CNET NEWS.COM - AT&T spam filter loses valid e-mail.
AT&T WorldNet this week activated a risky spam-filtering technique that it shortly had to defuse after subscribers discovered they were losing legitimate e-mail.
Late Wednesday night, the Web access provider instituted a new junk e-mail filtering rule in an attempt to stanch an ever-rising tide of unsolicited commercial messages to its subscribers, which number in the millions. But because of the unreliable nature of the technique, some messages from friends and colleagues to AT&T subscribers were never delivered, without either sender or recipient being notified of the missed message.
"While we were attempting to do good...we realized that legitimate e-mails were being rejected, so we removed that filtering rule," said Janet Wyles, an AT&T WorldNet spokeswoman. She added that the filter was removed 24 hours after it was implemented, but the company plans to reinstate it after some kinks are ironed out late Friday.
CNET NEWS.COM - What's in a name? Not Palladium.
Microsoft has dropped the code name of its controversial security technology, Palladium, in favor of this buzzword-bloated tongue twister: "next-generation secure computing base."
On Friday, the company said that the name Palladium had become tarnished by controversy surrounding some elements of Microsoft's security push. In additional, it faced a potential legal battle with a small firm over the Palladium name.
"The official story--and it's true--is that we intended to change the name for a long time," said Mario Juarez, product manager for Microsoft's Windows Trusted Platform Technologies Group. "The fact that it was something that got a lot of attention and gave rise to a lot of misunderstanding" was also a factor, he said.
[ ... ]
Microsoft's Juarez dismissed any suggestions that the name change implied that the company was trying to dodge criticism.
"That's not the reason that we are doing it," he said. "This is really reflective of the fact that Microsoft is embracing this technology in terms of folding it into Windows for the next decade."
Yeah ... And I live near a nice bridge. Anyone want to buy it? 
Privacy News from Wired News - Both Parties Wary of Data Mining.
An amendment to a spending bill that requires the Pentagon to spill the beans to Congress on its Total Information Awareness project gets bipartisan support. Privacy advocates see it as a step in the right direction.
[ ... ]
Democratic Sen. Ron Wyden's amendment, passed by a unanimous voice vote, limits the transfer of the project's technology from the Pentagon's Defense Advanced Research Projects Agency, better known as DARPA, to other agencies.
"This amendment is the first thing the Senate could do, and the simple fact that it passed so quickly with such wide support shows that people across a spectrum of interests want to see some oversight," said Ari Schwarz of the Center for Democracy and Technology.
The bill now moves to a joint Senate and House committee to work out differences in the respective versions, but Wyden's amendment is widely expected to survive. President Bush has threatened to veto the spending bill over abortion funding, however.
[ ... ]
On Tuesday, another Republican, Sen. Chuck Grassley of Iowa, sent a strongly worded letter to Attorney General John Ashcroft, asking if the Justice Department and the FBI have been evasive about their involvement, and requesting a complete report.
Grassley's concern came after the Justice Department's inspector general, in response to questions submitted in November, informed him the FBI was nearing a deal with DARPA.
"(The) FBI is working on a Memorandum of Understanding with DARPA for possible experimentation with TIA technology in the future," according to Grassley's website.
A representative for the FBI denied that any such agreement was in the works, but did say the agency is seeking to improve its information technology.
Slashdot | Cross-Site-TRACE.
quackking writes "Uh-oh! Looks bad for RFC 2068! Kudos to WhiteHat out of Santa Clara, CA for this one. ALL current web servers comply with this RFC, which means they ALL are vulnerable to this newly named attack - XST - cross-site-trace. When misused, TRACE, part of the HTTP protocol, allows an unauthorized script to be passed to a Web server for execution even if the server is secured against running such scripts. Even devices like web-managed routers are open to this."
Scripting News - SQL virus reports.
While not running any Microsoft software MS-SQL or otherwise my ISP was hit hard and I was unable to get anyplace past net connect for a while. Things seem or (for me) for now. This would probably also expain the extreme connectivity problems I was having late last night (early this AM).
 6:30AM Pacific. Heard a report on NPR that some kind of Internet-wide denial of service attack is underway. They quote Microsoft saying it's serious. If you have more information, esp Web pages I can point to, please post a comment on my Radio weblog. Thanks.
Reports: CNN, BBC, Slashdot, Beta News, Google, AP, Reuters.
Lawrence Lee: "Here's a chart from the Internet Traffic Report with global packet loss for the past 24 hours."
Freedom.Org: "Quick fix is to firewall port 1434/UDP traffic, and reboot the affected SQL servers."
Slashdot: "If you run Microsoft SQL Server, make sure the public Internet can't access it."
Beta News: "The attack used a buffer overflow to execute code on a vulnerable SQL Server, causing that system to randomly seek out other computers to infect and in the process consume massive amounts of bandwidth."
Slashdot | MS SQL Server Worm Wreaking Havoc.
defile writes "Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. Reports of some hosts receiving 10 per minute or more. internetpulse.net is reporting UUNet and Internap are being hit very hard. This is the cause of major connectivity problems being experienced worldwide. It is believed this worm leverages a vulnerability published in June 2002. Several core routers have taken to blocking port 1434 outright. If you run Microsoft SQL Server, make sure the public internet can't access it. If you manage a gateway, consider dropping UDP packets sent to port 1434." bani adds "This has effectively disabled 5 of the 13 root nameservers."
CNET NEWS.COM - Tech firms fight copy-protection laws.
Slashdot | Tech Firms Fight Copy Protection Laws.
buulu writes "CNET is running an article about Alliance For Digital Progress going on the offensive against Hollywood over digital copy protection. The alliance consists of some of the big names: Apple, Cisco Systems, Dell, Hewlett-Packard, Information Technology Association of America, IBM, Intel, Microsoft, Motorola, etc."
Economist.com - No hiding place.
The protection of privacy will be a huge problem for the internet society
[ ... ]
Offline, too, monitoring of people's behaviour has increased by leaps and bounds in recent years. The use of credit, store and debit cards leaves a trail of electronic data. So does turning on a mobile phone, even if no calls are made or received. The phone operator can not only monitor calls but also record the location of the phone. Electronic systems for public-transport tickets, road tolls and access to buildings of all kinds are expected to spread rapidly. Governments around the world are moving to record their own transactions and the provision of services to their citizens electronically. Monitoring of telephone calls, voicemail, e-mail and computer use by employers is easier and more widespread than ever before.
The use of video surveillance cameras is also growing. Britain has an estimated 1.5m cameras monitoring public places. According to one estimate, the average Briton is recorded by CCTV cameras 300 times a day. As cameras have become cheaper, smaller and more effective, they are proliferating and can now be found almost anywhere: airports, aeroplanes, buses, shopping malls, schools, public buildings, offices, factories and increasingly in people's homes too. Digital cameras allow the images collected to be stored and analysed much faster and more cheaply than in the past.
And this is only the beginning. Engineers are now developing cameras that employ low-level radiation to "see" through clothing, walls or cars. Miniature bugging devices capable of transmitting video or audio signals for miles and for years, commercial satellites powerful enough to recognise objects as small as one metre across, and tiny tracking chips cheap enough to be attached to many products or people are already available. Cheaper and more powerful versions are expected in the next few years. Technologies such as face-recognition software and biometric identification, which security experts say are not yet reliable enough, are being installed nevertheless, and will improve over the coming decade, as will the ability to crunch and analyse the mountain of data generated by all this monitoring.
[ ... ]
One problem is that privacy is hard to define or protect in the abstract. Presented with the prospect of losing it, many people might well prefer to eschew the substantial benefits that new technology offers. But they will not, in practice, be offered that choice. Instead, each benefit--more security against terrorists or criminals, better government services, higher productivity at work, better medical care, a wider selection of products, more convenience, more entertainment--will seem worth the surrender of a bit more personal information, or a marginal increase in monitoring. Yet the cumulative effect of these bargains, each seemingly attractive on its own, will be the relentless destruction of privacy.
[ ... ]
The debate is being complicated by the distinction between the collection of information by governments and by the private sector. For understandable reasons, governments remain the larger worry for most people. In the 20th century it was Big Brother governments, not marketing firms, that became nightmares. And yet in the networked society of the future it could well prove easier to tame an overly intrusive government than a private sector hungry for more and more information. An entrepreneurial private sector, driven by competition to seize on every new technological possibility, is likely to find ways round most obstacles placed in its way. And whatever information the private sector collects will be accessible to the government too, through subpoenas and search warrants. E-mails have already become a staple of court cases.
Slashdot | US Opens Portal for Online Comments on Regulations.
Judg3 writes " My most recent newsletter from the Center for Democracy and Technology included a link to the newly unveiled Regulations.Gov site that allows individuals to more easily find and comment on proposed rules being considered by federal agencies. Comment on proposed rules ranging from the Secretary of Defense, Coast Guard, Veteran Affairs Admission, to even the Post Office." ---Here's a newsletter about the site.
Slashdot | Your Rights Online - Issues for the Internet Society.
DenOfEarth writes "The Economist has published a series of articles detailing some of the issues facing our current society and the technological leaps and bounds that are leading to the future internet society. They include: Protection of Privacy, Constant internet connectivity, Copyright 's Role in the Future, Technology-based Democratic Process, Government Authority, and Social and Political Ramifications. There's a good deal of information to waste one's time with here, but some good discussion is bound to come out of it."
IBM Watson Research - Global Security Analysis Lab: TCPA Resources.
IBM's Global Security Analysis Lab (GSAL) has done extensive analysis of the Trusted Computing Platform Alliance (TCPA) chip available on some IBM systems. We have the chip running under Linux, and have studied it extensively. In order to clarify a lot of misunderstanding about the chip, we are making available some helpful white papers and open source device drivers for Linux, so that interested people can test and use the chip in an open environment.
Available Downloads: (PDF documents)
- "Why TCPA"
This white paper describes the goals of the TCPA chip, and shows how it can be used to protect a user's authentication keys and sensitive data against remote attacks.
- "TCPA Misinformation Rebuttal"
This white paper responds point by point to several papers and web pages which have criticized the TCPA chip based on misunderstandings and incorrect analysis.
- "TCPA Device Driver for Linux"
This package contains full source code for a Linux device driver for the TCPA chip, released under the GPL.
Slashdot | IBM Trials TCPA Chip Under Linux.
keihin writes "From IBM: IBM's Global Security Analysis Lab (GSAL) has done extensive analysis of the Trusted Computing Platform Alliance (TCPA) chip available on some IBM systems. We have the chip running under Linux, and have studied it extensively. In order to clarify a lot of misunderstanding about the chip, we are making available some helpful white papers and open source device drivers for Linux, so that interested people can test and use the chip in an open environment."
|
