Sunday, February 08, 2004

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  Thorny Issues Await F.C.C. as It Takes Up Internet Phones. The effort to write the rules for Internet telephone service begins this week, and whether it succeeds may come down to money. By Stephen Labaton.
2.  Indians Fearing Repercussions of U.S. Technology Outsourcing. At a meeting of India's software and services trade association, talk was of how to counter a political backlash in the United States against outsourcing. By Saritha Rai.
3.  A Gamble on a $399 Digital Camera. In Silicon Valley, having the best technology never guarantees reaching the finish line first. By John Markoff.
4.  Patent Office's Budget Hopes. The patent office, led by Jon W. Dudas, argues that the government should just let it live off what it gets from inventors. By Sabra Chartrand.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
5.  AT&T Wireless Suitors Prepare to Make Bids (Dow Jones). Dow Jones - Vodafone Group PLC (NYSE:VOD - News) of the United Kingdom is leaning toward making a bid for AT&T Wireless Services Inc. , the third-largest U.S. wireless carrier, people familiar with the situation told Monday's Wall Street Journal.
6.  Online Search Engines Help Lift Cover of Privacy (washingtonpost.com). washingtonpost.com - Sitting at his laptop, Chris O'Ferrell types a few words into the Google search engine and up pops a link to what appears to be a military document listing suspected Taliban and al Qaeda members, date of birth, place of birth, passport numbers and national identification numbers.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
7.  A Microbe's-Eye View of Beer

11:15:08 PM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  Microsoft, Disney partner on digital media. The alliance will see the two companies working closely together to develop digital media content and delivery systems.

10:14:57 PM    

----------------------------------------------------------------------
Help Net Security
----------------------------------------------------------------------
1.  Customize this feed. Add more items, descriptions, time stamps, select your version of RSS, aggregate several feeds... Check out NewsIsFree's premium syndication services! (07)
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  Microsoft Releases MS04-004- A Critical Patch For Internet Explorer
3.  The Palace Client URL Buffer Overflow Lets Remote Users Execute Arbitrary Code
4.  "Moss-covered Tortoise" 2.0.40 Linux Kernel Released
5.  Unholy trio of RealOne Player holes unearthed
6.  IT jobs market – the worst is behind us
7.  False Domain Info May Mean Jail

9:14:36 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Microsoft Develops XP 'Light' for Thailand
2.  Denver Man Sues Penis-Enlargment Firms
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: BSD Kernel SHMAT System Call Privilege Escalation Vulnerability. A vulnerability has been reported to exist in the shmat system call used in the BSD kernel. This may allow a local attacker to inject instructions into the memory of a p...

8:14:16 PM    

----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
1.  Vulnerabilities: Multiple Oracle Database Parameter/Statement Buffer Overflow Vulnerabilities. Oracle is a commercial database product, which is available for a number of platforms including Microsoft Windows and Unix and Linux variants.

Oracle database has been ...

----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
2.  US markets warm to Linux makers over SCO. Cash Register It was good while it lasted
----------------------------------------------------------------------
About Internet/Network Security
----------------------------------------------------------------------
3.  Microsoft Releases MS04-004- A Critical Patch For Internet Explorer. Last week Microsoft released their cumulative patch for Internet Explorer. The MS04-004 Security Bulletin broke the new monthly release schedule Microsoft has been adhering to for security patches, but then again the patch was two months late by some measurements....

7:13:56 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  No Harm, No Foul in Heavy Net Use
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  Vulnerabilities: Crossday Discuz! HTML Injection Vulnerability. Discuz! is web based message board software implemented in PHP.

It has been reported that Discuz! is prone to an HTML injection vulnerability. This issue is caused by t...


6:13:36 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Science Sunday. Two weeks' worth of science news covering Hubble, stroke prevention, genetically-modified food, and much more. By Eric Bangeman.
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  Vulnerabilities: GNU LibTool Local Insecure Temporary Directory Creation Vulnerability. libtool is a freely available, open source library management script. It is available for the Unix and Linux platforms.

A problem has been identified in the creation of...

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  Project details for libspf
4.  libspf.org/
5.  Project details for Jail Chroot Project 1.9a (Stable)
6.  Introduction to Jail - Basic concepts and supported platforms

5:13:15 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Why Open Source Makes Sense For Handhelds
2.  Source of Amiga Video Toaster Software Released
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: XLight FTP Server Long Directory Request Remote Denial Of Service Vulnerability. XLight FTP Server is a commercially available FTP server. It is available for the Microsoft Windows platform.

A problem in the handling of large requests has been report...


4:12:56 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Register: is Orkut TOS a deja vu of controversial, discarded Microsoft TOS?. In the Register, an interesting piece on Orkut's terms of service, which danah previously criticized, and Cory described here as "craptacular":

Orkut's terms of service harbor a nasty payload -- "By submitting, posting or displaying any Materials on or through the orkut.com service, you automatically grant to us a worldwide, non-exclusive, sublicenseable, transferable, royalty-free, perpetual, irrevocable right to copy, distribute, create derivative works of, publicly perform and display such Materials." -- It's startlingly similar to the Microsoft Passport Terms which caused a storm of outrage two years ago, a reader points out. (...) Microsoft was forced to amend [its] terms five days after our first story, amidst threats of defections.

I don't imagine that the folks behind Orkut are evil people, and I wonder what their response is to the Reg article -- and to concerns raised on weblogs by present and former Orkut members who don't like the TOS. In a similar flap, users publicly lambasted phonecam-blog service Textamerica last December over a draconian TOS; and to their credit, Textamerica modified it promptly.

Link (via The Unofficial Google Weblog)

----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  Vulnerabilities: SGI IRIX Libdesktopicon.so Local Buffer Overflow Vulnerability. A vulnerability has been reported in SGI IRIX that may allow an attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access.

The probl...


3:12:35 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Intel OEM customers being sued for breaking the 120MHz barrier. Money grabs in the intellectual property world are obviously in vogue today, and Patriot Scientific doesn't want to be left in the dust. By Ken "Caesar" Fisher.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Gnome's Nice Little GUI Perks
3.  Creative Commons Includes GPL And LGPL Metadata
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
4.  Vulnerabilities: IBM Cloudscape Database Remote Command Execution Vulnerability. IBM Cloudscape is a Java based SQL database solution.

A vulnerability has been reported in the Cloudscape database that could permit remote attackers to execute arbitrar...

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
5.  OpenBSD IPv6 Denial of Service Attack

2:12:16 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Apple responds to complaints over Panther-only Safari upgrade. Apple has responded to criticisms of its decision to make Safari 1.2 Panther-only by emphasizing just how much the new browser is integrated into Panther. By Ken "Caesar" Fisher.
----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
2.  Lycos offers office space for lease. The Web portal is offering for lease space at its Northern California offices in what could be a sign of further cost-cutting at the company.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
3.  Contract Electronics Makers See Upturn (Reuters). Reuters - Makers of electronic gear for big-name companies like Dell Inc. (DELL.O) and Hewlett-Packard Co. (HPQ.N) are confirming what many investors have already concluded: their sector is bouncing back.
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
4.  Vulnerabilities: SqWebMail Authentication Response Information Leakage Weakness. SqWebMail is a web-based e-mail application.

SqWebMail leaks sensitive information in authentication responses that may permit aid an attacker in brute forcing the root ...


1:11:56 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  LaundryView helps students schedule clothes washing. Roland sez: "It's Sunday and you realize that all your clothes are dirty. If you're a student, it's time to go to your campus laundry room. But wait, you might be lucky enough to plan your laundry in advance. In this article, the Boston Globe reports that it's now possible in some colleges and universities in the U.S. "to go online to check all laundry rooms on campus and see which washers and dryers are open, occupied, or broken; how long until a machine completes a cycle; and how many others are waiting." Users of the LaundryView system "can arrange for an e-mail to alert them when it's time to put clothes into the dryer or rescue their wardrobe and fold it." This overview contains more details on this 'Web service' and includes a screenshot of what students can see if the LaundryView system has been installed on their campus."
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Moving Net Control From ICANN to Governments?
3.  'Mouse-Tronaughts' to Test Low-Gravity in Space

12:11:36 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Florida's officials threaten journalists who ask for documents. Nearly half of Florida county officials tested disgraced themselves last week, when journalists posing as average Americans attempted to retrieve government documents under Florida's open access laws. 43 percent of the county bureacrats stonewalled, threatened, cajoled and gave the run around to the journalists who participated.

Roger Desjarlais, the Broward County administrator, threatened a volunteer by saying, "I can make your life very difficult."

After insisting that the volunteer give his name, Desjarlais used the Internet to identify the volunteer, find his cell phone number and call him after work hours...

They cited a number of arbitrary reasons for their suspicions, including the volunteers' hair length, casual dress and, in one case, "the look in his eyes."

Link

(Thanks, Justin!)

2.  There Ain't No Such Thing As A Carbohydrate-Free Lunch. The Los Angeles CBS affiliate has just released a damning report on low-carb foodstuffs, in which its lab determines that many low-carb foodstuffs have far more carbohydrate content than claimed by the manufacturers ("Low-Carb Emporium claims 15 grams of carbs per bagel. Our lab found... 55").

At Subway we tested the Turkey Bacon Melt Wrap. Subway claims that it has 22 grams of carbs, while our lab results showed it at 28 grams...

At Carl's Jr., we tested the low-carb Six Dollar Burger, which the company claims has six grams of carbohydrates. Our lab results: 9 grams...

We tested TGIF's Sizzling New York Strip with Blue Cheese. TGIF claims 6 net carbs and 11 total carbs. Our lab found 20 total carbs...

Low-Carb Emporium claims 15 grams of carbs per bagel. Our lab found triple the carbs -- 55. Low-carb Emporium says they just re-did the formulas and will be getting lab reports on new formulas soon.

Link

(Thanks, saiyuk!)

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Napster Business Model Not Generating Revenue
4.  Microsoft's Search Engine Plans

11:11:17 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Going Mobile on a PC Is Risky Business (Reuters). Reuters - In any local coffee house, airport lounge or hotel lobby, technophiles and technophobes alike can be found hunched over their notebook computers.
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
2.  Vodafone 'ponders $37bn US buy'. Vodafone's board is weighing up whether to enter the race to buy AT&T Wireless ahead of this week's deadline.
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: Gaim Multiple Remote Boundary Condition Error Vulnerabilities. Gaim is an instant messaging client that supports numerous protocols. It is available for the Unix and Linux platforms.

Several vulnerabilities in the handling of YMSG p...

4.  Vulnerabilities: GNU Mailman Admin Page Multiple Cross-Site Scripting Vulnerabilities. Multiple cross-site scripting vulnerabilities were reported to exist in the administrative pages for GNU Mailman.

The source of these vulnerabilities is insufficient s...

5.  Vulnerabilities: Multiple Vendor libc DNS Resolver Information Leakage Vulnerability. The libc library includes functions which perform DNS lookups.

It has been reported that under some circumstances libc DNS resolver implementations may read beyond the e...

6.  Vulnerabilities: Netpbm Temporary File Vulnerabilities. Netpbm is a collection of utilities for the manipulation of graphic images.

Debian has announced that Netpbm is affected by numerous vulnerabilities related to its use o...

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
7.  Alerte aux Virus !

10:10:56 AM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  Week ahead: MyDoom end is nigh for SCO. The denial-of-service attack on SCO's Web site by the pestilential virus is scheduled to stop. Also on the cards: Earnings from Dell and chipmaker Nvidia.
2.  High-tech mergers: They're baaaack. McKinsey says economic pressures to restructure high-tech industries will eventually become irresistible and that executives should prepare themselves for more—-and more-hostile-—acquisitions.
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
3.  Computers power Cirque spectacle. Computers are helping the performers of the Cirque Du Soleil put on a dazzling show in Las Vegas.

9:10:36 AM    


8:10:16 AM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  IRC_MIRSEED.A

7:09:55 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Vodafone poised for imminent 40-billion-dollar AT and T bid: reports (AFP). AFP - British mobile telephone giant Vodafone is poised to launch a 40-billion-dollar (32-billion-euro) bid for AT&T Wireless, the third largest mobile operator in the United States, reports said.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Dell's New Linux Blog
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  Linux-VServer Lets Local Users Break Out of Virtual Server chroot()
4.  PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5.  WORM_MIRSEED.A

6:09:36 AM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  Red Hat to Release Enhanced-Security Linux
2.  Red Hat Plans Security Enhanced Linux Version

5:09:16 AM    

----------------------------------------------------------------------
Dilbert
----------------------------------------------------------------------
1.  Dilbert for 08 Feb 2004.

4:08:55 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Five PC Vendors Face Patent Lawsuit
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  EFF P2P Developer Copyright Law Guide 3.0 Available

3:08:36 AM    


2:08:16 AM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  Top Port: --- 3810

1:07:55 AM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Virus writers profiled. Clive Thompson's written a lyrical and evocative article profiling several (mostly European) virus-writers, coders who write and post proof-of-concept malware to demonstrate security flaws in Microsoft products.

Benny, clean-cut and wide-eyed, has been writing viruses for five years, making him a veteran in the field at age 21. ''The main thing that I'm most proud of, and that no one else can say, is that I always come up with a new idea,'' he said, ushering me into a bedroom so neat that it looked as if he'd stacked his magazines using a ruler and level. ''Each worm shows something different, something new that hadn't been done before by anyone.''

Benny -- that's his handle, not his real name -- is most famous for having written a virus that infected Windows 2000 two weeks before Windows 2000 was released. He'd met a Microsoft employee months earlier who boasted that the new operating system would be ''more secure than ever''; Benny wrote (but says he didn't release) the virus specifically to humiliate the company. ''Microsoft,'' he said with a laugh, ''wasn't enthusiastic.'' He also wrote Leviathan, the first virus to use ''multithreading,'' a technique that makes the computer execute several commands at once, like a juggler handling multiple balls. It greatly speeds up the pace at which viruses can spread. Benny published that invention in his group's zine, and now many of the most virulent bugs have adopted the technique, including last summer's infamous Sobig.F.

Clive touches on, and dismisses the free-speech arguments for publishing malware code (interestingly, he does so without any quotes from legal scholars and impact litigators who work on First Amendment issues, and so ends up eliding the nuance in the argument and presenting a somewhat blunted picture of the issue) and only lightly touches on the far more important notion of legitimate security research.

If, as Schneier says, "Any person can create a security system so clever s/he can't think of a way to defeat it," then the only experimental methodology for evaluating the relative security of a system is publishing its details and inviting proof of its flaws -- proof readily embodied in malware.

Codebreakers and worm-writers are the only mechanism we know about for reliably strengthening systems, and the idea that they should refrain from publishing their research in order to keep us safe is fundamentally flawed, since it depends on the idea that malicious people will never be clever enough to independently reproduce their techniques, and that the public is better served by remaining ignorant of the potential risks in the systems they've bought than by being exposed to the evidence of the rampant flaws in those systems.

This notion falls flat when considered in light of the real world. If a developer was building condos whose doors could all be unlocked with an unbent paper-clip, this line of reasoning demands that the person(s) who discover this should keep mum about it, in the hopes that no bad guy ever catches on. In the real world, the best answer is usually to scream about this to high heaven, so that the bad developer can't silence you and cover his ass, and so that his customers can get their locks fixed.

Link

2.  Open WiFi ethics. The NYTimes's Ethicist tackles the question of using open WiFi nodes you discover. I like his conclusion (it's pretty much OK), but disagree with some of his implicit assumptions -- that all ISPs ban running open WiFi (they don't), and that most people don't know they're sharing (lots do).

The person who opened up access to you is unlikely even to know, let alone mind, that you've used it. If he does object, there's easy recourse: nearly all wireless setups offer password protection. And while the failure to lock a door may indicate carelessness, not consent, in this case it does suggest indifference. Godwin does warn of the tragedy of the commons, however, which here means you have an obligation not to use too much bandwidth -- by downloading massive music files, for example, which would inconvenience other users.

Link

(via WiFiNetNews)

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
3.  Servers Add to The Menu (washingtonpost.com). washingtonpost.com - Internet subscribers are starting to find a few more freebies in their subscriptions these days.
4.  Ad Opposing Online Music Piracy to Debut (AP). AP - The organization best known for bestowing accolades on the music industry at its Grammy Awards will begin airing ads discouraging online music piracy with the awards show's Sunday broadcast.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
5.  NASA's Own X Prize?

12:07:36 AM