Beware the Worm in Your Handset:
"As more consumers begin surfing the Web and sending e-mail messages on cellphone and hand-held devices, along comes a new worry: worms and viruses spread via Internet-enabled handsets."
The problem is still small, with only a few cases reported globally. But as operating systems in cellphones become standardized, hackers will probably begin focusing on vulnerabilities in those systems as they have with personal computers. And as cellphones and personal digital assistants connect to the Internet at ever faster speeds, more users will be able to download files with attachments - some of which may be infected.
Asia, where high-speed networks and text messaging on mobile phones are common, is the most vulnerable to these threats. As carriers in Europe and North America adopt similar technology, they will confront the same kinds of hazards.
Telecommunications companies currently spend as much as $8 billion a year fixing handsets with programming errors, faulty mechanics and other problems. Now some are scrambling to prevent virus attacks that could cost carriers millions of dollars more in repairs and lost business.
"The danger to mobile phone networks is probably five times bigger than with personal computers because very few people are focused on this problem now," said Andrew Cole, senior vice president at Adventis, a Boston-based consultant specializing in telecommunications issues. "The dominant form of messaging is going to be cell-to-cell, so this could escalate very rapidly and overload phone networks. What if viruses phone 911 randomly?"
That, in fact, is what happened in Japan in 2000 and 2001. NTT DoCoMo, the country's largest cellular phone provider, received complaints from customers who were being sent messages that froze their screens and automatically dialed 110, the emergency line to the police in Japan.…
That event was a shock because the company is spending billions of dollars introducing its high-speed third-generation, or 3G, network that allows users to download data up to 40 times faster than conventional mobile phone networks. A rash of viruses might turn off users to the new network before it was released. Eventually, DoCoMo dealt with the problem by installing special security software on its servers and new handsets, which were also being bombarded with unwanted commercial e-mail and text messages from advertisers, dating clubs and other marketers. DoCoMo blocks about 55 percent of the one billion text messages that reach its servers each day because of suspicious return addresses or attachments. Another 26 percent of those messages are blocked by DoCoMo users who have programmed their handsets to turn back unwanted mail or spam.
http://www.nytimes.com/2003/11/28/technology/28cell.html
Friday, November 28, 2003
Wednesday, November 26, 2003
News: The computer virus--no cures to be found:
"Of all the accomplishments in the annals of technology, Fred Cohen's contribution is undeniably unique: He introduced the term 'virus' to the lexicon of computers."
The University of New Haven professor used the phrase in a 1984 research paper, in which he described threats self-propagating programs pose and explored potential defenses against them. When he asked for funding from the National Science Foundation three years later to further explore countermeasures, the agency rebuffed him.
"They turned it down," said Cohen, who is also principal analyst for research firm Burton Group. "They said it wasn't of current interest."
Two decades later, countless companies and individuals are still paying for that mistake. The technology industry has yet to find a blanket solution to the ever-growing list of viruses and worms that constitute the greatest risk to computers on the Internet. Every year, companies lose billions of dollars when forced to halt work and deal with infectious digital diseases, such as Sobig and Slammer.
While much attention has been paid to the malicious online attackers who exploit technology's vulnerabilities, little has been documented about the origins of the virus. Its early iterations were not created by malcontent teenagers or antisocial geeks but by campus researchers, system administrators and a handful of old-school hackers who thought that the ability to reproduce their programs automatically was a neat trick.
http://zdnet.com.com/2100-1105_2-5111442.html
"Of all the accomplishments in the annals of technology, Fred Cohen's contribution is undeniably unique: He introduced the term 'virus' to the lexicon of computers."
"The design of the Internet facilitates the distribution of information--all sorts of information; it's a double-edged sword," Gordon said in a recent e-mail interview. "Even if (viruses) are not designed to be intentionally malicious or dangerous, if they get outside of a controlled environment, there can be unexpected results."
The University of New Haven professor used the phrase in a 1984 research paper, in which he described threats self-propagating programs pose and explored potential defenses against them. When he asked for funding from the National Science Foundation three years later to further explore countermeasures, the agency rebuffed him.
"They turned it down," said Cohen, who is also principal analyst for research firm Burton Group. "They said it wasn't of current interest."
Two decades later, countless companies and individuals are still paying for that mistake. The technology industry has yet to find a blanket solution to the ever-growing list of viruses and worms that constitute the greatest risk to computers on the Internet. Every year, companies lose billions of dollars when forced to halt work and deal with infectious digital diseases, such as Sobig and Slammer.
While much attention has been paid to the malicious online attackers who exploit technology's vulnerabilities, little has been documented about the origins of the virus. Its early iterations were not created by malcontent teenagers or antisocial geeks but by campus researchers, system administrators and a handful of old-school hackers who thought that the ability to reproduce their programs automatically was a neat trick.
http://zdnet.com.com/2100-1105_2-5111442.html
Domain Theft is Still a Little Too Easy:
"Do you ever get spam offering to sell you fake IDs? Here's one reason why some people want to buy one: a fake ID, a fax machine, and an absence of morals are all that's needed to hijack any domain name. "
Yes, stealing a domain name from its rightful owners still appears to be child's play. A reader contacted me about his case involving the domain name DVDMovies.com. Several weeks ago Arnold Jones of Visionario Inc., a storage consulting firm and owner of dvdmovies.com, discovered that this domain had been transferred to someone else.
This person had sent in to Network Solutions, the registrar holding the registry of dvdmovies.com, a request by fax to change the e-mail contacts on the registration to a free yahoo.com address. Even though his identification information had been forged, including a copy of a fake Florida drivers license with Jones's work address on it, Network Solutions happily obliged and did not scrutinize the license.
Once the e-mail contact had been changed, the domain pirate simply sent a request to reset the password on the account, and he replied from the new address. Now that he had control over the account, he could transfer the registration to another registrar.
However, according to Jones' account, there were many other glaring red flags that should have alerted Network Solutions to a possible hijacking:
The fax requesting the e-mail change came from area code 530, in California, but all registrant information was for Florida.
The key administrative contact e-mail address was changed to a free, untraceable yahoo.com address.
The fake Florida drivers license lacked all the major characteristics of a legitimate Florida drivers license.
Jones required two weeks of time and effort before he got his domain back. If he was less sophisticated about these matters, it might have taken him much longer to take control of the domain. To compensate him for the two weeks of time and the lack of his domain, Network Solutions extended his registration by a year, a $35 value. Gosh, I hope he declares this on his taxes.…
http://www.eweek.com/article2/0,4149,1384450,00.asp
"Do you ever get spam offering to sell you fake IDs? Here's one reason why some people want to buy one: a fake ID, a fax machine, and an absence of morals are all that's needed to hijack any domain name. "
Yes, stealing a domain name from its rightful owners still appears to be child's play. A reader contacted me about his case involving the domain name DVDMovies.com. Several weeks ago Arnold Jones of Visionario Inc., a storage consulting firm and owner of dvdmovies.com, discovered that this domain had been transferred to someone else.
This person had sent in to Network Solutions, the registrar holding the registry of dvdmovies.com, a request by fax to change the e-mail contacts on the registration to a free yahoo.com address. Even though his identification information had been forged, including a copy of a fake Florida drivers license with Jones's work address on it, Network Solutions happily obliged and did not scrutinize the license.
Once the e-mail contact had been changed, the domain pirate simply sent a request to reset the password on the account, and he replied from the new address. Now that he had control over the account, he could transfer the registration to another registrar.
However, according to Jones' account, there were many other glaring red flags that should have alerted Network Solutions to a possible hijacking:
The fax requesting the e-mail change came from area code 530, in California, but all registrant information was for Florida.
The key administrative contact e-mail address was changed to a free, untraceable yahoo.com address.
The fake Florida drivers license lacked all the major characteristics of a legitimate Florida drivers license.
Jones required two weeks of time and effort before he got his domain back. If he was less sophisticated about these matters, it might have taken him much longer to take control of the domain. To compensate him for the two weeks of time and the lack of his domain, Network Solutions extended his registration by a year, a $35 value. Gosh, I hope he declares this on his taxes.…
http://www.eweek.com/article2/0,4149,1384450,00.asp
Creating Interactive Video With MPEG4:
"MPEG4 is finally starting to gain some traction. The allure of platform and vendor independence and ubiquitous players on all kinds of devices is strong. But in many areas, MPEG4 is still a 'bleeding-edge' technology. You'll quickly feel the pain when you try to do any but the most basic audio/video delivery using it. Today, all the major streaming players support MPEG4, mostly through the EnvivioTV plugin. And Apple's Quicktime lets you convert all kinds of movies to MPEG4 using the best-$30-you-ever-spent-on-software Quicktime Pro. But to really unlock the promise of MPEG4 – universal and reliable authoring and playback of complex interactive multimedia – you still have to go out on the edge."
Profiles and Compatibility
MPEG4 is designed to be useful for video playback across a wide variety of devices, from cell phones to powerful desktop computers; from pocket sized handhelds to TV set top boxes. To support this flexibility, the spec is divided into different profiles and levels, each defining a subset of MPEG4's total feature set. An MPEG player will support a particular profile by implementing all of that profile's features. IBM's SamplesForMPEG4 (also available at alphaWorks) includes dozens of examples of varied XMT and MPEG4 features. Many of these play in the QT and Real players, while others do not. (Of course, they all play in IBM's M4Play, part of the Toolkit.)
http://www.streamingmedia.com/article.asp?id=8544
"MPEG4 is finally starting to gain some traction. The allure of platform and vendor independence and ubiquitous players on all kinds of devices is strong. But in many areas, MPEG4 is still a 'bleeding-edge' technology. You'll quickly feel the pain when you try to do any but the most basic audio/video delivery using it. Today, all the major streaming players support MPEG4, mostly through the EnvivioTV plugin. And Apple's Quicktime lets you convert all kinds of movies to MPEG4 using the best-$30-you-ever-spent-on-software Quicktime Pro. But to really unlock the promise of MPEG4 – universal and reliable authoring and playback of complex interactive multimedia – you still have to go out on the edge."
Profiles and Compatibility
MPEG4 is designed to be useful for video playback across a wide variety of devices, from cell phones to powerful desktop computers; from pocket sized handhelds to TV set top boxes. To support this flexibility, the spec is divided into different profiles and levels, each defining a subset of MPEG4's total feature set. An MPEG player will support a particular profile by implementing all of that profile's features. IBM's SamplesForMPEG4 (also available at alphaWorks) includes dozens of examples of varied XMT and MPEG4 features. Many of these play in the QT and Real players, while others do not. (Of course, they all play in IBM's M4Play, part of the Toolkit.)
http://www.streamingmedia.com/article.asp?id=8544
Tuesday, November 25, 2003
washingtonpost.com: On the Web, Research Work Proves Ephemeral:
"It was in the mundane course of getting a scientific paper published that physician Robert Dellavalle came to the unsettling realization that the world was dissolving before his eyes.
The world, that is, of footnotes, references and Web pages."
Dellavalle, a dermatologist with the Veterans Affairs Medical Center in Denver, had co-written a research report featuring dozens of footnotes -- many of which referred not to books or journal articles but, as is increasingly the case these days, to Web sites that he and his colleagues had used to substantiate their findings.
Problem was, it took about two years for the article to wind its way to publication. And by that time, many of the sites they had cited had moved to other locations on the Internet or disappeared altogether, rendering useless all those Web addresses -- also known as uniform resource locators (URLs) -- they had provided in their footnotes.
"Every time we checked, some were gone and others had moved," said Dellavalle, who is on the faculty at the University of Colorado Health Sciences Center. "We thought, 'This is an interesting phenomenon itself. We should look at this.' "
He and his co-workers have done just that, and what they have found is not reassuring to those who value having a permanent record of scientific progress. In research described in the journal Science last month, the team looked at footnotes from scientific articles in three major journals -- the New England Journal of Medicine, Science and Nature -- at three months, 15 months and 27 months after publication. The prevalence of inactive Internet references grew during those intervals from 3.8 percent to 10 percent to 13 percent.
"I think of it like the library burning in Alexandria," Dellavalle said, referring to the 48 B.C. sacking of the ancient world's greatest repository of knowledge. "We've had all these hundreds of years of stuff available by interlibrary loan, but now things just a few years old are disappearing right under our noses really quickly."
http://www.washingtonpost.com/ac2/wp-dyn/A8730-2003Nov23
"It was in the mundane course of getting a scientific paper published that physician Robert Dellavalle came to the unsettling realization that the world was dissolving before his eyes.
The world, that is, of footnotes, references and Web pages."
Dellavalle, a dermatologist with the Veterans Affairs Medical Center in Denver, had co-written a research report featuring dozens of footnotes -- many of which referred not to books or journal articles but, as is increasingly the case these days, to Web sites that he and his colleagues had used to substantiate their findings.
Problem was, it took about two years for the article to wind its way to publication. And by that time, many of the sites they had cited had moved to other locations on the Internet or disappeared altogether, rendering useless all those Web addresses -- also known as uniform resource locators (URLs) -- they had provided in their footnotes.
"Every time we checked, some were gone and others had moved," said Dellavalle, who is on the faculty at the University of Colorado Health Sciences Center. "We thought, 'This is an interesting phenomenon itself. We should look at this.' "
He and his co-workers have done just that, and what they have found is not reassuring to those who value having a permanent record of scientific progress. In research described in the journal Science last month, the team looked at footnotes from scientific articles in three major journals -- the New England Journal of Medicine, Science and Nature -- at three months, 15 months and 27 months after publication. The prevalence of inactive Internet references grew during those intervals from 3.8 percent to 10 percent to 13 percent.
"I think of it like the library burning in Alexandria," Dellavalle said, referring to the 48 B.C. sacking of the ancient world's greatest repository of knowledge. "We've had all these hundreds of years of stuff available by interlibrary loan, but now things just a few years old are disappearing right under our noses really quickly."
http://www.washingtonpost.com/ac2/wp-dyn/A8730-2003Nov23
Debian: Attack Didn't Harm Source Code:
"Despite a cracker incursion into Debian Project servers this week, representatives of the Debian Linux distribution said the open-source code behind it remains untouched."
This is not the first time an open-source site has been attacked by crackers. In March of this year, the Free Software Foundation Inc.'s GNU Project ftp servers were attacked. This assault, which caused no damage to the code, was only discovered months afterwards.
In the Debian case, though, the break-in was discovered within 24 hours. The cracker had gained access to four machines: "master," the bug-tracking system; "murphy," the mailing-list manager; "gluck," the Web server and Concurrent Versions System (CVS) system; and "klecker," which houses security, quality assurance and search-engine code. Martin Schulze, a Debian spokesman, reported that the Debian source code archives themselves were "not affected by this compromise."
"This kind of attack is inevitable in open source," Murdoch said. "We've increased security. At the beginning of Debian, becoming a developer was as easy as sending me an e-mail, but these days there are checks and balances in place to make sure that only real developers get in and that the code stays clean."
http://www.eweek.com/article2/0,4149,1394420,00.asp?kc=EWNWS112403DTX1K0000599
But Open Source is Safer?
"Despite a cracker incursion into Debian Project servers this week, representatives of the Debian Linux distribution said the open-source code behind it remains untouched."
This is not the first time an open-source site has been attacked by crackers. In March of this year, the Free Software Foundation Inc.'s GNU Project ftp servers were attacked. This assault, which caused no damage to the code, was only discovered months afterwards.
In the Debian case, though, the break-in was discovered within 24 hours. The cracker had gained access to four machines: "master," the bug-tracking system; "murphy," the mailing-list manager; "gluck," the Web server and Concurrent Versions System (CVS) system; and "klecker," which houses security, quality assurance and search-engine code. Martin Schulze, a Debian spokesman, reported that the Debian source code archives themselves were "not affected by this compromise."
"This kind of attack is inevitable in open source," Murdoch said. "We've increased security. At the beginning of Debian, becoming a developer was as easy as sending me an e-mail, but these days there are checks and balances in place to make sure that only real developers get in and that the code stays clean."
http://www.eweek.com/article2/0,4149,1394420,00.asp?kc=EWNWS112403DTX1K0000599
Monday, November 24, 2003
Take note of critical Office 2003 update and MiMail worm - TechRepublic:
"Fix
Symantec has posted a free tool for removing MiMail variants A through E, which will:
End the W32.Mimail viral processes.
Remove the W32.Mimail files.
Delete dropped files.
Delete the worm’s registry values."
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.removal.tool.html
http://techrepublic.com.com/5100-6264_11-5104786.html
"Fix
Symantec has posted a free tool for removing MiMail variants A through E, which will:
End the W32.Mimail viral processes.
Remove the W32.Mimail files.
Delete dropped files.
Delete the worm’s registry values."
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.removal.tool.html
http://techrepublic.com.com/5100-6264_11-5104786.html
Chicago Tribune | Survey: 31 Percent of U.S. Tech-Savvy:
"Technology geeks, unite. There are more of you than you might have realized. A study released Sunday found that 31 percent of Americans are 'highly tech-savvy' people for whom the Internet, cell phones and handheld organizers are more indispensable than TVs and old-fashioned wired phones. "
John Horrigan, author of the report by the Pew Internet & American Life Project, said the size of this "tech elite" was somewhat surprising. And while this group is predominantly young, the Pew researchers found plenty of baby boomers and seniors who are equally ardent about using technology.
The difference, though, is that techies in their late teens and 20s are more likely to create online content, like Web logs, or "blogs." Generation Xers are more likely to pay for content on the Web, while wired boomers and seniors generally plumb the Internet for news or to do work-related research.
So are you part of the "tech elite"? Consider these other Pew findings about how they live:…
http://www.chicagotribune.com/technology/sns-ap-tech-elite.story
"Technology geeks, unite. There are more of you than you might have realized. A study released Sunday found that 31 percent of Americans are 'highly tech-savvy' people for whom the Internet, cell phones and handheld organizers are more indispensable than TVs and old-fashioned wired phones. "
John Horrigan, author of the report by the Pew Internet & American Life Project, said the size of this "tech elite" was somewhat surprising. And while this group is predominantly young, the Pew researchers found plenty of baby boomers and seniors who are equally ardent about using technology.
The difference, though, is that techies in their late teens and 20s are more likely to create online content, like Web logs, or "blogs." Generation Xers are more likely to pay for content on the Web, while wired boomers and seniors generally plumb the Internet for news or to do work-related research.
So are you part of the "tech elite"? Consider these other Pew findings about how they live:…
http://www.chicagotribune.com/technology/sns-ap-tech-elite.story
Chicago Tribune | Questions, answers on cell phone changes:
"Questions and answers for consumers about changes in telecommunications rules:"
http://www.chicagotribune.com/technology/sns-ap-cell-phone-qa,1,1844433.story
"Questions and answers for consumers about changes in telecommunications rules:"
http://www.chicagotribune.com/technology/sns-ap-cell-phone-qa,1,1844433.story
Subscribe to:
Posts (Atom)
Posts
