 |
Saturday, September 7, 2002 |
|
Although most companies today have improved security on their data networks, thus cutting down on white-collar crime and hack attacks, too few have paid enough attention to their PBX system. The PBX remains a potentially huge back door problem for data network security. "Many corporates have implemented firewalls as well as stringent anti-virus and content filtering applications to reduce attack and fraud," says John van den Munckhof, managing director of Dimension Data Interactive Communications. "The PBX, however, remains a significant loophole. All the perimeter security in the world can be bypassed by a poorly configured authorised or unauthorised modem."
Indeed, as a leading communications publication puts it: "If you want to do real damage to a business or institution, telecom infrastructure is probably a better target than the corporate LAN or Web site. PBX hacking may not sound glamorous by comparison with elite Internet penetrations, but it can be just as damaging. Attacks on PBXs, ACDS, voicemail, voice-response units, and other infrastructure can bring down a company: make it unable to function, expose its secrets, damage its reputation, burden it with telephone charges and the cost of re-provisioning and repair after damage is done." (Source: Communications Convergence, April 2002. Securing your Switch by John Jainschigg.)
By not securing the PBX, companies risk a number of costly problems.
[LinuxSecurity.com - Latest News]
23:48
#
G!
| |
Politech talks about the possibility of the U.S. Postal Service requiring ID for sending packages.
That's what I'm preaching for years. The postal service is used by paedophiles, terrorists, IP pirates and drug dealers. We need much tighter postal laws. Letters have to be screened regulary. The Ppostoffice should keep protocols for 80 day who send letters to whom ... really
See also this followup.
18:50
#
G!
Translate
| |
A customer complained at BMG that he couldn't play a copy-protected 'CD' in his PC/car/DVDplayer/whatever. BMG's answer: scout magazines for tricks to get arround it! [heise]
18:38
#
G!
| |
|
The FTC encourages consumers to forward any spam they receive to the e-mail address uce@ftc.gov. I'd say if they've posted their e-mail on the web, they are probably getting as much as the rest of us already, which isn't to say I'm not hoping to see some discussion of using the statistical spam sorters to auto forward a lot to them in encouragement...
The slasdot crowd wonders what they ar doing with the stuff. If I remember a presentation at the the National (US) Cybercrime Conference right, they use it for statistics and also to be able to collect damages based on the amount of spam sent once this stuff goes to court.
Remember the Anna Kournikova trial: the prosecution could bring forward only 50 proofable infections or so. I guess the FTC would not like to get in a similar situation.
18:35
#
G!
| |
|
THC's Plasmoid put out a Paper in "Fuzzy Fingerprinting":
Fuzzy Fingerprinting is a new technique to attack cryptographic key authentication protocols that rely on human verification of key fingerprints. This document covers the theoretical background and the generation of fuzzy fingerprints and also details on the implementation ffp [FFP] and its usage. Includes practical part with details on the implementation and the provided sample session using SSHarp.
18:24
#
G!
| |
|
Two Justice Department officials said Friday that accused September 11 co-conspirator Zacarias Moussaoui was given documents he should not have been given.
The documents were briefly and accidentally given to Moussaoui, the officials said.
Moussaoui, 34, has been acting as his own lawyer since mid-June. U.S. District Court Judge Leonie Brinkema has assigned five attorneys to remain on standby to assist Moussaoui on legal questions, and if necessary, to cross-examine witnesses or take over the defense.
18:19
#
G!
| |
At kuro5hin there is an article by a guy called QuickFox about the different approaches to criminal justice followed by a lot of flaming about the so called war on terrorism.
Quickfox wonders for example -as do I - about the habit in anglo-american countries to disclose the names of suspects.
18:17
#
| |
|
In den vergangenen Tagen schwappte wieder einmal eine Spam-Welle in deutsche Mailboxen, in der unter falschem Absender und mit irref[florin]hrendem Betreff f[florin]r einen angeblich geknackten Hardcore-Porno-Dialer geworben wurde. heise online nimmt diesen Fall zum Anlass, um die am 27. August in Kraft getretene onderung der Telekommunikations-Kundenschutzverordnung auf ihre Wirkung hin zu testen.
Unterzeichnet ist die unverlangte Werbung mit "Porno Hacker Crew"; diese Bezeichnung war schon in zahlreichen Spam-Aktionen aufgetaucht. Dieses Mal haben die Spammer einen besonders fantasievollen Absender und Betreff gew...hlt: Die "Rechtsabteilung" schickt eine "Fristlose K[florin]ndigung", was zumindest bei Empf...ngern in Firmen f[florin]r Aufmerksamkeit sorgen d[florin]rfte.
[integral]ber den Link in der Mail gelangt man auf eine Seite bei dem kostenlosen Hoster Netmails.com in Kanada. Die deutschsprachige Seite bewirbt den Gratis-Sex-Crack, der zum Download angeboten wird. Tats...chlich w...hlt sich der Dialer namens "Gratis-Sex-Crack.exe" aber [florin]ber die Nummer 01Ê90/83Ê92Ê21 ein, was 1,86 Euro/Minute kostet. Im Unterschied zu fr[florin]heren Spam-Aktionen der Porno Hacker Crew stammt der Dialer diesmal nicht von der Mainpean GmbH, sondern von der Schweizer IBS Clearing AG. Er ruft eine Seite unter der Domain schnell-sex.de auf, die auf Michael Mettke in Cottbus registriert ist.
[heise online news]
17:58
#
G!
Translate
| |
|
Fredrik Lundh, also known as effbot link, is building a RSS newsreader link. (Never guess what programming language he is writing it in. You guessed it: in Python.)
One really cool part of this effort is the fact that he documents the development in series of articles. First of these articles, EffNews #1: Fetching RSS Files link (note that the URL might change in the future), describes the process of fetching RSS files with tools from Python standard library. There are examples of how to do it with low level sockets, urllib module and eventually with asyncore module, which allows to make simultaneous fetches. Finally, he describes the storing of the RSS data. [Python owns us]
17:55
#
G!
| |
|
Ein paar Neuigkeiten von Neal, Rise und J[florin]rgen aus Holland:
- Neal mag nichtmehr Baden. Die L[ring]sung: er bekommt zwei Zahnputzbecher [florin]ber die F[florin]§e, dass begeistert ihn derma§en, dass er keine Zeit mehr hat, sich um die Wanne Sorgen zu machen.
- Der Tagesablauf: Neal und Rose stehen auf, fr[florin]hst[florin]cken und gehen dann einkaufen. Am Supermarkt f...hrt Neal Karussel und verspeist als zweites Fr[florin]hst[florin]ck ein Br[ring]tchen. Wieder zuhause angekommen wird der Gro§vater geweckt und dann nimmt Neal mit ihm ein drittes Fr[florin]hst[florin]ck (!) ein. So gest...rkt kann es dann in den Tag gehen.
- Die drei waren in einem "Miniland" (offensichtlich ist ein Fummelbup gemeint). Hunderte von Kn[ring]pfen zum draufdr[florin]cken - super!
- In einem schugesch...ft hat Neal Duplo (Baby-Lego) entdeckt und war dann erst eine Stunde sp...ter bereit, den Laden wieder zu verlassen. Au§§erdem hat er so erfolgreich gebettelt, dass er jetzt eigene Duplo-Steine bekommen hat.
- Freitags Abend: Fischessen im Restaurant. Rose bestellt Neal eine Tomatensuppe, weil sie dem Jungen keinen ekelhaften Fisch zumuten will. Neal sieht seine ome Fisch Essen, verliert jeden Anstand und jedes gesunde Empfinden von Fisch-Ekel und isst seiner Oba ein ganzes Seelachsfilet samt Kartoffelbeilage weg. Da mu§te sich Rose dann wohl mit Tomatensuppe begn[florin]gen.
Anscheinend geht es gut in Holland.
14:40
#
G!
| |
(BBC)
A senior office clerk at the House of Commons has been charged with 10 counts of making indecent images of children, Scotland Yard has confirmed. Police raided the Commons and seized computer equipment as part of an investigation into an internet child pornography ring. [Quick Links Computercrime Cybercrime]
10:00
#
G!
| |
The government says that if schools want funding for Net access, they must use filtering software. But critics say the filters still block legitimate sites and give schools a false sense of security. By Katie Dean. [Wired News]
9:56
#
G!
| |
|
Attention copyright law enthusiasts. Attention copyright law enthusiasts: The Eldred v. Ashcroft reply brief was filed yesterday in the U.S. Supreme Court and can now be viewed online at this link. [How Appealing]
The government and its amici assert that petitioners lack a sufficient First Amendment interest to challenge CTEA. They support their claim by belittling petitionersâ speech interests. In the governmentâs view, petitioners are mere "public domain copyists," Resp. Br. 17, 36, engaging in nothing more than the "mechanical reproduction" (Brief of Amici BNA et al. at 30) of "othersâ creative expression." Resp. Br. 46. And though some of the amici acknowledge that petitioners are more than mere "copyists," these amici fear that petitioners will use the cherished icons of American culture to "glorify drugs or to create pornography." Brief of Amici Dr. Seuss Enters. et al. at 19. In their view, CTEAâs function is to ensure that the right to use these icons remains with those who can best control them.
Yet plainly, petitioners and their amici are no mere Kinkoâs.14 Petitioner Moviecraft is actively engaged in the preservation of early American film, as is Amicus Agee and the Prelinger Archives. Drawing upon the public domain films in the Prelinger Archive, documentary and independent filmmakers are able to create rich accounts of early 20th Century America. Using digital technology, Amicus Internet Archive has made vast amounts of American culture available free on the Internet, enabling others to build new creative work based upon these resources. Likewise, Amicus Michael Hart has converted public domain books into a form that enables computers to "read" those books to the blind. Petitioner Eldred, through the use of Web technology, creates searchable and linkable texts that enable educators to teach differently. The members of Amicus National Writers Union obviously produce new creative work, as does Amicus College Arts Association. Even petitioner Dover Books, which publishes many public domain works, typically includes within those publications critical analyses of classic texts, thereby enabling a broader understanding of those works.
The governmentâs arguments do demonstrate, however, just why First Amendment review is necessary in a case like this. For to the extent Congress was choosing between "favored" creators and mere "public domain copyists," its choice signals a favoritism that could even raise a colorable claim for strict scrutiny under the First Amendment. Turner Broadcasting v. FCC, 512 U.S. 622, 676 (1994) (OâConnor, J., dissenting).
When Congress grants copyrights prospectively, it cannot know who will benefit from its grant. It therefore cannot select from among the potential beneficiaries those it likes and those it does not. But whenever Congress extends copyright terms retroactively, it is necessarily choosing among classes of speakers. That choice raises fundamental First Amendment concerns. See, e.g., id. ("it is normally not within the governmentâs power to decide who may speak and who may not"); Buckley v. Valeo, 424 U.S. 1, 48-49 (1976) ("the concept that government may restrict the speech of some elements of our society in order to enhance the relative voice of others is wholly foreign to the First Amendment"). See generally Neil Weinstock Netanel, Locating Copyright Within the First Amendment Skein, 54 STAN. L. REV. 1, 54- 69 (2001).
In this case, for example, Congress was lobbied by the current owners of some of Americaâs most famous creative works to give them a right to control work over which they otherwise would have had no claim. In granting these owners this new right, Congress necessarily chose between them and the creators and "copyists" who draw upon the public domain÷authors such as petitioners, or their amici, or the next Walt Disney. See Brief of Amici National Writers Union et al. at 13; Brief of Amici Intellectual Property Law Professors at 20-21 (cataloging Disneyâs use of the public domain). That choice may well have been motivated by an objective judgment about who, between these two classes of creators, could best fuel an "engine of free expression." Harper, 471 U.S. at 558. But it may also have been motivated by a preference for these "favored" speakers over others. [pp. 20-22 of the pdf file, footnotes and italicization have been omitted] [explodedlibrary.info]
9:45
#
G!
| |
More and more information is being supplied in digital-only form, complete with copy protection. Legislation like the DMCA has the effect of slowly erasing a portion of our freedom of expression by effectively limiting what we can do with information for personal use.[The future of information rights: part one]
The comments at the end of this article are also interesting. This was on Kuro5hin, a site that I hadn't seen before. I look forward to exploring it further and just found that it can be syndicated here. [explodedlibrary.info]
9:45
#
G!
| |
|
Impact of PATRIOT Act. The Wall Street Journal reviews the impact of the PATRIOT Act. The article includes a statement about how it affects libraries. [TVC Alert]
Given some of my recent rants on the topic, I had to post this one. But I don't subscribe to the WSJ - but I'll try to find the article in print or in Westlaw. [explodedlibrary.info]
9:42
#
G!
| |
ISPs in Canada are one of a range of service providers taking advantage of new, largely unregulated, technology to provide communication and information services to the Canadian public. The DoJ's Lawful Access Consultation Document is the next major step in changing this, and it could have a drastic impact on the privacy of Canadian citizens. [kuro5hin.org]
9:38
#
G!
| |
First Year Associate Salary: $125,000. New Big-City Firm Wardrobe: $5,000. Sucking on a partner's shoe: Priceless. I just might be in love. Stroock & Stroock & Lavan has just revamped their recruiting website. Explore. It's funny. I promise.... [a mad tea-party]
9:33
#
G!
| |
Big law firms send out press releases all the time. But there's probably never been one quite like what Pillsbury Winthrop fired off on Sept. 4. The one-paragraph release -- concerning Frode Jensen III, a Pillsbury partner who has accepted an offer to join Latham & Watkins -- vibrates with anger. Public relations professionals expressed amazement at Pillsbury's approach. [Law.com]
9:33
#
G!
| |
Justices of the Texas Supreme Court agree that Judge Bascom Bentley III of the 369th District Court in Palestine, Texas, was subjected to a torrent of harsh criticism and false accusations from the host of a cable television show who called the judge "corrupt." But the high court has ordered a lower court to reassess whether the $8 million jury award to Bentley was excessive. [Law.com]
8:54
#
G!
| |
The UK end of a huge Microsoft software counterfeiting ring has been brought to book, with four convicted of conspiracy to defraud. Akbal Alibahai, 34 of Palmers Green, London and Nabil Bakir, 29, of ... [Security News Portal]
8:45
#
G!
| |
(Baker & Mackenzie Elaw Alerts)
The Mobile Telephones (Re-programming) Act received its second reading in the House of Commons on July 22, 2002 and was given royal assent on July 25, 2002. The Act creates offences in relation to the re-programming of the unique electronic identifiers used in mobile phones. It also makes it an offence to interfere with the operation of unique identifiers by use of an electronic chip. [Quick Links Computercrime Cybercrime]
0:42
#
G!
| |
Maximillian Dornseif, 2002.
|
|
|
