Privacy & Security News January 2001
Disk Drives with Copy Protection Standard? (Sound Familiar!!)
This provocative article from the Register discusses ongoing efforts by content producers to protect their product by persuading, or legally forcing, hard drive manufacturers to incorporate copy protection features in their products. So far, this appears to be just a bad idea - it's not clear that any consumers would actually opt to buy such drives. The article also notes that the copy protection technology is protected by a patent, which makes it potentially legally proof against reverse engineering under current US law. This is essential reading for followers of the current intellectual property wars.
DoubleClick climbs after privacy probe ends (update)
FTC drops probe of DoubleClick privacy concerns
The agency closes its investigation of the data-collection practices
of the online advertising network, saying the company has not violated
The Federal Trade Commission said Monday that it has closed its investigation of the
data-collection practices of online advertising network DoubleClick, saying the
Web bugs draw interest of online traffic auditors
Online auditor ABC Interactive teams with an application service
provider to use a browser-based auditing procedure to verify Web site
traffic numbers and patterns.
Privacy group seeks review of Net access to court files
A privacy-rights group requested Friday that a government commission consider the ill
effects of a new system that will allow public, online access to select court files and
Do anti-piracy measures rob consumers?
Recently unveiled anti-piracy measures aimed at casual copying of
software have some experts questioning whether companies have gone too
far in controlling the use of their copyrighted material.
Hackers' video technology goes open source
Commentary: Security group must get down to business
Software flaw may mean more Web outages
The major outages that hit Microsoft last week could become more commonplace
because of four flaws found in the software used to identify servers around the
Internet, security experts said Monday.
"These issues could allow attackers to completely compromise a server and use that server to
attack others," said Jim Magdych, security research manager for PGP Security. "In addition,
they could be exploited to attack a company through a denial of service similar to what we saw at Microsoft last week." (NOTE: I just received PGP Desktop Security 7 but haven't started using it yet..)
TECH COMPANIES FORM INTERNET SECURITY CENTER
Nineteen companies will share information about security threats and
vulnerabilities with each other. But not everyone likes the idea.
Parents Could Be Legally Responsible for Kid's Use of Net
The New York Times (registration required) reports on a case in which a father may be sued for damages resulting from the online activities of his high-school student son. Apparently, the student grafted a female classmate's face on a pornographic picture and displayed it on a Web page. An Illinois judge has ruled that the charge of negligence against the father can proceed to trial. The subject of the prank seeks damages of $50,000 and claims the father is guilty of negligence: negligent supervision of a child and negligent entrustment to a child of a dangerous article. The "dangerous article" definition usually applies to things like lawnmowers, dynamite, and guns, and adding computers to the list has inflamed passions. Many commentators compare a computer with a pencil; as one lawyer said, "The pen is mightier than the sword, but we have never regulated the pen." This is a rather egregious expansion of the definition of "dangerous" if allowed to stand. The case has provoked a great deal of controversy in having made it even this far in the legal system.
FBI 1, Scarfo and PGP 0
Nicodemo Scarfo probably thought he was pretty smart, using PGP encryption software on his computer to foil nosy feds, but he overlooked the most traditional intelligence ploy of all: in-office surveillance, given a clever new twist. Unknown to Nicodemo, the son of a former Philadelphia mob boss, a federal judge allowed the FBI to enter his office and plant a keystroke recording device that registered his PGP encryption key and everything else he typed on the computer. The FBI's not yet telling exactly what they got and how they did it, but they have charged Nicodemo with running a bookmaking and loan-sharking operation. The case displays some nifty spook gadgetry - and raises legal questions. The story's so juicy, we give it to you twice, from Wired and the Philadelphia Inquirer. Since you've been so good this year, you can also have a review of the handy dandy KeyGhost keyboard stroke recorder.
NymIP Working Group Working to Keep You Anonymous
The ambitious NymIP wants to create "a set of standardized protocols for pseudonymity and anonymity at the IP layer, and a community of operators using those protocols." The stellar cast of characters makes this effort newsworthy. Participants come from Zero-Knowledge Systems, Anonymizer, AT&T Labs, US Naval Research Lab, and German state government, among others. Not exactly a bunch of script kiddies in a suburban bedroom. These serious engineers are seriously interested in the deep theory and practice of anonymity. You can judge the technical sophistication of the project with a related document, "Anonymity and Unobservability in the Internet", which lays out some of the theory behind any effort to anonymize the Net. The NymIP home page has mailing lists you can join to keep on top of what the group is doing.
E-Commerce Hacking Advisory from FBI
The FBI has noticed a recent increase in cracking attempts against e-commerce sites. The advisory states that most of the recent attempts have been against systems running Windows NT, though Unix systems are not exempt from danger. The crackers are exploiting relatively old and well known vulnerabilities, several of which are detailed here - along with fixes. Required reading for e-commerce sysadmins.
Filter Your Spam
Despammed.com offers you the ability to communicate publicly on the Net without the constant fear of exposing your e-mail address to spam hunter/gatherers. Take advantage of its free offer and you don't have to see a flurry of ads appearing in your mailbox calling out for you to buy more printer toner cartridges, to visit sexxxy sites, or whatever. DeSpammed.com examines the headers of each e-mail message and identifies suspected spam. If any mail slips through that shouldn't have, the maintainers of the service will try to make sure it won't happen again. As the business of unsolicited advertising on the Web matures, we should see some changes to help control the rampant flow of advertising. Until then, using something like Despammed.com is a powerful guard for your mailbox. But don't blame us if NSD stops showing up.
AIM FLAW COULD OPEN USERS' COMPUTERS TO ATTACK
Security consulting and research firm @stake issued an advisory about
a vulnerability in AOL Instant Messenger that could allow an attacker
to take control of a user's computer.
EGGHEAD.COM GETS HACKED
The Internet retailer said its customer databases may have been accessed.
Privacy, broadband access top Capitol Hill agenda