Slashdot Mirror

Ian Lamont writes "Anti-spam service Knujon has released reports highlighting how certain registrars in the US and abroad have consistently failed to live up to certain WHOIS-related obligations under ICANN's Registrar Accreditation Agreement (RAA) — specifically, the requirement that people or company registering domains provide valid contact information. Now the firm is requesting that ICANN shut down the worst alleged offender, Xinnet Bei Gong Da Software. According to Knujon, none of the WHOIS records in a sample of 11,000 alleged spam sites registered through Xinnet and reported by Knujon to ICANN's Whois Data Problem Report System were corrected in a six-month period ending in May 2008 — and the Chinese registrar continues to register about 100 spam sites per day. In many cases, says the Knujon document (PDF), Xinnet does not have 'any Whois record data for review while the sites are still active' and the spam sites further promote 'seal abuse' by posting bogus BBB, Verisign, and other trusted industry seals. ICANN says it is investigating. ICANN has just posted a draft revised RAA that is open for public comment until August 4. However, the wording of Section 3.7.8, governing registrars' obligations to check and correct domain owners' contact information, hasn't changed."

Bimo_Dude writes "Today (June 20), Steny Hoyer is bringing to the House floor the latest FISA bill (PDF), which includes retroactive immunity for the telcos. The bill also is very weak on judicial review, allowing the telcos to use a letter from the president as a 'get out of liability free' card. Here are comments from the EFF. Glenn Greenwald, writing in Salon, describes the effect of the immunity clause this way: 'So all the Attorney General has to do is recite those magic words — the President requested this eavesdropping and did it in order to save us from the Terrorists — and the minute he utters those words, the courts are required to dismiss the lawsuits against the telecoms, no matter how illegal their behavior was.'"

Stanislav_J writes "In a bizarre revelation, the judge who is presiding over the Isaacs obscenity trial in Los Angeles was found to have sexually explicit material on a publicly-accessible website. Alex Kozinski, chief judge of the U.S. 9th Circuit Court of Appeals, acknowledged that he had posted the materials, but says he believed the site to be for personal storage only, and not accessible to the public (though he does acknowledge sharing some of the material with friends). The files included images of masturbation, public sex, contortionist sex, a transsexual striptease, a photo of naked women on all fours painted to look like cows, and a video of a half-dressed man cavorting with a sexually aroused farm animal. The latter two are especially ironic in that the trial involves the distribution of allegedly obscene sexual fetish videos depicting bestiality, among other things, by Ira Isaacs, an L.A. filmmaker." Stanislav_J continues: "The judge has blocked public access to the site (putting up a graphic that reads, 'Ain't nothin' here — y'all best be movin' on, compadre').

Isaacs' defense had welcomed the assignment of Kozinski to the case because of his long record of defending the First Amendment, but the startling news about his website (the revelation of which seems to have been interestingly timed to coincide with today's scheduled opening arguments) now have many folks calling for him to be removed from the case. There is no indication that any of the images on Kozinski's site would be considered obscene or illegal. But certainly, one has to believe that most would consider this at the very least to represent a serious conflict of interest given the nature of the trial."

Garabito writes "Hatch Nuclear Power Plant near Baxley, Georgia was forced into a 48-hour emergency shutdown when a computer on the plant's business network was rebooted after an engineer installed a software update. The Washington Post reports, 'The computer in question was used to monitor chemical and diagnostic data from one of the facility's primary control systems, and the software update was designed to synchronize data on both systems. According to a report filed with the Nuclear Regulatory Commission, when the updated computer rebooted, it reset the data on the control system, causing safety systems to errantly interpret the lack of data as a drop in water reservoirs that cool the plant's radioactive nuclear fuel rods. As a result, automated safety systems at the plant triggered a shutdown.' Personally, I don't think letting devices on a critical control system accept data values from the business network is a good idea."

snydeq writes "Responding to legal pressure over its throttling of P2P traffic and other dubious practices, Comcast says it will now punish the most abusive users rather than particular applications. Yet its pilot tests in Pennsylvania and Virgina, which would 'delay traffic for the heaviest users of Internet data without targeting specific software applications,' raise greater concerns over net neutrality, ones that belie a potential preemptive strike against the cable company's chief future competition: streaming video. 'Despite the industry's constant invocation of the P2P bogeyman, at present, the largest bandwidth hog is actually streaming video,' writes Mehan Jayasuriya at Public Knowledge. 'Clearly, the emergence of online video is something that cable video providers find very threatening and by capping off bandwidth usage, they're effectively killing two birds with one stone; discouraging users from using their Internet connections for video while increasing the efficiency of the network. Is this anti-competitive? It sure seems like it.'"

An anonymous reader writes "Mozilla has opened comments for an new experimental browser security policy, dubbed Site Security Policy (SSP), designed to protect against XSS, CSRF, and malware-laced IFRAME attacks which infected over 1.5 million pages Web earlier this year. Security experts and developers are excited because SSP extends control over Web 2.0 applications that allow users to upload/include potentially harmful HTML/JavaScript such as on iGoogle, eBay Auction Listings, Roxer Pages, Windows Live, MySpace / Facebook Widgets, and so on. Banner ads from CDNs have had similar problems with JavaScript malware on social networks. The prototype Firefox SSP add-on aims to provide website owners with granular control over what the third-party content they include is allowed to do and where its supposed to originate. No word if Internet Explorer or Opera will support the initiative."

stavros-59 writes "An internal BT report on the BT secret trials of Phorm (aka 121Media) Deep Packet Inspection has been revealed on Wikileaks today. The leaked document shows that during the covert trial a possible 18 million page requests were intercepted and injected with JavaScript and about 128 thousand charity ads were substituted with the Phorm Ad Network advertisements purchased by advertisers specifically for the covert trial period. Several ISPs are known to be using, or planning to use, DPI as a means of serving advertising directly through Layer 7 interception at ISP level in the USA and Europe. NebuAd claim they are using DPI to enable their advertising to reach 10% of USA internet users." CT: nodpi has updated their page with a note that says that the charity ads were "purchased and not hijacked"- read there to see what the latest is.

Isaac-Lew sends word of an article in the Washington Post reporting that on June 12 the FCC will hold a hearing regarding cellphone early termination fees. The Commission may look at early termination fees for TV and Internet service as well. The wireless carriers are taking a Bre'r Rabbit approach toward possible FCC regulation of early termination fees — the FCC's intervention would pre-empt a number of class-action lawsuits going forward against Verizon, Sprint, and others. These suits, stemming from state regulations, could cost the carriers billions. "...the carriers have renewed a lobbying effort in recent weeks to persuade the FCC on a legal definition that would stave off the state lawsuits on cancellation fees. On May 6, 2008, Verizon Wireless chief executive Lowell McAdam and the company's chief lobbyist, Tom Tauke, met with [FCC Chairman] Martin, urging him to adopt a federal policy, according to FCC records."

amplt1337 writes "Debates about the profitability of 'free' continue to rage, but at least one major media conglomerate — Viacom — is pushing forward with releasing paid-for content for free on the Internet. Of course, the prospect of free and easy full-length Daily Show episodes has caused some tension with cable providers, who pay a hefty premium for a heretofore-exclusive right to distribute the conglom's content (there are obvious parallels with the conflict between labels and musicians). What strikes me as really interesting is that even an old, entrenched company like Viacom has enough vision to see the opportunity for increased profits through free distribution — provided they can control that distribution (see their YouTube lawsuit) and have discretion over just how free they go. Of course, the NYT itself has had its own experience with expanding access to previously fee-based content ..."

angelheaded writes "Brian Krebs from the Washington Post is reporting that the Bush administration is proposing a new tax collection program that would force credit card companies to report merchants' income to the Internal Revenue Service. The plan has come under fire from privacy groups, who say it will create another private sector database tied to Social Security numbers at a time when ID theft experts are urging companies to wean themselves from the use and collection of such information."

stevegee58 writes "Tom Ricks' Inbox in the Sunday Washington Post reported that bootleg DVDs purchased in Iraqi markets ('souks') are frequently infected with viruses. Iraqi soldiers were affected as well; electronic interaction between Iraqi and US soldiers frequently resulted in a corresponding exchange of viruses from these infected DVDs."

Ron Guilmette writes "As reported in the Washington Post's Security Fix blog, a substantial hunk of IP address space has apparently been taken over by notorious mass e-mailing company Media Breakaway, LLC, formerly known as OptInRealBig, via means that are at best questionable. The block in question is 134.17.0.0/16, which I documented in depth in an independent investigation. (Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.) Remarkably, the president of Media Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997."

andrewd18 writes "According to F-Secure, over 500,000 webservers across the world, including some from the United Nations and UK government, have been victims of a SQL injection. The attack uses an SQL injection to reroute clients to a malicious javascript at nmidahena.com, aspder.com or nihaorr1.com, which use another set of exploits to install a Trojan on the client's computer. As per usual, Firefox users with NoScript should be safe from the client exploit, but server admins should be alert for the server-side injection. Brian Krebs has a decent writeup on his Washington Post Security Blog, Dynamoo has a list of some of the high-profile sites that have been hacked, and for fun you can watch some of the IIS admins run around in circles at one of the many IIS forums on the 'net."

Rebecca Bug writes "Several Web sites (Wired, eWEEK, The Washington Post) are reporting on Dan Kaminsky's Toorcon discussion of a serious security risk introduced when major ISPs serve ads on error pages. Kaminsky found that the advertising servers are impersonating, via DNS, hostnames within trademarked domains. 'We have determined that these injected servers are, in fact, vulnerable to cross-site scripting attacks. Since these servers are being injected into your trademarked domains, their vulnerability can be used to attack your users and your sites,' Kaminsky said, identifying EarthLink, Verizon and Qwest among the ISPs."

DigitAl56K writes "The Washington Post reports that 'The Bush administration said yesterday that it plans to start using the nation's most advanced spy technology for domestic purposes soon' and that Homeland Security Secretary Michael Chertoff has said that 'Sophisticated overhead sensor data will be used for law enforcement.' Initially, it appears that the administration plans to leverage conventional satellites for domestic surveillance purposes. Congress last October delayed launch of the DHS office that would coordinate law-enforcement requests for satellite and other technical data, and demanded answers to legal questions about the program. The administration supplied answers that some Congress members characterized as inadequate and appears determined to go ahead anyway."

I Buy These From eBay points out a Washington Post story about how stolen military equipment has ended up on eBay and Craigslist. Undercover investigators reported being able to purchase defense-related items with "no questions asked." Let's hope the sellers don't get their hands on any retired rebellious robots. From the Post: "Among the items purchased include two components from F-14 fighter jets, bought from separate buyers on eBay. The warplanes, now retired by the military, could easily be purchased and transferred to the Iranian military, which is seeking its components, the report said. Investigators couldn't determine where the sellers had obtained the F-14 parts. They also purchased from a Craigslist seller a used Nuclear Biological Chemical protective suit, other protective accessories as well as an unused chemical-biological canister, which contained the mask filter used to guard against warfare agents. The property was likely stolen from the Defense Department, the report said."

YouTube has promised a commercial-free zone in the near future to help Congress deal with the problem of hosting campaign videos that were technically breaking the rule of not redirecting constituents to a commercial site. "Within a month, the one and only responder, YouTube, should have its commercial-free zone up and running, Capuano said. Republicans on the commission still fret that with only one such site, the House could be seen as picking winners and losers on the Web. Rep. Tom Price (R-Ga.), another commission member, said the panel's Republicans want to keep the new rules fluid enough to use any future Web site that comes forward with a better plan. 'Technology moves fast. Congress moves slow,' he said."

An anonymous reader writes "ICANN is finally taking action against Domain Registrar GoDaddy's controversial 'lockdowns'. GoDaddy has long had a policy of 'locking down' domain names for 60 days after a customer updated their contact details. This put customers in a Catch 22 position: ICANN requires customers keep their contact details up to date, or risk having the domain forfeited. Yet during the lockdown period the customer is prevented from transferring the domain from GoDaddy to another registrar. If the lockdown ran over the domain's expiry date, customers were forced to renew with GoDaddy or lose the domain. ICANN proposes to ban this practice. ICANN who is charged with overseeing the Internet has long been accused of giving domain registrars a free ride. But recently after ICANN failed to discipline Network Solutions over a front-running scam, they found themselves both on the wrong end of a lawsuit by lawyers Kabateck Brown Kellner. Is ICANN's action a signal of increased vigilance in policing registrars, or is it a PR move paving the way for a complete removal of US Government oversight?"

jhealy1024 writes "The College Board recently announced it will be getting rid of the Advanced Placement Computer Science AB examination after May 2009. The 'A'-level exam will continue to be offered, though there is no word yet on what will become of the AB-level material (e.g., if it will be merged into A or just dropped). Many teachers of AP CS are upset about the move, as it seems the decision was made without consulting members of the CS teaching community. As one teacher put it: 'this is like telling the football coach next year is the last year you have a varsity team.'"

dstates writes "The Washington Post is reporting that some Internet Service Providers (ISP) have been using deep-packet inspection to spy on the communications of more than 100,000 US customers. Deep packet inspection allows the ISP to read the content of communications including every Web page visited, every e-mail sent and every search entered, in short every click and keystroke that comes down the line. The companies involved assert that customers' privacy is protected because no personally identifying details are released, but they make money from advertisers who use the information to target their online pitches. Deep packet inspection is a significant expansion over tools like cookies in the ability to track a user. Critics liken it to a phone company listening in on conversations."

Ripit writes "Just yesterday the Justice Department approved the merger of Sirius Satellite Radio and XM Radio, a Sirius takeover to the tune of $5 billion. The transaction was approved without conditions, despite opposition from consumer groups and an intense lobbying campaign by the land-based radio industry. 'In explaining the decision, Justice officials said the options beyond satellite radio -- digital recordings, high-definition radio, Web radio -- mean that XM and Sirius could merge without diminishing competition. "There are other alternatives out there," Assistant Attorney General Thomas O. Barnett said in a conference call. "We just simply found that the evidence didn't indicate that it would harm consumers."'"

An anonymous reader writes "The Washington Post's Security Fix blog today features a funny but scary interview with a guy in Seattle who owns the domain name donotreply.com. Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.'With the exception of extreme cases like those mentioned above, Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"

wiredog writes "The Washington Post is reporting that Microsoft is developing a program that classifies news stories according to whether liberal or conservative bloggers are linking to them and also measures the 'emotional intensity' based on the frequency of keywords in the blog posts." If you would like to jump right to the tool you can check out "Blews" on the Microsoft site.

Squirtle tips us to a Washington Post story about the progress and expansion of N-DEx - the National Data Exchange. Developed by Raytheon for a mere $85 million, N-DEx is hailed as a unified intelligence sharing system, which will allow agencies to share and analyze data from all levels of law enforcement. From the Post: "Three decades ago, Congress imposed limits on domestic intelligence activity after revelations that the FBI, Army, local police and others had misused their authority for years to build troves of personal dossiers and monitor political activists and other law-abiding Americans. Since those reforms, police and federal authorities have observed a wall between law enforcement information-gathering, relating to crimes and prosecutions, and more open-ended intelligence that relates to national security and counterterrorism. That wall is fast eroding following the passage of laws expanding surveillance authorities, the push for information-sharing networks, and the expectation that local and state police will play larger roles as national security sentinels."

lelitsch writes "The Washington Post reports that the initial pilot of the Virtual Border Fence planned by the DHS and subcontracted to Boeing has been a miserable failure. A lot of the points in the report have the hallmark of death-march software development projects. Some choice quotes include 'did not work as planned or meet the needs of the U.S. Border Patrol,' 'DHS officials do not yet know the type of terrain where the fencing is to be constructed,' and 'the design will not be used as the basis for future... development.' The article notes that Boeing was forced to deliver 'something' early as President Bush pushed for immigration reform in Congress in 2006. That reform effort died last year in the Senate."

An anonymous reader writes "Financial institutions and companies in the securities/futures business are reporting sizable increases in the amount of losses and suspicious activity attributed to computer intrusions and identity theft, says the Washington Post's Security Fix blog. The Post obtained a confidential report compiled by the FDIC which analyzed Suspicious Activity Reports from the 2nd Quarter of 2007. SARs are filed when banks experience fraud or fishy transactions that exceed $5,000. The bank insurance agency found that losses from computer intrusions averaged $29,630 each — almost triple the estimated loss per SAR during the same time period in 2006 ($10,536). According to the Post, 'The report indicates that the 80 percent of the computer intrusions were classified as "unknown unauthorized access — online banking," and that "unknown unauthorized access to online banking has risen from 10 to 63 percent in the past year."' Another set of figures analyzed by The Post looks at similar increases affecting the securities and futures industry."

An anonymous reader writes "Financial institutions and companies in the securities/futures business are reporting sizable increases in the amount of losses and suspicious activity attributed to computer intrusions and identity theft, says the Washington Post's Security Fix blog. The Post obtained a confidential report compiled by the FDIC which analyzed Suspicious Activity Reports from the 2nd Quarter of 2007. SARs are filed when banks experience fraud or fishy transactions that exceed $5,000. The bank insurance agency found that losses from computer intrusions averaged $29,630 each — almost triple the estimated loss per SAR during the same time period in 2006 ($10,536). According to the Post, 'The report indicates that the 80 percent of the computer intrusions were classified as "unknown unauthorized access — online banking," and that "unknown unauthorized access to online banking has risen from 10 to 63 percent in the past year."' Another set of figures analyzed by The Post looks at similar increases affecting the securities and futures industry."

lseltzer alerts us to a story in the Washington Post on the defense strategy in the Hans Reiser murder trial. "In the courtroom where Hans Reiser is on trial for murder, [the evidence] might appear to indicate guilty knowledge. But his attorneys cast it as evidence of an innocence peculiar to Hans, a computer programmer so immersed in the folds of his own intellect that he had no idea how complicit he was making himself appear. 'Being too intelligent can be a sort of curse,' defense counsel William Du Bois said. 'All this weird conduct can be explained by him, but he's the only one who can do it. People who are commonly known as computer geeks are so into the field.'"

An anonymous reader writes "According to the Washington Post's Security Fix blog, cyber criminals are populating the Internet with Web sites designed to exploit several recently-discovered security holes in a half-dozen widely used ActiveX plug-ins for IE 6 and 7, most notably the one offered by Facebook and MySpace to help users upload photos. The sites, advertised via links in email and instant message spam, also 'probe for other vulnerable IE plug-ins, including two recently discovered from Yahoo! and one for QuickTime (this one attacks a vulnerability Apple patched just last month). The sites also throw in an exploit against a six-month-old IE flaw.' The article notes that the SANS Internet Storm Center has released a GUI tool to help users safely deactivate the vulnerable plug-ins in the Windows registry."

An anonymous reader writes "According to the Washington Post's Security Fix blog, cyber criminals are populating the Internet with Web sites designed to exploit several recently-discovered security holes in a half-dozen widely used ActiveX plug-ins for IE 6 and 7, most notably the one offered by Facebook and MySpace to help users upload photos. The sites, advertised via links in email and instant message spam, also 'probe for other vulnerable IE plug-ins, including two recently discovered from Yahoo! and one for QuickTime (this one attacks a vulnerability Apple patched just last month). The sites also throw in an exploit against a six-month-old IE flaw.' The article notes that the SANS Internet Storm Center has released a GUI tool to help users safely deactivate the vulnerable plug-ins in the Windows registry."

I Don't Believe in Imaginary Property writes "Now that a small Texas company has a patent on scanning and archiving checks — something every bank does — that has survived a USPTO challenge, lawmakers feel they have to do something about it. Rather than reform patent law, they seem to think it wiser to protect the banks from having to pay billions in royalties by using eminent domain to buy the patent for an estimated $1 billion in taxpayer money, immunizing the banks. The bill is sponsored by Sen. Jeff Sessions (R-AL)."

freedom_india alerts us to news that the House of Representatives declined to bring the surveillance reform bill to vote, prompting House Republicans to walk out in the middle of a session. The bill, recently passed by the Senate, includes retroactive immunity for the telecommunications companies who assisted with illegal domestic wiretaps. The walk-out comes after a proposal was shot down on Wednesday that would have extended the current legislation for another three weeks.

rattlesoft tips us to a Washington Post report that Yahoo is now seeking a partnership with News Corp. A related Reuters article notes that analysts are skeptical of such a deal. From the Post: "Yahoo is talking with a number of potential partners, possibly as a way to either stave off future Microsoft offers or in an effort to drive up the software giant's offer. The talks between News Corp. and Yahoo ... may signal a resumption of discussions that took place last summer between the two media giants that quieted during the fall. Such a combination would make News Corp. the largest single shareholder in a Yahoo/Fox Interactive unit. That would marry the world's most popular social-networking site, MySpace, with Yahoo's 4 billion page views per month to make a formidable opponent for Google."

RCTrucker7 writes "Comcast said yesterday that it purposely slows down some traffic on its network, including some music and movie downloads, an admission that sparked more controversy in the debate over how much control network operators should have over the Internet. In a filing with the Federal Communications Commission, Comcast said such measures — which can slow the transfer of music or video between subscribers sharing files, for example — are necessary to ensure better flow of traffic over its network. In defending its actions, Comcast stepped into one of the technology industry's most divisive battles. Comcast argues that it should be able to direct traffic so networks don't get clogged; consumer groups and some Internet companies argue that the networks should not be permitted to block or slow users' access to the Web."

Ktistec Machine writes to let us know that the telecom companies are one step closer to getting off the hook for their illegal collusion with the US government. Today the US Senate passed, by a filibuster-proof majority of 67 to 31, a revised FISA bill that grants retroactive immunity to the telecommunications companies that helped the government illegally tap American network traffic. If passed by both houses and signed by the President, this would effectively put an end to the many lawsuits against these companies (about 40 have been filed). The House version of the bill does not presently contain an immunity provision. President Bush has said he will veto any such bill that reaches his desk without the grant of immunity. We've discussed the progress of the immunity provision repeatedly.

Ponca City, We Love You writes "The Department of Justice has announced the indictment of former Boeing engineer Dongfan Chung on charges of economic espionage in the theft of company trade secrets relating to the Space Shuttle, the C-17 military transport aircraft, and the Delta IV rocket. Chung is a native of China and a naturalized US citizen. According to the indictment, Chinese aviation industry representatives began sending Chung 'tasking' letters as early as 1979. Over the years, the letters directed Chung to collect specific technological information, including data related to the Space Shuttle and various military and civilian aircraft. Chung allegedly responded in one letter indicating a desire to contribute to the 'motherland,' the DOJ said. It was not immediately clear how much, if any, damage the alleged espionage did to US national security but DOJ officials said the cases reflect the determination of the Chinese government to penetrate US intelligence and obtain vital national defense secrets. 'Today's prosecution demonstrates that foreign spying remains a serious threat in the post-Cold War world,' said Kenneth L. Wainstein, Assistant Attorney General for National Security"

Angus McKraken brings us a Washington Post story about how travelers are seeking more well-defined policies and rules about the search and seizure of electronic devices by U.S. Customs officials. The EFF has already taken legal action over similar concerns. We recently discussed the related issue of requiring people to disclose their passwords in order to search their private data. From the Post: "Maria Udy, a marketing executive with a global travel management firm in Bethesda, said her company laptop was seized by a federal agent as she was flying from Dulles International Airport to London in December 2006. Udy, a British citizen, said the agent told her he had 'a security concern' with her. 'I was basically given the option of handing over my laptop or not getting on that flight,' she said. 'I was assured that my laptop would be given back to me in 10 or 15 days,' said Udy, who continues to fly into and out of the United States. She said the federal agent copied her log-on and password, and asked her to show him a recent document and how she gains access to Microsoft Word. She was asked to pull up her e-mail but could not because of lack of Internet access. With ACTE's help, she pressed for relief. More than a year later, Udy has received neither her laptop nor an explanation."

mambosauce writes "Brian Krebs, via the security fix blog is reporting that the recent PDF vulnerabilities which were patched only for Adobe Reader 8 and not 7 are being exploited via banner ads. As if there haven't been enough banner ad attacks this year now we have another one targeting one of the most popular applications in the world this weekend. At this rate there won't be many safe applications left to use."

PizzaFace writes "U.S. Customs agents have long had broad authority to examine the things a person tries to bring into the country, to prevent the importation of contraband. The agents can conduct their searches without a warrant or probable cause to believe a crime has been committed. In recent years, Customs agents have begun using their authority to insist on copying data brought to the border on laptop computers, cell phones and other devices. The government claims that this intelligence-gathering by Customs is the same as looking in a suitcase. In response the EFF is filing a lawsuit attempting to force the government to reveal its policies on border searches. 'The question of whether border agents have a right to search electronic devices at all without suspicion of a crime is already under review in the federal courts. The lawsuit was inspired by some two dozen cases, 15 of which involved searches of cellphones, laptops, MP3 players and other electronics.'"

An Anonymous Coward writes "The Washington Post has an article about the Intelligence Advanced Research Projects Activity's take on the numerous virtual worlds (e.g. Second Life) that have cropped up in recent years. IARPA's thesis is that because the Government can't currently monitor all the communication and interaction, terrorists will plot and scheme in such environments."

destinyland writes "Time-Warner is now mulling a plan to charge a per-gigabyte fee for internet service. A leaked memo reveals they're now watching how many gigabytes customers use in a 'consumption-based' pricing experiment in Texas, which we discussed early last month. The announced plan was that they were considering a tier-based approach, as opposed to per-gigabyte fees. 'As few as 5 percent of our customers use 50 percent of the network,' Time-Warner complains, with plans to cap usage at 5-gigabytes, and more expensive pricing plans granting 10-, 20-, and 40-gigabyte quotas. Steven Levy at the Washington post suggests Time-Warner's real aim is to hobble iTunes, raising the cost of a movie download by $10 (or $30 for a high-definition movie). Eyeing Time-Warner's experiment, Comcast cable also says they're evaluating a pay-per-gigabyte model."

theodp writes "For 200 members of the Immanuel Bible Church and their friends, the annual Super Bowl party is over thanks to the NFL, which explained that airing NFL games at churches on large-screen TV sets violates the NFL copyright. Federal copyright law includes an exemption for sports bars, according to NFL spokesman Brian McCarthy, but churches are out of luck. Churchgoers who aren't averse to a little drinking-and-driving still have the opportunity to see the game together in public on a screen bigger than 55 inches."

I Don't Believe in Imaginary Property brings us a Washington Post story which discusses how scientists are finding surprises among the pictures sent back from Mercury by the Messenger spacecraft. In particular, images depicting a crater with over 100 troughs radiating out from it are stumping researchers. The crater is referred to as 'The Spider', and it occupies a basin that has turned out to be larger than once thought. NASA also has a discussion of the crater. The Messenger craft began taking the up-close photos earlier this month. From the Post: "Scientists were also surprised by evidence of ancient volcanoes on many parts of the planet's surface and how different it looks compared with the moon, which is about the same size. Unlike the moon, Mercury has huge cliffs, as well as formations snaking hundreds of miles that indicate patterns of fault activity from Mercury's earliest days, more than 4 billion years ago."

jmason reminds us of a story from a few weeks back that got little attention, adding "This doesn't seem to be just bluster; as far as I can tell, everyone who knows the RBN now agrees that this seems likely." Brian Krebs's Security Fix blog at the Washington Post carried a story about the Storm worm containing some pretty staggering allegations. "Dmitri Alperovitch [of Secure Computing] said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that US authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. In a recent investigative series on cyber crime featured on washingtonpost.com, St. Petersburg was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation — the Russian Business Network. Alperovitch blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang. 'The right people now know who the Storm worm authors are,' Alperovitch said. 'It's incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places.'"

Brian Krebs of the Washington Post's Security Fix blog has up an article on work-at-home money mule scams (backgrounder blog post here). These operations offer victims hundreds or thousands of dollars per week for moving money through their own accounts — a critical piece of the infrastructure for profiting from identity theft and phishing. The article links to the site of a UK fraud fighter named Bob Harrison, who lists hundreds of fradulent money-mule operations.

Brian Krebs of the Washington Post's Security Fix blog has up an article on work-at-home money mule scams (backgrounder blog post here). These operations offer victims hundreds or thousands of dollars per week for moving money through their own accounts — a critical piece of the infrastructure for profiting from identity theft and phishing. The article links to the site of a UK fraud fighter named Bob Harrison, who lists hundreds of fradulent money-mule operations.

Microsoft CRM recommends a long AP article laying out the nightmare scenario of RFID chips in everything tracking not only things but people. The darker possibilities of a technology capable of enabling ubiquitous surveillance are not news to this community, but it's not so common to see them spelled out for a wider audience. "Microchips with antennas embedded in virtually everything you buy, wear, drive and read, allowing retailers and law enforcement to track consumer items and consumers wherever they go. Much of the radio frequency identification technology that enables objects and people to be tagged and tracked wirelessly already exists and potentially intrusive uses of it are being patented, perfected and deployed... [A director at FTI Consulting] said:] 'It's going to be used in unintended ways by third parties — not just the government, but private investigators, marketers, lawyers building a case against you.'"

dpreformer sends word that President Bush signed a classified directive Jan. 8 (it only came to light this week) putting all cyber-defense and counter-offensive activity for government networks under the aegis of the National Security Agency. Previously, federal agencies had disparate intrusion and attack monitoring programs. The directive does not address private-sector networks and systems. While some lawmakers and civil-rights advocates are unhappy with expanding the NSA's role domestically, one alternative that was considered and rejected — putting Homeland Security in charge — might have been worse. "A proposal last year by the White House Homeland Security Council to put the Department of Homeland Security in charge of the initiative was resisted by national security agencies on the grounds that the department, established in 2003, lacked the necessary expertise and authority. The tug-of-war lasted weeks and was resolved only recently, several sources said."

El_Oscuro brings us a Washington Post update on the progress of Future Combat Systems, the U.S. Army's Linux-based operating environment that has been under development for several years. The project, which currently surpasses 63 million lines of code, has received criticism for having a scope greater than that which the Army can manage. Since the program's inception, integration of commercial applications has increased the amount of code, but has also saved the developers time and money. "Boeing and the Army said they chose not to use Microsoft's proprietary software because they didn't want to be beholden to the company. Instead, they chose to develop a Linux-based operating system based on publicly available code. Boeing's Schoen said that it is designing software so that if soldiers lose their connection, the software will automatically "heal itself," retrieving the information within seconds without rebooting."

NewsCloud writes "Germany's data-protection commissioner, Peter Scharr told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address, 'then it has to be regarded as personal data.' Scharr acknowledged that IP addresses for a computer may not always be personal or linked to an individual. If the E.U. rules that IP addresses are personal, then it could regulate the way search engines record this data. According to the article, Google does an incomplete job of anonymizing this data while Microsoft does not record IP addresses for anonymous search."