Security industry’s hacker-pimping slammed
By Thomas C Greene in Washington
Posted: 15/07/2002 at 15:48 GMT

I spent three days at H2K2 hoping someone would say something worth mentioning in The Register. Finally, on Sunday, a couple of speakers did just that (on which more tomorrow). Best of all was Gweeds’ savage synopsis of a thing which world + dog has no doubt long entertained as a vague suspicion, namely the way hackers pimp themselves in hopes of getting hired at great expense by security companies, and the way conferences provide fertile soil for the illusory threat exaggeration on which the security industry feeds.

The corporate model whereby hackers gravitate towards corporate greed and away from the liberation of data and private resources developed with public funds was pioneered by ISS, Gweeds noted. Hackers now work to expose security flaws with the specific intention of selling out and obtaining funding to become a security company, he said.

Security lists like BugTraq become the matter for resume stuffing. “Post to BugTraq, become a well-known gadfly on the list, and, like Sir Dystic, get a high-paying job at Microsoft. It’s an interesting progression: post a fix to a bug, work on the resume, release some software and then get offered a good job,” Gweeds noted with sarcasm.

He also mapped out the cyclical food chain whereby hacker sell-outs propagate cyber-crime FUD to feed the propaganda needs of government agencies, which helps to lard agency budgets with public funds, and which in turn helps to enrich the security industry.

“L0pht went in front of Congress and testified at the behest of NIPC and talked about how they could get into any network in the United States. The result is that NIPC got increased funds for cyber-defense and FBI got more funding to fight cyber crime. And now L0pht (@Stake) enjoys federal security auditing contracts,” Gweeds observed.

“They’re making money, sure; but they’re also increasing the reach of the Federal police state at the expense of fellow hackers who are being caught and put in jail.”

Gweeds also believes that the window between when an exploit is developed by the underground and publicly released is shrinking as hackers turned security-knights hasten to pad their resumes with proppies on BugTraq. This may be good for the computing public at large, but when the purpose of hacking is to liberate information which may well be of concern to the public, then it’s just another sell-out.

One of the nastier things a blackhat can do is exploit a company, say, for quick cash, which can be done many ways. Money can be leached from a bank; proprietary information can be sold to a competitor, or sold back to the owner in a simple blackmail scam. These familiar and dark scenarios, along with numerous others, are the ones eagerly propagated by the Feds through the mainsteam press.

Yet one of the best things a blackhat can do is obtain and disseminate information which the public needs to know, e.g., internal memos indicating unsafe products, discrepancies betwen a company’s SEC filing and its own acounts, dirty dealings with local property owners, and a hundred other routine crimes of corporations protected by walls of silence and spin and totalitarian internal rules.

The rush to publish and take credit for discovering and patching a new exploit hobbles the positive efforts of blackhats with a social conscience (though admittedly no one knows how big a category that is).

Finally, Gweeds elaborated the scam of corporate-sponsored security conferences and their role in nourishing the hacking/security/Fed food-chain, the most famous of which is BlackHat, and its handy companion side-show, Defcon.

“BlackHat brings together CEOs and corporate secuity people and government and military people, to tell them why they need to spend money on security services and products.” They then learn about intrusion techniques from hackers who are there essentially to frighten them.

And then, when it’s over, “BlackHat attendees get a free pass to Defcon, a hacker culture freak show, so they can see the people they’re supposed to be afraid of up close and personal,” Gweeds said.

It was a refreshing piece of cynicism well expressed, and for me the highlight of the entire conference. I do hope USA Today caught it. ®

http://theregister.co.uk/content/55/26198.html

http://www.danger.com/

Feds Open ‘Total’ Tech Spy System
By Eliot Borin

2:00 a.m. Aug. 7, 2002 PDT
Had Winston Churchill been alive in the months subsequent to Sept. 11 he might well have described U.S. intelligence agencies’ performance prior to the attack thusly: Never have so many known so much and done so little.

On Wednesday, the Defense Advanced Research Projects Agency (DARPA) will begin awarding contracts for the design and implementation of a Total Information Awareness (TIA) system.

It’s a system which, it hopes, will ferret out terrorists’ information signatures — clues available before an attack, but usually not correctly interpreted until afterwards — and decode them prior to an assault. It’s a task, the Information Awareness Office (IAO) says, that is beyond “our current intelligent infrastructure and other government agencies.”

TIA program directors make it clear they also believe the task to be beyond current technology, noting that they are primarily interested in revolutionary advances in science, technology or systems and “development of collaboration, automation and cognitive aids technologies that allow humans and machines to think together about complicated and complex problems.”

So insistent are they on building a better mousetrap — or, more accurately, a brand new terrorist trap — that they have officially warned potential contractors that not a dime will be invested in “research that primarily results in evolutionary improvements to existing technology.”

According to the IAO’s blueprint, TIA’s five-year goal is the “total reinvention of technologies for storing and accessing information … although database size will no longer be measured in the traditional sense, the amounts of data that will need to be stored and accessed will be unprecedented, measured in petabytes.”

It is precisely the thought of petabytes of raw data being under the control of an agency with limited public accountability that troubles civil liberties activists like Lee Tien, senior staff attorney of the Electronic Frontier Foundation.

“We should resist the expansion of any ‘data-veillance’ program that doesn’t have adequate safeguards and accountability,” Tien says. “This program sounds like a counterpart of the movement toward requiring a national ID card. People like to think of that as an identification system, but it’s actually a tracking system.

“The Total Information Awareness program, with its ability to provide persistent storage of everything from credit card, to employment, to medical, to ISP records, is a recipe for civil liberties disaster unless there are provisions for citizens to find out who is looking at their records and to see and correct those records.”

“What I don’t want to see is a system that’s the worst of both worlds, unable to predict acts of terrorism in a timely manner because of the sheer mass of mostly irrelevant information clogging its channels, but perfectly attuned for intimate spying on regular citizens and activists like Martin Luther King.”

Even in these early days, Tien’s concerns have some resonance. Among the topics DARPA spokespersons would not discuss in connection with this article were the program’s budget, whether the technology was being developed for deployment by an existing intelligence department or a new “super spy” agency, and which program elements the contracts being issued this month cover.

“This DARPA project sounds a lot like Spielberg’s Minority Report premise of ‘PreCrime,'” said security consultant and author Richard Forno, referring to the fictional law enforcement office that arrests folks before they commit a crime.

“I mean, I’m a geek, but my two degrees are in international relations. Does that mean if all of a sudden I start buying books on terrorism, bio-war or current affairs, I’m going to be labeled a potential bad guy?”

http://www.wired.com/news/conflict/0,2100,54342,00.html

http://security.tombom.co.uk/shatter.html

http://www.barcodesinc.com/generator/index.php

http://www.deleteddomains.com/

I mean it’s not as though I use this as a home/work bookmark center!

… In Translucent Databases, Wayner extends this concept of hashing in new and important ways. For example, what if a police department needs to build a database of sexual-assault victims that lets them identify trends but hides personal information? You could use a translucent database where the first column is the hash of the victim’s name, and the second column is a hash of their full address, and the third column is a hash of their block and street. You can now group incidents together by grouping entries with identical block hashes; you can see if the incidents refer to the same person by checking to see if those hashes are different.

Wayner’s approach makes it possible to let victims update their records without giving anybody else the ability to search by a person’s name. You do this by adding a password to the victim’s name — a password known to the victim and nobody else.

For example, if you were to use the MD5 hash function, you could key a victim’s report with the value of MD5 (“J. Smith/color4”) where “color4” is Smith’s password. If Smith remembers that her password is “color4”, then she will be able to update her database entry in the future — perhaps to tell the database administrators that her perpetrator has been caught. If there is a concern that victims might forget their passwords, the database can have additional columns that are protected with other passwords, known to other people. For example, a second column where the password is known only to the intake officer. By creating multiple keys using different combinations of data, it’s possible to protect a translucent database against browsing while simultaneously providing for people’s natural tendency to forget critical pieces of information…

http://www.oreillynet.com/pub/a/network/2002/08/02/simson.html

http://www.wayner.org/books/td/

http://www.cornerstonemag.com/sed/
http://etext.lib.virginia.edu/helpsheets/regex.html

sed ‘s/ *(.*)//; s/>.*//; s/.*[:<"> *//’ emails_out.txt

echo “zxxxxx http://www.co.uk asdasd” | sed ‘s/.*www/www/g’
echo “www.co.uk asdasd” | sed ‘s/[ “>.*$//g’
sed ‘s/.*www/www/g’ www.txt > www_out.txt ; sed ‘s/[ “>.*$//g’ www_out.txt > www_out2.txt

perl -pi~ -e “s/h3p/php/g;” `find . -name “*.php”`

Thursday, 25 July, 2002, 08:03 GMT 09:03 UK
Women look to shape the future

Few women attracted to work in technology jobs

Emma Smith, founder of the Wired Woman Society and co-author of Technology With Curves, explains why women need to be more involved in the world of technology.

Women are using technology more than ever before. They do more online shopping than their male counterparts and are making up an increasing percentage of internet users around the world.
But while the number of women who use computers is increasing, fewer and fewer are studying computer science at university.

It seems that women are shying away from the very careers that would give them their best shot at gaining influence and making a difference in the 21st Century.

One of the most commonly cited reasons for not pursuing careers in technology is its image. Many women, particularly young women, think that technology careers are geeky, anti-social and even boring.

The truth is somewhat different. Some of the most influential people are web developers, engineers, video game programmers, 3D effects creators and industrial designers, who are using technology to revolutionise the tools and content that shape our world.

The technologies they create are shaping our homes, workplaces, media and worldview.

Going digital

For women to take their place as equal partners in the future, women who study psychology should also study human computer interaction.

Technology jobs seen as geeky

Women who study law should take their place among the policy-makers who, every day, are making immense decisions about privacy, the digital divide, free speech and child protection.

Women who love history should learn how knowledge management, archiving, and content storage are setting the stage for a complete overhaul of the museum experience.

And women who want to teach should also play a role in building e-learning systems that people actually use.

Being able to design computer interfaces, influence privacy policy, build interactive museums and create teaching tools is what women throughout history have fought for.

Even when societal norms and the legal system made it nearly impossible for women to work in information technology, they stood their ground so that today, women who want to shape technology can do just that.

History of invention

Looking at the history books shows that women have been creating new technologies for centuries.

There are probably even more women inventors than most people are aware of, given that until the passage of the Married Women’s Property Act, everything owned or invented by a woman was legally her husband’s possession.

Still, the patent records show how much women have contributed to the world of technology:

In 1903 Mary Anderson came up with windscreen wipers which became standard equipment on all American cars by 1916.
In 1938, Katherine Blodgett was awarded the patent for non-reflecting glass, a discovery that has since been used to de-ice aircraft wings and increase the effectiveness of smoke screens.
During the mid-1900s, Rear Admiral Grace Murray Hopper invented the first computer compiler which helped computers understand simple commands.
In the 1950s Stephanie Kwolek invented Kevlar, the synthetic fibre used to make bullet-proof-vests.
New Yorker Marion Donovan invented the disposable nappy in 1950.
These women shaped technology against the odds. Today the odds are more in women’s favour.
Yet many women shy away from the careers that will give them a chance to make the biggest difference, in part just because they do not understand them.

Shaping technology

Women still think that shaping technology means sitting alone at a desk, staring at a screen and writing code.

Carly Fiorina: One of the few role models in technology

In fact shaping technology means thinking creatively, understanding people’s needs and inventing new ways of communicating and working together.

Tomorrow’s leading artists, politicians, managers and interior designers will all use and shape technology in order to succeed.

If women were shaping technology perhaps the next windscreen wiper would emerge alongside an entirely new web browser and cars that suit a woman’s way of life.

Anita Borg of Xerox PARC in California holds workshops that bring women from all walks of life together to brainstorm new technologies.

“If women were more involved in creating new technologies,” says Ms Borg, “cars would have a place for you to put your handbag.”

——————————————————————————–
Emma Smith runs At Large Media, a London-based new media consulting company. She also works with e-skills UK to improve the image of technology careers in the UK.
(c) BBC
http://news.bbc.co.uk/1/hi/technology/2132168.stm

System Admin type people – check this out :
http://www.samspade.org/

WASHINGTON, July 15 — The House of Representatives voted overwhelmingly Monday to create a new punishment of life imprisonment for malicious computer hackers. By a 385-3 vote, the House approved a computer crime bill that also expands police ability to conduct Internet or telephone eavesdropping without first obtaining a court order.

THE BUSH ADMINISTRATION had asked Congress to approve the Cyber Security Enhancement Act (CSEA) as a way of responding to electronic intrusions, denial of service attacks and the threat of “cyber-terrorism.” The CSEA had been written before the Sept. 11 terrorist attacks last year, but the events spurred legislators toward Monday evening’s near-unanimous vote.

CSEA, the most wide-ranging computer crime bill to make its way through Congress in years, now heads to the Senate. It’s not expected to encounter any serious opposition, although there’s not much time for senators to consider the measure because they take August off and are expected to head home for the year around Oct. 1.

“Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives,” sponsor Lamar Smith, R-Tex., said earlier this year. “A mouse can be just as dangerous as a bullet or a bomb.”

Smith heads a subcommittee on crime, which held hearings that drew endorsements of CSEA from a top Justice Department official and executives from Microsoft and WorldCom. Citing privacy concerns, civil liberties groups have objected to portions of CSEA.

A committee report accompanying the legislation predicts:

“A terrorist or criminal cyber attack could further harm our economy and critical infrastructure. It is imperative that the penalties and law enforcement capabilities are adequate to prevent and deter such attacks.

AUTHORITIES GIVEN WIDER ACCESS

By rewriting wiretap laws, CSEA would allow limited surveillance without a court order when there is an ongoing attack” on an Internet-connected computer or “an immediate threat to a national security interest.” That kind of surveillance would, however, be limited to obtaining a suspect’s telephone number, IP address, URLs or e-mail header information not the contents of online communications or telephone calls.

Under federal law, such taps can take place when there’s a threat of “serious bodily injury to any person” or activity involving organized crime.

Another section of CSEA would permit Internet providers to disclose the contents of e-mail messages and other electronic records to police in cases involving serious crimes.

Currently it’s illegal for an Internet provider to “knowingly divulge” what users do except in some specific circumstances, such as when it’s troubleshooting glitches, receiving a court order or tipping off police that a crime is in progress. CSEA expands that list to include when “an emergency involving danger of death or serious physical injury to any person requires disclosure of the information without delay.”

Hacks, Viruses & Scams

–Con artists use ‘suckers list’ database
–Hacker mailing list goes corporate
–Stiff sentence for Net auction fraud
–Student charged with hacking university system to boost grades
–Government to the cyber rescue?
–Virus tempts with peek at passwords
–Bug of the Day
–Step inside the world of hacking

Clint Smith, the president of the U.S. Internet Service Providers Association, endorsed the concept idea earlier this year. Smith testified that CSEA builds on the controversial USA Patriot act, which Congress enacted last fall. He said that this portion of CSEA “will reduce impediments to ISP cooperation with law enforcement.” The Free Congress Foundation, which opposes CSEA, criticized Monday evening’s vote.

“Congress should stop chipping away at our civil liberties,” said Brad Jansen, an analyst at the conservative group. “A good place to start would be to substantially revise (CSEA) to increase, not diminish, oversight and accountability by the government.”

If the Senate also approves CSEA, the new law would also:

–Require the U.S. Sentencing Commission to revise sentencing guidelines for computer crimes. The commission would consider whether the offense involved a government computer, the “level of sophistication” shown and whether the person acted maliciously.

Formalize the existence of the National Infrastructure Protection Center. The center, which investigates and Advertisement responds to both physical and virtual threats and attacks on America’s critical infrastructure, was created in 1998 by the Department of Justice, but has not been authorized by an act of Congress. The original version of CSEA set aside $57.5 million for the NIPC; the final version increases the NIPC’s funding to $125 million for the 2003 fiscal year.

Specify that an existing ban on the “advertisement” of any device that is used primarily for surreptitious electronic surveillance applies to online ads. The prohibition now covers only a “newspaper, magazine, handbill or other publication.”

Most industry associations, including the Business Software Alliance, the Association for Competitive Technology, the Information Technology Association of America, and the Information Technology Industry Council, have endorsed most portions of CSEA.

Copyright © 1995-2002 CNET Networks, Inc. All rights reserved

http://www.msnbc.com/news/780923.asp?cp1=1

ePC 96 bits:
http://www.autoidcentre.org/

New competition to Search Engine Watch:
http://www.searchengineshowdown.com/

Wonder if I’ll have to upgrade my PC? 🙁
http://www.project-entropia.com/

This is funny 🙂
http://www21.brinkster.com/freethought/projectentropia/pec64.html

About Project Entropia!
Project Entropia will be the next generation of interactive entertainment. In Project Entropia you will able to enter a whole world with amazing three-dimensional environments using a computer and the internet. It will be a massive virtual world where millions of users can interact with each other at the same time. Project Entropia will have a real economy system that allows you as a user to exchange real life money into PED (Project Entropia Dollars) and then back into a real currency again. Project Entropia will be free of charge with no monthly costs, which means that aside from the fees for your own local access to the internet while you are connected, the client software will be available with no payment to MindArk. All you need to do is get hold of the software that will be distributed in various ways, for example through the internet or on free CD’s in computer magazines.

When you decide to enter the world of Project Entropia as a citizen you will be able to create your very own visual three-dimensional persona. This is easy because you will be using a character generation system that defines the freedom we intend to offer you. Project Entropia gives you the possibility to experience a life inside a vast virtual reality as it suits you. It will present you with social interaction with people all over the world as well as real online services inside an incredible virtual environment. Project Entropia is also meant to help you to fulfill your dreams and fantasies with adventures inside an expanding science-fiction universe. For all of you who are familiar with the term “massive multiplayer online role-playing games” or MMORPG, Project Entropia will be that and much more. If you don’t know what a MMORPG means just read on!

As a MMORPG the world of Project Entropia is set to take you on an epic journey into the future, to a place far away from Earth, beyond the boarders and frontiers of known space. The central point in the human universe is now focused on one single colony on a distant planet named Calypso. The world on Calypso will be under constant development and will initially include three vast continents with large expanding cities where you begin your life. The cities will offer you an immense virtual playground for social interaction with other players in a thriving social community. It will contain various forms of in-game institutions, real online services and a variety of virtual entertainment.

Together with all other online users you will have the possibility to take an active role in the creation of a whole new civilization, to explore entire continents in an evolving world and claim land where you can establish new communities. Should you choose to leave the peaceful and secure cities you may be forced to struggle against the wild untamed nature, against hostile mutants and invading robots. You must learn to use all available resources and a growing multitude of skills, wit, guts, teamwork and equipment to reclaim a lost paradise. Take on quests and pull the strings of the past to discover more of the story behind Project Entropia as the future unfolds before you in a growing web of intrigues that will take on epic proportions. Whatever you may find it’s only the beginning, and whatever you do may alter the future of an entire world!

[snip”>

You see, in this case, those tips that are forming and reading the
depressions are very, very small. Atomically small. They’re actually
the tips of Atomic Force Microscopes, and they can form and read
depressions so small (10 nanometers in diameter), and so close together,
that this thermomechanical storage technique can store hundreds of
gigabits/square inch — perhaps as much as one terabit/square inch!
Which is well beyond the (currently) anticipated magnetic recording
limit of perhaps 150 gigabits/square inch (see below). Another way to
look at this is that “about three billion of [these depressions”> fit in
a punch card hole.” (http://www.reuters.com/news_article.jhtml?type=
technologynews&StoryID=1072736)

According to an AP article brought to our attention by reader R. Gautier
(http://apnews1.iwon.com/article/20020611/D7K2NC281.html), this
prototype can already store the text of 25 million pages on the surface
of a postage stamp! That’s 20-times the density of today’s common disk
drives. And this is just the prototype…

This isn’t the death knell for traditional magnetic disk drives — the
read/write speed of Millipede appears (at this time) to be far slower,
and so its initial implementation may be to vastly increase the amount
of memory in portable devices. Imagine, if you will, that if this
technology increases its storage capacity at anything like the “Moore’s
Law-plus” rate of current storage increases, we could have portable
digital devices that might NEVER run out of room for storing pictures,
audio, video, and more.

Which would change a lot of rules.

[snip”>
Copyright (c) 2001-2002, Jeffrey R. Harrow. All rights reserved.
http://www.TheHarrowGroup.com

I Told You So
Alas, a Couple of Bob’s Dire Predictions Have Come True

By Robert X. Cringely
http://www.pbs.org/cringely/pulpit/pulpit20020627.html

Just over three years ago I wrote a column titled “Cooking the Books: How Clever Accounting Techniques are Used to Make Internet Millionaires.” It explained how telecom companies were using accounting tricks to create revenue where there really was none. Take another look at the column (it’s among the links on the “I Like It” page), and think of Worldcom with its recently revealed $3.7 billion in hidden expenses. Then last August, I wrote a column titled “The Death of TCP/IP: Why the Age of Internet Innocence is Over.” Take a look at that column, too, and think about Microsoft’s just-revealed project called Palladium.

The end is near.

Sometimes I’d rather be wrong, but it’s a no-brainer to guess that accountancy, which has apparently become something of an art form or interpretive dance, could have a dark side. And you’ll never lose money betting for Microsoft and against Microsoft’s competitors and customers.

Let’s concentrate on the Microsoft story. Last August, I wrote of a rumor that Microsoft wanted to replace TCP/IP with a proprietary protocol — a protocol owned by Microsoft — that it would tout as being more secure. Actually, the new protocol would likely be TCP/IP with some of the reserved fields used as pointers to proprietary extensions, quite similar to Vines IP, if you remember that product from Banyan Systems. I called it TCP/MS in the column. How do you push for the acceptance of such a protocol? First, make the old one unworkable by placing millions of exploitable TCP/IP stacks out on the Net, ready-to-use by any teenage sociopath. When the Net slows or crashes, the blame would not be assigned to Microsoft. Then ship the new protocol with every new copy of Windows, and install it with every Windows Update over the Internet. Zero to 100 million copies could happen in less than a year.

This week, Microsoft announced Palladium through an exclusive story in Newsweek written by Steven Levy, who ought to have known better. Palladium is the code name for a Microsoft project to make all Internet communication safer by essentially pasting a digital certificate on every application, message, byte, and machine on the Net, then encrypting the data EVEN INSIDE YOUR COMPUTER PROCESSOR. Palladium compatible hardware (presumably chipsets and motherboards) will come from both AMD and Intel, and the software will, of course, come from Microsoft. That software is what I had dubbed TCP/MS.

The point of all this is simple. It may actually make the Internet somewhat safer. But the real purpose of this stuff, I fear, is to take technology owned by nobody (TCP/IP) and replace it with technology owned by Redmond. That’s taking the Internet and turning it into MSN. Oh, and we’ll all have to buy new computers.

This is diabolical. If Microsoft is successful, Palladium will give Bill Gates a piece of every transaction of any type while at the same time marginalizing the work of any competitor who doesn’t choose to be Palladium-compliant. So much for Linux and Open Source, but it goes even further than that. So much for Apple and the Macintosh. It’s a militarized network architecture only Dick Cheney could love.

Ironically, Microsoft says they will reveal Palladium’s source code, which is little more than a head feint toward the Open Source movement. Nobody at Microsoft is saying anything about giving the ownership of that source code away or of allowing just anyone to change it.

Under Palladium as I understand it, the Internet goes from being ours to being theirs. The very data on your hard drive ceases to be yours because it could self-destruct at any time. We’ll end up paying rent to use our own data!

Can you tell I think this is a bad idea?

What bothers me the most about it is not just that we are being sold a bill of goods by the very outfit responsible for making possible most current Internet security problems. “The world is a fearful place (because we allowed it to be by introducing vulnerable designs followed by clueless security initiatives) so let us fix it for you.” Yeah, right. Yet Palladium has a very real chance of succeeding.

How long until only code signed by Microsoft will be allowed to run on the platform? It seems that Microsoft is trying to implement a system that will enable them, once and for all, to charge game console-like royalties to software developers.

But how will this stop the “I just e-mailed you a virus” problem? How does this stop my personal information being sucked out of my PC using cookies? It won’t. Solving those particular problems is not Palladium’s real purpose, which is to increase Microsoft’s market share. It is a marketing concept that will be sold as the solution to a problem. It won’t really work.

Let’s understand here that not all Microsoft products are bad and many are very good. Those products serve real customer needs and do so with genuine purpose, not marketing artifice. But Palladium isn’t that way at all. This is NOT about making things better for the user. This is about removing the ability for the end user to make decisions about how his or her computer functions. It is an effort by Microsoft to take literal ownership of Internet technology, Microsoft’s “embrace and extend” strategy applied for the Nth time, though on a grander scale than we’ve ever seen before. While there is some doubt that the PC will survive a decade from now as a product category, nobody is suggesting the Internet will do anything but grow and grow over that time. Palladium assures that whatever hardware is running on the network of 10 years from now, it will be generating revenue for Microsoft. There is nothing wrong with Microsoft having a survival strategy, but plenty wrong with presenting it as some big favor they are doing for us and for the world.

What’s saddest about this story is that it could be positive. The world is a dangerous place and finding ways to make people responsible for what they do on the Net is probably good, not bad. I just don’t think we have the right people on the job.

http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html

http://www.the5k.org/

http://www.pimientolinux.com/peru2ms/index.html

I reckon this is the neatest site I’ll find this month, just hope too many people don’t catch on.
Adobe’s $10 a month sucks.

Why don’t they PayPal it and charge up your account and you pay per byte?

However they nice people are doing it on the house to promote their PDF plug-ins.

http://www.gobcl.com/

Thank you Mr or Mrs BCL

FREE goBCL SERVICE FROM BCL TECHNOLOGIES IS BACK
goBCL: the fast, free and flexible PDF and HTML creation tool for business professionals

SANTA CLARA, CALIF. April 23, 2002 – BCL Technologies, Inc., a leader in document management and web publishing software, announced today that its free document publishing service, GoBCL is back online with new and improved functionalities and advanced features. GoBCL was offline for a short period of time while it was undergoing several major upgrades, but the service now is once again active. GoBCL provides customers with a fast and free document conversion tool for creating PDF (Portable Document Format) or HTML (Hypertext Mark Up Language) formats from anywhere in the world…

http://www.bclcomputers.com/corporate/press_releases/04_23_02_gobcl_back.htm

Stuart Millar, Lucy Ward and Richard Norton-Taylor
Wednesday June 19, 2002
(c)The Guardian
http://media.guardian.co.uk/newmedia/story/0,7496,740063,00.html

Ministers were yesterday forced into a humiliating climbdown over plans to hand a host of public bodies the right to demand access to the communicatio

ADVERTISEMENT

ns records of telephone and internet users.

Bowing to intense public and political pressure, David Blunkett, the home secretary, admitted that the government had “blundered” into the issue as he announced that the proposals had been shelved to allow more consultation.

The move stunned opposition politicians and civil liberties groups, who had been expecting ministers to unveil tighter safeguards yesterday in response to the wave of resistance that had been growing since the Guardian revealed details of the proposals last week.

The draft order extending the reach of the Regulation of Investigatory Powers Act – due to be debated yesterday, then postponed until next week as opposition swelled – has been withdrawn until the autumn at the earliest. It would have given a host of government departments, local councils and quangos the power to demand, on their own authority, access to detailed communications logs, including individuals’ email records and mobile phone location data. Current legislation gives only the police, the intelligence services, customs and excise and the inland revenue these powers.

Last night the Home Office also withdrew a second draft order giving the same list of public bodies the power to authorise themselves to conduct surveillance against individuals and to use informers.

In a development certain to increase pressure on ministers to restrict the number of bodies able to demand communications data, the Guardian has discovered that the watchdogs appointed to monitor the way ministers and public bodies use the sweeping powers given to them under the act have expressed serious doubts about their ability to do their job properly. It emerged yesterday that the chief surveillance commissioner, Sir Andrew Legatt, will have to oversee the activities of 1,039 public authorities with only a staff of 22 to help him.

In a little-noticed report published this year, he warned: “I clearly cannot carry out any meaningful oversight of so many bodies without assistance.”

Attributing the government’s change of heart partly to the objections of his son, Hugh, who works in the IT industry, Mr Blunkett said the proposals had been interpreted “entirely in the wrong direction”.

“When you are in a hole you should stop digging, and having full consultation on the issues raised seems the best way to do it,” he told BBC Radio 4’s The World at One.

Lord Strathclyde, the Tory leader in the Lords, said: “Had we not made clear that we would seek to defeat these outrageous proposals they would have been rammed through the Commons.”

Richard Allan, the Liberal Democrat home affairs spokesman, said: “This government is not overly willing to stand up and defend civil liberties on principle so I think what has really caused this decision is the fact that the proposals are completely unworkable.”

The Devil is in the detail

· Police, the intelligence services, customs and excise and the inland revenue will be given the power under section 22 of the Regulation of Investigatory Powers Act 2000 to compel telephone, internet and postal service providers to hand over the detailed communications logs of individual users, without first seeking the permission of a judge.

· The Home Office wants to expand this list to include seven government departments, every local council and a host of other public bodies, including the postal service commission and the food standards agency.

· Until this section of Ripa comes into force, the police and all these other organisations can request communications data from service providers under the Data Protection Act, but the provider can refuse if they do not believe there are sufficient grounds for the request. In such cases, the agency making the request must convince a judge to give a court order to obtain the data.

· The data obtained could include name and address, phone calls made and received, source and destination of emails, identity of websites visited, and mobile phone location data which records the user’s whereabouts whenever the phone is switched on to within a few hundred metres. To access the content of communications (eg by placing a wiretap on a telephone or intercepting an email), the authorities still require a warrant from the home secretary.

· The data obtained could include name and address, phone calls made and received, source and destination of emails, identity of websites visited, and mobile phone location data which records the user’s whereabouts whenever the phone is switched on to within a few hundred metres. To access the content of communications (eg by placing a wiretap on a telephone or intercept an email), the authorities still require a warrant from the home secretary

· The data can be obtained on the grounds of national security, preventing or detecting crime, protecting the economic wellbeing of the UK, public health and safety, collecting tax, preventing death or injury in an emergency and any other purpose specified in an order by the home secretary.

Sam Costello, IDG News ServiceBoston Bureau
June 13, 2002, 09:20
http://www.idg.net/go.cgi?id=699337

A new virus can, for the first time, infect image files, according to antivirus software company McAfee Security, a division of Network Associates Inc. This means that the virus could be spread through Web sites containing infected image files, and force antivirus companies to re-engineer their products, McAfee officials said.

The virus, which is being called W32/Perrun by McAfee, is not yet in the wild — meaning it is not spreading on the Internet — and was sent to McAfee by its author early Thursday morning Eastern time, said Vincent Gullotto, senior director for McAfee AVERT (Anti-Virus Emergency Response Team), located in Santa Clara, California.

The virus is built to spread first as an executable, or .exe, file and then in JPEG (Joint Photographic Experts Group) image files, he said. The virus, were it to be spread in the wild, would appear as an executable which would infect JPEGs when it was run, he said. The executable can be transmitted in standard ways, such as by downloading and via e-mail. The first JPEG viewed after the executable is run will have the virus code appended to it, Gullotto said. The virus will then seek out other JPEG files in the same directory and try to infect them, he said.

W32/Perrun is the first virus to infect JPEGs, according to McAfee.

Only machines that already have the executable file on them could be infected because of the way the virus is written, he said. It’s possible, though, that future derivatives of the virus could do away with the executable as a prerequisite for infection, he added.

Because JPEGs are a common image format on the Web, the virus poses a risk of infecting any user who views an infected file on a Web site, Gullotto said. Users would have to have the executable on their systems for this to occur, he said.

The initial version of W32/Perrun that McAfee has examined does nothing more than try to infect other JPEG files, but future versions could be modified to include all manner of code, including Trojan horses and other programs that could potentially leave PCs open to attackers, he said. Future versions of the virus could also be modified to attack other file types, including text files, MP3s and more, he said.

“This may begin to change the face of what files virus writers start to pay attention to,” Gullotto said. “While these files have been safe, we may see a time in the future when these files are not safe.”

Such a circumstance could also force antivirus companies to re-engineer their products, he said. Current antivirus software would experience serious performance degradation if it had to scan image and other files for viruses, he said. If this type of virus attack becomes more prevalent, antivirus software will have to be modified to handle it, he said.

Deception about plans to extend surveillance amounts to an abuse of power
The snooper’s law proves government can’t be trusted

Hugo Young
Tuesday June 18, 2002
(c) The Guardian

http://media.guardian.co.uk/newmedia/comment/0,7496,739531,00.html

Whether Tony Blair is worth trusting is a personal judgment. We can all have our opinions. Look into his eyes, study his body language, gawp at his sortie to the press complaints commission, measure the density of his apologia for what did or did not happen round the Queen Mother’s catafalque, and you may decide against him. Contemplate his enemies, think about their motives, reflect upon the obsessive malignity of their campaign, stare blank-eyed at the self-righteous hyperbole with which they pronounce that he will never be believed again, and you may come to a different view – if you care enough to get into this stuff at all.

Personal assessments will doubtless reflect some prior prejudice. And because they’re ultimately unverifiable, they attract thousands on thousands of words. There’s an inverse ratio between journalistic output and evidential proof. The issue is as elusive as the passion is intense and the objectivity resonantly absent. Does this one man, Prime Minister Blair, deserve our trust? There will be no final answer, just as there never was with Margaret Thatcher, or John Major, or any other leader.

Government, on the other hand, is something else. It is never to be trusted. Here, there is a final answer. Not that government is always bad or wrong. It is essential to the good of mankind. But in the matter of power, government absolutely never deserves our unquestioning reliance. Its use of power demands eternal vigilance. Yet perhaps because this is so tediously so – so lacking in novelty, so unamenable to prurient speculation – its truth is neglected. Contrast the passions about our leader’s disputed follies, and the bored indifference directed to an outrage now being committed by the machine of which he is temporarily in charge.

Next Monday there will be a last chance for MPs to stop this abomination. The story began two years ago, when the Regulation of Investigatory Powers Act (Ripa) passed into law. It was a complicated measure, essentially addressing the outgrowth of electronic data and the need to both enable and control the use of such data by government. It was about sharing and disclosing, and the thrust of it was about crime and national security, along with tax evasion. The branches of the public service listed as authorised to make demands on relevant internet providers and users were exclusively the police, the military, the intelligence services and the inland revenue.

Even before September 11 showed us how this kind of data might be legitimate and useful for the protection of society, Ripa had taken its place in a growing body of such extensions of government power. Hardly a terrorism atrocity could take place anywhere without the British governing machine seizing its moment for emergency legislation. Collecting more and more information became part of the official response to such crisis, regularly approved by parliament. Its justifica tions seeped into the economic as well as security area. Just about anything harmful to any kind of national interest provided a pretext for official data collection.

Then came September 11. The security machine – ie government, one might say, rather than this government uniquely and as such – grew greedier. Last winter’s anti-terrorism bill, among other things, entered the same information warehouse as Ripa, demanding that more should be made available, for a range of purposes which, but for the vigilance of a handful of Lib Dem peers, would have extended even further. As a pair of measures, Ripa and the latest anti-terrorism act legitimise the official capture of private communications – not their content, but every other telling detail electronically available by piecing them together – more copiously than in any other democratic regime in the world.

All this is a done deal, passed by parliament, and it is bad enough. Challenged to defend it, the representatives of the machine – pro tem known as Labour ministers – trot out familiar claims. It was all entirely benign and above board, Bob Ainsworth, Home Office minister, wrote in the Guardian last week: there would be no “fishing expeditions”. Moreover, the system would be regulated. The interception of communications commissioner was in charge of the public interest, and would see it defended: a promise that might be more credible were it not for the disclosure by a parliamentary committee in March 2001 that the commissioner, Lord Justice Swinton Thomas, with a two-strong office, “did not even have enough staff to open the mail”.

Now, though, the story gets worse. Unless parliament vetoes the relevant executive order on Monday, a story broken by the Guardian last week will come to pass. A panoply of new public authorities will be vested with the powers that Ripa confines to police, military, intelligence and tax officials. There are 24 new categories, one of which includes every local authority. Everything from the Health Department to the food standards agency will be given the power to snoop, with only Swinton Thomas to check them: tens of millions of privacy invasions, potentially, invigilated by an office of three people, with the subjects of the snooping left in ignorance.

Trust is the right neuralgic word to raise here. There are several breaches of it. One was the calculated failure to list all these public authorities when Ripa was struggling through the Lords. Controversial already, the bill might have been judged insupportable if ministers revealed that the health and safety executive were to get the same powers as MI6. Plainly the machine’s full intentions were held back as a piece of crude political calculation which parliament could do nothing about. This was a conventional, but still confidence-sapping, abuse of power.

Second, when the question was raised with Patricia Hewitt – on the Guardian website, during the election – she denied three times that a new law would be passed compelling service providers to log and retain for up to seven years all data on email addresses and websites browsed, which is in effect what the anti-terrorism act and the extension of Ripa provide for. Confronted with this u-turn, the machine says that September 11 changed everything. That is an irrelevant distraction. The authorities that are about to be given power to call on such data have little, more usually nothing, to do with terrorism.

Third, where is this to lead? A natural ambition of the machine is to have access to all information about every citizen, which electronic storage makes possible if the right legislative framework is provided. The extended Ripa helps make that framework. This prospect seems rather more central – more revolutionary, bold and sinister – to the life of Britain than the question of whether we see Alastair Campbell as a bigger liar than the editor of the Daily Mail. Yet the same level of indignation somehow eludes it. Raging at the leader, we miss the elephant, on which he is but a passing gnat.

h.young@guardian.co.uk

Secret plan to prevent disclosure at trials

Stuart Millar and Richard Norton-Taylor
Tuesday June 18, 2002
(c) The Guardian

http://media.guardian.co.uk/newmedia/story/0,7496,739518,00.html

Surveillance techniques to be used by law enforcement agencies to access internet and telephone records will be kept so secret that criminal prosecuti

ADVERTISEMENT

ons may be abandoned to prevent their disclosure, according to a classified police manual passed to the Guardian.

Amid mounting opposition to government moves to allow a host of public bodies to access phone, email and internet traffic data without a court order, the leaked document from the Association of Chief Police Officers sets out the lengths to which forces must go to prevent their communications surveillance methods being revealed.

The manual, dated March 20 2002 and marked “Draft – not for open publication”, reveals that law enforcement agencies will be expected to seek controversial public interest immunity (PII) certificates to prevent disclosure at trial.

Senior officers acknowledge in the manual that the ability to access communications logs without first seeking the permission of a judge gives British police powers far in excess of those enjoyed by their counterparts in most other countries.

“In many other countries this process requires a judicial order,” the manual says. “There is a need to balance this important power against the right to privacy and to ensure that it is properly used.”

The document, which will be used by every police force, the national crime squad, the national criminal intelligence service, the Scottish drug enforcement agency and customs and excise once approved, states: “This manual contains significant areas of explanation concerning the application of covert techniques, the release of which would be likely to aid offenders in the frustration of law enforcement.”

It continues: “There is an expectation that law enforcement agencies will take all reasonable steps to protect any sensitive methodology in accessing communications data through applications for PII, even in cases where the product is intended for use in evidence.”

In cases where this tactic is inappropriate and sensitive material is at risk of disclosure, the crown prosecution service may have to advise that the prosecutions be stayed.

The use of PII certificates has been at the centre of some of the most high-profile judicial scandals. They were savagely attacked by Labour, most famously in the Iraq supergun trial, when they were in opposition. Their use was heavily criticised by Lord Scott in his arms-to-Iraq inquiry.

PIIs were also used in the M25 murder case, where the conviction of the three defendants was quashed after the European human rights court said they had been denied the right to a fair trial because evidence of informers – protected by PIIs – was not disclosed at the trial. John Wadham, director of Liberty, said: “This story gets worse and worse. Preventing the defendant from having access to secret documents but giving them to the judge is a fundamental erosion of the right to a fair trial.”

Details of the manual emerged as the government indicated that it will make limited concessions to proposals, revealed by the Guardian last week, to extend the power to access communications records without a court order to a range of government departments, local councils and quangos.

But the modifications, which may include limiting the scope of data these organisations can authorise themselves to obtain, are unlikely to quell the public concern.

A committee of MPs was today due to debate the proposal, introduced under the Regulation of Investigatory Powers Act, but the hearing has been postponed until next week, when the move will face stiff opposition from across the political spectrum.

Tom Watson, a Labour member of the home affairs committee, said: “When I read the breadth of this order I was shocked. I have no problem with the police having these powers to crack down on organised crime or terrorism. But the draft order gives the world and his dog the right to snoop on emails and phone calls.”

The latest Acpo document will hand fresh ammunition to government critics. According to the manual, the interception of communications commissioner, a senior judge appointed by the government to monitor how the powers are used, will provide an adequate safeguard to prevent the powers being misused.

But critics say the commissioner, Sir Swinton Thomas, a retired appeal court judge, is so under-resourced that it will be impossible for him to check the thousands of data retention notices likely to be issued by police and other agencies.

http://www.freessl.com/
http://name.space.xs2.net/ ???

http://www.cen.uiuc.edu/cgi-bin/weblint/
http://www.mirror.ac.uk/services/validator/
A general list

http://www.kartoo.com

http://www.auctionurls.co.uk/