Microsoft warned system administrators on Wednesday that a new flaw in its Windows 2000 and NT domain controllers could leave their networks open to attack.

The vulnerability affects the Windows Locator service, software that translates network names into the addresses of actual resources, such as disks and printers, on a company's local area network.

"An attacker who successfully exploited this vulnerability could cause the Locator service to fail, or could cause code of the attacker's choice to be executed with system privileges," the software giant said in the security bulletin. "Customers running Windows NT 4.0 domain controllers or Windows 2000 domain controllers should apply the patch immediately."

The vulnerability is the first flaw this year to be classified by Microsoft as "critical"--a rating that denotes a problem that could be exploited by an attacker to gain control of a computer. The company changed its classification system last November, adding an "important" rating below the "critical" rating, in an attempt to flag only the most important flaws with the most severe level.

[ ... ]

Other versions of Windows could be affected, but only if the user installs the Locator service, which is not on by default.

CNET NEWS.COM - AOL shutters Web e-mail hole.

America Online shuttered a security hole in its Web e-mail service on Wednesday after being tipped off to the flaw, but not before "hundreds" of accounts had been compromised.

Few details of the incident have emerged, but AOL spokesman Andrew Weinstein confirmed that the online giant closed the hole Wednesday morning.

"We believe only a very small number of accounts--in the hundreds, not thousands--were affected," Weinstein said, adding that the company is still taking stock of the incident to pinpoint what accounts had been targeted.

The incident, first reported by the BetaNews Web site, apparently was caused by flaws in the software that authenticates international users. The flaws allowed anyone to access an AOL e-mail account with only the account name and not the password. An attacker, then, could gain access to a known account, or, by way of a lucky guess, a random account.

An attacker could then use the weakness to get hold of the AOL user's password. Using the account name, the attacker could attempt to log in to AOL Instant Messenger. The IM log-in window offers a link labeled "Forgot my password," which, when clicked, brings up a page in the user's Web browser asking if he or she would like the IM password e-mailed. In many--if not most--cases, AOL users assign the same password to their e-mail and instant messaging accounts.

CNET NEWS.COM - Republican senator slams database plan.

A Republican senator is lending his voice to criticism of a Pentagon data-mining project that could result in detailed electronic dossiers compiled on Americans.

Sen. Chuck Grassley of Iowa said he will support legislation to curb the scope of the controversial Total Information Awareness (TIA) project and limit the FBI's involvement with it. The full Senate could vote on the proposal as early as Thursday as an amendment to a spending bill.

Grassley, who is a frequent critic of government abuses of power, did not go as far as some Democratic senators and call for a broad moratorium on TIA, which is funded by the Defense Advanced Research Projects Agency (DARPA). Instead, his proposal says TIA may not be used for "domestic intelligence or law enforcement purposes."

CNET NEWS.COM - RIAA chief to step down.

The chief executive officer of the Recording Industry Association of America said Wednesday she would step down as head of the organization at the end of 2003, after a controversial five years at its helm.

Hillary Rosen has presided over a transformation of the organization that has matched the turmoil of the music industry since her ascension in 1998. Once a trade organization little known outside music and policy circles, the RIAA has become a household word known for its vigorous prosecution of online piracy, and its role as the nemesis of file-swapping services from Napster to Kazaa.

Business News from Wired News - Identity Theft on the Rise.

The government received twice as many complaints about identity theft last year than in 2001, with victims reporting hijacked credit cards, drained bank accounts and tarnished reputations.

"This is a crime that is almost solely on the shoulders of the victim to resolve," said Beth Givens, director of the Privacy Rights Clearinghouse, a San Diego-based consumer group. "They're beleaguered, they're tired, they're angry and it takes them a good deal of time to recover."

The number of identity theft complaints rose from about 86,000 in 2001 to about 162,000 last year, the Federal Trade Commission said Wednesday. The figures come from a government database of 380,000 fraud complaints collected by the FTC, the FBI and scores of law enforcement and consumer groups.

Identity theft accounted for 43 percent of the complaints, topping the government's list of consumer frauds for a third consecutive year. Gripes about fraud in Internet auctions ranked No. 2 and accounted for 13 percent of complaints.

Up to 700,000 people in the United States may be victimized by identity bandits each year, the Justice Department says. It costs the average victim more than $1,000 to cope with the damage to their accounts and reputations, the FTC has said.

Wired News - ISPs Must Forfeit Download Data.

A federal judge upholds the entertainment industry's power under the Digital Millennium Copyright Act to force Internet service providers to tattle on customers who illegally trade music or movies online.

[ ... ]

ternet providers must agree to requests by the music industry to track down computer users who illegally download music, a federal judge ruled Tuesday in a case that could dramatically increase online pirates' risk of being caught.

The decision by U.S. District Judge John D. Bates upheld the recording industry's power under a 1998 law to compel Net providers to identify customers that illegally trade music or movies online.

Bates acknowledged that the case was an important test of subpoena powers Congress granted to copyright holders under the Digital Millennium Copyright Act.

The judge said that controversial law, which was enacted to uphold copyrights online, permits music companies to force Net providers to turn over the name of a suspected pirate upon subpoena from any U.S. District Court clerk's office, without a judge's order.

Business News from Wired News - Rosen Waves Bye to RIAA.

Hilary Rosen, the music industry's foremost lobbyist and the chief executive of the Recording Industry Association of America, announces that she will resign at the end of the year.

Slashdot | Your Rights Online - Hilary Rosen Will Step Down As RIAA Head.

Phoenix666 writes "NYT Business reports Hilary Rosen is leaving. Question is, what head will spring from the Hydra next? Could this signal a shift in the RIAA's tactics? The article reports 'Rosen's departure comes as the organization sought to soften its image among Internet consumers, many of whom viewed the RIAA -- and Rosen personally -- with antipathy over incessant pressure for crackdowns on sharing digital music over the Internet.'" --- A press release on the RIAA site says that Rosen will leave at the end of this year.

The Village Voice: Features: The Guilt-Free Soldier. New Science Raises the Specter of a World Without Regret

[ ... ]

At the University of California at Irvine, experiments in rats indicate that the brain's hormonal reactions to fear can be inhibited, softening the formation of memories and the emotions they evoke. At New York University, researchers are mastering the means of short-circuiting the very wiring of primal fear. At Columbia University one Nobel laureate's lab has discovered the gene behind a fear-inhibiting protein, uncovering a vision of "fight or flight" at the molecular level. In Puerto Rico, at the Ponce School of Medicine, scientists are discovering ways to help the brain unlearn fear and inhibitions by stimulating it with magnets. And at Harvard University, survivors of car accidents are already swallowing propranolol pills, in the first human trials of that common cardiac drug as a means to nip the effects of trauma in the bud.

The web of your worst nightmares, your hauntings and panics and shame, radiates from a dense knot of neurons called the amygdala. With each new frightening or humiliating experience, or even the reliving of an old one, this fear center triggers a release of hormones that sear horrifying impressions into your brain. That which is unbearable becomes unforgettable too. Unless, it seems, you act quickly enough to block traumatic memories from taking a stranglehold.

Some observers say that in the name of human decency there are some things people should have to live with. They object to the idea of medicating away one's conscience.