Administrivia: OK it looks like I am back up for the moment. It looks like my DinoMac's 15-inch monitor is getting tired. Starting Friday it demanded a little time off and refused to display clearly. I guess its going to need contacts soon. It is kinda old. It came with my old 486 system and I moved it over to my Mac when I switched back. For some reason it just powered up looking all fuzzy for a few days, but seems to be displaying OK for the moment. Anyone in the NYC area upgrading to an LCD and have an extra monitor they would like to find a home for?? Be kind to the environment, don't throw it out give it a new home at my place. or if you're in a really good mood you could always get me a new monitor or maybe even a new iBook/Powerbook or iMac. I'd wish for an LCD but my current system(the DinoMac) is to old to support the DVI or ADC interface

The Toronto Star - Thestar.com/Customs, travellers will soon see eye to eye.

For a $50 annual fee, Canadian and U.S. citizens will be able to register for a CANPASS-Air card starting in January. They'll have to pass annual background checks for criminal or immigration offences to get their photo ID card.

Slashdot | Iris Scanners in Canadian Airports.

Ian_Bailey writes "The Toronto Star is reporting that the first biometrics (Iris-scanning specifically) devices in airport will be in place in Toronto and Vancouver starting in March. These devices are meant to speed-up the check-in process for frequent travellers, without compromising security. It is stressed that privacy advocates have nothing to worry about, because they are completely voluntary and cannot be used to scan without a person's knowledge, but there is a brief note about using it in the future for staff."

New York Times - free registration required New Software Quietly Diverts Sales Commissions.

Some popular online services are using a new kind of software to divert sales commissions that would otherwise be paid to small online merchants by big sites like Amazon and eToys.

Critics call the software parasite-ware and stealware. But the sites that use the software, which is made by nearly 20 companies and used by dozens, say that it is perfectly legal, because their users agree to the diversion.

The amounts involved are estimated by those in the industry to have mounted into the hundreds of thousands of dollars and are likely to continue to grow -- in part because most users are unaware that the software is operating on their computers.

[ ... ]

What the consumers are not told clearly is that if they agree to participate, their computers may be electronically marked: all future purchases will look as if they were made through the software maker's site, even if they were not.

In many versions of the software, a purchase will look as if it was made through the software maker's site even if the shopper came in through another site that has its own affiliate agreement with the online store in question. Those affiliate sites include small businesses and even charities that use affiliate links as fund-raisers.

[ ... ]

Patrick Toland, a vice president for sales and marketing at TopMoxie, said that the company did not intend for its software to displace other affiliates' rights and that his company had altered the software in the last two weeks to stop substituting its affiliate identification code for those of other sites. "The second we realized this is a problem, we turned that boat around and said, `Let's get this out,' " he said. He added that the amount of money involved was minuscule.

Mr. Toland attributed the losses that the Web sites claimed to a tougher marketplace for small players.

[ ... ]

Arguments that the diversions are somehow the fault of an unintentional flaw do not persuade Erik Petersen, the chief technical officer at an Internet security company, Polar Cove, in Providence, R.I. Mr. Petersen said that he had received complaints about TopMoxie and LimeWire from friends and took a closer look. After conducting a detailed analysis of the software, he concluded that the TopMoxie program was intricately designed to substitute its affiliate identification code for that of other sites as transactions were made. He said that the program remained on the computer even if the user removed the original LimeWire music sharing software. "I don't buy their explanation," he said. "What kind of accident is that?"

Mr. Petersen also pointed to a statement made in an online forum where the technology was discussed, in which a LimeWire developer characterized accusations that the software diverts money as "pretty accurate," but said, "While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users."

A chief executive of one software company was similarly unapologetic about the diversion of commissions. "We look at affiliates as competitors," said Avi Naider, the chief executive of WhenU.com, which makes the diversion software used by the music swapping services Kazaa and BearShare. The software, he said, provides services to users and money to each company "so it doesn't have to charge" for the currently free software and services.

Slashdot | Stealware: Kazaa et al Stealing Link Commissions.

goombah99 writes "We all heard about spyware, well now Kazaa, Morpheus and LimeWire are sneaking a new type of nastiness onto your computer, software that - without you even knowing it - redirects commissions for online purchases you make from other vendors you make back to them. For example, if you buy a CD from an affiliate of Amazon.com, say some charity, the software fools Amazon into crediting the commission to Morpheus, not the charity! The story quotes a LimeWire Developer who admits 'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.' The insidious part is the stealware program remains even if you delete the original P2P software. And you supposedly gave your permission when you clicked through the EULA."

Slashdot | Your Rights Online - Hearing on Hollywood Hacking Bill.

DaveAtFraud writes "CNN says that Hilary Rosen and the RIAA are once again lobbying Congress for the right to sabotage P2P networks. Of course, Hilary says that the RIAA wouldn't abuse this capability. Luckily, some of the lawmakers are dubious. Also, Rep. Rick Boucher asked, 'What are the implications for the Internet's functionality when the inevitable arms race develops?' and pointed out that overzealous attempts to enforce existing copyright law had all too often targetted legitimate postings." --- There's also a News.com story.

InfoWorld - Microsoft VPN flaw may open intranets to attack.

A flaw in Microsoft's Point-to-Point Tunneling Protocol (PPTP) used to secure VPN (virtual private networks) leaves corporate intranets open to attack from outside, according to German IT security company Phion Information Technologies.

In a security advisory Thursday, Phion said that the Microsoft PPTP service shipping with Windows 2000 and Windows XP contains a remotely exploitable pre-authentication buffer overflow. This enables a specially crafted PPTP packet to overwrite kernel memory, such that a denial-of-service attack can lock up the server. This has been verified on Windows 2000 SP3 and Windows XP, Phion said in the advisory.

Microsoft has not yet confirmed the flaw.

Phion said that VPN clients are also vulnerable as the PPTP service continually listens on an I/O port, making always-on DSL clients particularly vulnerable, Phion said.

Slashdot | Microsoft PPTP Buffer Overflow; VPNs Vulnerable.

An anonymous reader writes "According to this InfoWorld article, a buffer overflow exploit has been discovered for Microsoft's PPTP implementation, which leaves Microsoft VPN solutions vulnerable to exploit. This overflow was discovered by the German security firm Phion; they have posted more info on this page." --- We might as well throw in yet another remote exploit for FrontPage, too. No, not last week's remote exploits - these are new. Coincidentally, the front group Microsoft organized for the purpose of quashing bug disclosure (that is, reducing Microsoft's bad press) is just now getting underway.

BW Online | September 27, 2002 | A Case to Define the Digital Age. A Supreme Court ruling on a 20-year extension of copyright protection could decide much of what Web surfers get to see, hear, and share

So far, there's little doubt who's winning the digital copyright wars. In the courts, the Big Five record labels have squashed Napster and copycat file-sharing services Aimster and Audio Galaxy. On Capitol Hill, Hollywood has launched a lobbying assault to pass two bills, one that would mandate copyright protection in all new consumer electronics and another that would permit copyright owners to hack into consumers' personal computers if the copyright holders suspect illegal activity. Their strategy is straightforward: Follow our rules, or we destroy you.

In theory, that could all change on Oct. 9, when the U.S. Supreme Court will hear the case of Eldred v. Ashcroft. It's a challenge to the controversial 1998 Sonny Bono Copyright Term Extension Act (CTEA), which lengthened copyright terms by 20 years, stretching them to 70 years after an artist's death.

Slashdot | Your Rights Online - Eldred vs. Ashcroft.

Sylver Dragon writes "Business week has a story about Eldred v. Ashcroft. Seems that Eldred wants to put some of Robert Frost's works on the web, but, sadly, those were copyrighted. What makes this more interesting, is that the works would have become public domain, had congress not extended the length of copyright after an artists death. So now, the Supreme court must decide if congress overstepped the bounds of the constutional provisions for copyright laws, when they made the last extension. With any luck, the Supreme Court will choose the "road less traveled."" --- The plaintiffs have a webpage with much information.

Slashdot | Help wanted: CTO at Warner Music..

Gill_Bates writes "It looks like Warner music group are looking for a CTO. I'm intrigued by the sentence that reads "Builds prototypes and evaluates alternatives for on-line music delivery, P2P warfare, copy protection, etc." --- "How many job descriptions include the phrase "Warfare"?

PCWorld.com - Mouse Scans Palms to Verify ID. Fujitsu builds scanning technology into mouse for biometric security.

[ ... ]

The mouse, which is still only a prototype, was developed by Fujitsu Laboratories researcher Masaki Watanabe as a platform to demonstrate his recently developed palm-scanner.

It works by shining an infrared light onto the palm, which illuminates the veins just under the skin, said Watanabe. The veins can be identified by the dark reflection that is returned and the scanner can then take a snapshot of the palm.

The snapshot is then matched with stored patterns of authorized users as the final stage of a process that takes less than one second to complete, according to the researcher.

Slashdot | Science - Mouse Scans Palms to Verify ID.

p00kiethebear writes "'Fujitsu is eyeing a variation on the centuries-old art of palmistry as the latest biometric weapon against unauthorized access to computer systems and facilities. The company has developed a computer mouse that will scan the palm of the user and deliver not a look into the future but verify the identity of that person.', With a .5% error rate I wouldn't be surprised if we saw this in offices within the next few years."