WASHINGTON, Oct. 8 -- It's an evening ritual Americans love to hate: the phone call during dinner, bringing fabulous offers for credit cards, vinyl siding, vacation packages and other opportunities simply too good to turn down. Many consumers respond with a muttered curse, a polite "No, thank you" or a legally correct request to never be called again. But as the calls continue to pour in, some consumers are bolstering their defenses with a wide variety of black boxes bearing names like the TeleZapper and the Phone Butler that allow them to screen out or easily terminate sales calls.

Slashdot | Fighting Telemarketers with Technology.

prostoalex writes "According to an MSNBC story, 104 million telemarketing calls are made daily in the U.S. alone and technology is on the way to fight those special offers and incredible credit card rates. Zenith EZ HangUp, The Phone Butler, TriVOX VN100 and ScreenMachine are quoted in the article as new gadgets that allow phone owners to avoid the plagues of telemarketing."

CNET NEWS.COM - Group warns of hacked Sendmail programs.

Some copies of a popular mail-server program are implanted with a back door that could allow access to Internet attackers, security experts warned Tuesday.

A Computer Emergency Response Team (CERT) Coordination Center advisory said that illicit code added to the Sendmail package creates a back door when the program is compiled from its source code. Such a compromised program--called a Trojan horse by security experts--can leave networks exposed to attack and administrators unaware of the vulnerabilities.

The source code files of Sendmail 8.12.6 were apparently modified as far back as Sept. 28, according to the advisory. The Sendmail Consortium removed file transfer protocol (FTP) access to the server on Sunday. A safe version of the file can still be downloaded via the Web.

Political News from Wired News - Carnegie Mellon Fights Back.

PITTSBURGH -- The Defense Department is giving Carnegie Mellon University $35.5 million to develop tools and tactics for fighting cyberterrorism.

The inventions to be researched and engineered at the top computer science school would serve equally well in battling hackers and Internet crooks.

ZDNet |UK| - Microsoft: Users may have to pay for security.

RSA 2002: Microsoft is considering charging for additional security options, and admits it didn't move on security until customers were ready to pay for it

Microsoft "may offer new security abilities on a paid basis," according to the company's chief technical officer Craig Mundie. The possibility is under consideration within Microsoft's security business unit, recently set up under its own vice president, Mike Nash.

The idea is still only hypothetical, but represents an acknowledgement that Microsoft sees security not just as a necessary condition to reassure existing and future customers, but also as a potential source of revenue.

Slashdot | Security as a Profit Center?

Harry Erwin writes "This article seems to suggest Microsoft is now considering charging for security. I don't mind vendors like Counterpane Internet Security selling security services, but I would prefer operating system vendors to treat security as part of the core functionality of their products, if only because effective security has to be designed into the operating system from the start. This proposal would create a two-tier Internet and probably make things worse rather than better. Security is like public health and education--if you think it's expensive, consider the alternative."

[ ... ]

Asked why it has taken Microsoft 25 years to get trustworthy computing into the forefront of its efforts, he said: "Because customers wouldn't pay for it until recently." Admitting this was a flippant answer to a flippant question, Mundie said that chief information officers had only recently begun to demand security, and it is only in the last ten years that Microsoft has attempted to play in the security-requiring worlds of banking payroll and networked systems.

InfoWorld - 2002-09-13 - Windows and HIPAA.

Let's set aside for the moment whether today's Windows can ensure security of any kind. Let's also note that, except for XP's Media Player and digital rights management, Windows doesnt silently do all that much yet.

Here's the question: Since Microsoft may start using its new rights any time, won't it soon be against federal law for health care providers to rely on Windows to handle patient records?

"The EULA [end-user license agreement] change has really got me worried," writes Peter Clark, the owner of PClark.net Consulting. "I think the new SP3 license terms are in direct conflict with HIPAA. Either I don't install the service pack -- and am therefore running an OS with known security holes, which HIPAA frowns upon -- or I do install the service pack and thereby install a new security hole, which allows for automatic changes of the software configuration."

Slashdot | CERT: Sendmail Distribution Contained Trojan Horse.

Scoria writes "According to a CERT advisory published this afternoon, the public distribution of Sendmail 8.12.6 contained a trojan horse from September 28 to October 6. For more detailed information, please consult advisory CA-2002-28." --- This sounds very much like what happened to OpenSSH.

PingID .

PingID Network is a member owned identity network, the first of its kind, designed to accelerate the deployment of inter-company identity authentication and profile sharing -- the foundation of Single Sign-On and the future of web services.

PingID.org - Open Digital Identity Project.

Ping Identity is an open, principles based project focused on building digital identity infrastructure capable of ensuring that the rights and privileges we enjoy with our real world identities are not lost, changed or abused with respect to our digital ones. PingID stands for personal choice, privacy, security and control while ensuring maximum interoperability, openness, accessibility and an adherence to open standards.

The Ping Digital Identity Infrastructure project provides a complete open framework for developers, enterprises and service providers to deploy and embed digital identity services and functionality within their applications, devices or services. PingID provides everything required for end-users to establish, grow and exchange Digital Identity information in a secure environment, and for enterprises and service providers to provide trusted services to employees and end-users.