Thursday, December 15, 2005

Telecoms want their products to travel on a faster Internet. Telecoms want their products to travel on a faster Internet. AT&T Inc. and BellSouth Corp. are lobbying Capitol Hill for the right to create a two-tiered Internet, where the telecom carriers' own Internet services would be transmitted faster and more efficiently than those of their competitors. The proposal is certain to provoke a major fight with Google Inc., Yahoo Inc., Time Warner Inc., and Microsoft Corp., the powerful owners of popular Internet sites. The companies fear such a move would give telecommunications companies too much control over a fast-growing part of the Internet. [Public Knowledge - Breaking News] 12:18:55 PM  PermaLink   / trackback []

NewsForge | Creating secure wireless access points with OpenBSD and OpenVPN You know how insecure 802.11x wireless networks are. In this article we'll create an OpenBSD-based secure wireless access point that prevents unauthorized access and encrypts every packet using a VPN tunnel. OpenBSD is one of the most secure operating systems available, is easy to use, and includes almost everything you need for this project in the base installation. If you are new to OpenBSD, consider reading our review of 3.8, as well as the project's Web site. The same goes for OpenVPN, and check out our recent article too. 12:16:55 PM  PermaLink   / trackback []

Securely setting up a Linux PC. Securely setting up a Linux PC. Linux, like Microsoft Windows, is simply a computer operating system but Linux in itself is not a magic wand that can be waved and make all sorts of computing problems disappear. While Windows has its own set of problems, so too does Linux. There is no such thing as a perfect or completely secure computer operating system. Whether the machine will be a desktop computer or a server; purpose is a key to understanding how to initially install and configure your Linux PC. Unlike Windows, Linux does not present itself as a "server" version or as a "desktop" version. During a typical installation of Linux the choice is yours as to exactly what software you wish to install and therefore exactly what type of a system you are constructing. Because of this, you need to be aware of the packages that the installation program is installing for you. For example, some distributions will configure and start a Samba server or a mail server as part of the basic install. Depending upon the purpose of your Linux PC and the security level you are prepared to accept, these services may not be needed or desired at all. Taking the time to familiarise yourself with your distributions' installer can prevent many headaches and/or reinstalls further down the road. [LinuxSecurity.com] 12:11:32 PM  PermaLink   / trackback []

Loudeye drops P2P protection baton. Loudeye drops P2P protection baton. Falls back on music services Loudeye has dropped out of the P2P file protection business, closing its Overpeer operation, incurring just $200,000 in severance and related payroll costs. The low severance cost gives a good idea of how little the company still had committed behind the effort. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 12:06:33 PM  PermaLink   / trackback []

'Dasher' No Reindeer Game. 'Dasher' No Reindeer Game. A new worm dubbed "Dasher" by antivirus companies is bringing an early holiday present for Microsoft Windows users who haven't applied a security update recently shipped from Redmond. According to a post on the blog of Finnish antivirus company F-Secure, we've seen two versions of this worm in the past few days, the first iteration of which didn't work right and fizzled. The worm is based on exploit code that was first posted online for the world to see just a few weeks ago. Microsoft released a patch in mid-October to fix the flaw Dasher exploits. If you're not up-to-date on patches, I'd strongly recommend heading over to Microsoft Update to remedy that. The virus authors appear to have fixed whatever hobbled the first Dasher, and the worm is now happily spreading Christmas cheer by dropping a keystroke logger on machines it infects. Many people may have the impression that keyloggers record everything a victim types on their keyboard. While a few keyloggers in use do that (usually the commercial variety designed to help parents spy on their kids' home computer use), the bad guys generally aren't interested in reading reams of IM chat conversations and silly e-mails. Plus, that's a huge amount of data to be sending out of an infected machine. Rather, a keylogger employed by viruses and worms usually works off a predefined list of financial and e-commerce sites. The keylogger program lies in wait until the victim visits one of those sites, at which time it intercepts any information entered into credit card and other personal data fields and transmits the information back to attackers. The [Security Fix (Wash Post)] 12:05:01 PM  PermaLink   / trackback []

Privacy and Security Law Blog: FCC Commences Rulemaking to Implement Junk Fax Prevention Act of 2005 The recent adoption of an Order and Notice of Proposed Rulemaking ( "NPRM") by the Federal Communications Commission to implement the Junk Fax Prevention Act of 2005 appears to drive the final nail into the coffin of the abortive FCC effort to tighten its "junk fax" rules by eliminating the exception for faxes to recipients with whom the sender has an "established business relationship, i.e., an "EBR." The action is the first step toward realization of Congress's reversal of an FCC decision that critics said would undermine, among other things, the vitality of faxes as a business-to-business tool and as a means for associations to communicate with their members. In the most immediate term, the significance of the FCC's action is that the Order indefinitely suspends the effectiveness of a rule the FCC adopted in 2003 (which has been stayed since its adoption and thus never has taken effect) to require prior written consent for all unsolicited fax advertisements. The FCC issued the Order/NPRM in response to the mandate in the Junk Fax Protection Act that the Commission adopt rules implementing the Act, the origins of which we describe here, by April 5, 2006, i.e., 270 days after the Act's passage. The new law became necessary after the FCC's 2003 decision to reverse its then decade-old rule that the Telephone Consumer Protection Act's prohibition on the use of fax machines to send unsolicited advertisements did not encompasses those sent pursuant to an EBR, the existence of which, the FCC reasoned, rendered the ads not "unsolicited." The FCC reversed itself on this point in 2003 on grounds that it received numerous complaints from recipients of unsolicited faxes citing intrusion on their residential privacy and/or the extent to which the faxes impose costs in time, toner and paper. 12:00:53 PM  PermaLink   / trackback []

Improve Cybersecurity, Group Urges Feds. Improve Cybersecurity, Group Urges Feds. Vendor alliance gives low marks on progress, points to survey of customer concerns. [PCWorld.com - Latest News Stories] 11:57:34 AM  PermaLink   / trackback []

Google Safe Browsing for Firefox Google Safe Browsing is an extension to Firefox that alerts you if a web page that you visit appears to be asking for your personal or financial information under false pretences. This type of attack, known as phishing or spoofing, is becoming more sophisticated, widespread and dangerous. That's why it's important to browse safely with Google Safe Browsing. By combining advanced algorithms with reports about misleading pages from a number of sources, Safe Browsing is often able to automatically warn you when you encounter a page that's trying to trick you into disclosing personal information. Editor: Remember, that to do this they will have access to the list of sites you visit. 11:53:19 AM  PermaLink   / trackback []