
automatic penalty, even if the information leak never leads to financial
harm.
Marcia Hoffman, staff counsel at the Electronic Privacy Information
Center, which filed a friend of the court brief (PDF) supporting the
anonymous miner, argues that Congress preset the penalty precisely
because it is so hard to put a price on an abstract concept such as
privacy or to prove damages in absence of others' misuse of that data.
"If your Social Security number is disclosed, there is a real
potential harm from identity theft," Hoffman said.
Ari Schwartz, associate director of the Center for Democracy &
Technology, which was one of many organizations that cosigned EPIC's
brief, argues that the outcome of the case will have implications beyond
the Privacy Act and could affect future privacy legislation.
"The outcome of this case will make a general statement about how we
value privacy in the United States today," Schwartz said. "If
someone rummages through all your stuff, nothing's taken, but they find
out information about you, (yet) you can't show actual damages.
"Yet something intangible has been taken from you, and what do we do
to make up for that as a society?" asked Schwartz. "It seems
clear to us from the history of the Privacy Act that Congress at that
time wanted people to be compensated even for intangible harm."
The government, on the other hand, argues that the law requires citizens
to demonstrate real damages from intentional disclosures of
information.
*******************************
BBC Online
Sexual spam could spark lawsuits
By Mark Ward
BBC News Online technology correspondent
Legal experts are warning companies to do more to stop pornographic spam
reaching employees.
Firms that do not take steps to stop sexually explicit spam could face
lawsuits from employees suffering distress because of exposure to
offensive images.
The experts urge companies to deploy anti-spam tools and curb offensive
messages before they reach workers' desktops.
"This is an obvious case where employers are directly liable to
their employees," said net law expert Dr Brian Bandey.
Care culture
Dr Bandey said many firms tended to think of their duties to their staff
in terms of statutes governing a healthy and safe workplace.
But, he said, there was a significant number of common law obligations
and guidelines that also placed burdens on companies to look after their
staff.
This common law requirement demanded that employers tackled all factors
affecting a safe working environment, said Dr Bandey.
"This means all of the hazards, physical, mental and now emotional,
that employees are exposed to," he said.
The obligation to oversee the welfare of workers extended to policing
what reached the e-mail inboxes of workers and tackling sexual spam.
A survey this week by security firm Symantec found that 63% of the firms
it questioned thought spam was offensive.
To avoid lawsuits for mental or emotional distress firms had to take all
reasonable and practical steps to stop explicit spam, said Dr Bandey.
"But," he added, "many companies do not take these steps
and I do not understand why they do not."
Technical tricks
Dr Bandey said that some firms were already fighting legal claims that
centred on the anxiety, emotional or mental distress caused by
inappropriate words and pictures at work.
Ed MacNair, security manager at filtering firm NetIQ, said: "I think
there no excuses now because the technology is available to stop spam
coming in."
"Companies are being really slack," he said, "they are not
addressing the problems."
Mr MacNair said now, on average, employees get 20 spam e-mails per day.
NetIQ analysis of the e-mail sent to one of its customers, an investment
bank with 4,000 users, showed that 52% of inbound messages were spam.
Mr MacNair said that some of the spam was the fault of employees who had
not been educated about responsible use of the net.
"The damage has been done," he said. "People have been
promiscuous with their e-mail addresses and used them to log in to any
and every type of website."
Many employees were also abusing net access and using work time to
download and view pornographic and other inappropriate material.
Further analysis of the e-mail traffic to and from the investment bank
showed that 9.8% of inbound e-mail contained image files and 95% of these
image files were pornographic in nature.
On a typical day this meant that almost 9,000 pornographic images were
being seen by employees.
These large image files used up 40% of the firms available bandwidth.
This cavalier use of the net could leave firms open to a second legal
danger, warned Dr Bandey.
He said the growing trend towards holding firms criminally responsible
for what their employees do could mean trouble for some companies.
"What's going to happen is that the police are going to wake up to
corporate liability with respect to the transmission of pornography using
corporate servers," he said.
*******************************
Los Angeles Times
Pirated Movies Flourish Despite Security Measures
The more studios try to stifle bootlegging, the more technology works to
undermine them.
By Lorenza Muñoz and Jon Healey
Times Staff Writers
December 4, 2003
Hollywood's all-out war against movie piracy is turning into a big-budget
bomb, with illegal copies of virtually every new release and even
some films that have yet to debut in theaters--turning up on the
Internet.
Sophisticated computer users currently can download pirated versions of
titles ranging from "Bad Santa" to "Master and Commander:
The Far Side of the World." While some of the versions are crude
copies made by camcorders aimed at theater screens, a surprising number
are nearly pristine transfers.
The abundance of bootlegs arrives just as the movie studios have launched
their most aggressive campaign yet to protect their business from the
rampant downloading that has plagued the record industry. As part of this
antipiracy initiative, the studios have done everything from banning the
distribution of free DVDs to awards voters to stationing security guards
equipped with night-vision goggles inside Hollywood premieres to spot
camcorder users.
The steps may have made some thievery more difficult, but overall, piracy
appears to be up from previous years, when an avalanche of year-end
awards DVDs and videos, or "screeners" as they are called,
flooded the entertainment and media communities. In fact, the new
security measures seem only to have emboldened some pirates.
The Motion Picture Assn. of America says that last year it found at least
163,000 Web sites offering pirated movies. The number is likely to go up
to 200,000 sites by the end of the year, said Tom Temple, the
association's director of worldwide Internet enforcement.
A major source of movies online is an underground network of groups that
specialize in bootlegging films, piracy experts say. These "ripping
crews" which recruit members around the world to obtain, edit,
transfer and store films compete with each other to be the first to
obtain a movie, the experts say. They frequently are assisted by people
connected to the movie industry, whose numbers include cinema employees,
workers at post-production houses and friends of Academy
members.
Pirates usually copy a movie first by sneaking a digital camcorder into a
movie theater, sometimes the very auditorium in which antipiracy public
service announcements have just played before the feature attraction.
These copies yield something less than DVD-quality results. After this
version appears online, crews will continue to compete to deliver a true
DVD-quality version before it is officially released to video
stores.
Piracy-monitoring firms say the advancing technology of digital
camcorders is yielding dramatic improvements in the earliest versions of
pirated movies. Although these efforts vary, the best ones come close to
the picture and sound quality of DVDs.
Mark Ishikawa, the chief executive of BayTSP, a Los Gatos firm that helps
studios combat online piracy, said, "We have seen some copies of
'Finding Nemo' that look like they were DVDs, yet after forensics we
determined they were camcorders." Said another antipiracy expert who
asked not to be identified: "The quality of non-DVD screeners has
increased so much in the past year, the DVD screener ban is too little,
too late."
The crews store films on powerful computers connected to the Internet but
not accessible to the public. But their movies quickly trickle down to
places open to the Internet savvy, such as Internet chat rooms and news
groups. They take pains to hide their identities and locations, and so
far have remained outside the reach of federal enforcers and studio
lawyers. The Justice Department has struck only a glancing blow against
this type of piracy, prosecuting members of several so-called
"warez" groups, loose confederations of online partners who
concentrate on copying computer software and games.
Nevertheless, government agencies are paying attention. The FBI began
investigating the unauthorized release to the New York Post of Mel
Gibson's "The Passion of Christ" two weeks ago; by the time
that probe began, federal authorities already had launched a broader
investigation into the unauthorized copying of numerous other first-run
films, according to sources.
Adding to the magnitude of the problem is the fact that some of these
bootleg copies are pirated from inside the entertainment industry itself.
Piracy from such an array of sources means that there now are more
Internet movie offerings than at the world's largest megaplex. Quentin
Tarantino's "Kill Bill Vol. 1" is available in two versions, an
American/European edition (with portions in black and white) and one in
Japanese (all in color). Other titles available include "The
Rundown," "Timeline," "21 Grams," "The
Missing," "The Cat in the Hat," "Thirteen" and
"Pieces of April."
The box-office hit "Elf" was available four days before its
Nov. 7 release in theaters, taken from a digital camcorder recording made
in a theater, with the sound most likely recorded from a cinema seat
audio jack used by hearing-impaired moviegoers. Films not yet in
theaters, including "Girl With a Pearl Earring" and
"Monsieur Ibrahim," were taken from DVD screeners sent out in
advance of the films' release.
As part of the campaign against movie piracy, the MPAA on Sept. 30 banned
the seven major studios and their specialty film divisions from sending
out free movies to anyone but the 5,800 Academy Awards voters. Oscar
voters, furthermore, can only receive specially marked videocassettes and
not DVDs, which provide better masters for bootlegs. The move infuriated
the makers of lower-budget movies and less conventional fare, who feared
the true motive for the ban was to bring Oscar attention back to big
studio releases.
Movies from independent companies that are not part of the MPAA are
turning up in a number of Internet sites. DVD copies of all of the movies
being pushed for awards consideration by Lions Gate Films, for example,
are available illegally online. Lions Gate began sending out screeners to
an array of awards voters two weeks ago. The studio declined comment
Wednesday.
The motion picture association's Temple said the main point of the ban
was to delay the arrival of high-quality copies of movies online as long
as possible. It's too early to tell the impact of the new rules, he said,
because the studios have just started sending out screeners. But a few
copies of DVD and VHS screeners have started to pop up online; for
example, a VHS copy of United Artists' "Pieces of April" hit
the Net on Thanksgiving.
The piracy expert who asked not to be named said the MPAA's action
"has of course caused a shortage of real, true DVD screeners of
movies" online. "But it doesn't matter because there are copies
out there that are good enough?. Some of them even exceed the quality of
VHS screeners."
Several other experts agreed that the new rules have had absolutely no
effect on the availability of movies online.
"There's no difference," said Kevin Moylan, senior vice
president of the antipiracy firm Vidius Inc. of Beverly Hills. "The
thing to remember is that all it takes is one copy. So even an authorized
screener, one of them is going to perpetrate a leak."
The MPAA ban is now at the center of a lawsuit in New York, where on
Wednesday a federal judge heard a full day of testimony on a challenge by
a group of independent filmmakers to the screener edict. MPAA President
Jack Valenti testified that the prohibitions were necessary to combat the
illegal copying and sale of videotapes and DVDs.
But two independent film producers who are among the plaintiffs in the
case testified that the distribution of screeners is essential to their
strategy of marketing independent films based on good reviews, word of
mouth, mentions on critics' Top 10 lists and, eventually, awards
nominations.
"The hardest thing with my movies is getting people to see them?.
[It's] not that people would want to steal them," said producer Ted
Hope, who has prize aspirations for two films this year, "American
Splendor" and "21 Grams."
He and fellow indie producer Jeff Levy-Hinte, who has similar hopes for
his film "Thirteen," told the judge that the major studios
would have a big advantage if lower-budget films like theirs cannot send
thousands of copies to opinion-makers and voters who may never see the
works in theaters.
The organization's vice president supervising its anti- piracy efforts,
former FBI agent Kenneth Jacobson, later told the judge that the film
studios were trying to avoid what happened in the music industry, in
which illegal Internet downloading is widely seen as cutting sharply into
sales.
Authorities around the world already have seized "35 million
[illegally copied movies] so far this year," Jacobson testified,
adding that film piracy has become so rampant in countries such as China,
Russia and Pakistan that the legal markets there have all but
evaporated.
Miramax's Harvey Weinstein, who has used promotion campaigns to gain
multiple Oscars for films such as "Shakespeare in Love,"
submitted a declaration stating that "a successful awards season can
make the difference between a movie grossing $5 million at the box office
and a movie grossing $20 million."
U.S. District Judge Michael B. Mukasey said he will rule Friday whether
to grant a temporary restraining order barring the MPAA from carrying out
the ban.
The MPAA and California law enforcement officials plan to announce today
how they will enforce a new state law barring the illegal recording of
motion pictures in movie theaters. Similar federal legislation has been
proposed.
*******************************
CNET News.com
Report: A third of spam spread by RAT-infested PCs
Last modified: December 3, 2003, 11:03 AM PST
By Munir Kotadia
Nearly one-third of all spam circulating the Web is relayed through PCs
that have been compromised by malicious programs known as Remote Access
Trojans, according to Sophos, an antispam and antivirus company.
Graham Cluley, a senior technology consultant for Sophos, said Wednesday
that the increasing use of broadband Internet connections and a general
lack of security awareness have resulted in about one in three spam
e-mails being redirected through the computers of unsuspecting users.
"There are lots of people on cable modems and broadband connections
that haven't properly secured their computer," he said. "They
don't know it, but their PC is being used as a relay for sending spam to
thousands and thousands of other people. We believe that 30 percent of
all spam"--or unsolicited commercial e-mail messages--"is being
sent from compromised computers."
Cluley said that if a Remote Access Trojan (RAT), a type of Trojan horse
program, is able to get into a PC, an attacker could take full control of
that PC, as long as it is connected to the Internet. "They can steal
information, read files, write files, send e-mails from that user's
name--it is as though the attacker has broken into the office or home and
is sitting in front of that computer," he said.
There is also a very small chance that PC owners will have any idea their
system is being used by a third party, said Cluley, who warned that
attackers could remove any traces of their activity so that there would
be no obvious record: "It is really just network and Internet
bandwidth that is suffering--there is no permanent record left on the PC
that you can look up--you wouldn't see anything if you checked your
Outlook 'Sent Items' folder," he said.
Sophos is also concerned that there may be a connection between virus
writers and spammers. Cluley pointed out that the groups have similar
interests, and he said he knows of worms that have attacked antispam Web
sites.
"Antispam Web sites have been knocked out by these viruses," he
said. "Why is that? We all suffer from spam. Virus writers are
either working with spammers or they are the spammers."
*******************************