RSS

College Classes On Malware Writing Still Piss Off Anti-Virus Firms

Mon, 4th August 2008, 11:30

http://techdirt.com/articles/20080803/1834441874.shtml

Over five years ago, we wrote about a college that was starting to offer a new computer science class in writing computer viruses. And, of course, various anti-virus companies went ballistic, claiming how dangerous it was. Yet, as we pointed out at the time, anti-virus companies don't have the greatest track record in actually stopping viruses -- so it seemed only reasonable to teach people to better "think like the enemy." Anyway, it appears not much has changed. Theodp writes in to let us know about an article in Newsweek about a very similar course being taught at Sonoma State University by George Ledin, where students are tasked with creating their own malware.

Once again, various security companies are condemning the technique, even sinking so low as to compare Ledin to A.Q. Khan, the Pakistani scientist who sold nuclear technology to North Korea. They even insist they won't hire his students -- which seems particularly short-sighted. As Ledin points out, it appears that this is really more about the security companies wanting to keep the world more scared than they need to be of malware, so as to pretend that they're the only ones who can solve the "problem" -- when the truth is they're not very effective at it. He complains that anti-virus firms keep their code secret (thank you, DMCA). He points out that if they were willing to open it up, and let lots of folks work on improving it, it would get much, much better. All he's trying to do is help more people understand the enemy without first having to work at one of those companies that's been so ineffective in stopping malware -- in the hopes that maybe some of his students can actually come up with a better soltuion.

When your name gets turned against you

Sun, 3rd August 2008, 11:09

The following column is cute in a sadistic kind of way. We've all come up against similar walls when dealing with the unresponsiveness of large corporate conglomerates. Probally why most people give the best reviews for the smaller hosts

By Daniel Rubin Inquirer Columnist

Don't even start with the jokes. He's heard them all before. And he is not amused. You're either broken or made stronger when you grow up in 1940s West Philadelphia and your last name is Libshitz. And Dr. Herman I. Libshitz, retired radiologist, is no pushover. Verizon is learning this the hard way.

This spring, the 69-year-old physician and his wife, Alison, were trying to upgrade the Internet service in their summer place in Rehoboth Beach, Del. They had dial-up. They wanted DSL. When it was time to enter their user name and create an e-mail address, Verizon wouldn't let them complete the job.

This is how the doctor remembers it:

"We called their help line, and got a wonderful young man in the Philippines who told us: " 'We can't install it because your name has - in it.' "

I asked the doctor how I was going to print that. He said, "Just say it's a word contained in Libshitz."

He'd defended his family name with his fists as a boy at 58th and Pine. He wore it proudly on his Air Force uniform during the Vietnam era when he was defending his country. He'd displayed it on white coats at Hahnemann and Jefferson, then at Duke and Texas, where he spent most of his distinguished career, before retiring to Chestertown, Md. He'd signed it to 200 academic papers and six texts. The doctor asked to speak with a supervisor.

What's in a name

The Libshitzes got the same answer from the supervisor, who suggested they try misspelling their last name. That wouldn't do, either.

The couple uses Libshitz in its e-mail address with Prodigy. So there had to be some way around the rules, the two figured. The doctor went for a third opinion. This involved a little subterfuge. He dialed the Verizon number for billing disputes. He explained his problem, "and the first person said, 'That's outrageous,' and put me on to a second person, who said he'd never heard of such a thing."

A third supervisor, from a help line in Norfolk, Va., agreed as well, but said the only person who could help was in Tampa, and that man would have to call India to get them to change the computer code. No one called him back.

Several days later, Libshitz received a letter from Verizon's customer-relations desk in Everett, Wash., informing him that he could not have the user name because it didn't comply with company rules. So the couple returned the Verizon DSL kit.

"If I can't use my own name, I'm going to stay with my AT&T dial-up," the doctor said. "The hell with them."

Ten-hut!

What he wants, he says, "is for these people at least to stand at attention to explain themselves. I don't know if you've ever tried to get to Verizon. . . . You cannot get to them. They are insulated from things like this." I called Sharon B. Schaffer, a Verizon spokeswoman, who offered a refreshing answer to my question as to how this happened.

"I don't have a clue," she said. "Actually, I'm kind of surprised. If this is Dr. Libshitz's name, your name is your identity. He's had this his entire life. . . . I think he needs a little bit of personal attention."

A couple days later, she e-mailed me a formal response: "As a general rule (since 2005) Verizon doesn't allow questionable language in e-mail addresses, but we can, and do, make exceptions based on reasonable requests. The one from Dr. and Mrs. Libshitz certainly is reasonable and we regret the inconvenience and frustration they've been caused."

The doctor said he was willing to try again, but grudgingly. "These people have no trouble putting me in their phone book. They send me mail with that name, they send me a bill routinely, and they cash my checks with Libshitz on it. They just offended me."

original www.philly.com/philly/hp/news_update/26089374.

Dutch vacuum salesman pumps Google for €1m

Fri, 1st August 2008, 13:02

By Chris Williams

www.theregister.co.uk/2008/08/01/dutch_vacuum_knol_google/

A Dutch vacuum cleaner salesman is demanding a massive payday from Google in exchange for control of his company's web address, Knol.com.

The advertising giant is aiming to end its heavy reliance on Wikipedia for useful search results by brewing its own web encyclopedia, Knol (it's short for knowledge, apparently). The new site differs from Wikipedia's free-for-all/Sum of All Human Knowledge™ editing policy by giving individuals ownership of articles they write, and allowing more than one article on the same topic. It being a Google venture, there's plenty of contextual ads, too.

There can't be many who dare twist Google's arm in a business deal these days, but Hilco Knol, 43, registered Knol.com years ago, long before Google's Wiki-beating plans were made public. His firm uses the address to resell professional steam cleaning equipment.

Acccording to a translation from Dutch newspaper AD, Knol has received a buyout bid carrying five zeros from Mountain View, but he refuses to part with his domain for less than €1m. He said: "It would only be interesting if Google made an offer with six zeros, because the Dutch tax rate of 52 percent would leave too little on the table. An offer in the million Euro range would make things a lot more fun."

When Google first announced Knol in December last year, it hadn't bothered to contact Hilco about the domain. He argues that changing all his company stationery and publicity will be an expensive endeavour. In the meantime, visits to Knol.com have rocketed. ®

 

Network Solution goes down in UK

Thu, 31st July 2008, 20:28

It is being reported that the NetworkSolution's UK branch has gone down.

While there seems to be no issues in the US network, clients are reporting the outage  on a number of hosting foruums. Network Solution.com makes no mention of any service inturuptions  on their US website.

Network Solutions has a history of ownership change and growth. After going public in 1997, they were aquired by Verisign in 2000.  They have been purchased since by 3 other owners. Today they are presently owned by General Atlantic.

We will continue to update the status as it becomes available

Update August 1 2008 10am

Networks Solution continues to have issues.

Idcdc reports: For what is worth, it's down in Romania as well.

 Update Aug 1 2008  6:24

Network Solutions is back online   :>)

Hosting company CTN1 France down

Wed, 30th July 2008, 18:33

Hosting company CTN1 in France is down for the third day.Initially it was rumoured to be a server migration to a new data center....well three days would be excessive.

Maybe they could plug one in and update their clients. Just a thought.

CTN1 WebLog

This message is additional information which follows the migration of infrastructure CTN1 site at Aubervilliers TelecityGroup (France, Europe) to the site ...
blog.ctn1.net/en/ - 25k - Cached - Similar pages
 
But of course the page can't be found.

Check out all the great hosts reviewed at HostJury.

 

Issues at One9host

Wed, 30th July 2008, 11:21

It seems that One9host .net is having issues. It is being reported that they have been down for 2 days. We have attempted to contact the site admins in both New Jersey and California, but so far have got no response. 

 

Acqusition of HostVector by MILLENNIUM DATA Leaves Clients Frustrated

Tue, 29th July 2008, 19:01

The following press release was taken in part from the Millennium Data site:

 Vaughan, Ontario Canada – July 18, 2008 – Millennium Data Systems, an emerging Canadian managed services company announced it has acquired the assets of HostVector (www.hostvector.com ), a Toronto based managed hosting provider.

“HostVector’s array of hosted network services which include; dedicated, virtual and e-mail hosting will complement Millennium’s current managed services offerings”, commented Tony Di Benedetto, CEO of Millennium Data Systems.

It continues.... Management expects HostVector assets to be fully integrated by August 2008, with no disruptions to HostVector’s 1000+ clients however history shows otherwise:

The Reality of the situation

"About 26 hours ago my email client stopped pulling email from my Hostvector account, where I host multiple websites.
This morning I got a call from a client that their website (that I host through Hostvector) was down - their ebay listing pictures, oscommerce site etc are all unavailable - and still are.

I called into HV's tech support and got a frontend voicemail message announcing a DNS change and that all should be well soon - or at least by midnight tonight. There was no way to reach a live person.

To offer them patience/benefit of doubt, I wait until midnite - no services. On hold again with them"

A great deal of their clientele seem to have been down for 24+ hours leaving the HostVector clients without a single question answered.

 

 

 

We knew the web was big...

Sat, 26th July 2008, 13:53


We've known it for a long time: the web is big. The first Google index in 1998 already had 26 million pages, and by 2000 the Google index reached the one billion mark. Over the last eight years, we've seen a lot of big numbers about how much content is really out there. Recently, even our search engineers stopped in awe about just how big the web is these days -- when our systems that process links on the web to find new content hit a milestone: 1 trillion (as in 1,000,000,000,000) unique URLs on the web at once!

How do we find all those pages? We start at a set of well-connected initial pages and follow each of their links to new pages. Then we follow the links on those new pages to even more pages and so on, until we have a huge list of links. In fact, we found even more than 1 trillion individual links, but not all of them lead to unique web pages. Many pages have multiple URLs with exactly the same content or URLs that are auto-generated copies of each other. Even after removing those exact duplicates, we saw a trillion unique URLs, and the number of individual web pages out there is growing by several billion pages per day.

So how many unique pages does the web really contain? We don't know; we don't have time to look at them all! :-) Strictly speaking, the number of pages out there is infinite -- for example, web calendars may have a "next day" link, and we could follow that link forever, each time finding a "new" page. We're not doing that, obviously, since there would be little benefit to you. But this example shows that the size of the web really depends on your definition of what's a useful page, and there is no exact answer.

We don't index every one of those trillion pages -- many of them are similar to each other, or represent auto-generated content similar to the calendar example that isn't very useful to searchers. But we're proud to have the most comprehensive index of any search engine, and our goal always has been to index all the world's data.

To keep up with this volume of information, our systems have come a long way since the first set of web data Google processed to answer queries. Back then, we did everything in batches: one workstation could compute the PageRank graph on 26 million pages in a couple of hours, and that set of pages would be used as Google's index for a fixed period of time. Today, Google downloads the web continuously, collecting updated page information and re-processing the entire web-link graph several times per day. This graph of one trillion URLs is similar to a map made up of one trillion intersections. So multiple times every day, we do the computational equivalent of fully exploring every intersection of every road in the United States. Except it'd be a map about 50,000 times as big as the U.S., with 50,000 times as many roads and intersections.

As you can see, our distributed infrastructure allows applications to efficiently traverse a link graph with many trillions of connections, or quickly sort petabytes of data, just to prepare to answer the most important question: your next Google search.

from the google blog
http://googleblog.blogspot.com/2008/...b-was-big.html

Google gives GMail always-on encryption

Sat, 26th July 2008, 13:12

By Dan Goodin in San Francisco

http://www.theregister.co.uk/2008/07/25/gmail_adds_https_only/

Google is adding a much-demanded feature to its email service that offers improved security by ensuring users get an encrypted connection each time they access their account via a web connection.

The new option means email sessions are automatically protected from start to finish with the secure sockets layer protocol even if a user accesses the account by typing http://gmail.com, rather than https://gmail.com/ (notice the presence of "https" in the latter).

The move helps protect users against a vulnerability known as sidejacking, which researcher Rob Graham of Errata Security warned against last year. It turns out the vast majority of websites drop the SSL protection as soon as a user has logged in. This allows attackers to snoop on web sessions over unsecured Wi-Fi connections even when a password was typed into a page during an encrypted session.

Google is one of the only services we know of that guards against this threat by offering start-to-finish SSL protection. But up to now, users ran the risk that a connection might inadvertently be unprotected, either because they forgot to type in the correct URL or the connect was reset.

To turn on the feature, open your GMail account, choose settings and scroll to the bottom of the page. In the section labeled "Browser Connection," choose the radio button that says "Always use https." Google warns the protection could slow down connections, so if you don't use insecure networks you may not want to bother. The offering doesn't appear to be available yet for Google Apps.

If only eBay, Yahoo Mail, MySpace, Facebook and the rest of the gang would follow suit.

Microsoft Challenges Google's PageRank Technology

Sat, 26th July 2008, 12:43

By Mark Long
http://www.crm-daily.com/story.xhtml?story_id=60984

Google's PageRank Web site-ranking method is being challenged by Microsoft. Microsoft's new tool, BrowseRank, aims to add a human factor to the site-ranking process. Microsoft claims PageRank does not take into account frequency and staying time of Web site visits, while BrowseRank monitors user behavior data to calculate page importance.

Microsoft Relevant Products/Services engineers, in collaboration with researchers at several Asian institutions, have proposed a new method for improving upon the Web page rankings produced by today's search engine requests. Called BrowseRank, the new approach adds a human factor to the process by weighing how people actually use the Internet, the collaborators reported in a paper recently presented before the Special Interest Group on Information Retrieval.

"The more visits [to] the page made by the users, and the longer time periods spent by the users on the page, the more likely the page is important," the paper's authors noted. The goal is to "leverage hundreds of millions of users' 'implicit voting' on page importance," they said, "in accordance with the concept of Web 2.0."

Missing the Mark

Google's trademarked PageRank method measures the relative importance of Web pages through the use of a sequence of data-processing instructions -- called a link analysis algorithm -- that assigns a numerical weighting to each element within any given set of hyperlinked documents.

"Pages that we believe are important pages receive a higher PageRank and are more likely to appear at the top of the search results," Google said. "We have always taken a pragmatic approach to help improve search quality and create useful products, and our technology uses the collective intelligence of the Web to determine a page's importance."

Gauging the relevance of Internet searches is extremely important to Google, Yahoo and Microsoft because it allows the search engine leaders to more precisely target their placement of ads on behalf of clients. But Microsoft and its collaborators claim that PageRank misses the mark because it allows the importance of pages to become artificially inflated.

For example, Web sites such as Adobe.com are ranked very high by PageRank because Adobe.com has millions of sites linking to it for Acrobat Reader and Flash Player downloads. "However, Web users do not really visit such Web sites very frequently, and they should not be regarded [as] more important than the Web sites on which users spend much more time, like MySpace.com and Facebook.com," they explained.

Giving Users a Vote

Microsoft and its academic collaborators say their new method is superior because it is based on a user-browsing graph that is generated from data that reflects actual human behavior. "User-behavior data can be recorded by Internet browsers at Web clients and collected at a Web server," they said.

BrowseRank's user-browsing graph can more precisely represent the Web surfer's random walk process, and thus is more useful for calculating page importance, the collaborators claim. Furthermore, the amount of time spent on the pages by users is also included under the BrowseRank method.

"In this way, we can leverage hundreds of millions of users' implicit voting on page importance," researchers explained. "Experimental results show that BrowseRank indeed outperforms the baseline methods, such as PageRank and TrustRank, in several tasks."

For its part, Google notes that PageRank, which is based on a Stanford University patent, is not the only method it employs to rank search engine results. Instead, Google said it relies on more than 200 different signals to examine the entire link structure of the Web and determine which pages are most important.

"We then conduct hypertext-matching analysis to determine which pages are relevant to the specific search being conducted," Google explained. "By combining overall importance and query-specific relevance, we're able to put the most relevant and reliable results first."

Advice to employees on proper use of the System Administrator's valuable time

Sat, 26th July 2008, 02:10

(In following examples, we will substitute the name "Ted" as the System Administrator)

  • Make sure to save all your MP3 files on your network drive. No sense in wasting valuable space on your local drive! Plus, Ted loves browsing through 100+ GB of music files while he backs up the servers.
  • Play with all the wires you can find. If you can't find enough, open something up to expose them. After you have finished, and nothing works anymore, put it all back together and call Ted. Deny that you touched anything and that it was working perfectly only five minutes ago. Ted just loves a good mystery. For added effect you can keep looking over his shoulder and ask what each wire is for.
  • Never write down error messages. Just click OK, or restart your computer. Ted likes to guess what the error message was.
  • When talking about your computer, use terms like "Thingy" and "Big Connector."
  • If you get an EXE file in an email attachment, open it immediately. Ted likes to make sure the anti-virus software is working properly.
  • When Ted says he coming right over, log out and go for coffee. It's no problem for him to remember your password.
  • When you call Ted to have your computer moved, be sure to leave it buried under a year-old pile of postcards, baby pictures, stuffed animals, dried flowers, unpaid bills, bowling trophies and Popsicle sticks. Ted doesn't have a life, and he finds it deeply moving to catch a glimpse of yours.
  • When Ted sends you an email marked as "Highly Important" or "Action Required", delete it at once. He's probably just testing some new-fangled email software.
  • When Ted's eating lunch at his desk or in the lunchroom, walk right in, grab a few of his fries, then spill your guts and expect him to respond immediately. Ted lives to serve, and he's always ready to think about fixing computers, especially yours.
  • When Ted's at the water cooler or outside taking a breath of fresh air, find him and ask him a computer question. The only reason he takes breaks at all is to ferret out all those employees who don't have email or a telephone.
  • Send urgent email ALL IN UPPERCASE. The mail server picks it up and flags it as a rush delivery.
  • When the photocopier doesn't work, call Ted. There's electronics in it, so it should be right up his alley.
  • When you're getting a NO DIAL TONE message at your home computer, call Ted. He enjoys fixing telephone problems from remote locations. Especially on weekends.
  • When something goes wrong with your home PC, dump it on Ted's chair the next morning with no name, no phone number, and no description of the problem. Ted just loves a good mystery.
  • When you have Ted on the phone walking you through changing a setting on your PC, read the newspaper. Ted doesn't actually mean for you to DO anything. He just loves to hear himself talk.
  • When your company offers training on an upcoming OS upgrade, don't bother to sign up. Ted will be there to hold your hand when the time comes.
  • When the printer won't print, re-send the job 20 times in rapid succession. That should do the trick.
  • When the printer still won't print after 20 tries, send the job to all the printers in the office. One of them is bound to work.
  • Don't use online help. Online help is for wimps.
  • Don't read the operator's manual. Manuals are for wussies.
  • If you're taking night classes in computer science, feel free to demonstrate your fledgling expertise by updating the network drivers for you and all your co-workers. Ted will be grateful for the overtime when he has to stay until 2:30am fixing all of them.
  • When Ted's fixing your computer at a quarter past one, eat your Whopper with cheese in his face. He functions better when he's slightly dizzy from hunger.
  • When Ted asks you whether you've installed any new software on your computer, LIE. It's no one else's business what you've got on your computer.
  • If the mouse cable keeps knocking down the framed picture of your dog, lift the monitor and stuff the cable under it. Those skinny Mouse cables were designed to have 55 lbs. of computer monitor crushing them.
  • If the space bar on your keyboard doesn't work, blame Ted for not upgrading it sooner. Hell, it's not your fault there's a half pound of pizza crust crumbs, nail clippings, and big sticky drops of Mountain Dew under the keys.
  • When you get the message saying "Are you sure?", click the "Yes" button as fast as you can. Hell, if you weren't sure, you wouldn't be doing it, would you?
  • Feel perfectly free to say things like "I don't know nothing about that boneheaded computer crap." It never bothers Ted to hear his area of professional expertise referred to as boneheaded crap.
  • Don't even think of breaking large print jobs down into smaller chunks. God forbid somebody else should sneak a one-page job in between your 500-page Word document.
  • When you send that 500-page document to the printer, don't bother to check if the printer has enough paper. That's Ted's job.
  • When Ted calls you 30 minutes later and tells you that the printer printed 24 pages of your 500-page document before it ran out of paper, and there are now nine other jobs in the queue behind yours, ask him why he didn't bother to add more paper.
  • When you receive a 130 MB movie file, send it to everyone as a high-priority mail attachment. Ted's provided plenty of disk space and processor capacity on the new mail server for just those kinds of important things.
  • When you bump into Ted in the grocery store on a Sunday afternoon, ask him computer questions. He works 24/7, and is always thinking about computers, even when he's at super-market buying toilet paper and doggie treats.
  • If your son is a student in computer science, have him come in on the weekends and do his projects on your office computer. Ted will be there for you when your son's illegal copy of Visual Basic 6.0 makes the Access database keel over and die.
  • When you bring Ted your own "no-name" brand PC to repair for free at the office, tell him how urgently he needs to fix it so you can get back to playing EverQuest. He'll get on it right away, because everyone knows he doesn't do anything all day except surf the Internet.
  • Don't ever thank Ted. He loves fixing everything AND getting paid for it!
http://www.sysadminday.com/time.html

Rogers Looks For New Ways To Annoy Customers, Hijacks Failed DNS Lookups

Thu, 24th July 2008, 10:13

http://techdirt.com/articles/20080720/1055151734.shtml

Rogers -- a Canadian telco -- has been attracting a lot of negative attention lately between deliberately disabling notifications for cellular roaming charges, setting ridiculous iPhone pricing plans and injecting its own content into Google's home page. As if that wasn't enough, Rogers has started hijacking failed DNS lookups. This means that when a user types in a web address that doesn't exist, instead of getting a "page not found" error, the user is redirected to a search page filled with banner ads and sponsored links. Michael Geist notes that there's an "opt-out" feature, but it doesn't take long to see that it's pretty pathetic. The "opt-out" sends a cookie which just redirects the user to a different Rogers page instead -- a fake "Internet Explorer" error page hosted on the same server. It does essentially the exact same thing, only pretending (poorly, for non-IE users) to revert back to expected behavior. And the option is reset whenever the browser's cookies are cleared. The comments on Geist's post are evidence that many Rogers customers are not pleased (myself included).

This isn't just annoying, it's also a security threat. It breaks how the internet was designed to work; a lot of software is written with the expectation that a DNS lookup for a non-existent domain name will return an error. For example, Kevin Dean notes in the comments on Geist's post how this has caused problems for him accessing his VPN. At first, he thought his computer had been compromised, since Rogers' new "feature" ends up resembling a hostile attempt to redirect traffic to an unknown server.

Some American ISPs already do this, such as Earthlink (which was used to demonstrate the security risk), though it seems to have a slightly better opt-out process, instructing users to configure alternate DNS servers instead of setting a browser cookie. VeriSign had originally tried to do something similar with SiteFinder back in 2003 (though not at the ISP level), but it didn't exactly go over too well. VeriSign reluctantly backed off, though it just recently obtained a patent on the concept. Rogers is the first Canadian ISP to implement the practice and it seems to think it won't meet much resistance. In another comment on Geist's post, Ian relates a telling quote from the FAQs page for Paxfire (the American company handling this for Rogers): "What feedback you do receive typically will come from a small group of highly technical users. Even that feedback tends to fall away after just a few weeks -- as they get used to the new behavior."

Rogers thinks it can just brush off complaints from its users, especially since there really isn't a lot of choice in the Canadian ISP market. However, Rogers should be careful in treading so brazenly into what some consider "net neutrality" territory. Bell Canada (one of Rogers' few competitors) has landed itself in front of a national regulatory body over its throttling practices. Rogers wants to have complete control over its network, but by continually pushing the line they only spur on the debate about net neutrality and government regulation. We haven't heard the last of this.

Monster Cable's Lawyers Realize Difference Between Salt Lick And A TV Cable

Wed, 23rd July 2008, 17:41

http://techdirt.com/articles/20080722/1513011763.shtml

Monster Cable has a long history of abusing trademark law to threaten and/or sue pretty much any company that uses the name "Monster" in its brand. That has included the TV show Monster Garage, a clothing store called MonsterVintage, Disney for the movie Monsters, Inc., the makers of Monster Energy drink, the Chicago Bears for having the nickname "Monsters of the Midway," and the Boston Red Sox for offering "Monster seats" on top of their famous "Green Monster" wall. We recently noted that it had also gone after Monster Mini Golf.

Of course, that's not how trademark law works. It doesn't give Monster Cable total control over the name Monster. It just gives the company the right to prevent others from using the brand in the same market in a way that is likely to confuse consumers. It's difficult to believe that anyone would think that Monsters, Inc., was somehow from Monster Cable. But, on and on it goes -- though, it appears that Monster Cable's lawyers were finally convinced to drop one suit. An anonymous reader points us to the news that Monster Cable has withdrawn its trademark challenge against the makers of Monster Deer Block, a salt and mineral lick designed to attract wild deer. Apparently, some lawyers for the makers of Monster Deer Block persuaded Monster Cable's lawyers that there was little chance of consumer confusion between the product and the makers of expensive audio/video cabling.

 

Jailed SF Admin Gives Up Keys to Networks

Wed, 23rd July 2008, 15:25

Wednesday, July 23, 2008 1:30 AM PDT

San Francisco Mayor Gavin Newsom met with jailed IT administrator Terry Childs Monday, convincing him to hand over the administrative passwords to the city's multimillion dollar wide area network.

Childs made headlines last week when he was arrested and charged with four counts of computer tampering, after he refused to give over passwords to the Cisco Systems switches and routers used on the city's FiberWAN network, which carries about 60 percent of the municipal government's network traffic. Childs, who managed the network before his arrest, has been locked up in the county jail since July 13.

On Monday afternoon, he handed the passwords over to Mayor Newsom, who was "the only person he felt he could trust," according to a declaration filed in court by his attorney, Erin Crane. Newsom is ultimately responsible for the Department of Telecommunications and Information Services (DTIS) where Childs worked for the past five years

Mayor Newsom secured the passwords without first telling DTIS about his meeting with Childs, according to DTIS chief administrative officer Ron Vinson, who added, "We're very happy the mayor embarked on his clandestine mission."

The department now has full administrative control of the network, he said in an interview Tuesday night.

It's likely that Childs had a lot to tell the mayor when the two met.

Childs' attorney has asked the judge to reduce Childs US$5 million bail bond, describing her client as a man who felt himself surrounded by incompetents and supervised by a manager who he felt was undermining his work.

"None of the persons who requested the password information from Mr. Childs ... were qualified to have it," she said in a court filing.

Childs intends to disprove the charges against him but also "expose the utter mismanagement, negligence and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger," his motion reads.

Vinson dismissed the allegations. "In Terry Childs' mind, obviously he thinks the network is his, but it's not. It's the taxpayers'," he said. "The reason he's been sitting in jail is because he denied the department and others access to the system."

The court filings help explain just how this happened.

According to an affidavit from James Ramsey, an inspector with the San Francisco Police Department, he and other investigators discovered dial-up and DSL (digital subscriber line) modems that would allow an unauthorized connection to the FiberWAN. He also found that Childs had configured several of the Cisco devices with a command that would erase critical configuration data in the event that anyone tried to restore administrative access to the devices, something Ramsey saw as dangerous because no backup configuration files could be found.

This command, called a No Service Password Recovery is often used by engineers to add an extra level of security to networks, said Mike Chase, regional director of engineering with FusionStorm, an IT services provider that supports Cisco products.

But without access to either Childs' passwords or the backup configuration files, administrators would have to essentially re-configure their entire network, an error-prone and time consuming possibility, Chase said. "It's basically like playing 3D chess," he said. "In that situation, you're stuck interviewing everybody at every site getting anecdotal stories of who's connected to what. And then you're guaranteed to miss something."

Without the passwords, the network would still continue to run, but it would be impossible to reconfigure the equipment. The only way to restore these devices to a manageable state would be to knock them offline and then reconfigure them, something that would take weeks or months to complete, disrupt service and cost the city "hundreds of thousands, if not millions of dollars," Ramsey claims.

Crane argues that these monitoring devices were installed with management's permission and were critical to the smooth functioning of the network. They would page Childs when the system went down and allow him to remotely access the network from his personal computer in case of an emergency.

In interviews, current and former DTIS staffers describe Childs as a well respected co-worker who may have gone too far under the pressure of working in a department that had been demoralized and drastically cut as the city moved forward with plans to decentralize IT operations.

About 200 of the department's 350 IT positions had been cut since 2000, mostly to be relocated to other divisions within city government, said Richard Isen, IT chapter president with Childs' union, the International Federation of Professional and Technical Engineers, Local 21.

Despite his conflict with some in the department, Childs has a lot of support there, Isen said. "There is a lot of sympathy, only because there is a basic feeling that management misunderstand what we actually do and doesn't appreciate the complexity of the work."

(Paul Venezia is Senior Contributing Editor with InfoWorld)

http://www.pcworld.com/businesscenter/article/148787/san_franciscos_mayor_gets_back_keys_to_the_network.html

Japan Hits $100 Billion in Mobile Content Sales

Wed, 23rd July 2008, 12:10

Martyn Williams has an interesting look at the Japanese market. He notes that for the calendar year 2007, more than $100 billion was spent on mobile content. The total was actually $107.5 billion and includes items such as ring tones, Web site subscriptions and e-commerce purchases. E-commerce made up about 65% of the total amount spent and all sorts of transactions were handled including: movie and event ticket sales, travel reservations, air and rail ticket sales, stock trading and online auctions.

The biggest percentage gain came from "high-fidelity music" which increased 42% thanks to more mobile devices handling better quality sound. Mobile gaming jumped 13% as well.

Interesting stats

Written by Allen Stern

GoDaddy’s Domain Registration Totally Screws .me

Fri, 18th July 2008, 02:40

Reported on Techcrunch Jason Kincaid
http://www.techcrunch.com/2008/07/17...lly-screws-me/

Earlier this year GoDaddy won the rights to distribute domains under the extension .me, which belongs to the country of Montenegro. After a number of private distribution periods for corporations, the highly desirable extension finally went on sale this morning for $20 dollars a year (with a minimum 2 year purchase - nice). And now, things are rapidly descending into chaos.

Many users have reported getting confirmations (and credit card charges) for their domains, only to receive the following cancellation notice about an hour later:

Dear Jason Kincaid,
The following domain name has failed to be registered:
WATCH.ME
Error: WATCH.ME: cannot register - already registered
We will evaluate this error and retry the registration
if appropriate.
If we are unable to successfully register the domain
name, your account will be credited accordingly. Please
allow one business day for the refund to be processed.

Understandably, a lot of people are outraged. And, disappointment and shattered dreams aside, there’s the issue of who actually will wind up owning each domain. A Twitter search for “hug.me” shows that at least a half dozen people hold confirmation letters (myself included).

GoDaddy says that the problems are a result of a “SuperBowl -like response to the open registration” that exceeded everyone’s expectations and wound up crushing their servers. Apparently they didn’t realize that after months of pent up demand and publicity for an extremely desirable domain, they’d be seeing an onslaught of prospective buyers.

The company says that disgruntled users can expect a refund in the next 24-48 hours, and that the servers should be stable now. No word on when we’ll know if we actually own our newly-purchased domains.
__________________

Dot Pro Release Date Pushed Back

Thu, 17th July 2008, 17:56

Due to unanticipated levels of interest inthe presale of Dot Pro  domain names, Registry Pro has moved their 'go live' date from July 14 to September 8.

After meeting with a number of registrars last week at the ICANN conference in Paris, and talking to current and prospective registrars about implementation of the modified restrictions passed by the ICANN Board on April 29, it is apparent that the time frame  first set is not sufficient to accommodate the interest!

The .Pro top level domain, previously restricted to registrants in the accounting, engineering, legal and medical fields, will be available to all licensed and credentialed professionals and professional entities internationally on Monday, Sept 8, 2008.

In the meantime, us techie types can get our Dot Me domains on July 17th

For more information on the dot pro requirements:

http://www.registrypro.pro/

 

Lawmakers Question Embarq over NebuAd Use

Wed, 16th July 2008, 01:00

Key Lawmakers Question Local Provider Over Use of NebuAd Software Without Directly Notifying Customers
 
WASHINGTON, D.C. - Representatives Edward J. Markey (D-MA), chairman of the House Subcommittee on Telecommunications and the Internet, John D. Dingell (D-MI), Chairman of the House Committee on Energy and Commerce, and Joe Barton (R-TX), Ranking Member of the House Committee on Energy and Commerce, yesterday sent a letter to the Embarq Corporation raising serious questions about the company's use in a test market of individual Web user tracking technology without direct notification to customers.

"Surreptitiously tracking individual users' Internet activity cuts to the heart of consumer privacy. The information collected through NebuAd's technology can be highly personal and sensitive information.  Embarq's apparent use of this technology without directly notifying affected customers that their activity was being tracked, collected, and analyzed raises serious privacy red flags," said Rep. Markey.

The text of the letter is below.
 

#  #  #
 
July 14, 2008
 
Mr. Tom Gerke
Chief Executive Officer
Embarq
5454 W. 110th Street
Overland Park, KS  66211
 
Dear Mr. Gerke:
 
We are writing with respect to a recent test conducted by Embarq to tailor Internet advertising to the web-browsing patterns of individual Embarq subscribers.  We are interested in the nature of this test as well as the impact that this test, and the underlying technology it employed, could have on consumer privacy and other issues.
 
We understand that Embarq conducted a test earlier this year in a select community in conjunction with NebuAd to create consumer profiles for the purpose of serving ads to consumers based upon their search and surfing habits.  As you may know, questions have been raised regarding the applicability of privacy protections contained in the Communications Act of 1934, the Cable Act of 1984, the Electronic Communications Privacy Act, and other statutes, to such practices. 
 
In particular, we are concerned that Embarq may not have directly notified the subscribers involved in the test that their Web use was being analyzed and profiled.  We therefore request that you answer the following questions in order for us to better understand the nature of the test conducted, its impact on consumers, and the broader public policy implications of this technology.
 
1.         In what community was the test conducted and how was that community chosen?
 
2.         How many subscribers were involved in the test?
 
3.         How did Embarq notify subscribers in the affected community of the test?  Please provide a copy of the notification.  If Embarq did not specifically or directly notify affected subscribers, please explain why this was not done.
 
4.         Did Embarq conduct a legal analysis regarding the applicability of consumer privacy laws on the service used in the test?  If so, please explain what that analysis concluded.
 
5.         Please explain why Embarq chose to conduct the test allowing consumers who objected to "opt out" rather than first asking customers to "opt in."
 
6.         How did Embarq notify subscribers in the affected community of their opportunity to "opt-out" of the test?  If Embarq did not specifically or directly notify effected subscribers of the opportunity to "opt-out," please explain why this was not done.
 
7.         How many subscribers in the affected community opted out of participating in the test?
 
8.         Did Embarq conduct a legal analysis regarding the adequacy of the "opt-out" notice and mechanism employed to allow consumers to effectuate this choice?  If so, please explain what that analysis concluded.
 
9.         What is the status of the consumer data collected during this test?  Has it been destroyed? 
 
Thank you in advance for your attention to this matter.  We respectfully request a response by Monday, July 21, 2008.             
 
Sincerely,
 
s/John D. Dingell                                               s/Joe Barton
Chairman                                                         Ranking Member
Committee on Energy and Commerce               Committee on Energy and Commerce
 
 
s/Edward J. Markey
Chairman
Subcommittee on Telecommunications and the Internet
                       
 
 
 
cc:        The Honorable Cliff Stearns, Ranking Member
            Subcommittee on Telecommunications and the Internet
 

WordPress 2.6 is now available

Wed, 16th July 2008, 00:49

Version 2.6 of WordPress.org is now available, almost a month ahead schedule. Version 2.6 “Tyner,” named for jazz pianist McCoy Tyner, contains a number of new features that make WordPress a more powerful CMS: you can now track changes to every post and page and easily post from wherever you are on the web, plus there are dozens of incremental improvements to the features introduced in version 2.5.

For a look at the new WordPress 2.6 features in action, check out this video:

http://wordpress.org/development/2008/07/wordpress-26-tyner/


Frisco Officials Locked Out of Computer Network

Tue, 15th July 2008, 18:48

Excerted from the San Francisco Chronicle

Jaxon Van Derbeken, Chronicle Staff Writer

A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.

Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.

Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.

Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said.

He was taken into custody Sunday. City officials said late Monday that they had made some headway into cracking his pass codes and regaining access to the system.

Childs has worked for the city for about five years. One official with knowledge of the case said he had been disciplined on the job in recent months for poor performance and that his supervisors had tried to fire him.

"They weren't able to do it - this was kind of his insurance policy," said the official, speaking on condition of anonymity because the attempted firing was a personnel matter.

Authorities say Childs began tampering with the computer system June 20. The damage is still being assessed, but authorities say undoing his denial of access to other system administrators could cost millions of dollars.

Childs, according to payroll records, earned $126,735 in base pay in 2007 and additional premium pay of $22,534, for a total of $149,269. 

July 17 Open Registration For Dot Me

Tue, 15th July 2008, 15:50

Because .ME is about YOU!

ME domains, with their universal appeal, are expected to be in high demand. So some “premium” names – including verb-oriented domains, such as “Contact.ME,” “Drive.ME” or “Fly.ME,” – will be held back for auction after Open Registration. 

So if the price of gas has prevented you from parading your vanity plates all over the city....strut your stuff on the web

July 17 15:00 UTC: Open Registration

World's Oldest Blogger Has Died

Tue, 15th July 2008, 13:26

Olive Riley had posted more than 70 entries about her life since she began her blog in February 2007.

She shared her thoughts on modern life and experiences of living through the entire 20th Century, including two world wars and the Great Depression.

Her final entry was on 26 June. Olive Riley died in the nursing home in New South Wales on Saturday. She was 108

http://worldsoldestblogger.blogspot.c om

Breaking the Internet's glass ceiling

Tue, 15th July 2008, 13:00

It has taken four years to develop but now, due to a small scratch on a piece of glass, University of Sydney scientists say our Internet is set to become 60 times faster than current Telstra networks.

The scratch will mean almost instantaneous, error free and unlimited access to the Internet anywhere in the world,CUDOS (Centre for Ultra-high bandwith Devices for Optical Systems) announced today at the Opto-Electronics and Communications Conference (OECC).

"This is a critical building block and a fundamental advance on what is already out there. We are talking about networks that are potentially up to 100 times faster without costing the consumer any more," says Federation Fellow Professor Ben Eggleton, Director of CUDOS, based within the School of Physics at the University of Sydney.

Eggleton, whose team beat their deadline by a year, says that up until now information has been moving at a slow rate but optical fibres have a huge capacity to deliver more. "The scratched glass we've developed is actually a Photonic Integrated Circuit," he says.

"This circuit uses the 'scratch' as a guide or a switching path for information - kind of like when trains are switched from one track to another - except this switch takes only one picosecond to change tracks. This means that in one second the switch is turning on and off about one million million times. We are talking about photonic technology that has terabit per second capacity."

This initial demonstration proves it is possible to achieve speeds 60 times faster than current Australian Networks. With further development, the process is likely to produce even faster results.

"Currently we use electronics for our switching and that has been OK but as we move toward a more tech-savvy future there is a demand for instant web gratification. Photonic technology delivers what's needed and, more importantly, what's wanted."

Based on a highly fruitful scientific collaboration between CUDOS teams at the University of Sydney and the Australian National University, with the Technical University of Denmark and supported with Australian Research Council (ARC) funding, CUDOS' research was presented in a paper delivered at the OECC today.

http://www.usyd.edu.au/news/84.html?newscategoryid=2&newsstoryid=2411

GoDaddy Changes Policy on Employee Bidding.

Tue, 1st July 2008, 11:50

Domain registrar GoDaddy has changed it's policy on employee bidding.

 

GoDaddy General Counsel Christine Jones released a statement announcing the company’s change in policy:

Go Daddy has reviewed the auction and found nothing improper.
Adam Dicker’s knowledge on the auction was no different from what any customer coming to our TDNAM site would have had.
To ensure customer confidence and to avoid any possible future questions of impropriety all GD employees are now and in the future prohibited from participating in TDNAM auctions, purchasing, sales & back orders. 

 

Policies of Other Domain Service Providers

GoDaddy isn’t the only major expired domain service and auction house that lets its employees compete with customers. NameJet employees, and its partners Network Solutions, and eNom are allowed to bid on domain names through the service.

Enom has stated that their employees need managemSnapNamesent to sign off to purchase a domain from Namejet. However, they do have a strict policy against employees competing with customers in auction. Basically, the only way an employee can purchase a domain from Namejet is if no customer(s) have backorder the domain and management signs off.” This applies to Enom and NameJet, but not necessarily Network Solutions.

SnapNames, on the other hand, doesn’t let its employees bid against customers. The company stated policy is, “Oversee.net employees are strictly disallowed from bidding against customers.”

Sedo - Sedo places perhaps the most restrictions on its employees of any domain company. Kate Donahue, Director of Marketing for Sedo, explained:

Each employee (even our founders) are required to sign an agreement that they will not speculate in the domain market in any form during the term of their employment with Sedo. They must also disclose any domains which they had owned prior to their employment with Sedo. We do have one exception which allows them to purchase domains including their name, children’s or family names so that they can use them for personal sites, etc.

Pool - Pool allows employees to bid in auctions with restrictions, Employees can bid on an auction by either a) making a single, upfront proxy bid that can’t be changed or

b) “bidding to win”. In the latter scenario the employee can’t back out of the bidding at any point. He or she has to win the auction they enter. This prevents them from pumping up the price only to stick a customer with the bill.

 

GoDaddy allows executives to bid against own customers in auctions

Sun, 29th June 2008, 19:38

We happened to catch this news show up on Slashdot -- obviously it was far too disgusting to skip out on mentioning here, from the original source, NoDaddy:

When a GoDaddy customer forgets or otherwise fails to renew a domain, GoDaddy sells it off to the highest bidder through their TDNAM subsidiary.  Some registrars--even Network Solutions--give the domain owner a percentage of the proceeds of such auctions.  But GoDaddy keeps all the spoils to themselves.  Anyway, it was recently discovered that the Vice President of TDNAM has been bidding on (and sometimes winning) TDNAM's own auctions.  This drives up the prices for normal customers and also leads to conflict of interest issues since normal bidders need to trust TDNAM to keep various information secret, such as their proxy bids, bidding history, the domains on their watch list.  Also, GoDaddy doesn't tell you when your bid price was inflated due to TDNAM executives bidding against you.  They are one of the few auction services which don't even give you the nicknames of competing bidders.

DomainNameWire contacted other domain auction services, and none allow unrestricted employee bidding on their own auctions like GoDaddy does.  Enom (a patner in NameJet) notes that "We definitely do NOT let employees compete in auctions. Even if controlled, that practice has bad news written all over it."  Yet GoDaddy seems to think it is fine for executives to inflate their auction prices by bidding against customers.  They responded to DomainNameWire that they allow this.  There is a big risk that these employees have access to private information of the normal bidders, that they get special discounts, or that they may sometimes shill bid to increase prices without trying to actually win.

NoDaddy is a site operated by Fyodor, a user mentioned here on Hostjury several times in the past when his own domain names were suspended by GoDaddy