[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips June 21, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, Charlie Oriez <coriez@xxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;
Subject: Clips June 21, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Fri, 21 Jun 2002 10:22:11 -0400

Clips June 21, 2002

ARTICLES

Agents pursue terrorists online
Ameritech Ordered to Wire Appalachia
BT slapped down on broadband access
Web Thinkers Warn of Culture Clash
Man charged with raping teen he met online
High Court to Consider Net Filters
Foiling the fools and the fraudsters (internal threats to systems)
Nebraska DMV is going digital
Homeland Security could have new work rules
Officials see procurement reform as boon to security
VeriSign ordered to stop 'deceptive' marketing
Inside a Net extortion ring
Pressure on to accelerate digital television roll-out
European Commission wants stronger role in ICANN
Europe making progress on road to e-government
Internet Society applies for control of .org top-level domain
Anti-spam service battles bugs
Study: Equal security in all software
Going offshore: Country choice comes first
***************************
USA Today
Agents pursue terrorists online

ISLAMABAD, Pakistan U.S. officials are searching the Internet for the reappearance of a Web site that they believe has been used by al-Qaeda to deliver messages, including possible instructions for its next attacks, to its operatives around the world.

The Arabic Web site, recently known as alneda.com, is a "mouthpiece for al-Qaeda in exile" and one of the terrorist group's main instruments in its effort to regroup, senior U.S. law enforcement officials here say.

The site, which is registered in Singapore, appeared on Web servers in Malaysia and Texas this month before it was taken off at the request of U.S. officials. They now expect it to reappear under a numerical address in an effort to throw off FBI and CIA specialists who are trying to locate and read it.

The site contained audio and video clips of Osama bin Laden, pictures of al-Qaeda suspects under detention in Pakistan, and possibly encrypted, or scrambled, messages to al-Qaeda members, U.S. officials say.

They say it also contained:

A recent message claiming to be from al-Qaeda spokesman Sulaiman Abu Ghaith, in which he warned of more attacks against the United States. A series of articles claiming that suicide bombings aimed at Americans are justifiable under Islamic law. "Alneda.com is one of the only sites, if not the only site, for statements by al-Qaeda and the Taliban," says Ben Venzke, a cyberterrorism expert and CEO of the Virginia-based counterterrorism consulting firm IntelCenter. "I expect it to reappear as quickly as it goes down and keep shifting."

Al-Qaeda members have probably copied the site's contents onto CD-ROMs so they can establish it under a new address, Venzke says. He expects that address to be communicated to a few al-Qaeda members by e-mail and then spread through the ranks.

Venzke and other experts say al-Qaeda leaders prefer to use a Web site to communicate with followers, rather than telephones or mass e-mails that are much easier to trace.

U.S. officials say they are also monitoring a U.S.-based Internet chat room where participants appear to be planning terrorist attacks against the United States. The officials declined to identify the Web site that is hosting the chat room because of their ongoing investigation.

One participant in the chat room was asked recently whether he could speak Spanish, U.S. officials say. He said he could. U.S. officials say they believe that al-Qaeda recruiters are searching for Latino Muslims with U.S. passports to conduct attacks against the United States. Last month, Abdullah Al Muhajir born Jose Padilla was arrested in Chicago for allegedly plotting to detonate a radioactive "dirty bomb" in the USA. Officials say he is an American al-Qaeda member.

Although there are several Web sites that appear to be run by al-Qaeda supporters overseas, officials say the site hosting the chat room has become of particular concern to them because it is based in the USA.

The U.S.-based Web site, some of which has been viewed by USA TODAY, contains links to videos showing the death of Wall Street Journal reporter Daniel Pearl and the destruction of the World Trade Center. It also contains several other chat rooms where participants can post messages about al-Qaeda members or other Muslims who were recently killed in Afghanistan, the West Bank and Gaza or elsewhere.

Among the recent messages posted on the site in English:

"There is no better reward than to sacrifice your life for the cause of Allah." "We have no hatred towards anyone, not even the Americans or Jews. We just love to send them to hell where they belong in the external flames of fire. God is great!" "No death of (an) American on Father's Day? Now that is sad." ********************** Associated Press Ameritech Ordered to Wire Appalachia Thu Jun 20, 7:48 PM ET By JOHN McCARTHY,

COLUMBUS, Ohio (AP) - The Public Utilities Commission ( news - web sites) of Ohio's ruling on Thursday to fine SBC Ameritech $8.5 million for inadequate service also includes an order for the state's largest local phone company to help rewire Appalachia for the Internet.

The PUCO upheld a Jan. 31 ruling that Ameritech had appealed. In its original ruling, the regulators told Ameritech to open 20 central offices in the southeast Ohio region. But on Thursday, Chairman Alan Schriber said that was not practical.

The order requires Ameritech to work with the Governor's Office of Appalachia and its director, Joy Padgett, to bring high-speed Internet capability to the region.

Padgett said in a telephone interview from Ironton that she has had "general talks" with Ameritech, but was waiting to see how the case turned out. Ameritech can appeal the ruling to the Ohio Supreme Court, but spokesman Greg Connel said it needed to further study the ruling.

Appalachia presents a challenge because so many of its homes and businesses have inadequate wiring for high-speed connections, Padgett said.

"We're fortunate we just completed an Access Appalachia study. We probably have a little more general capacity than we thought, but what we call the last mile needs some work," Padgett said.

She said she's ready to get to work once the case reaches a resolution.

"We have enough basic information, plus the information Ameritech has. I've got a lot of confidence in the private sector knowing the region as well," she said.

The PUCO ruling resulted from an audit conducted of Ameritech's service between August 1999 and May 2001. The commission, in the 4-1 ruling, said Ameritech had improved service since that time, but the agency was justified for fining Ameritech for not meeting service performance standards during that period.

The $8.5 million fine is in addition to the $8.7 million the PUCO ordered Ameritech in July 2000 to return to customers for missed or delayed installation and repair appointments. The commission had authorized a fine up to $122 million but said in January the smaller fine reflected progress the company had made in installation and repair calls.

Ameritech, a subsidiary of San Antonio-based SBC Communications, has 5 million phone lines in 61 Ohio counties, and also operates in Illinois, Indiana, Michigan and Wisconsin. *********************** BBC BT slapped down on broadband access

UK telecoms watchdog Oftel has thrown a lifeline to phone companies trying to roll out fast internet connections by ordering British Telecom (BT) to open up its vast network to them. The move follows a complaint from Thus and Energis - both currently struggling with collapsed share prices and a telecoms market firmly in the doldrums.

Till now operators wanting to offer ADSL connections, which allow fast data over normal phone lines, have had either to buy BT's own product wholesale or install equipment in the exchange in order to divert the traffic onto their own networks.

BT owns almost all the connections between homes and small business and the exchange itself.

Now, however, competitors will be able to combine their own networks and BT's to provide their services.

The regulator promised to ensure prices were "non-discriminatory", preventing BT from prioritising its own retail broadband offering, BTOpenworld. *********************** Associated Press Seattle Man Takes Down Web Site Thu Jun 20, 7:40 PM ET By GENE JOHNSON, Associated Press Writer

SEATTLE (AP) - Paul Trummel, who was thrown in jail for 111 days in a free-speech standoff with a judge over his Web site, has taken down the site rather than face more jail time.

Trummel, 68, posted an "apologia" in which he said he would continue to fight for his First Amendment rights in court, but did not want to undermine the efforts of his attorneys "by creating diversions that could persuade the appellate court that I lack seriousness in my pursuit of justice."

Trummel had used the site as a forum for attacking the Council House, a federally subsidized retirement home where he once lived. He claimed the home violated federal housing laws, neighbors kept him up at night and accused a building official of sexual dysfunction.

Council House staff have denied the accusations and say they simply want Trummel to go away. Federal investigations have turned up no wrongdoing by the home.

Trummel posted the phone numbers and addresses of Council House staff, directors and residents something that King County Superior Court Judge James Doerty called harassment. The judge called him a "mean old man who becomes angry and vicious when he doesn't get his own way."

In October, Doerty ordered Trummel to remove from the addresses, phone numbers and any other personal identifying information about his perceived enemies. Trummel complied, but he soon created a related site that listed the information again.

Doerty found Trummel in contempt of court in February and sent him to jail. Prison officials who believed he was abusing phone privileges placed him in solitary confinement much of the time.

The judge released Trummel on Monday, but said if he didn't edit or take down the Web site by Friday he was going back to jail.

Late Wednesday, Trummel decided to comply pending his appeal.

"I can hardly blame him," said Elena Luisa Garella, one of his lawyers. "He had a choice between pulling it and being put in jail by a judge who doesn't understand some of the fundamental precepts of constitutional law.

"He's an elderly man who doesn't need to risk his life. He can't tolerate being in solitary confinement."

Trummel was evicted from the home in April 2001, when Doerty first granted Council House a restraining order barring Trummel from the premises. *********************** Washington Post Web Thinkers Warn of Culture Clash By Anick Jesdanun Associated Press Friday, June 21, 2002; 12:00 AM

The Internet's potential for promoting expression and empowering citizens is under threat from corporate and government policies that clash with the medium's long-standing culture of openness, some leading Internet thinkers warned.

At the annual Internet Society conference this week in Arlington, the engineers who built the Internet and many of the policymakers who follow its development urged caution as governments try to exert control and businesses look to maximize profits.

"We're at a turning point in the evolution of the Internet," said William J. Drake, a fellow at the University of Maryland. A wrong turn means "robbing it of its real democratic potential."

Vint Cerf, co-developer of the Internet's basic communications protocols, worries that big, traditional businesses could gain unprecedented control through manipulating the high-speed services that are delivered over cable and phone networks.

Companies are inhibiting innovation, Cerf said, by letting users receive information faster than they can send it.

"That leads to a lot of peculiar effects," he said. Two people "could each receive high-quality video but can't send it. They can't have high-quality videoconferencing."

Cerf is a co-founder of the Internet Society, an international, nonprofit organization of Internet architects and professionals devoted to maintaining the Internet's viability and addressing the issues it confronts.

With governments and businesses taking a growing interest in the Internet, the conference's theme is "Internet Crossroads: Where Technology and Policy Intersect."

The TCP/IP communications protocols that Cerf and Robert Kahn developed in the 1970s favored open standards, neutrality and flexibility over proprietary techniques, a development that later allowed personal computers to connect and innovations such as the World Wide Web to develop.

That openness is increasingly threatened by "profit motives of corporations and control issues of governments," said Eric E. Schmidt, chief executive of Google Inc. He pointed to the current "balkanization" of instant messaging, where a lack of standards prevents America Online users from communicating with people on rival services.

Steve Crocker, an Internet pioneer who promoted open protocols at the standards-setting Internet Engineering Task Force, said today's decisions "could stunt the Internet to where it becomes a mechanism for delivering entertainment, ads and conducting consumer-oriented business for large players."

Meanwhile, proposals by some service providers to adjust access fees based on broadband consumers' data traffic volume could inhibit the development of video and other data-intensive applications, said David J. Farber, a University of Pennsylvania professor and former chief technologist at the Federal Communications Commission.

Farber is hopeful, though, that consumers will resist

even if a monopoly high-speed service provider tries to abandon long-standing flat-rate pricing.

In terms of government regulation, Stanford University law professor Lawrence Lessig warned of making knee-jerk decisions without fully understanding their impact. His chief complaint: Copyright protections aimed at combating theft that also curtail legitimate uses.

Reed E. Hundt, former FCC chairman, said government could kill short-range wireless networking through rules such as banning retail sales of products that use unlicensed portions of the spectrum. He said Taiwan and other countries already restrict such sales.

But many participants said government agencies and businesses can't afford to wait on issues such as privacy, junk e-mail and copyright controls.

"Until we reach a major breakthrough [on privacy protections and authentication], I wonder how much real progress we can make in using the Internet as a trusted vehicle for commerce," said Keith Besgrove, a manager at Australia's National Office for the Information Economy.

Marian Grubben of the European Union, whose parliament has passed legislation requiring companies to obtain permission before sending marketing e-mail to Europeans, said a failure to act would impede mobile services, to which spam is migrating.

One issue governments are still grappling with is how to apply national laws to a medium that knows no boundaries.

Policymakers need to tread carefully, said Wolfgang Kleinwachter, professor of international communication at the University of Aarhus in Denmark. Going too far one way could restrict freedom and choice, he said, while the opposite could foster organized crime.

Michael Nelson, an executive with International Business Machines Corp. who is conference co-chairman, said bad policy decisions today could stunt the Internet's growth.

"We are actually at a point where we can make some very wrong decisions, and the Net will just kind of become like any other industry," he said. ************************ USA Today Man charged with raping teen he met online

WALLINGFORD, Conn. (AP) A 27-year-old man has been charged with raping a 16-year-old girl he met on the Internet, a month after another Connecticut man was accused of killing a 13-year-old girl he met via his computer.

Carlos Decarvalho was arrested at his Wallingford home Monday night on a first-degree sexual assault charge involving the 16-year-old from Monroe. He posted bond after his arraignment Tuesday in Bridgeport Superior Court.

Last month, 24-year-old Saul Dos Reis of Greenwich was charged with killing Christina Long of Danbury. Police said the two also had met on the Internet. Authorities said Dos Reis confessed to accidentally strangling Long while they were having sex in his car in the Danbury Fair Mall parking lot on May 17.

Monroe police said Decarvalho contacted the teen May 31 in a "Connecticut" chat room on an Internet service they declined to identify.

The girl invited him to her home the next day when her mother was gone, police said. Decarvalho raped the teen at about 5 p.m. and left, authorities said. The girl called police about 30 minutes later.

The girl gave police Decarvalho's cell phone number and a general description of where he lived. Authorities said they used the information to find Decarvalho.

"It was excellent police work, from the investigation to the follow-up work by detectives," Capt. Michael Flick told the Connecticut Post.

Decarvalho initially denied having sex with the girl, police said, but later admitted he had consensual sex with her.

Monroe Superintendent of Schools Norman Michaud said the Danbury incident had sparked discussion among school administrators about the growing problem of crimes committed against children by people they meet over the Internet.

Edward Montagnino, technology director for the town school system, is organizing a fall workshop for parents on this issue. He agrees with police that parents need to monitor Web sites their children may be viewing.

"It's hard to know which chat rooms are legitimate," he said. "You have no idea of whether the people on the other end are who they say they are, or when they're something completely different."

Montagnino said Monroe's schools have filters to block out unsuitable Web sites and they are updated daily. He said school computers are placed in areas where an adult can easily see what's on the screen.

He suggested that parents keep computers out of their children's bedrooms and use history functions to see which Web sites they visit.

"It may not be popular to say to a teen-ager, 'We don't want the computer in your bedroom, we want it in the family room,"' Montagnino said. "It's a tough decision to make," but necessary. ********************* New York Times High Court to Consider Net Filters By THE ASSOCIATED PRESS

WASHINGTON (AP) -- The Bush administration renewed its legal fight against Internet pornography on Thursday, asking the Supreme Court to permit Congress to pressure public libraries to block sexually explicit Web sites.

A three-judge panel in Philadelphia last month struck down the Children's Internet Protection Act, which would have taken effect next month. The law, signed by President Clinton in 2000, required libraries to install software filters on Internet computers or risk the loss of federal funds.

Public schools and school libraries are still subject to the law.

The Justice Department, acting on behalf of the Federal Communications Commission and the U.S. Institute of Museum and Library Sciences, formally notified the Supreme Court on Thursday it will appeal last month's ruling.

The panel from the 3rd U.S. Circuit Court of Appeals in Philadelphia ruled unanimously that the law relies on filtering programs that also block sites on politics, health, science and other topics that should not be suppressed. Its decision was the third time since 1996 that courts have struck down U.S. laws aimed at keeping youngsters from seeing Internet pornography.

``Given the crudeness of filtering technology, any technology protection measure mandated by CIPA will necessarily block access to a substantial amount of speech whose suppression serves no legitimate government interest,'' the judges wrote.

Under the law, adults could have asked for librarians to turn off the filters. But the court said some patrons might be too embarrassed to ask, and librarians may not know how.

Justice Department lawyers have argued that Internet smut is so pervasive that protections are necessary to keep it away from youngsters, and that the law simply calls for libraries to use the same care in selecting online content that they use for books and magazines.

They also pointed out that libraries could turn down federal funding if they want to provide unfiltered Web access.

Critics of filter technology have argued that the software still is easily tricked into accidentally blocking Web sites that are not pornographic. ************************ BBC Foiling the fools and the fraudsters

Despite all the stories and scares about malicious hackers, computer criminals and destructive web worms, the biggest threat to the security of a company does not come from outside. Instead, it is employees on the inside who are most likely to cause security breaches by inadvertently spreading viruses, defrauding their employer, wasting time on the net or downloading inappropriate material.

Figures collated by computer forensics and investigation company Vogon suggest that every year one in every 500 employees will cause or trigger a major incident, be it a virus outbreak, attempted theft or accidental data deletion.

BBC News Online attended Vogon's annual Enemy Within seminar to find out the risks employees pose and the best way to manage or investigate the use and abuse of computers.

Hidden pornography

Typically, Vogon is invited in to help a company but it also regularly receives tip-offs via its whistleblower website.

The allegations sent to this site include everything from people using fast net connections at work to download pirated software, run their own web business or to look at pornography.

Such serious allegations are not rare. Many people use their work computer to look at materials of an obscene and criminal nature.

Chris Watts, a senior investigator for Vogon, said that about 95% of the hard disks that the company scans during investigations have pornography on them.

Not all of them were illegal images, he said, but the majority broke company policies on appropriate use.

Finding facts

To avoid employees causing such problems, companies needed to spell out the rights and wrongs of computer use as people joined, said Kathryn Owen, one of Vogon's investigators.

"It's important that people sign up to these policies. Then they know that when they come to work for you that these are the rules," she said.

But employees do not just cause problems by looking at images that break laws or contravene workplace policies.

A lack of common sense can also cause huge problems.

Many computer viruses travel by e-mail and conceal their malicious payload in an attached file.

The most successful viruses trick people into opening attachments by using a teasing or salacious subject line.

"Systems can be compromised through ignorance as well as intent," said Ms Owen.

Vogon investigators tell the story of one enterprising employee at one client who tried to take apart the Magistr virus to see if it could be used to spread marketing information to customers.

His programming knowledge did not match his creativity and he triggered the virus as he was dismantling it. The result was a virus outbreak and disciplinary action.

Accident ahead

Vogon is often called in to help recover data thought to be lost when back-up files or tapes prove to be faulty or by someone deleting something they should not.

Thankfully, data on hard disks is relatively difficult to completely destroy. Vogon has developed a series of tools that help it recover supposedly lost or deleted data from hard disks.

Although virus outbreaks can cause huge disruption and be hard to clean up after, far more damage can be done by those deliberately trying to defraud their employer.

Ms Owen said that many organisations seeded their customer database with false names to ensure they knew if any rivals got hold of the list of contacts.

Vogon also investigated a company in which one employee created a duplicate set of accounts to hide evidence of embezzling and distinguished between the two using files names that differed only because one had two spaces between the words in it rather than one.

Vogon said it was relatively straightforward to recreate incriminating information that others has tried to destroy. This is done by using data from proxy or mail servers, the caches and history files of web browsers, and the slack and free space on hard disks. *********************** Federal Computer Week Nebraska DMV is going digital

The Nebraska Department of Motor Vehicles has awarded a five-year contract for the development of a digital driver's license system.

Digimarc ID Systems LLC, a subsidiary of Digimarc Corp., announced June 17 that it was selected to assist in converting Nebraska's film-based license system to digital technology as part of a system and security upgrade approved by the 2001 legislature.

Under the contract, Digimarc will provide the state with specialized software, computer systems for driver examinations and digital imaging workstations for issuing licenses to Nebraskans.

A centralized system will be provided to store license information and interface with the state's network of computer systems.

This new system will enable the DMV to capture and store digital photos and signatures, essentially providing higher levels of security, said Beverly Neth, director for the Nebraska DMV. Although the cost of these new licenses may be a bit higher than before, she said, "It is justified because these new documents are much more secure."

The Nebraska DMV pays a per-document cost for their license cards. The old film-based document cost was $1.05 per card while the new digital licenses and ID cards will cost the DMV $4.30 each. The consumer, who paid $18.75 for a five-year film-based license, will pay another $5 for the new digital document.

Although July 1, 2004, is the date set for launching the new licensing program, the Nebraska DMV officials hope to implement this new technology in the summer or early fall of 2003, Neth said. ********************** Government Computer News Homeland Security could have new work rules By Wilson P. Dizard III

The civil service and union bargaining rights of federal workers in the proposed Homeland Security Department, including IT professionals, could change under the administration's plans released this week.

Tom Ridge, director of the Office of Homeland Security, told the Senate Governmental Affairs Committee yesterday that the secretary of the new department "would need great latitude in redeploying resources, both human and financial."

The administration seeks flexibility in hiring, pay, benefits and performance management.

The American Federation of Government Employees condemned the proposal, calling it an "attempt to destroy basic civil service standards for thousands of federal workers."

Lawmakers in both parties expressed support for the legislation, however. Sen. Joseph I. Lieberman (D-Conn.) said he expects the committee to complete hearings on the bill in July so it can be passed by Sept. 11, or at the latest by the end of the year. Lieberman said federal employees' collective bargaining rights shouldn't be reduced by the legislation.

Sen. Mark Dayton (D-Minn.) said during the hearing, "We must provide funding for completely new computer and communications systems [for homeland security]. We can afford to have no less than seamless communication." ************************ Government Executive Officials see procurement reform as boon to security By Teri Rucker, National Journal's Technology Daily

The creation of a new Homeland Security Department would give government a chance to create an effective procurement process that helps companies understand government needs and where to showcase their new technologies, speakers said Thursday at the Technology Against Terrorism forum in Washington.

"We have a chance to get it right," said Richard Clarke, the Bush administration's cybersecurity adviser. Outsourcing is a key component of security and more effective than having every agency create its own information technology system, Clarke said. He also suggested setting guidelines and letting contractors pick their own subcontractors.

Clarke advocated removing barriers that keep small businesses from selling to the government, and he recommended the creation of a funding pool to help such companies certify that their products meet security standards. The expense "makes it very difficult for small companies," he said, and government should share the cost of certification.

As Congress crafts legislation to create the new department, Rep. Tom Davis, R-Va., is looking to incorporate separate legislation he sponsored. One measure, H.R. 3832, would create a federal acquisitions workforce, and the other bill, H.R. 4629, would create a single point of entry for homeland security procurement.

Deidre Lee, director of procurement at the Defense Department, agreed that the new department would give the government a chance to improve procurement. "Mushing together already existing agencies is not going to get us where we need to go," she said. The department would have a great deal of money, Lee said, "and we want to get a technology return on that investment."

Davis noted that his biggest fear is wasting a substantial portion of that money on procurement processes that do not make the most of taxpayer investments.

But Martin Wagner, associate administrator at the General Services Administration, cautioned that the problem is not always with the procurement rules but often with people who do not understand how to operate within the system.

"We need to put a lot of effort into bringing in the right people," he said, noting that many government employees are set to retire and that the government will face a real challenge finding qualified replacements.

One member of the audience called upon agency officials to be more open to suggestions from Congress on companies that offer new technologies, a sentiment Davis heartily endorsed. There is a tendency for some "to look at us as a bunch of special-interest lackeys" pushing to funnel government dollars to their district, Davis said. "There is some of that, but a lot of us are receptive to new ideas [that] an entrenched bureaucracy is not." *********************** Computerworld VeriSign ordered to stop 'deceptive' marketing By LINDA ROSENCRANCE

Internet registrar VeriSign Inc. was ordered by a federal judge to stop engaging in a marketing practice that duped its competitors' customers into switching their business to VeriSign. Yesterday's order stemmed from a lawsuit filed earlier this month against VeriSign by rival Go Daddy Software Inc. The lawsuit, filed in U.S. District Court in Phoenix, alleged that Mountain View, Calif.-based VeriSign had engaged in false and deceptive practices, interfered with customer relationships and misappropriated trade secrets (see story).

Scottsdale, Ariz.-based Go Daddy also accused VeriSign, which maintains the central registry of .com, .org and .net Web names, of consumer fraud.

According to the court order, VeriSign agreed to stop the practice. However, Christine Jones, Go Daddy's general counsel, said the company was moving forward with the lawsuit to recover damages from VeriSign's past actions.

VeriSign spokeswoman Cheryl Regan had no comment on the court order.

Jones said the order was important because VeriSign agreed to stop targeting the customers of all its rivals, not just Go Daddy's customers.

"This lays out what's OK and what's not OK," Jones said. "It will send a message to the rest of the industry to clean up their advertising act."

Go Daddy's lawsuit was triggered by letters that VeriSign sent to Go Daddy's customers marked "Domain Name Expiration Notices." The letters encouraged customers to send $29 to VeriSign to renew each domain name or risk losing those names, Go Daddy said.

However, Go Daddy said, the "reply by" dates on those notices didn't correlate with actual domain name expiration dates. By signing and returning the form, Go Daddy's customers inadvertently transferred their business to VeriSign and at a higher price, according to Go Daddy. Go Daddy's charges its customers $8.95 per year per domain name.

VeriSign has also been sued by other companies and consumer groups, including Baltimore-based BulkRegister.com, for similar practices.

In May, a federal judge in Maryland ordered VeriSign and its bulk-mailing contractors to stop sending mailings to BulkRegister.com customers (see story). The judge ruled that BulkRegister.com had been hurt by the mailings and that the damage would continue if the mailing weren't stopped.

Regan said the company is complying with that order.

VeriSign is also facing several class-action lawsuits by shareholders who have accused the company of misleading them about its business and financial condition. ********************* MSNBC Inside a Net extortion ring 'Zilterio' wreaks havoc with banks, Web sites By Bob Sullivan

June 20 "Mr. Zilterio" is hardly shy about the havoc he wreaks at his computer. "Blackmailing is just a hobby for us, not a business. We like to be famous," he says in an e-mail interview with MSNBC.com. For over a year, Zilterio has been hacking into online companies and financial institutions, stealing data, then demanding extortion payments. Nine firms have paid him $150,000 "quiet money," he claims. While the money may in fact be a fantasy there's no proof anyone has paid the crimes are quite real, and he's being sought by the FBI for extortion. THE E-MAILS ALWAYS look the same, as if cut-and-pasted by someone on an assembly line: "I hate to inform you that your account has been hacked." Tens of thousands of Internet users have received a note beginning like that from Zilterio, whose real identity is a mystery. It's followed by personal details, such as name, address, e-mail address, and credit card numbers and finally, the name of the Web site where the data was taken. "This site has a very weak security protection system and the database with credit cards and other personal information is not protected at all," Zilterio's e-mails continue, in a transparent attempt to shift the blame for his crime. It's their fault, because the company rejected his offer of "help," the e-mails say. "Top management ... doesn't care about their customers you. They care only about their money." Of course, Zilterio cares about the money too. In four high-profile extortion attempts which have been made public since October, he's demanded close to $100,000. None of the victims paid. Zilterio sent an unnerving e-mail to many of the 350,000 customers at Webcertificate.com last fall. Just a month ago, people who shopped at electronics retailer TheNerds.net got their share of Zilterio spam. He's still threatening to release data taken from LinkLine, a small Internet service provider. And in April, Zilterio sent e-mails to reporters announcing he had stolen data from Fahnestock & Co. a stock brokerage. All four firms have indicated they are working with federal authorities, including the U.S. Secret Service and the FBI, to help track down Zilterio. The FBI declined to discuss its ongoing investigations while the Secret Service said it had no current investigation of Zilterio. But there are more than the four rather public extortion attempts. Mark Burnett, a private investigator hired by one of Zilterio's victims, told MSNBC.com that several other extortion attempts have been kept quiet, and at least one victim has chosen to negotiate with the criminal. Another source familiar with the hunt for Zilterio said investigators believe he might be responsible for hundreds of computer break-ins. Zilterio said he has stolen data from over 15 companies, claiming nine have paid him off eight U.S. companies, and one in Europe, to the tune of $150,000. "Usually they pay $15-20,000. We ask for 30-40, but they pay only 50 percent of our request," he said. THOUSANDS OF BANK STATEMENTS TAKEN Zilterio also claimed his latest victim was a small mid-America bank named Home National Bank. In part to establish his identity, Zilterio told MSNBC.com he had accessed critical data at Homenational.com, the online arm of Home National Bank, a bank with 11 branches in Kansas, Oklahoma and Arizona. In an e-mail to MSNBC.com, Zilterio sent some of the data he had allegedly taken from the bank to prove he had accessed their systems. In the e-mail were thousands of customer bank statements, similar to the monthly statements mailed to homes and businesses. They included Social Security numbers, checking and savings account numbers, balance information even lists of ATM withdrawals and cleared checks. MSNBC.com provided the data to Home National to seek verification, but Home National's director of operations, Joe Spiser, said the bank had "no comment" on the alleged incident. The data revealed very personal details the amount of one customer's Social Security check was visible, and another customer, sporting a balance of $99,000, ordered new checks for $41.50. Zilterio claimed to have 500 megabytes worth of these bank statements. He said he had tried to contact Home National, but had yet to hear back from the company.

ZILTERIO'S MISSION Zilterio was relatively generous with his replies after initially contacting MSNBC.com, admittedly looking for publicity. "I do want fame only for one reason," he wrote. "To show our future clients, that we don't play a game, but all we offer is for real." Zilterio, he claimed, is actually a group of eight hackers three in Moscow, and five elsewhere in Russia. "Mr. Zilterio," the correspondent and appointed spokesperson, wrote in good, even colloquial English, suggesting he's either well educated, or lying. As usual, the alleged computer criminal offered twisted logic to defend his actions. Essentially: Web sites don't care about security, and if we break in, it's their fault. On a Web site devoted to the group's effort, there's an extortionist's manifesto, of sorts: "The situation with online security is very and very dangerous now. Almost 75 percent of all big e-commerce sites can be breaken in less than 2 hours. Customers should not trust these sites, but they do. These online shops and banks don't pay enough to their software developers and technical directors maybe. We don't know why, but this is what we have now. Our mission is to help companies to protect their customers' data. There are many skilled hackers in our team. We can break almost any modern computer system, including online banks and big online shops. When we get access to such systems we notify their owners about it. Some companies are ready to cooperate and they get our help. We send them instructions about how to improve their systems and later we track the process of this improvement. These companies care about their customers. But some Internet sites don't want to cooperate. In this case we notify all their customers about existing security loopholes. We do it to protect people against further lost of personal information. This is our mission." The Web site was removed soon after it was viewed by MSNBC.com

AUCTION, CREDIT CARD FRAUD The group's name, Zilterio, has no special meaning, he said. "Zilterio just a name. FBI asked me the same. Maybe you work for them?" he answered. And extortion is just their hobby, he said. The group spends most of its time engaging in other computer crimes, like "auctions fraud, credit card fraud, direct bank hacking," though he admits it's recently become harder to run fake electronics funds transfers through the U.S. system. That means most of their money comes from credit card fraud. He also claimed the group gained income the old-fashioned way, promising protection to any firm which paid them off. "We never reveal information about companies who cooperate with us," he wrote, and again couldn't provide any evidence that anyone had cooperated with them. "We help them to protect their systems against future possible attacks. And we monitors their systems in the future."

NOT AFRAID OF FBI The group has done just about everything except, until now, granting an interview to call attention to itself. With each extortion attempt come dozens of clues: e-mail addresses, IP addresses, computer logs. Is the group afraid of getting caught? After all, last year, Russians Alexei Ivanov and Vasily Gorshkov were arrested in Seattle for extorting Internet companies after they were lured to the U.S. by FBI agents. Not at all, Zilterio said, taking a potshot at the FBI. "Several FBI agents tried to catch me and my partners. They are not professionals, as we see for now. They even can't do a detailed tracing of bank transactions," he said. There may be truth to that claim, said Burnett, a private investigator who was hired to hunt for Zilterio after the group stole information from a firm that provides data to "financial companies." He declined to name the victim. "He had the information for each customer of each of those companies," Burnett said. "In all, he was asking for probably $200k-$300k in extortion money. None of these companies paid him and all worked with the FBI." But the FBI didn't work with Burnett. "What was interesting through all this was the lack of effort on the FBI's part. They did very little investigation themselves," Burnett said. "Most of the investigation work was done by myself. I tracked him down to a prepaid dialup ISP account in Ukraine. I had very strong evidence backing this all up, but I never heard anything more from the FBI about it," he said. "It's quite amazing that with all the e-mail accounts, break-ins, domain registrations, web hosting, etc. there must be a ton of evidence to track this guy down. .... I'd say the FBI is seriously dropping the ball on this case." Zilterio may be smart, but he or they is not perfect. Burnett said bank investigators have tracked and stopped any number of electronics transfers Zilterio attempted, including attacks on well-known banking Web sites. During the Webcertificate.com incident, Zilterio mistook temporary Webcertificate.com numbers for credit card numbers. Repeated attempts to embarrass the company with e-mails to customers actually backfired, since the Webcertificate numbers were easily voided. A $45,000 payment demand was ignored because the stolen data was almost worthless, according to the company. At other times, Zilterio's actions have seemed a bit random, as if chaos was more the goal than financial gain.

EGGHEAD.COM BREAK-IN On the group's now-vanished Web site, Zilterio hinted he was behind the Egghead.com credit card hack in December 2000, perhaps the most famous e-commerce credit card heist. Initially, the firm suggested 3.7 million card numbers were taken, but later, indicated a far fewer number had actually been downloaded. Still, the incident was costly for card-issuing bank, as many customers demanded replacement credit cards. Zilterio even seemed a bit naive during negotiations with Fahnestock. According to an e-mail exchange he provided to MSNBC.com, he believed the company when it suggested his extortion terms were "reasonable" and it would pay for protection, "but then decided to refuse," he said, seemingly unaware that the firm might have been merely stringing him along in cooperating with an FBI investigation, as other firms have done.

PASSPORT AS INSURANCE The exchange shows how unsophisticated the operation can be. As security that the data wouldn't be released after payment, Zilterio offered Fahnestock "an ensurance document from me. It will contain my name, copy of my passport and you will send money to my personal account. If I try to do something with this info in the future, you will forward this document to FBI and I will have problems, as you understand. But if you will forward this document to cops before you pay me my friends will send this info to public. Even if cops will catch me." The exchange happened in December, but Zilterio didn't follow through on a threat until April 1, when several reporters received e-mails claiming Fahnestock data had been compromised. Then last month, when Zilterio sent e-mails to customers of TheNerds.net, he had yet to make any demands on the company. TheNerds.net site operator Jeremy Schneiderman was left confused, merely assuming an extortion note may come eventually. But as of June 19, no demand had been made on TheNerds.net. A spokesperson for Fahnestock said the firm hadn't heard anything more from the criminal since the April 1 e-mail. "My guess is he's sending out a couple of e-mails saying 'Here's what I can do to you,'" Schneiderman said when the hack was first announced.

MORE EXTORTION ATTEMPTS COMING? And that is likely the reason he contacted MSNBC.com recently. Zilterio claimed to have information about a "very big and very famous U.S. payment system," but declined to prove any details. If Zilterio has progressed from stealing meaningless Webcertificate numbers last August to thousands of bank statement records this spring, it's conceivable he has committed more sophisticated crimes. But merely embarrassing the companies hasn't worked in many cases hence, perhaps, a new strategy for turning computer wits into dirty money. Zilterio just hasn't revealed what that is yet. ********************* Nando Times Pressure on to accelerate digital television roll-out By EDMUND SANDERS, Los Angeles

WASHINGTON (June 21, 2002 8:32 a.m. EDT) - In a closed-door meeting on June 11, Rep. W.J. "Billy" Tauzin, R-La., prodded representatives from Hollywood and Silicon Valley to settle their differences over a copyright-protection technology designed to accelerate the roll-out of digital television.

Tauzin, who has been frustrated by the slow progress of DTV, ordered parties to report back on their progress by July 15. The deadline represents Tauzin's most aggressive step yet to involve the federal government in the private-sector talks between entertainment companies and electronics firms.

"He left upbeat and convinced more than ever that it's still possible to resolve many, if not most, of these issues without resorting to regulation or legislation," said Ken Johnson, spokesman for Tauzin, who chairs the House Commerce Committee.

Representatives of some of the major entertainment and electronics companies welcomed the new deadline.

"Left to their own devices, these industries will probably never get together," said Andrew G. Setos, president of engineering at Fox Group and co-chair of an inter-industry working group called the Broadcast Protection Discussion Subgroup.

The group was expected to wrap up negotiations earlier this month on a technology known as a "broadcast flag," which would embed a code inside a digital TV signal and prevent copyrighted TV shows from being retransmitted over the Internet. But the final report lacked a consensus on key questions, such as whether consumers should have the rights to make and move personal copies of digital TV programs and how future copyright-protection technologies should be selected and approved.

Entertainment companies have been reluctant to release digital TV programs on free, over-the-air television because they fear programs will be copied and swapped over the Internet, similar to the way digital music is traded online. Electronics firms worry that the public may reject new technologies if they are overly restrictive.

During a 2 1/2-hour meeting in Washington, Tauzin told participants to clarify their positions by June 14 on how far they believe copyright protections should extend inside consumers' homes. Most agree, for example, that viewers should be able to transfer a digital TV program from the living room to the bedroom via a home network. But questions remain about whether they should be able to include an excerpt of a digital TV show in an e-mail to a friend or transfer a digital copy over the Internet to their vacation home.

Once a broader consensus is reached, it is expected that Congress will adopt some of the recommendations and weigh in with its own views about consumers' rights.

One participant, Philips Electronics, urged Tauzin to replace the working group - which it complains has been dominated by large entertainment and electronics firms - with a government-sponsored advisory panel. The company remains pessimistic that a consensus will be reached by next month. ********************** Euromedia.net European Commission wants stronger role in ICANN 21/06/2002 Editor: Tamsin McMahon

The European Commission is to present a host of information society recommendations to the EU's telecoms council during its June meeting including a proposal to give the government a stronger role in ICANN, the body that overseas internet domains.

In a statement, the Commission said it planned to ask the Telecommunications Council to support its position to allow the government advisory committee more control over ICANN (internet corporation for assigned names and numbers). But, the statement said, the Commission will advise against governments becoming directly involved in ICANN's decision making process."

The Commission, represented by Enterprise and Information Society Commissioner, Erkki Liikanen, also plans to put forward:

* Amendments to the IDA (interchange of data between administrations) programme on the areas of interoperability and guidelines. The Commission expects that if it reaches a consensus on the changed with the council, it expected both Council and Parliament to adopt the programme at first reading;

* Plans to extended the eSafe proposal, which deals with illegal and harmful content on the internet, by two years. The Commission also hopes to get an addition E13.3m for the programme;

* A proposal to harmonise rules for reusing public sector information within the EU. The proposed directive was adopted by the Commission on June 5;

* Analysis of obstacles to 3G roll out, which the Commission hopes the Council will endorse;

* Reports from the IPv6 (Internet Protocol version 6) task force, including recommendations how to make sure IPv6 is available simultaneously across the EU, along with mandatory timetables for the protocol;

* New regulatory framework for an EU radio spectrum policy, including draft recommendations, which are to be published this month. ********************** Euromedia.net Europe making progress on road to e-government 20/06/2002 Editor: Sean Cornwell

According to latest study from the European Commission, there has been clear progress since on e-government in Europe the last measurement in October 2001, with the availability and interactivity of public services on the Internet rising by 10 percentage points to 55 per cent.

The online delivery of public services has been a priority of the EU's eEurope initiative since the launch of the first eEurope Action Plan in 2000 because it can make life easier for citizens and business directly as well as support the overall development of the European Information Society.

The survey found that more than 80 per cent of public service providers are available online, an increase of 6.5 per cent compared with the earlier October 2001 results.

Erkki Liikanen, European Commissioner responsible for Enterprise and Information Society said: "eGovernment is now a priority in Europe. A serious limitation still is that genuine interactivity is often missing. Yet this is the key to modern public services. Putting public services on-line is not enough to achieve efficiency gains. As in the private sector, change in the front office goes hand in hand with back office reorganisation and investment in human capital."

The results show that the overall degree of online availability of public services in the countries is 55 per cent, over half way to full online transaction. Compared to the 45 per cent of October 2001, the study shows that important progress has been made in a very short period.

At the same time, significant differences can be found between different sorts of public services. Of the services measured, 12 are for citizens and 8 are for businesses. Overall, services to businesses are more developed than those for citizens (68 per cent against 47 per cent), and progress is being made faster. Among the categories of public services, income generating services (taxes, social contributions) are the most developed (79 per cent), followed by registration services (registration of car and new companies) and returns, such as social security. Services related to documents and permits (drivers' licence, passports, etc.) are the least developed on the web (41 per cent).

Although almost all countries have made substantial progress, there is also a wide spread between the results for different countries, with country averages varying between 22 per cent and 85 per cent.

In addition the survey also found that relatively simple public services which are often delivered at local government level, such as public libraries, realise progress with user-oriented portal solutions. More complex services, like social contributions, need considerable efforts in government back-office reorganisation to provide online interactivity.

Public services which involve highly complex procedures and are delivered at local level, such as environmental permits, are mostly still in the online information phase. Some progress can be seen, however, with the use of portal solutions combined with a centralisation of information and forms. Only when supported by comprehensive process re-engineering can these services reach the full transaction stage.

The study - carried out in April 2002(1) as part of the European Commission's 'Benchmarking eEurope' initiative - measures twenty basic public services in the 15 EU Member States, plus Iceland, Norway and Switzerland. In this study, a representative sample of more than 10,000 public service providers in the 18 countries were assessed.

eGovernment will continue as a priority in the second eEurope Action Plan, to be launched at the European Summit in Seville on June 21-22. ************************* Sydney Morning Herald Internet Society applies for control of .org top-level domain Washington June 21 2002

The Internet Society (ISOC) has submitted a bid to the Internet Corporation for Assigned Names and Numbers (ICANN) to succeed VeriSign Global Registry Services, Inc. as the registry operator for the .org top-level domain, according to a media release.

ICANN is seeking a new registry operator to assume control of the .org registry when its agreement with VeriSign ends on December 31 this year.

If ISOC's proposal is accepted, it will form a not-for-profit corporation, Public Interest Registry (PIR), which will operate as a fully separate corporation solely controlled by ISOC. ISOC has entered into an agreement with Afilias Limited, a global registry services provider, to provide PIR with a full range of back-end registry services if it is awarded the .org registry.

Afilias is the registry operator for .info, manages more than 850,000 names, and has spearheaded the use of the new Extensive Provisioning Protocol (EPP) standard for registry operations.

ICANN is expected to announce the registry successor in August.
**********************
Sydney Morning Herald
Game teaches file swappers copyright law
San Francisco
June 21 2002

The Electronic Frontier Foundation (EFF) and Privacyactivism have launched an interactive video game called Carabella designed to educate players about their online privacy and fair use rights, according to an EFF media release.

The game highlights how those rights are being trampled by digital rights management (DRM) technologies, online spyware, and data profiling servers.

In Episode 1 of the Carabella Game - The Quest for Tunes, players follow Carabella as she tries to find music by her favourite band while dodging privacy perils and threats to her ability to use and enjoy music that she's bought.

Carabella has several choices about how she gets the music, and each choice focuses on different DRM technologies that encrypt digital media content, all of which impair her use of the music and infringe upon her privacy.

The game is designed to show players how they may forfeit privacy and fair use rights while accessing music online, and how they can protect those rights. ********************* News.com Anti-spam service battles bugs By Stefanie Olsen Staff Writer, CNET News.com

A new anti-spam service launched with much fanfare this week is facing some technical hurdles out of the gate and frustration from the community it relies on to fight junk mail.

The software, launched in beta, or test, form Wednesday by San Mateo, Calif.-based Cloudmark, is geared to cut back on 75 percent of incoming spam by quickly identifying junk mail and filtering it based on input from people using the network. Web surfers must download and install a plug-in, which for now is only available for Microsoft Outlook on Windows 2000 and XP systems.

Since the beta service debuted, SpamNet's community forums have been flooded with questions, frustrations and suggestions for improvement. Some clamoring to enlist in the battle against spam said they have had difficulty installing the software, while others say they can't connect to the network if their computers operate behind a firewall.

Cloudmark has posted in the last day a "Bug Fixes" page for those with problems, asking people to "be patient while we find and post the solutions."

"The core of the software is working well," said Cloudmark CEO Karl Jacob, adding that SpamNet has had thousands of downloads in the last day. "With a beta you're always going to have some configuration problems to start."

The bug page calls out two main problems. One involves Windows NT 4, which may leave out some basic SpamNet tools during installation. The second involves connecting to the service past a corporate firewall. Cloudmark suggests that consumers who have trouble connecting ask their company's system administrator to open the blocked port, or port 2703.

"SpamNet initially did not function, due to our firewall," said David Scavo, director of technology for a marketing consulting company in Alpharetta, Ga., who used the workaround. "The other problem I am still having is that when attempting to report a spam e-mail (using the Block button), the SpamNet plug reports 'connect failed' followed by '1 message reported.'

"Cloudmark claims that this should not occur if port 2703 is open, but I have seen plenty of other people on their message boards reporting the same problem."

This is just one hiccup to the service.

Cloudmark's solution requires a free plug-in that plays a minor role in the background of Microsoft Outlook. According to the company, a successful installation will create a new file folder to hold spam messages on the left side of Outlook and a toolbar at the top for reporting junk mail or revoking a spam decision.

Those running Windows NT 4 are finding that after installing SpamNet, it is missing from the "Options" menu under "Tools," which gives people basic access to its functions. Also absent are the standard "Block" and "Unblock" buttons on the toolbar. These tools let people tell the SpamNet network when they think an e-mail should be considered junk.

The problem is that in its current form the software doesn't register necessary files in Windows NT 4, so the company proposes a workaround to the hitch. It's working with its installation partner InstallShield to iron out these problems and introduce an update late Thursday, according to Jacobs.

In a test by CNET News.com on an IBM ThinkPad running Outlook on Windows 2000, the installation did not automatically create a "spam" folder. Instead, the software offered a choice of sending files directly to the "deleted" folder or manually creating a new "spam" folder to divert junk mail.

The test turned up several other problems. The machine crashed while attempting to reboot after installation. Also, the SpamNet toolbar disappeared from Outlook on exiting and restarting the e-mail program, forcing a reinstall.

Despite the problems, SpamNet filtered 29 messages in the first 24 hours of use. That compared with some 235 messages captured during the same period using Outlook's built-in spam filter, which allows people to right-click on an e-mail message to direct all messages from that sender to a "junk e-mail" or "trash" folder.

Complaints aside, at least some SpamNet users appear willing to give Cloudmark a second chance.

"Overall I think Cloudmark has a great concept, but the product was released too early with insufficient testing," said Scavo. "In their defense, the product is clearly labeled as beta software, so I am not really complaining. If they take the feedback of their users and continue to work hard on the product, it has the chance to be a big success." ******************** News.com Study: Equal security in all software By Robert Lemos Staff Writer, CNET News.com June 20, 2002, 6:00 PM PT

Proprietary programs should mathematically be as secure as those developed under the open-source model, a Cambridge University researcher argued in a paper presented Thursday at a technical conference in Toulouse, France.

In his paper, computer scientist Ross Anderson used an analysis that equates finding software bugs to testing programs for the mean time before failure, a measure of quality frequently used by manufacturers. Under the analysis, Anderson found that his ideal open-source programs were as secure as the closed-source programs.

"Other things being equal, we expect that open and closed systems will exhibit similar growth in reliability and in security assurance," Anderson wrote in his paper.

The decision to adopt a closed-source policy is typically driven by other motivations, such as foiling competition or protecting the reputation of the developer by limiting information about flaws, he said.

The research is unlikely to quell the long-running debate between proponents of open-source software and corporations that believe closed-source software is better. While providing ammunition for each side's arguments, the paper also undermines each coalition. Supporters in the Linux community have maintained that open-source programs are more secure, while Microsoft's senior vice president for Windows, Jim Allchin, argued in court that opening up Windows code would undermine security.

"The more creators of viruses know about how anti-virus mechanisms in Windows operating systems work, the easier it will be to create viruses or disable or destroy those mechanisms," Allchin testified in May.

Anderson rebuts those types of arguments in his paper.

Idealizing the problem, the researcher defines open-source programs as software in which the bugs are easy to find and closed-source programs as software where the bugs are harder to find. By calculating the average time before a program will fail in each case, he asserts that in the abstract case, both types of programs have the same security.

However, the paper has yet to be peer-reviewed, and errors in his assumptions could undermine his theory. Furthermore, he acknowledged that real-world considerations could easily skew his conclusions.

"Even though open and closed systems are equally secure in an ideal world, the world is not ideal, and is often adversarial," Anderson said.

For example, the same quality that makes it easier to find bugs in open-source code may also make it easier for attackers to find ways to exploit the code. On the other hand, software makers may be slower to assign resources to fixing flawed software and may not want to admit that such flaws exist for economic reasons.

Oddly, Anderson used the latter third of the paper to launch into a criticism of the Trusted Computer Platform Alliance, a security consortium started by Microsoft, Intel, Hewlett-Packard, Compaq Computer and IBM in October 1999.

While those companies claim that their focus is on security, it's really on creating a platform from which competitors can be excluded, he argued. Furthermore, the alliance's technology for assigning a computer a unique ID is really another plank that Hollywood and music companies can use to fence off their content.

"There are potentially serious issues for consumer choice and for the digital commons," he wrote.

Marc Varady, chairman of the TCPA, disagreed with Anderson's painting of the alliance as a way to control the content of the PC, calling it "a total farce." The alliance is merely providing a way to verify that a PC is trusted, he said.

"We have no interest in creating a system that is controlled and unique in a way that, if you don't follow these capabilities, you can't use it," Varady said. *********************** ZNET Going offshore: Country choice comes first By Rita Terdiman Gartner Viewpoint

Global sourcing of IT services is becoming more pervasive in the strategies of U.S. enterprises and the minds of executives.

Although today India is the country of choice, enterprises are increasingly looking at alternative and additional countries to mitigate geopolitical risk, particularly in light of recent terrorist-related events. This shift in sourcing strategies necessitates a change in the way enterprises evaluate potential vendors. We recommend that enterprises follow the "country before company" directive as they sort through their global delivery options.

What has changed? In the past, U.S. enterprises have traditionally sourced work to external services providers by choosing some preselected criteria (e.g., strength in a particular vertical or horizontal process, geographic coverage, technical competency and quality certification) and then quickly creating a list of external services providers that might meet those criteria. However, with the shift to global sourcing, enterprises may not know most, if any, of the leading vendors in a particular country. They must also decide whether they even wish to do business in a particular country. Thus, they must consider a number of country-specific criteria that bear no relation to the standard, individual company selection factors.

Why is country analysis and evaluation important? IT suppliers' operating rules, business culture, and social culture are strongly affected by the country they are headquartered in. In fact, the country in which the offshore company is located may be as important, if not more important, than the vendor selected. Each country presents its own special set of risks (e.g., natural disasters, infrastructure capabilities, vulnerability to terrorism, and political instability) and potential benefits (e.g., labor pool and skills). Therefore, enterprises must consider a wide range of country-level characteristics to determine country suitability for offshore projects before they evaluate individual vendors.

*************************


Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx

Prev by Date: Clips June 20, 2002
Next by Date: ACM TechNews - Friday, June 21, 2002
Previous by thread: Clips June 20, 2002
Next by thread: ACM TechNews - Friday, June 21, 2002
Index(es):
- Date
- Thread