Electronic Voting:
"Electronic voting has garnered significant attention in recent months. Controversy abounds over whether e-voting machines are secure and reliable, while strong movements toward expanding their use have arisen. India, for instance, announced in July 2003 that it would use exclusively electronic polls in its future elections. This trend and its associated security risks are examined in this Topic in Depth."
The NSDL Scout Report for Mathematics Engineering and Technology-- Volume 2, Number 25 Topic in Depth
1. The Free E-Democracy Project
http://www.free-project.org/learn/
2. Caltech-MIT/Voting Technology Project [pdf, RealOne Player]
http://web.mit.edu/voting/
3. Electronic Voting and Counting [pdf]
http://www.elections.act.gov.au/Elecvote.html
4. The Open Voting Consortium
http://www.openvotingconsortium.org/
5. Election Reform and Electronic Voting Systems (DREs): Analysis of Security Issues [pdf]
http://www.epic.org/privacy/voting/crsreport.pdf
6. Electronic Voting: What You Need to Know
http://www.truthout.org/docs_03/102003A.shtml
7. Can Voting Machines Be Trusted?
http://www.cbsnews.com/stories/2003/11/11/politics/main583042.shtml
From The NSDL Scout Report for Math, Engineering, & Technology, Copyright Internet Scout Project 1994-2003. http://www.scout.wisc.edu/
http://scout.wisc.edu/Reports/NSDL/MET/2003/met-031219-topicindepth.php#1
Saturday, December 20, 2003
Deep Content: Guide to Effective Searching of the Internet:
"Your ability to find the information you seek on the Internet is a function of how precise your queries are and how effectively you use search services. Poor queries return poor results; good queries return great results. Contrary to the hype surrounding 'intelligent agents' and 'artificial intelligence,' the fact remains that search results are only as good as the query you pose and how you search. There is no silver bullet.
There are very effective ways to 'structure' a query and use special operators to target the results you seek. Absent these techniques, you will spend endless hours looking at useless documents that do not contain the information you want. Or you will give up in frustration after search-click-download-reviewing long lists of documents before you find what you want."
This outstanding website is, without question, one of the most comprehensive online resources for learning efficient Internet search techniques. The guide begins with some fairly non-technical background about the Internet and explains why searching such a massive amount of information is more complex than it seems. The general process used by search engines to rank webpages is described. After covering the fundamentals of search engine operation, the guide discusses some best practices to use when conducting a search. Keyword selection, phrasing, and Boolean operators are just a few of the concepts discussed to help users make their searching more effective. The guide also compares many top search engines, noting the supported features, coverage, and type of indexing associated with each. From The NSDL Scout Report for Math, Engineering, & Technology, Copyright Internet Scout Project 1994-2003. http://www.scout.wisc.edu/
http://scout.wisc.edu/Reports/NSDL/MET/2003/met-031219-printable.html#12
http://www.brightplanet.com/deepcontent/tutorials/search/index.asp
"Your ability to find the information you seek on the Internet is a function of how precise your queries are and how effectively you use search services. Poor queries return poor results; good queries return great results. Contrary to the hype surrounding 'intelligent agents' and 'artificial intelligence,' the fact remains that search results are only as good as the query you pose and how you search. There is no silver bullet.
There are very effective ways to 'structure' a query and use special operators to target the results you seek. Absent these techniques, you will spend endless hours looking at useless documents that do not contain the information you want. Or you will give up in frustration after search-click-download-reviewing long lists of documents before you find what you want."
This outstanding website is, without question, one of the most comprehensive online resources for learning efficient Internet search techniques. The guide begins with some fairly non-technical background about the Internet and explains why searching such a massive amount of information is more complex than it seems. The general process used by search engines to rank webpages is described. After covering the fundamentals of search engine operation, the guide discusses some best practices to use when conducting a search. Keyword selection, phrasing, and Boolean operators are just a few of the concepts discussed to help users make their searching more effective. The guide also compares many top search engines, noting the supported features, coverage, and type of indexing associated with each. From The NSDL Scout Report for Math, Engineering, & Technology, Copyright Internet Scout Project 1994-2003. http://www.scout.wisc.edu/
http://scout.wisc.edu/Reports/NSDL/MET/2003/met-031219-printable.html#12
http://www.brightplanet.com/deepcontent/tutorials/search/index.asp
Friday, December 19, 2003
Record Industry May Not Subpoena Online Providers:
"The recording industry cannot compel an Internet service provider to give up the names of customers who trade music online without judicial review, a federal appeals court in Washington ruled today.
The sharply worded ruling, which dismissed one industry argument by saying that it 'borders on the silly,' is a blow to the music companies in the online music wars. It overturns a decision in federal district court that favored the industry and ordered Verizon Communications to disclose the identity of a subscriber based on simple subpoenas submitted to a court clerk. "
The music industry has been struggling to counter an army of downloaders tens of millions strong who, beginning with the advent of Napster in the 1990's, have swapped songs online on so-called "peer-to-peer" networks without regard to the property rights of artists, composers and the companies that make the music.
In September, the industry began suing large-scale file swappers. In doing so, it used a controversial provision of the Digital Millennium Copyright Act of 1998, section 512 (h), to demand that the service providers reveal the identities of customers whose activities could otherwise be linked by the industry only to an identifier known as an Internet Protocol number.
The opinion, written by Chief Judge Douglas H. Ginsburg of the United States Court of Appeals for the District of Columbia Circuit, did not strike down the new provisions of the copyright act on constitutional grounds. Instead, it said that the statute was applied incorrectly by the recording industry.
Under the terms of the law, the court said, subpoenas that the industry sent to Verizon demanding the identity of the file trader and the removal of infringing files could not be applied to the company when its customers were trading files on a peer-to-peer network. As an Internet service provider, or I.S.P., Verizon was "acting merely as a conduit" for the music files and did not store the data on its own computer network, Judge Ginsburg wrote. "A subpoena may be issued only to an I.S.P. engaged in storing on its servers material that is infringing or the subject of infringing activity."
Since the law requires a "takedown notice" that identifies the material that must be removed from the Internet, and since the material in question is not on the Internet service provider's own servers, "the R.I.A.A.'s notification identifies absolutely no material Verizon could remove or access to which it could disable," Judge Ginsburg wrote.
Although the recording industry argued that an Internet service provider can, in fact, remove the offending material by cutting off the subscriber's account, Judge Ginsburg wrote that "this argument is undone by the terms of the act," which clearly distinguished between blocking access to copyrighted files and cutting off the accounts of infringing users.
The industry's argument that the subpoena power could be applied to an Internet service provider "regardless of what function it performs," even if songs are only momentarily passing through its data pipes, "borders upon the silly," the judge wrote.
Such attempts by the industry to broaden the definition and role of Internet service provider, Judge Ginsburg wrote, must fail under the harsh light of careful statutory analysis. "Define all the world as an I.S.P. if you like, the validity of a 512(h) subpoena still depends upon the copyright holder having given the I.S.P., however defined, a notification" that is effective under other crucial provisions of the law, he wrote.…
http://www.nytimes.com/2003/12/19/technology/19CND-MUSI.html?pagewanted=all&position=
The industry's argument that the subpoena power could be applied to an Internet service provider "regardless of what function it performs," even if songs are only momentarily passing through its data pipes, "borders upon the silly."
"The recording industry cannot compel an Internet service provider to give up the names of customers who trade music online without judicial review, a federal appeals court in Washington ruled today.
The sharply worded ruling, which dismissed one industry argument by saying that it 'borders on the silly,' is a blow to the music companies in the online music wars. It overturns a decision in federal district court that favored the industry and ordered Verizon Communications to disclose the identity of a subscriber based on simple subpoenas submitted to a court clerk. "
The music industry has been struggling to counter an army of downloaders tens of millions strong who, beginning with the advent of Napster in the 1990's, have swapped songs online on so-called "peer-to-peer" networks without regard to the property rights of artists, composers and the companies that make the music.
In September, the industry began suing large-scale file swappers. In doing so, it used a controversial provision of the Digital Millennium Copyright Act of 1998, section 512 (h), to demand that the service providers reveal the identities of customers whose activities could otherwise be linked by the industry only to an identifier known as an Internet Protocol number.
The opinion, written by Chief Judge Douglas H. Ginsburg of the United States Court of Appeals for the District of Columbia Circuit, did not strike down the new provisions of the copyright act on constitutional grounds. Instead, it said that the statute was applied incorrectly by the recording industry.
Under the terms of the law, the court said, subpoenas that the industry sent to Verizon demanding the identity of the file trader and the removal of infringing files could not be applied to the company when its customers were trading files on a peer-to-peer network. As an Internet service provider, or I.S.P., Verizon was "acting merely as a conduit" for the music files and did not store the data on its own computer network, Judge Ginsburg wrote. "A subpoena may be issued only to an I.S.P. engaged in storing on its servers material that is infringing or the subject of infringing activity."
Since the law requires a "takedown notice" that identifies the material that must be removed from the Internet, and since the material in question is not on the Internet service provider's own servers, "the R.I.A.A.'s notification identifies absolutely no material Verizon could remove or access to which it could disable," Judge Ginsburg wrote.
Although the recording industry argued that an Internet service provider can, in fact, remove the offending material by cutting off the subscriber's account, Judge Ginsburg wrote that "this argument is undone by the terms of the act," which clearly distinguished between blocking access to copyrighted files and cutting off the accounts of infringing users.
The industry's argument that the subpoena power could be applied to an Internet service provider "regardless of what function it performs," even if songs are only momentarily passing through its data pipes, "borders upon the silly," the judge wrote.
Such attempts by the industry to broaden the definition and role of Internet service provider, Judge Ginsburg wrote, must fail under the harsh light of careful statutory analysis. "Define all the world as an I.S.P. if you like, the validity of a 512(h) subpoena still depends upon the copyright holder having given the I.S.P., however defined, a notification" that is effective under other crucial provisions of the law, he wrote.…
http://www.nytimes.com/2003/12/19/technology/19CND-MUSI.html?pagewanted=all&position=
ZDNet AnchorDesk: The safe way to move your data to a new PC:
"This column is about something that every reasonably advanced PC user faces at one time or another, an exercise that's fraught with peril. "
Specifically: How do you make sure your PC is safe to hand down to someone else or perhaps to sell on eBay for a dollar or two? By "safe," I mean that all your personal data has been safely removed.
Real paranoiacs will remove the hard drive, run it past a demagnetizer, smash it with a 20-pound sledge hammer, and then soak the remains in circuit board etching solution before they pass along a PC. If you should actually catch somebody doing this, however, do us all a favor and notify Tom Ridge immediately.
If you'd rather preserve the drive, and don't care about the apps and operating system, there are a number of utilities that will completely wipe the drive. If you have a copy of Norton SystemWorks, for example, you can boot from the CD and use it to wipe the machine's hard drive.
Not all data wiping programs are created equal, however. Whatever app you use, try to make sure it makes three or more passes of the hard drive, replacing the old data with random characters each time. Such a hard drive will be clean enough for the Defense Department's purposes, whatever those might be.
BUT SUPPOSE you want to leave most or all of the applications and operating system in a condition that someone else could still use. And (to be even more realistic), let's say you'd also like to migrate all your data and settings from the old machine to one you've just purchased or received as a holiday present.…
http://reviews-zdnet.com.com/AnchorDesk/4520-7298_16-5114407.html?tag=adss
"This column is about something that every reasonably advanced PC user faces at one time or another, an exercise that's fraught with peril. "
Specifically: How do you make sure your PC is safe to hand down to someone else or perhaps to sell on eBay for a dollar or two? By "safe," I mean that all your personal data has been safely removed.
Real paranoiacs will remove the hard drive, run it past a demagnetizer, smash it with a 20-pound sledge hammer, and then soak the remains in circuit board etching solution before they pass along a PC. If you should actually catch somebody doing this, however, do us all a favor and notify Tom Ridge immediately.
If you'd rather preserve the drive, and don't care about the apps and operating system, there are a number of utilities that will completely wipe the drive. If you have a copy of Norton SystemWorks, for example, you can boot from the CD and use it to wipe the machine's hard drive.
Not all data wiping programs are created equal, however. Whatever app you use, try to make sure it makes three or more passes of the hard drive, replacing the old data with random characters each time. Such a hard drive will be clean enough for the Defense Department's purposes, whatever those might be.
BUT SUPPOSE you want to leave most or all of the applications and operating system in a condition that someone else could still use. And (to be even more realistic), let's say you'd also like to migrate all your data and settings from the old machine to one you've just purchased or received as a holiday present.…
http://reviews-zdnet.com.com/AnchorDesk/4520-7298_16-5114407.html?tag=adss
Thursday, December 18, 2003
No MS Security Issues In December? Think Again!:
"Mozilla not immune.
…there's is a particular problem in Internet Explorer which allows a malicious coder to make it appear as if the user is viewing a different Web site than they actually are viewing. The bug involved the use of a feature of Uniform Resource Identifiers (browser addresses) that is more often abused than used legitimately used: the '@' character.
When an '@' is part of the domain in a Web address, the browser treats the string to the left of it as a user name to fill in any userid prompts, and everything on the right side as the domain name. This is perfectly legitimate syntax. Click here for the actual standard document about URIs.
Malicious coders, such as phishers, often will use this technique to obscure the actual address of the site they send you to. For example, they might send you a message that appears to be from Paypal and include a link that looks something like this:
http://www.paypal.com@64.225.264.128/accounts/validate.htm (The IP address I used is illegal for the same reason they use 555 phone numbers on TV shows.)
Notice, the numeric string to the right of the '@' mark. This link will not take you to www.paypal.com, but to 64.225.264.128. But most unsophisticated users won't notice the difference. Still, all of this monkey business is perfectly legal (if immoral) under the URI standard.
The latest bug adds a twist: If you put ASCII 00 and 01 characters (designated as %00%01 in the spec.) just prior to the '@' character, then Internet Explorer won't display the rest of the URL when the user views the page. In Javascript you must use just the %01 character and also decode the string with the unescape() function..
There are many variations of this particular scheme, and surprisingly some of them partially work on Mozilla as well.
The anchor link version of this vulnerability also results in the partial, incorrect address being displayed in the status line as the user hovers the mouse over the link. Versions of Mozilla I tested (Versions 1.0 and 1.5) also showed the partial address in the status line, although they displayed the full address in the address bar. Just for fun, I tried Netscape 4.7 as well. Despite being one of worst programs ever written, it handled this situation properly, displaying the full URL in the address and status lines. "
http://www.eweek.com/print_article/0,3048,a=114456,00.asp
"Mozilla not immune.
…there's is a particular problem in Internet Explorer which allows a malicious coder to make it appear as if the user is viewing a different Web site than they actually are viewing. The bug involved the use of a feature of Uniform Resource Identifiers (browser addresses) that is more often abused than used legitimately used: the '@' character.
When an '@' is part of the domain in a Web address, the browser treats the string to the left of it as a user name to fill in any userid prompts, and everything on the right side as the domain name. This is perfectly legitimate syntax. Click here for the actual standard document about URIs.
Malicious coders, such as phishers, often will use this technique to obscure the actual address of the site they send you to. For example, they might send you a message that appears to be from Paypal and include a link that looks something like this:
http://www.paypal.com@64.225.264.128/accounts/validate.htm (The IP address I used is illegal for the same reason they use 555 phone numbers on TV shows.)
Notice, the numeric string to the right of the '@' mark. This link will not take you to www.paypal.com, but to 64.225.264.128. But most unsophisticated users won't notice the difference. Still, all of this monkey business is perfectly legal (if immoral) under the URI standard.
The latest bug adds a twist: If you put ASCII 00 and 01 characters (designated as %00%01 in the spec.) just prior to the '@' character, then Internet Explorer won't display the rest of the URL when the user views the page. In Javascript you must use just the %01 character and also decode the string with the unescape() function..
There are many variations of this particular scheme, and surprisingly some of them partially work on Mozilla as well.
The anchor link version of this vulnerability also results in the partial, incorrect address being displayed in the status line as the user hovers the mouse over the link. Versions of Mozilla I tested (Versions 1.0 and 1.5) also showed the partial address in the status line, although they displayed the full address in the address bar. Just for fun, I tried Netscape 4.7 as well. Despite being one of worst programs ever written, it handled this situation properly, displaying the full URL in the address and status lines. "
http://www.eweek.com/print_article/0,3048,a=114456,00.asp
Wednesday, December 17, 2003
ASP 101 - Using the Google APIs to Spell Check:
"The Developers at Google have been kind enough to offer a web API for developers using the SOAP protocol. When you do a search using Google, you may have noticed that you are prompted with possible alternatives to any words you may have misspelled.
The Google web API 'spell check' allows you to send a string of text and receive alternatives for misspelled words. The power in this web API is that the Google dictionary includes technology words that are used in website searches, but may not have been included in a Standard English dictionary. "
Setting up the Google SDK on your server is as simple as downloading the API from http://www.google.com/apis/. You'll need to register with the website which will give you your own key. You'll need the key for Google to accept SOAP connections from your server.
There are some limitations to be mentioned as well. The Google web API allows 10 words to be sent at a time and a limit of 1000 connections per key per day. The following script works around the 10 word limit, however is still limited by the 1000 connections.…
http://www.asp101.com/articles/jeremy/googlespell/default.asp
"The Developers at Google have been kind enough to offer a web API for developers using the SOAP protocol. When you do a search using Google, you may have noticed that you are prompted with possible alternatives to any words you may have misspelled.
The Google web API 'spell check' allows you to send a string of text and receive alternatives for misspelled words. The power in this web API is that the Google dictionary includes technology words that are used in website searches, but may not have been included in a Standard English dictionary. "
Setting up the Google SDK on your server is as simple as downloading the API from http://www.google.com/apis/. You'll need to register with the website which will give you your own key. You'll need the key for Google to accept SOAP connections from your server.
There are some limitations to be mentioned as well. The Google web API allows 10 words to be sent at a time and a limit of 1000 connections per key per day. The following script works around the 10 word limit, however is still limited by the 1000 connections.…
http://www.asp101.com/articles/jeremy/googlespell/default.asp
PCMag.com Shareware Library: Freeware and Shareware Downloads:
"This one's for everyone who complained about being forced to pay $5 a month (or $20 a year) to get award-winning PC Magazine Utilities.
…an extensive (and I mean extensive) shareware library full of thousands of programs you can download and try -- without spending a dime! Utilities, music, multimedia, programming, business, and more "
http://shareware.pcmag.com/welcome.php?&SiteID=pcmag
"This one's for everyone who complained about being forced to pay $5 a month (or $20 a year) to get award-winning PC Magazine Utilities.
…an extensive (and I mean extensive) shareware library full of thousands of programs you can download and try -- without spending a dime! Utilities, music, multimedia, programming, business, and more "
http://shareware.pcmag.com/welcome.php?&SiteID=pcmag
DoS Flaw in SOAP DTD Parameter:
"Technology heavyweights IBM and Microsoft have released fixes for a potentially serious vulnerability in various Web Services products that could be exploited to trigger denial-of-service attacks (define).
In separate alerts, the companies said the vulnerability was caused by an error in the XML parser when parsing the DTD (Document Type Definition) part of XML documents. Independent security researcher Secunia has tagged the flaw with a 'moderately critical' rating."
Affected software include the IBM WebSphere 5.0.0 and Microsoft ASP.NET Web Services (.NET framework 1.0, .NET framework 1.1).
According to IBM, the security patch fixes a flaw that could be exploited by sending a specially crafted SOAP request. "This can cause the WebSphere XML Parser to consume an excessive amount of CPU resources," Big Blue warned.
An advisory from Microsoft confirmed the DTD error parsing vulnerability in its Web Services products, included with the .NET Framework 1.1.
Document Type Definition (DTD) provides a way DTDs provide a way to write markup rules that describe the structure of XML documents and can be used to validate the structure of those documents. When the XML 1.0 specification was originally created, the DTD syntax, which is not XML-based, was inherited from earlier markup languages, such as Standard Generalized Markup Language (SGML) and HTML, Microsoft explained.…
http://www.internetnews.com/dev-news/article.php/3289191
"Technology heavyweights IBM and Microsoft have released fixes for a potentially serious vulnerability in various Web Services products that could be exploited to trigger denial-of-service attacks (define).
In separate alerts, the companies said the vulnerability was caused by an error in the XML parser when parsing the DTD (Document Type Definition) part of XML documents. Independent security researcher Secunia has tagged the flaw with a 'moderately critical' rating."
Affected software include the IBM WebSphere 5.0.0 and Microsoft ASP.NET Web Services (.NET framework 1.0, .NET framework 1.1).
According to IBM, the security patch fixes a flaw that could be exploited by sending a specially crafted SOAP request. "This can cause the WebSphere XML Parser to consume an excessive amount of CPU resources," Big Blue warned.
An advisory from Microsoft confirmed the DTD error parsing vulnerability in its Web Services products, included with the .NET Framework 1.1.
Document Type Definition (DTD) provides a way DTDs provide a way to write markup rules that describe the structure of XML documents and can be used to validate the structure of those documents. When the XML 1.0 specification was originally created, the DTD syntax, which is not XML-based, was inherited from earlier markup languages, such as Standard Generalized Markup Language (SGML) and HTML, Microsoft explained.…
http://www.internetnews.com/dev-news/article.php/3289191
W32/Sobig.F-mm is Still a Big Threat:
"On the virus and worm front, not much has changed in the lineup of top threats. W32/Swen.A-mm, W32/Dumaru.A-mm and several Mimail variations are still infecting hundreds worldwide every day. Also on the top list is W32/Sobig.F-mm, a tenacious multi-vector worm that has been around since August. Sobig.F, like Swen.A, spoofed the 'from' address field of e-mail it sent out, to make it look like someone else was sending the infected messages. The worm was very prolific by itself, but it ended up generating more incidental Internet traffic because automated IT antivirus systems were sending virus notifications back to the senders. Unfortunately, many of the apparent senders had nothing to do with the original e-mail message. In the days of slower moving viruses, the notifications were helpful, but with fast moving worms, it had to be scrapped. In a recent newsletter, ThreatFocus estimated that 'Spam from PC's hijacked by the Sobig virus now accounts for more than half of all email sent across the Internet.' "
First discovered in August 2003, mass mailing worm W32/Sobig.F-mm caused a lot of grief in a short amount of time, and is still in the top 10 viruses plaguing users. W32/Sobig.F-mm was supposed to terminate its propagation on September 10th, 2003, and was downgraded in threat level by several antivirus companies. Though "deactivated", it is still listed as one of the top infectors, and it is attributed to spreading spam across the Internet. After the deactivation date, it can still be used to propagate spam and update itself, making it important to remove the infection.
One of the fastest moving viruses, Sobig.F usually spreads as an e-mail attachment (usually a PIF or SCR file), though it also attempts to spread through network shares, leaving open the possibility of re-infection even if the original infected machines have been cleaned. For a user to catch Sobig.F, they must run or view the e-mail attachment. Once running, Sobig.F will send copies of itself out using its own SMTP engine to addresses harvested from text, database, html and e-mail files on the victim's machine. The virus also uses the harvested addresses to spoof the "From" field to disguise the origin of the e-mail. This feature caused major headaches, as many innocent users were being blamed for sending out infected traffic, and the bounced back e-mail in itself clogged the Internet.
Once running, the virus will attempt get the current date and time through one of several Network Timer Protocol (NTP) servers. If the time is between 19:00 and 22:00 UTC (Universal Time Code) or 8pm – 11pm UK time, on a Friday or Sunday, it sends a UDP packet to a remote server on port 8998. It is suspected that it is being used to download an update file, which is a behavior shown by earlier versions of Sobig. Blocking outgoing UDP connections on port 8998 with a firewall is recommended as a workaround for this feature.
When a user runs an infected attachment, Sobig creates a copy of itself called winppr32.exe in the Windows folder (C:\Windows or C:\Winnt). It then adds the value "TrayX"="%Windir%\winppr32.exe /sinc" to the following registry keys, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run . This means that the virus will run when the machine is booted. Sobig also creates a file called winstt32.dat in the Windows folder (%windir% is the Windows folder as noted above), which is used to store e-mail addresses gathered from the victim's machine.
The virus will also look for any accessible network shares for which the PC has write access. Symantec reports though that due to a bug in the code, Sobig cannot copy over network shares. Sobig.F can download arbitrary files from server addresses stored in the virus, and execute them. Also according to the Symantec, "The author of the worm has used this functionality to steal confidential system information and to set up spam relay servers on infected computers". This is in line with ThreatFocus's estimate that over 50% of the spam on the web comes from Sobig infected zombie computers. It is suspected that Sobig.F attempts to contact a master server that its author controls and downloads a URL where it goes to download a Trojan to run on the local PC.…
Full article (printable version) at http://www.pcmag.com/print_article/0,3048,a=114580,00.asp
http://www.pcmag.com/article2/0,4149,1414899,00.asp
"On the virus and worm front, not much has changed in the lineup of top threats. W32/Swen.A-mm, W32/Dumaru.A-mm and several Mimail variations are still infecting hundreds worldwide every day. Also on the top list is W32/Sobig.F-mm, a tenacious multi-vector worm that has been around since August. Sobig.F, like Swen.A, spoofed the 'from' address field of e-mail it sent out, to make it look like someone else was sending the infected messages. The worm was very prolific by itself, but it ended up generating more incidental Internet traffic because automated IT antivirus systems were sending virus notifications back to the senders. Unfortunately, many of the apparent senders had nothing to do with the original e-mail message. In the days of slower moving viruses, the notifications were helpful, but with fast moving worms, it had to be scrapped. In a recent newsletter, ThreatFocus estimated that 'Spam from PC's hijacked by the Sobig virus now accounts for more than half of all email sent across the Internet.' "
First discovered in August 2003, mass mailing worm W32/Sobig.F-mm caused a lot of grief in a short amount of time, and is still in the top 10 viruses plaguing users. W32/Sobig.F-mm was supposed to terminate its propagation on September 10th, 2003, and was downgraded in threat level by several antivirus companies. Though "deactivated", it is still listed as one of the top infectors, and it is attributed to spreading spam across the Internet. After the deactivation date, it can still be used to propagate spam and update itself, making it important to remove the infection.
One of the fastest moving viruses, Sobig.F usually spreads as an e-mail attachment (usually a PIF or SCR file), though it also attempts to spread through network shares, leaving open the possibility of re-infection even if the original infected machines have been cleaned. For a user to catch Sobig.F, they must run or view the e-mail attachment. Once running, Sobig.F will send copies of itself out using its own SMTP engine to addresses harvested from text, database, html and e-mail files on the victim's machine. The virus also uses the harvested addresses to spoof the "From" field to disguise the origin of the e-mail. This feature caused major headaches, as many innocent users were being blamed for sending out infected traffic, and the bounced back e-mail in itself clogged the Internet.
Once running, the virus will attempt get the current date and time through one of several Network Timer Protocol (NTP) servers. If the time is between 19:00 and 22:00 UTC (Universal Time Code) or 8pm – 11pm UK time, on a Friday or Sunday, it sends a UDP packet to a remote server on port 8998. It is suspected that it is being used to download an update file, which is a behavior shown by earlier versions of Sobig. Blocking outgoing UDP connections on port 8998 with a firewall is recommended as a workaround for this feature.
When a user runs an infected attachment, Sobig creates a copy of itself called winppr32.exe in the Windows folder (C:\Windows or C:\Winnt). It then adds the value "TrayX"="%Windir%\winppr32.exe /sinc" to the following registry keys, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run . This means that the virus will run when the machine is booted. Sobig also creates a file called winstt32.dat in the Windows folder (%windir% is the Windows folder as noted above), which is used to store e-mail addresses gathered from the victim's machine.
The virus will also look for any accessible network shares for which the PC has write access. Symantec reports though that due to a bug in the code, Sobig cannot copy over network shares. Sobig.F can download arbitrary files from server addresses stored in the virus, and execute them. Also according to the Symantec, "The author of the worm has used this functionality to steal confidential system information and to set up spam relay servers on infected computers". This is in line with ThreatFocus's estimate that over 50% of the spam on the web comes from Sobig infected zombie computers. It is suspected that Sobig.F attempts to contact a master server that its author controls and downloads a URL where it goes to download a Trojan to run on the local PC.…
Full article (printable version) at http://www.pcmag.com/print_article/0,3048,a=114580,00.asp
http://www.pcmag.com/article2/0,4149,1414899,00.asp
Judge OKs Internet Company's Pop-Up Ads:
"A federal judge ruled Monday that a California company can send 'pop-up' Internet ads that regulators have called 'high-tech extortion"—at least until the matter is decided at trial.
U.S. District Judge Andre Davis said there was insufficient evidence for him to grant a preliminary injunction sought by the Federal Trade Commission. Regulators wanted to stop San Diego-based D-Squared Solutions LLC from selling its ad-blocking software."
"It's not clear to me ... if there's substantial injury to consumers," said Davis, who set a trial for March 8. "The case had the odor of extortion as it was originally prosecuted ... but it certainly doesn't look like extortion to me."
The FTC said D-Squared improperly used a technology built into most versions of Microsoft's Windows operating software to display intrusive messages on computer screens.
The messages offered software to block the same types of ads the company was sending. The FTC said D-Squared unlawfully exploited Microsoft's Windows Messenger Service feature by sending the unwanted ads to Internet users as frequently as once every 10 minutes.
FTC attorney Mona Spivack said D-Squared's advertisements caused "substantial injury" to consumers, citing lost data, crashed computers, frustration, annoyance and harassment.
"They clearly knew that this practice was in fact causing consumers' computers to crash," Spivack said. "The defendant's own marketing material said this."
http://www.eweek.com/article2/0,4149,1414497,00.asp?kc=EWNWS121603DTX1K0000599
"A federal judge ruled Monday that a California company can send 'pop-up' Internet ads that regulators have called 'high-tech extortion"—at least until the matter is decided at trial.
U.S. District Judge Andre Davis said there was insufficient evidence for him to grant a preliminary injunction sought by the Federal Trade Commission. Regulators wanted to stop San Diego-based D-Squared Solutions LLC from selling its ad-blocking software."
"It's not clear to me ... if there's substantial injury to consumers," said Davis, who set a trial for March 8. "The case had the odor of extortion as it was originally prosecuted ... but it certainly doesn't look like extortion to me."
The FTC said D-Squared improperly used a technology built into most versions of Microsoft's Windows operating software to display intrusive messages on computer screens.
The messages offered software to block the same types of ads the company was sending. The FTC said D-Squared unlawfully exploited Microsoft's Windows Messenger Service feature by sending the unwanted ads to Internet users as frequently as once every 10 minutes.
FTC attorney Mona Spivack said D-Squared's advertisements caused "substantial injury" to consumers, citing lost data, crashed computers, frustration, annoyance and harassment.
"They clearly knew that this practice was in fact causing consumers' computers to crash," Spivack said. "The defendant's own marketing material said this."
http://www.eweek.com/article2/0,4149,1414497,00.asp?kc=EWNWS121603DTX1K0000599
Monday, December 15, 2003
News: Google delivers parcel search:
"Google has introduced a new search feature that turns up shipping information from Federal Express and United Parcel Service, the company's latest move to expand beyond keyword searches.
Google takes people directly to the FedEx or UPS Web page containing the location of a particular package when they type in their parcel tracking number into its search site. The new 'Search by Number' feature, announced Friday, also brings up information linked to other kinds of numbers, such as patent numbers, equipment identification numbers issued by the Federal Communications Commission, and airplane registration numbers from the Federal Aviation Administration.… "
Google also has tweaked the way it displays search results for specific products for sale on the Web. A search for "Hulk Hands," for instance, will display the top listings from Google's online shopping guide, Froogle, above its regular search results.…
http://zdnet.com.com/2100-1104_2-5121824.html
"Google has introduced a new search feature that turns up shipping information from Federal Express and United Parcel Service, the company's latest move to expand beyond keyword searches.
Google takes people directly to the FedEx or UPS Web page containing the location of a particular package when they type in their parcel tracking number into its search site. The new 'Search by Number' feature, announced Friday, also brings up information linked to other kinds of numbers, such as patent numbers, equipment identification numbers issued by the Federal Communications Commission, and airplane registration numbers from the Federal Aviation Administration.… "
Google also has tweaked the way it displays search results for specific products for sale on the Web. A search for "Hulk Hands," for instance, will display the top listings from Google's online shopping guide, Froogle, above its regular search results.…
http://zdnet.com.com/2100-1104_2-5121824.html
ZDNet AnchorDesk: How to stop spam? Don't look to legislation:
"After months of debate, Congress has approved an antispam bill, known as the Controlling the Assault of Non-Solicited Pornography and Marketing Act, or the CAN-SPAM Act of 2003. President Bush has indicated he will sign it before the end of the year. That sounds like good news for anyone who uses e-mail. But once you look beyond the spin, you'll find there's much less here than meets the eye. "
IN A NUTSHELL, CAN-SPAM prohibits the use of fraudulent e-mail headers, the use of robotic means to collect e-mail addresses from Web sites, and the sending of unsolicited adult advertising. It requires e-mail marketers to provide a working URL in messages so recipients can remove themselves from any future mailings.
Down the road, the law also calls for the creation of a federal Do Not Spam list, much like the FTC's Do Not Call list, which gives you the ability to remove your phone number from telemarketers' databases. The law also prohibits unwanted commercial messages via mobile services on mobile phones and PDAs.…
SO WHY DID the attorneys general from California, Kansas, Maryland, Nevada, Texas, Vermont, and Washington urge the House of Representatives to vote against the act? Because CAN-SPAM ignores and supercedes any existing or pending junk e-mail laws in 30 states--including the toughest, California's--with a decidedly weaker federal law.
The state laws, which are now obsolete, were more stringent than the federal one in several ways. For example, the laws in Utah and California would allow recipients to sue spammers who use false e-mail headers. One provision of a California law would even use the penalties claimed from such cases to help fund the state's high-tech crime task forces. However, under CAN-SPAM, while recipients can still sue spammers, the burden of proof has been extended beyond showing that the e-mail header was false and now requires that plaintiffs show the sender also knew it was false.
It's the opinion of several state attorneys general that this is a much higher standard of proof than other consumer protection laws, and that spam recipients will now tie up the legal system with new cases without being able to stop unsolicited e-mails in the meantime. That is what the direct-marketing associations wanted: judicial gridlock.
ANOTHER SHORTCOMING of the law: According to Spamhaus.org, an antispam clearinghouse, CAN-SPAM allows 23 million U.S. businesses to spam U.S. e-mail addresses legally as long as they also provide a means for users to opt-out of future mailings.
It turns out the direct marketers got their way this time around. With telemarketing restricted by the Do Not Call list, direct-marketing associations now see e-mail advertising as their last and best option, since automatically sending hundreds of thousands of e-mails is much cheaper than maintaining call centers. These groups made the rounds in Washington D.C. and managed to get this muted federal antispam bill passed quickly. For the legislators in Congress, CAN-SPAM allows them to say, "Look, we did something about spam," when, in reality, the act does little to actually solve the problem.…
http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5113118.html?tag=ns
"After months of debate, Congress has approved an antispam bill, known as the Controlling the Assault of Non-Solicited Pornography and Marketing Act, or the CAN-SPAM Act of 2003. President Bush has indicated he will sign it before the end of the year. That sounds like good news for anyone who uses e-mail. But once you look beyond the spin, you'll find there's much less here than meets the eye. "
IN A NUTSHELL, CAN-SPAM prohibits the use of fraudulent e-mail headers, the use of robotic means to collect e-mail addresses from Web sites, and the sending of unsolicited adult advertising. It requires e-mail marketers to provide a working URL in messages so recipients can remove themselves from any future mailings.
Down the road, the law also calls for the creation of a federal Do Not Spam list, much like the FTC's Do Not Call list, which gives you the ability to remove your phone number from telemarketers' databases. The law also prohibits unwanted commercial messages via mobile services on mobile phones and PDAs.…
SO WHY DID the attorneys general from California, Kansas, Maryland, Nevada, Texas, Vermont, and Washington urge the House of Representatives to vote against the act? Because CAN-SPAM ignores and supercedes any existing or pending junk e-mail laws in 30 states--including the toughest, California's--with a decidedly weaker federal law.
The state laws, which are now obsolete, were more stringent than the federal one in several ways. For example, the laws in Utah and California would allow recipients to sue spammers who use false e-mail headers. One provision of a California law would even use the penalties claimed from such cases to help fund the state's high-tech crime task forces. However, under CAN-SPAM, while recipients can still sue spammers, the burden of proof has been extended beyond showing that the e-mail header was false and now requires that plaintiffs show the sender also knew it was false.
It's the opinion of several state attorneys general that this is a much higher standard of proof than other consumer protection laws, and that spam recipients will now tie up the legal system with new cases without being able to stop unsolicited e-mails in the meantime. That is what the direct-marketing associations wanted: judicial gridlock.
ANOTHER SHORTCOMING of the law: According to Spamhaus.org, an antispam clearinghouse, CAN-SPAM allows 23 million U.S. businesses to spam U.S. e-mail addresses legally as long as they also provide a means for users to opt-out of future mailings.
It turns out the direct marketers got their way this time around. With telemarketing restricted by the Do Not Call list, direct-marketing associations now see e-mail advertising as their last and best option, since automatically sending hundreds of thousands of e-mails is much cheaper than maintaining call centers. These groups made the rounds in Washington D.C. and managed to get this muted federal antispam bill passed quickly. For the legislators in Congress, CAN-SPAM allows them to say, "Look, we did something about spam," when, in reality, the act does little to actually solve the problem.…
http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5113118.html?tag=ns
Subscribe to:
Posts (Atom)
Posts
