Symantec Security Response is aware of a widespread E-card which appears to have the characteristics of a worm. Security Response does not classify this as a malicious threat and as such will not detect any files associated with the E-card. The installation of software associated with the E-card requires the user's permission in order to perform it's mass-mailing capabilities. By cancelling the installation of the software, no worm-like activities will be performed.

Slashdot | First Worm with a EULA?.

ErikRed1488 writes "There is a new virtual postcard from Friend Greetings, owned by Permissioned Media that prompts you to install their software to view the card. You are then presented with a EULA granting them permission to e-mail all the Contacts in your Outlook Address Book. Those people are presented with an e-mail from you telling them they have a greeting card to pick up. So, this thing spreads like a worm, but includes a EULA that 95% of users won't take the time to read. Symantec isn't detecting this as a virus, but does have information about it on their site. In addition to the worm-like way it spreads, it also installs spyware designed to deliver ads to your computer. You also give them permission to install further software any time they want. In my opinion this is completely nasty, but it's all clearly in the EULA that you must agree to before it installs the software."

DMNews.com | News | FTC Director Outlines Year in Privacy.

The Federal Trade Commission's year-old privacy agenda recognizes the benefits of information sharing, a commission official said in a breakfast briefing yesterday at a Washington law firm.

Despite those benefits, said J. Howard Beales, director of the bureau of consumer protection at the FTC, "consumers are concerned about privacy."

He outlined what the commission has done to protect consumers over the past year under the FTC's new privacy agenda.

[ ... ]

He said that a national do-not-call registry would be in place by December as an "early Christmas present." More than 42,000 consumers weighed in favor of such a measure, he said, more than ever before for an issue.

MIT's Technology Review - The Palladium Paradox. we have everything to fear about the next operating system out of Redmond.

When Microsoft announced its entry into the "trusted computing" arena in June, the requisite witticism within the IT industry was that putting "Microsoft" next to "trusted" is an oxymoron. Four months later, many smirks have disappeared as the plans progress and the true significance of code-name Palladium becomes ever more clear.

The software, which is slated for future versions of the Windows operating system, looks on paper to be an all-good system for increasing privacy and security. The consequences of its deployment in the real world, however, will likely be decreased user control over the contents of their computers and a serious increase in Microsoft's stranglehold on desktops.

[ ... ]

Of course, there are always Macs or Linux operating systems, right?  After all, Microsoft so far has not said whether Palladium will only be for Windows. But here's where it gets really scary. If Hollywood sees 100 million machines running Palladium that can't copy the files they sell (excuse me, license), they will be sorely tempted to release digital content in formats only Palladium can unlock. Palladium becomes the preferred player for digital content. The dreaded unholy alliance between Microsoft and Hollywood becomes real.

[ ... ]

Trusted computing from a convicted monopolist that would lock up mainstream content? Even if Microsoft had any credibility as a provider of secure systems (it doesn't), Palladium should worry us.

Privacy News from Wired News - Implantable Chip, On Sale Now.

No sooner does the ink dry on the FDA's curiously quick approval of an implantable human chip than the company that produces it launches a national marketing campaign.

[ ... ]

"(ID chips) are a form of electronic leashes, a form of digital control," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "What happens if an employer makes it a condition of employment for a person to be implanted with the chip? It could easily become a condition of release for parolees or a requirement for welfare."

Rotenberg said EPIC has filed a Freedom of Information Request to learn more details about the FDA's sudden approval of VeriChip.

The chip has also alarmed some Christians, who fear it is the biblical "Mark of the Beast"; dozens of websites allude to the Satanic implications of the technology.

[ ... ]

The company plans to develop a prototype for an implantable GPS ID chip by the end of the year.

ZDnet - P2P hacking bill may be rewritten.

A proposal to let copyright owners hack into and disrupt peer-to-peer networks will be revised, a congressional aide said Wednesday.

Alec French, an aide to bill author Rep. Howard Berman, D-Calif., defended his boss' ideas but acknowledged that some critics had made reasonable points about the controversial proposal.

"He plans to significantly redraft the bill to accommodate reasonable concerns before reintroduction in the 108th (Congress)," French said during an afternoon event at the conservative Heritage Foundation.

Slashdot | Your Rights Online - Berman Retreats, But Only To Regroup.

thefinite writes "It looks like the P2P vigilante bill sponsored by Berman is going to have to be rewritten even just to be considered. A ZDNet story talks about the likelihood that the bill will get anywhere as currently written. Hopefully, the second time around will make it clear that the idea is flawed, not just the text."

ZDNet - "Critical" Kerberos flaw revealed.

Kerberos has lost some of its bite, according to the US government, which on Wednesday warned of a critical flaw that could allow hackers to circumvent the secure networking system.

Kerberos was invented by the Massachusetts Institute of Technology and is used by many large businesses as a way of keeping their networks secure. It uses strong encryption to verify the identity of any machine using a networked resource.

On Wednesday, the Computer Incident Advisory Capability ("CIAC") of the US government Department of Energy issued the warning, which originated at MIT. The flaw allows an attacker to gain unauthorized access to the key distribution center (KDC), which authenticates users, effectively compromising the security of the entire network.

Slashdot | Critical Kerberos Flaw Revealed.

doi writes "ZD Net is carrying a story about '...a critical flaw that could allow hackers to circumvent the secure networking system...The problem lies with software in MIT Kerberos 5 called kadmind4 (Kerberos v4 compatibility administration daemon), which allows compatibility with older administrative clients. A buffer stack overflow allows an attacker to use a specially formed request to gain access to the KDC with the privileges of a user running kadmind4.' It affects all MIT-derived versions of Kerberos 4 and 5."