Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
John Markoff in *The New York Times*, 3 May 2001:
Microsoft is preparing a broad campaign countering the movement to give
away and share software code, arguing that it potentially undermines the
intellectual property of countries and companies. At the same time, the
company is acknowledging that it is feeling pressure from the freely
shared alternatives to its commercial software.
http://www.nytimes.com/2001/05/03/technology/03SOFT.html
[Dave's IP archives are at
http://www.interesting-people.org/
PGN]
MEDIA GROK, 2 May 2001 We know, we know: Media coverage of the Digital Millennium Copyright Act makes your eyes glaze over. Think that's bad? Imagine the DMCA being discussed in a courtroom. This happened yesterday when a New York appeals court became ground zero for testimony on whether DVD code-busting software violates the DMCA. Reporters tried mightily - and several succeeded - to make sense of lawyers' attempts to out- argue each other. Call yesterday's event a different kind of Hollywood strike. When the e-zine 2600.com posted DeCSS, a computer program capable of cracking DVDs' security code, a coalition of film studios struck back with a lawsuit. The studios won, and the lower court based its ruling on the DMCA-based ban on code-busting devices. 2600 appealed, its lawyers arguing that DeCSS has fair and allowable uses. Is law so complex that it has to be fed to us in analogies? We grew dizzy trying to follow the analogy free-for-all that gripped the appeal hearing and its coverage. Let's start with the DMCA. It's like Congress deciding that the blueprint for a copying machine can't be published because it might be used to violate the copyright laws, said Kathleen Sullivan, Stanford Law School dean. Here's one about DeCSS: It should be banned because it's akin to software that shuts off smoke detectors or airplanes' navigational systems, said DMCA defender and assistant U.S. attorney Daniel Alter, according to the New York Law Journal. The First Amendment wouldn't bar the government from prohibiting distribution of that kind of software, Alter said, and the same goes for DeCSS. No, no, no. DeCSS is "a useful tool for scientific study and journalistic inquiry - or a burglar's crowbar designed for breaking, entering and stealing," the Law Journal chimed in. Lawyers, of course, love this kind of talk, which is no doubt why, as Inside reported, the three-judge panel was revved up enough by the legal banter to allow the session to run an extra 30 minutes. Inside ran a solid and readable analysis of the ideas that were raised, as did ZDNet, which included the tidbit that one "hacker-type" wore a T-shirt displaying the illegal DeCSS code. But both Inside and Wired News predicted the appeals court would probably uphold the lower court's ruling. Sometimes pushing new ideas is like an uphill battle. - Deborah Asbrand Second Circuit Weighs DVD Copying http://www.law.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=law/View&c=Article&cid=ZZZ9P7GD8MC&live=true&cst=1&pc=5&pa=0&s=News&ExpIgnore=true&showsummary=0 In Lively Oral Arguments, Lawyers Put Digital Copyright Act on Trial http://www.inside.com/jcs/Story?article_id=29820&pod_id=13 Throwing the Book at DeCSS http://www.zdnet.com/zdnn/stories/news/0,4586,5082131,00.html DVD Piracy Judges Resolute http://www.wired.com/news/digiwood/0,1412,43470,00.html Court Hears Appeal of Hacker Wanting to Post Descrambling Code on Internet http://interactive.wsj.com/articles/SB988759509262167525.htm (Paid subscription required.) Judges Weigh Copyright Suit on Unlocking DVD Shield http://www.nytimes.com/2001/05/02/technology/02CODE.html (Registration required.)
The litigation department of the Recording Industry Association of America (RIAA) has threatened legal action against a Princeton University computer scientist if he and his colleagues give a conference presentation this week explaining how to get around a system developed by the industry to protect copyrighted music. The researcher, Dr. Edward W. Felton, works in the field of steganography, which develops techniques such as digital watermarking. The head of RIAA's litigation department insists: "There is a line that can get crossed, and if you go further than academic pursuit needs to go, you've crossed the line and it's bad for our entire community, not just for artists and content holders, it's everyone who loves art, and it's also bad for the scientific community." [*The New York Times*, 24 Apr 2001; NewsScan Daily, 24 April 2001 http://www.nytimes.com/2001/04/24/technology/24MUSI.html]
The FBI cybercrime division called the National Infrastructure Protection Center is warning that Chinese hackers have publicly discussed increasing their activities in the first week of May, in celebration of two Chinese holidays and in memory of the two-year anniversary of the U.S. accidental bombing of the Chinese embassy in Belgrade. The Internet security company Vigilinx warns that it has the potential to escalate into something very damaging if emotions run unchecked. There is no evidence that attacks have been approved by the Chinese government. (AP/*USA Today*, 27 Apr 2001) http://www.usatoday.com/life/cyber/tech/2001-04-27-chinese-hack.htm NewsScan Daily, 30 April 2001
I contributed an article to RISKS on December 8, 1997, (RISKS-19.49) about the enormous risks involved with the software of the International Space Station. 3.5 million lines of code, coming from multiple countries, with little indication of the verification methodologies. In the two subsequent issues RISKS-19.50 and 19.51, anonymous posters with connections to the program agreed with and amplified these concerns. Now we see that, indeed, difficult-to-diagnose software problems are starting to plague the craft. "Computer problems have kept the Endeavour at the station longer than expected as astronauts try to carry out operations of a critical robot arm. The ISS has suffered a series of glitches since Tuesday that left ground controllers with only tentative command," says CNN. (http://www.cnn.com/2001/TECH/space/04/28/shuttle.launch.02/index.html) The RISKS here involve the well-known dangers of leaving debugging until the system is already in use. Although critical safety and control mechanisms may be compromised until the problems are fixed, "Russian space officials refused to delay Saturday's launch but agreed to put the Soyuz in a holding pattern if the shuttle was still at the space station on Monday. Russia said it had been unwilling to postpone the Soyuz mission because the cosmonauts must replace the space station's escape craft, whose service lifetime expires at the end of the month." The world's first space tourist may have an interesting ride...
*Computerworld* (16-Apr-2001, p. 6 and 78) has two articles on how an incompatibility between a beta release of Microsoft Windows XP and Cisco 5000 routers shut Xerox's corporate network down several times. According to the page-long column on p. 78, ``It got so bad that Xerox warned all 50,000 of its U.S. employees not to installed XP betas without permission or they'd face disciplinary action.''. Nelson H. F. Beebe, Center for Scientific Computing, University of Utah Department of Mathematics, Salt Lake City, UT 84112-0090 +1 801 581 5254
Destia (known as EconoPhone), a part of Viatel, shut down service to all customers Monday night or Tuesday. Thousands of people with direct-dial service (1+) are scrambling to get an alternate long-distance provider. Until then, they cannot make any long-distance calls except to 800 numbers. Also inbound 800 number service and calling cards provided by this company do not work.
Econet Wireless brand manager David Dzumbira said in the unfortunate event of the vehicle being violated or vandalised, Cellstop will alert the owner by calling on his/her cellphone within seconds of the incident happening. Cellstop will dial the number three times and if these calls are unanswered or responded to, the Cellstop unit will automatically starve fuel to the engine, making it impossible to drive the vehicle, said Dzumbira. But what if the owner forgets the phone, loses it or the phone is stolen? Or, if the phone runs out of power? And what happens if the device springs into action whilst the car is being driven by the legitimate owner? Note that the vehicle is stopped regardless of whether the phone is ignored or answered! Moreover, given the amount of false car alarms that seem to occur, this could be very annoying, although, being the victim of nightly car alarms in my street, I don't have much sympathy here :-) The full article: http://www.mweb.co.zw/zimin/index.php?id=3176&pubdate=2001-04-27
An interesting aspect of this year's Webby's nominees is the nomination of www.f**kedcompany.com in the Humor category (for which I was a nominating judge). When reading the CNN article about the nominations, at http://www.cnn.com/2001/TECH/internet/04/26/webby.awards.reut/index.html#12 I was interested to find that the above-mentioned site was apparently deliberately excluded from the list of nominees, probably for the profane name. The *San Jose Mercury News* site reported the complete list, however. [comp.risks censors "CNN censors profane Webby nominee" as well. PGN]
I e-mailed a URL, http://www.washtech.com/news/media/9387-1.html. The spelling corrector apparently chanted washtech to washes which is a porno site! The risk here isn't so much spelling correction as the current attempt to use the DNS as a directory. The density of the namespace is just one of the many problems. Bob Frankston http://www.Frankston.com
Microsoft security fixes infected with FunLove virus
A virus infection of security fix files on Microsoft's partner and premier
support Web sites has forced the software giant to suspend certain
downloads for more than a fortnight. Microsoft issued an alert on Monday,
which states that various Hotfix files on its Premier Support and
Microsoft Gold Certified Partners Web sites are infected with the FunLove
virus. A copy of the notice said Microsoft has stopped access "in order to
protect customers" to an unspecified number of files, and expects to be
able to restore access later today. Customers were advised to contact
their technical account manager in the interim.
[http://www.theregister.co.uk/content/8/18516.html]
[Also noted by Jeremy Epstein. PGN]
Q276304 - Error Message: Your Password Must Be at Least 18770 Characters
and Cannot Repeat Any of Your Previous 30689 Passwords
New level of security at Microsoft. Jean-Jacques Quisquater,
[The password must be Macrohard? PGN]
This is from the "Metropolitan Diary" section of *The New York Times*, 23 Apr 2001. The writer unknowingly set herself up for an eerie reminder mail, by not entering the event as "Anniversary of Grandpa's death". Even if she had, the mail probably would've still contained the (presumably inappropriate) gift suggestions. Harriet Inselbuch signed up for a calendar reminder service on the Internet and duly entered important dates like birthdays and anniversaries. The service notifies her by e-mail a few days before an important event. One anniversary she listed was of a family death, a reminder to her to light a candle. A few days before that particular date, she did receive a message and it provided somewhat of a shock. It read, "Reminder: Grandpa's death is just around the corner" followed by three or four gift suggestions for the occasion.
After watching a breathless CNN report about Internet-enabled espresso machines, it occurs to me that one of the greatest risks of having appliances connected to the Internet is that one's refrigerator might start forwarding spam instead of simply storing it. Robert Woodhead, Webslave & Mad Overlord http://selfpromotion.com/
WRAL-TV Online reports that the Microsoft Network (MSN) has agreed to pay back dozens of people who received huge Internet phone bills by mistake. http://www.wral-tv.com/features/5onyourside/2001/0426-msn-second-folo/ "Combined, complainants were billed more than $13,000 in unexpected charges. For about a month when the Wake County customers accessed the Internet, they were routed to a long distance Chapel Hill number — a number they did not know they had been switched to. John Bason, a spokesman for the North Carolina Department of Justice, says the situation definitely needs to be addressed." ... "Microsoft is telling the Attorney General's office that the error was theirs and agreed to pay back consumers. Any MSN customers who were erroneously billed must file a complaint with the Attorney General's office at 919-xxx-xxxx." Steve Holzworth, Senior Systems Developer, SAS Institute, Cary, N.C. Open Systems R&D VMS/MAC/UNIX <sch@unx.sas.com>
James Bamford Body of Secrets: Anatomy of the Ultra-Secret National Security Agency: From the Cold War Through the Dawn of a New Century [Good review in *The New York Times* Sunday Book Review section, 29 April 2001. PGN]
I would like to bring the book 'Definitions for Hardware and Software Safety Engineers' under your attention. It quotes definitions in the field of hard-and software dependability engineering from over a hundred sources. When more definitions exist it quotes these to enable comparison. Much attention has been paid to cross-referencing. M.J.P. van der Meulen, Definitions for Hardware and Software Safety Engineers, ISBN 1-85233-175-5, Springer, London, hardcover, 342 pages. URL: http://www.springer.de/cgi-bin/search_book.pl?isbn=1-85233-175-5 Meine van der Meulen, Max Euwelaan 60, 3062 MA Rotterdam Tel 010-4535959 SIMTECH Engineering: www.simtech.nl <m.van.der.meulen@simtech.nl>
Please report problems with the web pages to the maintainer