Tuesday, February 27, 2007

Verizon Wins Injunction Against Text Spammer. Verizon Wins Injunction Against Text Spammer. bulled writes "CNet is running a story illustrating the US court system's ongoing harsh opinion about unwarranted communications of any kind. Verizon Wireless recently won a lawsuit against a company that was delivering massive numbers of spam text messages to its customers. Specialized Programming and Marketing and Henderson was ordered to pay more than $200,000 in damages to Verizon Wireless, some two years after Verizon filed the suit against the company. In 2005 Specialized Programming sent some 100,000 emails to Verizon phones. Verizon now has an injunction against the Marketing firm, another win for a company that has developed a reputation for going after spammers." [Slashdot] 10:10:08 PM  PermaLink   / trackback []

Battle brewing over RFID chip-hacking demo | InfoWorld | 2007-02-26 | By Paul F. Roberts Secure card maker HID Corp. is objecting to a demonstration of a hacking tool at this week's Black Hat Federal security conference in Washington, D.C. that could make it easy to clone a wide range of so-called "proximity" door access cards. HID has sent a letter to IOActive, a security consulting firm, accusing Chris Paget, IOActive's director of research and development, of possible patent infringement over a planned presentation, "RFID for beginners," on Wednesday, a move that could lead to legal action should the talk go forward, according to Jeff Moss, founder and director of Black Hat. [ See also our Video: "Hack in action" ] 10:04:59 PM  PermaLink   / trackback []

Lawsuits, patent claims silence Black Hat talk | InfoWorld | 2007-02-27 | By Paul F. Roberts A planned talk on RFID security by a security researcher has been pulled from this week's Black Hat Federal security conference after secure card maker HID claimed the talk violated the company's patent rights and threatened to take legal action against Chris Paget, the researcher, and IOActive, Paget's employer, if the talk went forward. The company decided to cancel the talk after all-night negotiations with HID collapsed, said Josh Pennell, CEO of IOActive. In response, Black Hat organizers were forced to tear materials out of printed show proceedings and will instead present a discussion by a representative of the ACLU on the criticality of RFID security, said Jeff Moss, founder and director of Black Hat. A spokeswoman for HID did not immediately respond to a request for comment. The incident recalled a 2005 dispute over a presentation at Black Hat in Las Vegas involving Cisco Systems and Michael Lynn, a security researcher who worked for Internet Security Systems at the time. 9:59:50 PM  PermaLink   / trackback []

New Controversy over Black Hat Presentation. New Controversy over Black Hat Presentation. uniquebydegrees writes  "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM." Update: 02/27 20:10 GMT by Z :InfoWorldMike wrote with a link to story saying that the presentation has been pulled from the slate for Black Hat, as a result of this pressure. [Slashdot] 9:55:39 PM  PermaLink   / trackback []

Windows Genuine Advantage's newest setting: "you might be a pirate" Windows Genuine Advantage is an anti-piracy tool loathed by many, tolerated by some, and even appreciated by others. How you feel about it may depend in part on whether or not you've been caught in its snares: the "authentic software" validation tool is known to have falsely identified thousands of "pirated" Vista installs. As Microsoft steps up its war against piracy, the company has decided to slightly nuance Windows Genuine Advantage (WGA). Rather than identify users as either in the clear or not, the company has added a third classification for users who set off some, but not all of WGA's undisclosed piracy-detection functionality. Users will now find that Windows XP installs are labeled as genuine, non-genuine or "not sure." While Microsoft has not responded to requests for comment, it's quite obvious what is going on here: Microsoft has added "not sure" as a way of cutting down on the number of false positives associated with WGA. As many as one in five PCs were failing WGA checks, but this new setting should both reduce this and give Microsoft the chance to investigate further the kinds of things that are landing folks in the "not sure" category. Although the Windows Genuine Advantage Notification tool is "optional," Microsoft is in the process of pushing out the tool as a "critical" and thus automatic update (affectionately dubbed WGA Notifications 1.7 KB905474). The update has been known about for over a month, but users are just now seeing it show up as a critical update to Windows XP. 8:28:12 PM  PermaLink   / trackback []

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade ) OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced. 7:39:01 PM  PermaLink   / trackback []

Administrivia: Our data-center was hit by a DDOS attack today. Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things. 5:19:59 PM  PermaLink   / trackback []

Windows Genuine Advantage Gets More Lenient. Windows Genuine Advantage Gets More Lenient. Troglodyte writes in with word that Microsoft is revamping its Windows Genuine Advantage program so that it labels fewer users pirates. WGA now has a third category besides "genuine and "not genuine," called "not sure." Quoting: "[I]t's quite obvious what is going on here: Microsoft has added 'not sure' as a way of cutting down on the number of false positives associated with WGA. As many as one in five PCs were failing WGA checks, but this new setting should both reduce this and give Microsoft the chance to investigate further the kinds of things that are landing folks in the 'not sure' category." [Slashdot] 4:37:02 PM  PermaLink   / trackback []

Protect the Children From Porn. Protect the Children From Porn. Sending a teacher to prison for mishandling a classroom porn storm does not address the root of the problem: fear that traces back to ignorance. Commentary by Regina Lynn. [Wired News: Top Stories] 4:33:20 PM  PermaLink   / trackback []

Migrating to Windows Vista: Recognize the Security Risks. Migrating to Windows Vista: Recognize the Security Risks. (Source: Messagelabs) What are the security risks involved in migrating to Microsoft Vista? This white paper examines the implications in terms of messaging and web security which IT managers urgently need to consider. [Computerworld Privacy News] 4:25:09 PM  PermaLink   / trackback []

Bloggers Immune From Suits Against Commenters. Bloggers Immune From Suits Against Commenters. An anonymous reader writes "Suppose a commenter posts a libelous comment here at Slashdot. Can Slashdot and its owners be sued for defamation? A federal appeals court just held that no, they cannot. The court noted that a federal law was designed to ensure that 'within broad limits, message board operators would not be held responsible for the postings made by others on that board,' adding that, were the law otherwise, it would have an 'obvious chilling effect' on blogger speech." [Slashdot: Your Rights Online] 4:21:35 PM  PermaLink   / trackback []

Google Sharpens Malware Alerts for Webmasters. Google Sharpens Malware Alerts for Webmasters. Google improves the way it notifies sites that they are afflicted with malware. [PC World: Latest Technology News] 4:14:00 PM  PermaLink   / trackback []

Sarasota: Could a Bug Have Lost Votes? Sarasota: Could a Bug Have Lost Votes? At this point, we still don[base ']t know what caused the high undervote rate in Sarasota[base ']s Congressional election. [Background: 1, 2.] There are two theories. The State-commissioned study released last week argues that for the theory that a badly designed ballot caused many voters to not see that race and therefore not cast a vote. Today I want to make the case for the other theory: that a malfunction or bug in the voting machines caused votes to be not recorded. The case sits on four pillars: (1) The postulated behavior is consistent with a common type of computer bug. (2) Similar bugs have been found in voting machines before. (3) The state-commissioned study would have been unlikely to find such a bug. (4) Studies of voting data show patterns that point to the bug theory. [...] Conclusion What conclusion can we draw? Certainly we cannot say that a bug definitely caused undervotes. But we can say with confidence that the bug theory is still in the running, and needs to be considered alongside the ballot design theory as a possible cause of the Sarasota undervotes. If we want to get to the bottom of this, we need to investigate further, by looking more deeply into undervote patterns, and by examining the voting machine hardware and software. Share This [Freedom to Tinker] 4:10:24 PM  PermaLink   / trackback []