ZDNet UK - News - Whois database 'contributes to identity theft':
"A database publishing information about all Internet domain name holders is open to abuse and must be reformed, civil liberties groups have warned"
Whois, an online database that contains personal information about Internet domain name holders, is a major contributor to identity theft and defies advice from the Federal Trade Commission (FTC), according to a group of civil liberties organisations.
When an Internet domain is registered, the details of the owner are entered into the Whois database and published by the Internet Corporation for Assigned Names and Numbers (ICANN). This procedure was designed to ensure that when technical difficulties or incompatibilities arose, it was relatively easy to contact the owner of the domain. However, the database has now grown beyond all expectations and is open for exploitation, privacy groups argue.…
http://news.zdnet.co.uk/0,39020330,39117667,00.htm
Friday, November 07, 2003
News: Treaty casts shadow on Webcast rights:
"A United Nations committee on Wednesday approved the world's first Webcasting treaty, which has drawn criticism that it limits the use of works that are in the public domain. "
At a meeting in Geneva, the World Intellectual Property Organization's Standing Committee on Copyright and Related Rights agreed to prepare a draft of the treaty by April 1, 2004. A second meeting is scheduled for June, followed by an expected diplomatic conference during which nations that are members of WIPO--a U.N. agency--could sign the final treaty.
The treaty--which was proposed by the Bush administration and is backed by Yahoo, the Washington-based Digital Media Association and other U.S. Webcasters--generally seeks to extend to Webcasters the same level of international intellectual property protection that TV and radio broadcasters currently enjoy. The Webcasting sections are part of a broader proposal titled "Protection of the Rights of Broadcasting Organizations."
Jamie Love, who works for the Ralph Nader-affiliated Consumer Project on Technology, says the treaty is worrisome because it creates an additional legal protection for works in the public domain that are Webcast.
"Say there's a film that's out of copyright and in the public domain, but it's in the vault of some movie studio," Love said. "If you got it from the broadcast, you're not allowed to make a copy. You have to go to the original source."
In other words, anyone viewing a Webcast of material that falls outside of copyright--such as a government-created documentary or a very old movie or audio recording--may not be able to freely store and redistribute that content.…
http://zdnet.com.com/2100-1104_2-5103456.html
"A United Nations committee on Wednesday approved the world's first Webcasting treaty, which has drawn criticism that it limits the use of works that are in the public domain. "
At a meeting in Geneva, the World Intellectual Property Organization's Standing Committee on Copyright and Related Rights agreed to prepare a draft of the treaty by April 1, 2004. A second meeting is scheduled for June, followed by an expected diplomatic conference during which nations that are members of WIPO--a U.N. agency--could sign the final treaty.
The treaty--which was proposed by the Bush administration and is backed by Yahoo, the Washington-based Digital Media Association and other U.S. Webcasters--generally seeks to extend to Webcasters the same level of international intellectual property protection that TV and radio broadcasters currently enjoy. The Webcasting sections are part of a broader proposal titled "Protection of the Rights of Broadcasting Organizations."
Jamie Love, who works for the Ralph Nader-affiliated Consumer Project on Technology, says the treaty is worrisome because it creates an additional legal protection for works in the public domain that are Webcast.
"Say there's a film that's out of copyright and in the public domain, but it's in the vault of some movie studio," Love said. "If you got it from the broadcast, you're not allowed to make a copy. You have to go to the original source."
In other words, anyone viewing a Webcast of material that falls outside of copyright--such as a government-created documentary or a very old movie or audio recording--may not be able to freely store and redistribute that content.…
http://zdnet.com.com/2100-1104_2-5103456.html
FTC Slams Pop-Up Spammer:
"The Federal Trade Commission Thursday took action against a company that it alleges was exploiting a security hole in Microsoft's Messenger Service utility to send full-screen pop-up ads to consumers advertising software that would block the very same pop-up ads."
At the FTC's request, the U.S. District Court for the Northern District of Maryland issued a temporary restraining order against D Squared Solutions LLC, and its officers, Anish Dhingra and Jeffrey Davis, blocking them from continuing their business practices. The FTC plans to seek further legal action against the defendants, including recovering any revenue the company earned from selling its software.
The FTC complaint alleges that the defendants caused Messenger Service windows to pop up on consumers' computer screens as often as every 10 minutes, advertising software that would block future pop-up spam messages.
According to the FTC, the defendants placed their pop-up ads near the center of users' computer screens, blocking the user's work. The ads appeared as long as the users were connected to the Internet, leading to particular trouble for users with always-on broadband connections. The FTC alleges that these users continued to be bombarded by the pop-ups, even when they working in other applications such as word-processing or spreadsheet programs.
The complaint states that the defendants allegedly either sold or licensed their pop-up-sending software to other people, allowing them to engage in the same conduct. The defendants' Web site allegedly offered software that would allow buyers to send pop-ups to 135,000 Internet addresses per hour, along with a database of more than two billion unique addresses.
The defendants advertised their product at a number of sites including broadcastblocker.com, defeatpopupspam.com, directadstopper.com and easypopupblocker.com. D Squared Solutions, of San Diego, has long been vilified for its practices at anti-spam Web sites. The company, usually doing business under the brand name BroadcastMarketer, had been in a running battle with America Online Inc., which was trying to block D Squared's pop-up ads from its Internet service.
D Squared Solutions has allegedly licensed the software to another San Diego company, Scintillant Inc., which sells the software from the byebyeads.com and endads.com sites. The FTC is considering action against that company as well, though those sites remain up.
"It's an unfair practice to [send] advertisements that create a problem and then charge consumers for the solution," said Howard Beales, director of the FTC's Bureau of Consumer Protection. "We call that extortion, and it's not any different in the high-tech world."
http://www.eweek.com/print_article/0,3048,a=111640,00.asp
"The Federal Trade Commission Thursday took action against a company that it alleges was exploiting a security hole in Microsoft's Messenger Service utility to send full-screen pop-up ads to consumers advertising software that would block the very same pop-up ads."
At the FTC's request, the U.S. District Court for the Northern District of Maryland issued a temporary restraining order against D Squared Solutions LLC, and its officers, Anish Dhingra and Jeffrey Davis, blocking them from continuing their business practices. The FTC plans to seek further legal action against the defendants, including recovering any revenue the company earned from selling its software.
The FTC complaint alleges that the defendants caused Messenger Service windows to pop up on consumers' computer screens as often as every 10 minutes, advertising software that would block future pop-up spam messages.
According to the FTC, the defendants placed their pop-up ads near the center of users' computer screens, blocking the user's work. The ads appeared as long as the users were connected to the Internet, leading to particular trouble for users with always-on broadband connections. The FTC alleges that these users continued to be bombarded by the pop-ups, even when they working in other applications such as word-processing or spreadsheet programs.
The complaint states that the defendants allegedly either sold or licensed their pop-up-sending software to other people, allowing them to engage in the same conduct. The defendants' Web site allegedly offered software that would allow buyers to send pop-ups to 135,000 Internet addresses per hour, along with a database of more than two billion unique addresses.
The defendants advertised their product at a number of sites including broadcastblocker.com, defeatpopupspam.com, directadstopper.com and easypopupblocker.com. D Squared Solutions, of San Diego, has long been vilified for its practices at anti-spam Web sites. The company, usually doing business under the brand name BroadcastMarketer, had been in a running battle with America Online Inc., which was trying to block D Squared's pop-up ads from its Internet service.
D Squared Solutions has allegedly licensed the software to another San Diego company, Scintillant Inc., which sells the software from the byebyeads.com and endads.com sites. The FTC is considering action against that company as well, though those sites remain up.
"It's an unfair practice to [send] advertisements that create a problem and then charge consumers for the solution," said Howard Beales, director of the FTC's Bureau of Consumer Protection. "We call that extortion, and it's not any different in the high-tech world."
http://www.eweek.com/print_article/0,3048,a=111640,00.asp
Thursday, November 06, 2003
Weakness Reported in Wireless Security Protocol:
"A researcher at ICSA Labs has reported that some implementations of Wi-Fi Protected Access (WPA), a standard for cryptography of data on Wi-Fi networks, can be compromised through a dictionary attack. Robert Moskowitz, senior technical director at ICSA Labs, detailed the attack scenario in a paper published yesterday."
Not all WPA-based networks are vulnerable. Those most at risk, according to the paper, are the ones that use the "pre-shared key" method for passphrase generation. Most implementations of WPA, in order to make use of the cryptography accessible to unsophisticated users with normal home computing equipment, allow users to enter a common shared phrase into a WPA user interface on the computer. This phrase, along with the SSID, the visible name for the network, is transformed mathematically into a key used by the cryptography routines. Other key management techniques are available to WPA, but these generally require more expensive and complex network management equipment, such as authentication servers.
Moskowitz states that after sniffing a few packets of data from certain points in Wi-Fi standard communication, an attacker could use a "dictionary attack" on the data offline in an attempt to guess the passphrase. Users who employ short, simple passphrases could be quickly cracked. Users who have complex passphrases, such as "elmo2$fruit99.TAMMANY+1875" can feel more secure. According to Moskowitz: "A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks. ... This is considerably longer than most people will be willing to use."
Once the passphrase is guessed, the attacker can join the network like any legitimate user. Moskowitz did not address the use of other techniques, such as MAC address filtering, to stop unauthorized users.…
Weakness in Passphrase Choice in WPA Interface
http://wifinetnews.com/archives/002452.html
http://www.eweek.com/article2/0,4149,1375085,00.asp
"A researcher at ICSA Labs has reported that some implementations of Wi-Fi Protected Access (WPA), a standard for cryptography of data on Wi-Fi networks, can be compromised through a dictionary attack. Robert Moskowitz, senior technical director at ICSA Labs, detailed the attack scenario in a paper published yesterday."
Not all WPA-based networks are vulnerable. Those most at risk, according to the paper, are the ones that use the "pre-shared key" method for passphrase generation. Most implementations of WPA, in order to make use of the cryptography accessible to unsophisticated users with normal home computing equipment, allow users to enter a common shared phrase into a WPA user interface on the computer. This phrase, along with the SSID, the visible name for the network, is transformed mathematically into a key used by the cryptography routines. Other key management techniques are available to WPA, but these generally require more expensive and complex network management equipment, such as authentication servers.
Moskowitz states that after sniffing a few packets of data from certain points in Wi-Fi standard communication, an attacker could use a "dictionary attack" on the data offline in an attempt to guess the passphrase. Users who employ short, simple passphrases could be quickly cracked. Users who have complex passphrases, such as "elmo2$fruit99.TAMMANY+1875" can feel more secure. According to Moskowitz: "A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks. ... This is considerably longer than most people will be willing to use."
Once the passphrase is guessed, the attacker can join the network like any legitimate user. Moskowitz did not address the use of other techniques, such as MAC address filtering, to stop unauthorized users.…
Weakness in Passphrase Choice in WPA Interface
http://wifinetnews.com/archives/002452.html
http://www.eweek.com/article2/0,4149,1375085,00.asp
828041 - Overview of the Office 2003 Critical Update: November 4, 2003:
"Microsoft has released an update for Microsoft Office 2003. This update fixes a problem that occurs when you try to open or to save a Microsoft Office PowerPoint 2003 file, a Microsoft Office Word 2003 file, or a Microsoft Office Excel 2003 file that includes an OfficeArt shape that was previously modified and saved in an earlier version of Microsoft Office. When a PowerPoint 2003 file, a Word 2003 file, or a Excel 2003 file is opened in an earlier version of Office, empty 'complex' properties may be introduced into the file and a bit may be changed in the file record that describes these properties. Earlier version of Office will ignore this bit value but when this bit value is detected in Office 2003, you may experience the following symptoms: "
The document may not open completely.
The document may be corrupted.
The document may open but with missing content.
You might receive an error message.
When you open a PowerPoint presentation in PowerPoint 2003, you may receive one of the following error messages where filename is the name of the file that you are trying to open:
PowerPoint can't read filename.
PowerPoint can't open filename because part of file is missing.
PowerPoint can't open the type of file represented by filename.
When you open a PowerPoint presentation in PowerPoint Viewer 2003, you may receive the following error message where filename is the name of the file that you are trying to open:
PowerPoint Viewer cannot open the file filename because the file is corrupted.
When you open a Word document in Word 2003, you may receive the following error message:
Word experienced an error trying to open the file. Try these suggestions.
* Check the file permissions for the document or drive.
* Make sure there is sufficient free memory and disk space.
* Open the file with the Text Recovery converter.
Additionally, when you open the document in an Office 2003 program, you may receive one of the following error messages where filename is the name of your Office file:
Do you want to save the changes you made to filename?
There is insufficient memory. Save the document now.
filename is read-only. Do you want to save changes to a different file name?
This update is part of the continued attempt by Microsoft to provide the latest product updates to customers.
This article describes how to download and install Office 2003 Critical Update: KB828041.
http://support.microsoft.com/?kbid=828041
"Microsoft has released an update for Microsoft Office 2003. This update fixes a problem that occurs when you try to open or to save a Microsoft Office PowerPoint 2003 file, a Microsoft Office Word 2003 file, or a Microsoft Office Excel 2003 file that includes an OfficeArt shape that was previously modified and saved in an earlier version of Microsoft Office. When a PowerPoint 2003 file, a Word 2003 file, or a Excel 2003 file is opened in an earlier version of Office, empty 'complex' properties may be introduced into the file and a bit may be changed in the file record that describes these properties. Earlier version of Office will ignore this bit value but when this bit value is detected in Office 2003, you may experience the following symptoms: "
The document may not open completely.
The document may be corrupted.
The document may open but with missing content.
You might receive an error message.
When you open a PowerPoint presentation in PowerPoint 2003, you may receive one of the following error messages where filename is the name of the file that you are trying to open:
PowerPoint can't read filename.
PowerPoint can't open filename because part of file is missing.
PowerPoint can't open the type of file represented by filename.
When you open a PowerPoint presentation in PowerPoint Viewer 2003, you may receive the following error message where filename is the name of the file that you are trying to open:
PowerPoint Viewer cannot open the file filename because the file is corrupted.
When you open a Word document in Word 2003, you may receive the following error message:
Word experienced an error trying to open the file. Try these suggestions.
* Check the file permissions for the document or drive.
* Make sure there is sufficient free memory and disk space.
* Open the file with the Text Recovery converter.
Additionally, when you open the document in an Office 2003 program, you may receive one of the following error messages where filename is the name of your Office file:
Do you want to save the changes you made to filename?
There is insufficient memory. Save the document now.
filename is read-only. Do you want to save changes to a different file name?
This update is part of the continued attempt by Microsoft to provide the latest product updates to customers.
This article describes how to download and install Office 2003 Critical Update: KB828041.
http://support.microsoft.com/?kbid=828041
The Search Engine Report - Number 84:
"In This Issue
Search Engine Watch News
SES Chicago Agenda Available!
Search Engine Articles By Danny Sullivan
SearchDay Articles
Search Engine Articles
About The Search Engine Report"
Surprised Google & Microsoft Talked Takeover? You Shouldn't Be!
SearchDay, Nov. 5, 2003
http://searchenginewatch.com/searchday/article.php/3104441
New Developments In Local Search: Part 1, Moves By Overture
SearchDay, Oct. 14, 2003
http://searchenginewatch.com/searchday/article.php/3091341
Local Search Part 2: Google & Mobilemaps Bring Back Geosearching
SearchDay, Oct. 21, 2003
http://searchenginewatch.com/searchday/article.php/3096151
Google's API: For Fun, Not Profit (Yet)
SearchDay, Oct. 30, 2003
http://searchenginewatch.com/searchday/article.php/3096451
Balancing Paid and Organic Search Listings
SearchDay, Oct. 23, 2003
http://searchenginewatch.com/searchday/article.php/3095871
Expand Shorthand Meanings with the Acronym Finder
SearchDay, Oct. 20, 2003
http://searchenginewatch.com/searchday/article.php/3082911
Unusual Power Web Searching Commands
Online, Nov/Dec. 2003
http://www.infotoday.com/online/nov03/OnTheNet.shtml
Are eBay Affiliates Spamming Google with Your Words?
AuctionBytes.com, Nov. 2, 2003
http://www.auctionbytes.com/cab/abu/y203/m11/abu0106/s03
The Amazoning of Google? Search Firm Looks for Book Content
Publishers Weekly, Oct. 28, 2003
http://publishersweekly.reviewsnews.com/index.asp?layout=article&articleid=CA331934&publication=publishersweekly
http://searchenginewatch.com/sereport/article.php/3104511
"In This Issue
Search Engine Watch News
SES Chicago Agenda Available!
Search Engine Articles By Danny Sullivan
SearchDay Articles
Search Engine Articles
About The Search Engine Report"
Surprised Google & Microsoft Talked Takeover? You Shouldn't Be!
SearchDay, Nov. 5, 2003
http://searchenginewatch.com/searchday/article.php/3104441
New Developments In Local Search: Part 1, Moves By Overture
SearchDay, Oct. 14, 2003
http://searchenginewatch.com/searchday/article.php/3091341
Local Search Part 2: Google & Mobilemaps Bring Back Geosearching
SearchDay, Oct. 21, 2003
http://searchenginewatch.com/searchday/article.php/3096151
Google's API: For Fun, Not Profit (Yet)
SearchDay, Oct. 30, 2003
http://searchenginewatch.com/searchday/article.php/3096451
Balancing Paid and Organic Search Listings
SearchDay, Oct. 23, 2003
http://searchenginewatch.com/searchday/article.php/3095871
Expand Shorthand Meanings with the Acronym Finder
SearchDay, Oct. 20, 2003
http://searchenginewatch.com/searchday/article.php/3082911
Unusual Power Web Searching Commands
Online, Nov/Dec. 2003
http://www.infotoday.com/online/nov03/OnTheNet.shtml
Are eBay Affiliates Spamming Google with Your Words?
AuctionBytes.com, Nov. 2, 2003
http://www.auctionbytes.com/cab/abu/y203/m11/abu0106/s03
The Amazoning of Google? Search Firm Looks for Book Content
Publishers Weekly, Oct. 28, 2003
http://publishersweekly.reviewsnews.com/index.asp?layout=article&articleid=CA331934&publication=publishersweekly
http://searchenginewatch.com/sereport/article.php/3104511
Tuesday, November 04, 2003
Will Eolas' Browser Technology Patent Be Revoked?:
"The World Wide Web Consortium's (W3C) request to have the controversial ActiveX (define) patent reexamined and reversed might be unusual but it's not without precedent."
Back in 1994, the U.S. Patent and Trademark Office (USPTO) conducted a thorough reexamination and rescinded Patent Number 5,241,671, which was previously issued to Compton's New Media, a unit of Encyclopedia Britannica. When Compton's attempted to enforce the patent, which covered the use of text, graphics and sounds in multimedia applications, a huge public outcry forced the USPTO to order a re-examination.
Officials at the W3C are crossing fingers and hoping that an industry-wide protest will force the patent office to launch a reexamination to prevent "substantial economic and technical damage" to the operation of the World Wide Web.
U.S Patent No. 5,838,906 is at the heart of a multi-million dollar dispute between Microsoft (Quote, Chart) and Chicago-based Eolas Technology. In addition to forcing major changes Microsoft's flagship Internet Explorer browser, the enforcement of the '906 patent has sent Web developers scrambling to prepare code re-writes for Web pages that carry embedded interactive content.
In an interview with internetnews.com, chairman of the W3C's patent policy working group Daniel Weitzner cited the Compton's precedent and insisted there was enough prior art available to lead to an invalidation of the patent.
The W3C's HTML Patent Advisory Group, in a citation sent to the USPTO's Prior Art Department, presented what Weitzner described as "compelling evidence" of similar technology available long before Eolas even applied for the patent.
"The sole difference between the web browser described in the '906 patent and typical browsers that the patent acknowledges as prior art, is that with prior art browsers, the image in such cases is displayed in its own window, separate from the main browser window, whereas, with the '906 browser the image is displayed in the same window as the rest of the Web page, without the need for a separate window," the W3C said in its filing.
"That feature, (i.e., displaying, or embedding, an image generated by an external program in the same window as the rest of a Web page) had already been described in the prior art publications submitted herewith and was known to the Web development community. The claims of the '906 patent are therefore plainly obvious in view of this prior art," the standards group argued.
According to Weitzner, the W3C has clearly identified technology that established prior art to show that the patent Eolas applied for was "not at all novel at the time."
"It's clear that the patent didn't meet the required standard of novelty. Software developers have long recognized the usefulness of adding objects in word processing programs. This is certainly not novel and our filing attempts to prove that," Weitzner added.
Even if the W3C is successful with its reexamination request, legal experts say the brouhaha is far from being settled. When a patent is revoked, legal sources explained that a process known as "prosecution" follows. During "prosecution," patent attorneys and examiners at the USPTO trade documents in what is usually a long, drawn-out process.
"The patent office throws out patents all the time but rejections don't mean it ends there. Usually, if there's a bitter dispute, it can go all the way to the Supreme Court," the source said.
A spokesperson for the USPTO confirmed receipt of the W3C request and said a decision could come in a few days or could take up to 90 days. "It all depends on the merits of the request. If there are grounds for reexamination and substantial new questions are raised, we can order a reexamination," the spokesperson told internetnews.com.
In addition to poring over the W3C's prior art filings, the USPTO can hold hearings around the country to seek industry-wide opinion, the patent office spokesperson added.
Even as the W3C is insisting prior art is readily available, many wonder why this was never uncovered during the Microsoft/Eolas case that has been before the courts since 1999
According to W3C's Weitzner, efforts to have the jury consider the prior art in the HTML standard was not allowed "for procedural reasons. "It [the prior art] wasn't rejected for any reason that won't allow the patent office to reexamine it. It wasn't presented to the jury because of procedural issues," he insisted.…
http://www.internetnews.com/dev-news/article.php/3102651
"The World Wide Web Consortium's (W3C) request to have the controversial ActiveX (define) patent reexamined and reversed might be unusual but it's not without precedent."
Back in 1994, the U.S. Patent and Trademark Office (USPTO) conducted a thorough reexamination and rescinded Patent Number 5,241,671, which was previously issued to Compton's New Media, a unit of Encyclopedia Britannica. When Compton's attempted to enforce the patent, which covered the use of text, graphics and sounds in multimedia applications, a huge public outcry forced the USPTO to order a re-examination.
Officials at the W3C are crossing fingers and hoping that an industry-wide protest will force the patent office to launch a reexamination to prevent "substantial economic and technical damage" to the operation of the World Wide Web.
U.S Patent No. 5,838,906 is at the heart of a multi-million dollar dispute between Microsoft (Quote, Chart) and Chicago-based Eolas Technology. In addition to forcing major changes Microsoft's flagship Internet Explorer browser, the enforcement of the '906 patent has sent Web developers scrambling to prepare code re-writes for Web pages that carry embedded interactive content.
In an interview with internetnews.com, chairman of the W3C's patent policy working group Daniel Weitzner cited the Compton's precedent and insisted there was enough prior art available to lead to an invalidation of the patent.
The W3C's HTML Patent Advisory Group, in a citation sent to the USPTO's Prior Art Department, presented what Weitzner described as "compelling evidence" of similar technology available long before Eolas even applied for the patent.
"The sole difference between the web browser described in the '906 patent and typical browsers that the patent acknowledges as prior art, is that with prior art browsers, the image in such cases is displayed in its own window, separate from the main browser window, whereas, with the '906 browser the image is displayed in the same window as the rest of the Web page, without the need for a separate window," the W3C said in its filing.
"That feature, (i.e., displaying, or embedding, an image generated by an external program in the same window as the rest of a Web page) had already been described in the prior art publications submitted herewith and was known to the Web development community. The claims of the '906 patent are therefore plainly obvious in view of this prior art," the standards group argued.
According to Weitzner, the W3C has clearly identified technology that established prior art to show that the patent Eolas applied for was "not at all novel at the time."
"It's clear that the patent didn't meet the required standard of novelty. Software developers have long recognized the usefulness of adding objects in word processing programs. This is certainly not novel and our filing attempts to prove that," Weitzner added.
Even if the W3C is successful with its reexamination request, legal experts say the brouhaha is far from being settled. When a patent is revoked, legal sources explained that a process known as "prosecution" follows. During "prosecution," patent attorneys and examiners at the USPTO trade documents in what is usually a long, drawn-out process.
"The patent office throws out patents all the time but rejections don't mean it ends there. Usually, if there's a bitter dispute, it can go all the way to the Supreme Court," the source said.
A spokesperson for the USPTO confirmed receipt of the W3C request and said a decision could come in a few days or could take up to 90 days. "It all depends on the merits of the request. If there are grounds for reexamination and substantial new questions are raised, we can order a reexamination," the spokesperson told internetnews.com.
In addition to poring over the W3C's prior art filings, the USPTO can hold hearings around the country to seek industry-wide opinion, the patent office spokesperson added.
Even as the W3C is insisting prior art is readily available, many wonder why this was never uncovered during the Microsoft/Eolas case that has been before the courts since 1999
According to W3C's Weitzner, efforts to have the jury consider the prior art in the HTML standard was not allowed "for procedural reasons. "It [the prior art] wasn't rejected for any reason that won't allow the patent office to reexamine it. It wasn't presented to the jury because of procedural issues," he insisted.…
http://www.internetnews.com/dev-news/article.php/3102651
SANS Top 20 Vulnerabilities - The Experts Consensus:
"The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus"
The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems. The easy and destructive spread of worms, such as Blaster, Slammer, and Code Red, can be traced directly to exploitation of unpatched vulnerabilities.
Three years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top Twenty lists that followed one and two years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to the examples above Blaster, Slammer, and Code Red, as well as NIMDA worms - are on that list.
This updated SANS Top Twenty is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux. Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty vulnerable services.
The Top Twenty is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious federal agencies in the US, UK and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute. A list of participants may be found at the end of this document.
The SANS Top Twenty is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods are identified, and we welcome your input along the way. This is a community consensus document -- your experience in fighting attackers and in eliminating the vulnerabilities can help others who come after you. Please send suggestions via e-mail to top20@sans.org.
Top Vulnerabilities to Windows Systems
W1 Internet Information Services (IIS)
W2 Microsoft SQL Server (MSSQL)
W3 Windows Authentication
W4 Internet Explorer (IE)
W5 Windows Remote Access Services
W6 Microsoft Data Access Components (MDAC)
W7 Windows Scripting Host (WSH)
W8 Microsoft Outlook and Outlook Express
W9 Windows Peer to Peer File Sharing (P2P)
W10 Simple Network Management Protocol (SNMP)
Top Vulnerabilities to UNIX Systems
U1 BIND Domain Name System
U2 Remote Procedure Calls (RPC)
U3 Apache Web Server
U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
U5 Clear Text Services
U6 Sendmail
U7 Simple Network Management Protocol (SNMP)
U8 Secure Shell (SSH)
U9 Misconfiguration of Enterprise Services NIS/NFS
U10 Open Secure Sockets Layer (SSL)
http://www.sans.org/top20/index.php
"The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus"
The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems. The easy and destructive spread of worms, such as Blaster, Slammer, and Code Red, can be traced directly to exploitation of unpatched vulnerabilities.
Three years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top Twenty lists that followed one and two years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to the examples above Blaster, Slammer, and Code Red, as well as NIMDA worms - are on that list.
This updated SANS Top Twenty is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux. Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty vulnerable services.
The Top Twenty is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious federal agencies in the US, UK and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute. A list of participants may be found at the end of this document.
The SANS Top Twenty is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods are identified, and we welcome your input along the way. This is a community consensus document -- your experience in fighting attackers and in eliminating the vulnerabilities can help others who come after you. Please send suggestions via e-mail to top20@sans.org.
Top Vulnerabilities to Windows Systems
W1 Internet Information Services (IIS)
W2 Microsoft SQL Server (MSSQL)
W3 Windows Authentication
W4 Internet Explorer (IE)
W5 Windows Remote Access Services
W6 Microsoft Data Access Components (MDAC)
W7 Windows Scripting Host (WSH)
W8 Microsoft Outlook and Outlook Express
W9 Windows Peer to Peer File Sharing (P2P)
W10 Simple Network Management Protocol (SNMP)
Top Vulnerabilities to UNIX Systems
U1 BIND Domain Name System
U2 Remote Procedure Calls (RPC)
U3 Apache Web Server
U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
U5 Clear Text Services
U6 Sendmail
U7 Simple Network Management Protocol (SNMP)
U8 Secure Shell (SSH)
U9 Misconfiguration of Enterprise Services NIS/NFS
U10 Open Secure Sockets Layer (SSL)
http://www.sans.org/top20/index.php
Apple Alerts Users of Issues With FireWire Storage:
"Following a growing number of online reports of problems when using external FireWire 800 hard drives with the recently released Mac OS X 10.3, aka Panther, Apple late Friday issued a blanket warning to users of all OS X versions. "
Posted on Apple's Web site, the "special message" said the company had identified an issue with external FireWire hard drives. It pointed to the Oxford Semiconductor Ltd.'s 922 bridge chipset with Version 1.02 firmware as the source of the problem. "In the interim, Apple recommends that you do not use these drives. To stop using the drive, you should unmount or eject the disk drive before doing anything else," the message stated.
This problem occurs with external drives using the FireWire 800 interface. All current Macs, desktops and notebooks, come either with the older FireWire 400 or faster FireWire 800 interface, or both.…
http://www.eweek.com/article2/0,4149,1369891,00.asp
"Following a growing number of online reports of problems when using external FireWire 800 hard drives with the recently released Mac OS X 10.3, aka Panther, Apple late Friday issued a blanket warning to users of all OS X versions. "
Posted on Apple's Web site, the "special message" said the company had identified an issue with external FireWire hard drives. It pointed to the Oxford Semiconductor Ltd.'s 922 bridge chipset with Version 1.02 firmware as the source of the problem. "In the interim, Apple recommends that you do not use these drives. To stop using the drive, you should unmount or eject the disk drive before doing anything else," the message stated.
This problem occurs with external drives using the FireWire 800 interface. All current Macs, desktops and notebooks, come either with the older FireWire 400 or faster FireWire 800 interface, or both.…
http://www.eweek.com/article2/0,4149,1369891,00.asp
ZDNet: Printer Friendly - New worm poses DoS attack threat:
"Security experts warned Friday of a potentially harmful new e-mail worm that is slowly spreading among corporate and home e-mail users.
The Mimail.c worm, a variant of an earlier pest that achieved modest distribution by posing as a message from a company's information technology staff, was first detected late Thursday and managed to infect a handful of PCs. "
According to McAfee's description, Mimail.c spreads by e-mail, appearing in mailboxes as a message with the subject "our private photos." The body of the message promises revealing photos, if the recipient opens up an attached file saved in the Zip compression format. If the file is opened, the worm attempts to spread itself by sending messages to e-mail addresses culled from the infected PC.
The worm also attempts to launch a denial-of-service attack by sending large volumes of "garbage data" to Web addresses associated with DarkProfits, a gaming enthusiast site that has been the subject of a persistent e-mail hoax.
Mimail.c also spoofs the address the message is generated from, with all messages appearing to come from "James" at the same domain as the recipient.
http://zdnet.com.com/2100-1105_2-5100741.html?tag=adnews
"Security experts warned Friday of a potentially harmful new e-mail worm that is slowly spreading among corporate and home e-mail users.
The Mimail.c worm, a variant of an earlier pest that achieved modest distribution by posing as a message from a company's information technology staff, was first detected late Thursday and managed to infect a handful of PCs. "
According to McAfee's description, Mimail.c spreads by e-mail, appearing in mailboxes as a message with the subject "our private photos." The body of the message promises revealing photos, if the recipient opens up an attached file saved in the Zip compression format. If the file is opened, the worm attempts to spread itself by sending messages to e-mail addresses culled from the infected PC.
The worm also attempts to launch a denial-of-service attack by sending large volumes of "garbage data" to Web addresses associated with DarkProfits, a gaming enthusiast site that has been the subject of a persistent e-mail hoax.
Mimail.c also spoofs the address the message is generated from, with all messages appearing to come from "James" at the same domain as the recipient.
http://zdnet.com.com/2100-1105_2-5100741.html?tag=adnews
Monday, November 03, 2003
Music-Sharing Service at M.I.T. Is Shut Down:
"It was hailed as ingenious: a way to listen to music on demand while avoiding the legal battleground of file sharing. Best of all, the music was fully licensed, so there would be no legal trouble."
But it was not, and there is. On Friday, the Massachusetts Institute of Technology announced that it would temporarily shut down its groundbreaking Library Access to Music System until the licensing rights can be worked out.
The music service had its official start one week ago but within hours, music companies, including the Universal Music Group, complained that they had not granted - or been paid for - the required legal permission to make the copies of their songs used by the system.
The creators of the new service, M.I.T. students Keith Winstein and Josh Mandel, were dumbfounded by the industry move, since they had paid Loudeye, a company in Seattle, to fill a hard drive with licensed songs. Mr. Winstein and Mr. Mandel said that they thought the contract with the company guaranteed that the copyright issues had been resolved.
"So far as I know, we bought this music fair and square," Mr. Winstein said.
He called the decision to suspend the service crushing, but he hoped it would only be temporary.
"The prudent thing to do, the good faith thing to do, is to take it down while we feel out where we stand," he said.
The music library idea is a clever blend of technology and law. Its creators built the system within the school's cable TV network; the analog TV network would, the students thought, help sidestep the expensive and restrictive laws and regulations that have grown up around the copying and sharing digital copies of music.
It was supposed to resemble the analog world of radio, in which stations pay performance fees to artists representatives like the American Society of Composers, Authors and Publishers but do not pay royalties to the music labels. Because students could listen to the music without making or trading copies, the system's creator thought that they only had to make sure they had legally purchased the music and would not require further payments to the labels.…
http://www.nytimes.com/2003/11/03/technology/03mitt.html
"It was hailed as ingenious: a way to listen to music on demand while avoiding the legal battleground of file sharing. Best of all, the music was fully licensed, so there would be no legal trouble."
But it was not, and there is. On Friday, the Massachusetts Institute of Technology announced that it would temporarily shut down its groundbreaking Library Access to Music System until the licensing rights can be worked out.
The music service had its official start one week ago but within hours, music companies, including the Universal Music Group, complained that they had not granted - or been paid for - the required legal permission to make the copies of their songs used by the system.
The creators of the new service, M.I.T. students Keith Winstein and Josh Mandel, were dumbfounded by the industry move, since they had paid Loudeye, a company in Seattle, to fill a hard drive with licensed songs. Mr. Winstein and Mr. Mandel said that they thought the contract with the company guaranteed that the copyright issues had been resolved.
"So far as I know, we bought this music fair and square," Mr. Winstein said.
He called the decision to suspend the service crushing, but he hoped it would only be temporary.
"The prudent thing to do, the good faith thing to do, is to take it down while we feel out where we stand," he said.
The music library idea is a clever blend of technology and law. Its creators built the system within the school's cable TV network; the analog TV network would, the students thought, help sidestep the expensive and restrictive laws and regulations that have grown up around the copying and sharing digital copies of music.
It was supposed to resemble the analog world of radio, in which stations pay performance fees to artists representatives like the American Society of Composers, Authors and Publishers but do not pay royalties to the music labels. Because students could listen to the music without making or trading copies, the system's creator thought that they only had to make sure they had legally purchased the music and would not require further payments to the labels.…
http://www.nytimes.com/2003/11/03/technology/03mitt.html
Mars Orbiter Camera Public Target Request Site -- Introduction:
"If you would like to recommend a picture of Mars, this is the place.
The purpose of this web site is to solicit public and science community suggestions for future high resolution images to be obtained by the Mars Global Surveyor (MGS) Mars Orbiter Camera (MOC)."
We are looking for excellent suggestions for pictures of areas on Mars that MOC has not previously imaged. Using this web site interface, you will indicate the location of the recommended MOC image, and you will describe, in detail, the purpose of the image. When your request is received, it will be evaluated by the Mars science staff at Malin Space Science Systems (MSSS), then put into a database for future acquisition by MOC. At some time in the future, if the MGS ground track passes over the site you suggested, and there are no pre-existing conflicts with other MOC images, the camera will be commanded to take the picture. Recent images suggested by the public will be posted on the MSSS web site once a month; if the image you suggested is among them, and if you registered using your email address, you will be notified by email.
System requirements:
At this time, the Target Request site only works with Internet Explorer (IE). It was developed and tested with IE 6 / Windows 98 SE and IE 5.2.3 / Mac OS X (10.2.6). It is impractical for us to make it work with every browser on every platform, due to the incompatibility of various browsers.
JavaScript must be enabled.
Use of this site will be much more enjoyable with a broadband connection. Its map images take many minutes to download over a dialup connection.
Screen resolution of 1280 x 1024 or higher is recommended.
http://www.msss.com/plan/intro
"If you would like to recommend a picture of Mars, this is the place.
The purpose of this web site is to solicit public and science community suggestions for future high resolution images to be obtained by the Mars Global Surveyor (MGS) Mars Orbiter Camera (MOC)."
We are looking for excellent suggestions for pictures of areas on Mars that MOC has not previously imaged. Using this web site interface, you will indicate the location of the recommended MOC image, and you will describe, in detail, the purpose of the image. When your request is received, it will be evaluated by the Mars science staff at Malin Space Science Systems (MSSS), then put into a database for future acquisition by MOC. At some time in the future, if the MGS ground track passes over the site you suggested, and there are no pre-existing conflicts with other MOC images, the camera will be commanded to take the picture. Recent images suggested by the public will be posted on the MSSS web site once a month; if the image you suggested is among them, and if you registered using your email address, you will be notified by email.
System requirements:
At this time, the Target Request site only works with Internet Explorer (IE). It was developed and tested with IE 6 / Windows 98 SE and IE 5.2.3 / Mac OS X (10.2.6). It is impractical for us to make it work with every browser on every platform, due to the incompatibility of various browsers.
JavaScript must be enabled.
Use of this site will be much more enjoyable with a broadband connection. Its map images take many minutes to download over a dialup connection.
Screen resolution of 1280 x 1024 or higher is recommended.
http://www.msss.com/plan/intro
Subscribe to:
Posts (Atom)
Posts
