Hundreds of small Web sites around the world were damaged in a coordinated hacker attack Sunday, just as some security experts had warned last week. However, damage from the attacks was mitigated by a faction of hackers who attempted to prevent the other hackers from vandalizing the Web sites. The exact number of vandalized sites will not be known until later in the week, some security experts said. Bigger, more popular Web sites were spared in the attacks, possibly because those sites have learned to place greater emphasis on security. Internet Security Systems' Peter Allor said, "We at least knew it was coming. We took some efforts to harden our sites."
http://www.washingtonpost.com/wp-dyn/articles/A17748-2003Jul6.html

One argument goes that as the government feels entitled to monitor the affairs of American citizens, so too are Americans entitled to keep tabs on government activities; this reasoning is illustrated by Government Information Awareness (GIA), a Web site developed by the MIT Media Lab that amasses data about politicians, government projects, and plans from a variety of sources. MIT graduate student and GIA developer Ryan McKinley explains, "Our goal is develop a technology which empowers citizens to form their own intelligence agency; to gather, sort and act on information they gather about the government." The open-source GIA takes a cue from the Terrorist Information Awareness (TIA) federal program that seeks to uncover terrorist activity by combing through numerous databases, and which has aroused the ire of critics who contend that the project would trample over citizens' right to personal privacy. MIT's Christopher Csikszentmihalyi adds that GIA "brings that American spirit of self-governance into the era of networked information technology." GIA users can anonymously post data about government programs and public figures on the Web site, and the system checks the accuracy of such postings by automatically contacting the proper government officials and inquiring whether the data is true. The system notes if such information is refuted by officials, but preserves it nonetheless. McKinley says GIA is open to the participation of anyone who is interested, including attorneys, political activists, and programmers. He comments that much of the information GIA is designed to consolidate and make accessible lies in the public domain rather than in online databases.
http://www.wired.com/news/privacy/0,1848,59495,00.html

With California's legislature considering passage of a law that would require computer manufacturers to take responsibility for recycling half of all their equipment by 2005 and 90 percent by the end of the decade, Hewlett-Packard and other PC makers are promoting their computer reclamation efforts. HP's recycling program, which has been lauded by environmental activists such as the Silicon Valley Toxics Coalition, involves the manual removal of potentially toxic parts from junked equipment, which is then crushed and shredded mechanically; precious metals are filtered from the remains and smelted by Noranda and other recycling partners into gold bars, steel beams or rebar, and copper products. PC users that wish to recycle their discarded equipment must pay HP a transportation and recycling fee as high as $37, and in return receive a discount coupon for a future purchase. In addition, HP has started to redesign machines to ease their recycling. Meanwhile, Dell Computer started offering at-home recycling pickup services in March, and Gateway introduced a corporate recycling effort in May. Manufacturers are criticizing the California bill's requirements, arguing that the target PC recycling rates far surpass those for plastics and cans; they are also concerned that a separate recycling law for each state will only confuse matters, and prefer national recycling legislation established by the federal government. Complicating recycling is the fact that computer equipment contains hundreds of separate components and potentially dozens of variable substances. HP has its own problems with the proposed recycling measure: Company representatives claim that HP's PC pickup program lacks scalability, and add that the company favors expanding partnerships with local governments, which are already carrying out pickup programs for other recyclable products.
http://news.zdnet.co.uk/story/0,,t269-s2137112,00.html
To view the California recycling bill, see http://www.acm.org/usacm/Legislation/StateBills/CA_RecycleBill.htm

Committees in general have acquired a bad reputation, but this negative image should not extend to the technology sector, where many advances--including the new Serial ATA PC disk-drive connection system--are the result of committee standards-setting, writes Lee Gomes. Committees of engineers are usually responsible for delivering specifications for nonproprietary components to ensure that multiple versions of products operate the same way. Serial ATA was developed over a two-year period, with the initial legwork done by Intel. Serial ATA committee chairman Jason Ziller says Intel realized in the late 1990s that its CPUs were becoming more energy-efficient, and it would be a wise course of action to lower signal voltages throughout the rest of the computer, including the disk-drive link. The committee was originally comprised of representatives from Intel, Dell Computer, and several disk drive manufacturers, but hundreds of companies were participating by the time Serial ATA's final specification was ready. The committee not only fleshed out a methodology for reducing voltages, but designed a thinner, flexible cable to replace the rigid, easily breakable cable currently in use. All PCs are expected to incorporate Serial ATA within several years. The standard was left open-ended, which allows newer and faster Serial ATA versions to be developed. The Serial ATA panel was not immune to design compromises to satisfy the vested interests of certain members: Some participants wanted the new standard to rival the Small Computer System Interface (SCSI), but the committee ultimately decided to avoid this strategy at the behest of other panel members who derived profits from SCSI drives.

Certain privacy advocates are concerned that the Department of Justice is keeping its exact figures on how many telephone and email wiretaps it is carrying out a secret under the auspices of the Foreign Intelligence Surveillance Act (FISA), while ACLU staff attorney Jameel Jaffer warns that broader surveillance powers bequeathed to law enforcement by the 2001 Patriot Act will "create a chilling effect that would discourage people from exercising their First Amendment rights." FISA court records indicate that the court approved 30 percent more surveillance orders between 2001 and 2002, though released government reports claim that federal and state court orders approving wiretaps fell 6 percent. A court recently shot down an ACLU effort to force the Justice Department to release detailed documents of its surveillance protocols and incidences of wiretapping by invoking the Freedom of Information Act. The Justice Department argued that revealing such information would interfere with ongoing criminal probes and endanger national security. A number of "sunshine" bills seek to amend such reporting practices: An upcoming proposal from Reps. John Conyers (D-Mich.) and Joseph Hoeffel (D-Penn.) would require the Justice Department to furnish yearly public reports on how many people are wiretapped. Meanwhile, the Domestic Surveillance Oversight Act introduced in February by Sens. Patrick Leahy (D-Vt.), Daniel Inouye (D-Hawaii), Arlen Specter (R-Penn.) and Charles Grassley (R-Iowa) takes a similar approach. Mark Corallo of the Justice Department argues that only suspected criminals are being targeted for federal wiretapping, while Stroz Friedberg surveillance law specialist Beryl Howell insists that "electronic surveillance is not running amok and out of control."
http://www.pcworld.com/news/article/0,aid,111451,00.asp

Quantum cryptography projects in Europe have set the technology for commercial release in less than three years. Quantum theory provides a long-sought way to securely transmit the one-time key-stream first devised by U.S. Army cryptologist Joseph Mauborgne in 1918. However, distributing quantum cryptographic keys is difficult to do over long distances. The latest quantum cryptographic research has focused on photons; because the photons cannot be observed without changing their quantum state, it is possible to ensure that a message sent has never been read by an interloper. Toshiba Research Europe recently detailed a transmission method able to send a quantum key over more than 100 km of fiber-optic cable. Toshiba estimates a less than three-year wait before the technique is commercialized. Separately, the University of Vienna has demonstrated the secure broadcast of "entangled" photons to sender and receiver through 600 meters of open air. The university has designs for satellite broadcasts in the future. Despite the likelihood of unbreakable cryptographic codes in the near future, history shows that the most dramatic code cracks have come about because of human error. For instance, last year the FBI installed a key-stroke recording program in racketeer Nicodemo Scarfo's PC, enabling agents to access his PGP keys. During the late 1940s, U.S. code-breakers caught an KGB official using the same set of one-time keys and were able to trace a number of Soviet spies.

There is growing interest among businesses, educational institutions, and government agencies to use Web logs (blogs) rather than email for internal communications. Community Connect director of operations Nicholas Tang uses blogs to coordinate collaborative projects, while his engineers post updates about software configuration and server repair procedures on blogs. Tang also notes that blogs are being used as an archiving tool to preserve data that would otherwise be discarded and lost. Online search services provider Google has been using blogs extensively since it bought Blogger creator Pyra Labs; one of its internal blog applications, Google Love Notes, is designed to keep employees' spirits up by posting notes of praise from Google users who found the company's customer service staff very helpful. Verizon Communications also uses a blog to collate data and news reports about its rivals as well as the telecommunications industry in general. Tim Dawson of Notiva acknowledges that people sometimes use blogs to post information that digresses from company operations, but says that such tools are still important as a way to share information vital to internal functions. However, Naval Undersea Warfare Center analyst David Jarvis contends that blogs have not fulfilled their promise as a helpful communications medium. He claims that Web logs do not nurture the spontaneous development of information exchange between departments.
http://www.nytimes.com/2003/07/07/technology/07NECO.html
(Access to this site is free; however, first-time visitors must register.)

Yahoo!, Microsoft, VeriSign, and other major ISPs are using a technique designed to block software bots' attempts to sign up for online email accounts that spammers can employ to distribute bulk commercial email, as well as harvest the Internet addresses of potential spam recipients from databases. The method involves a visual ID verification test that users must pass, but advocates for the visually challenged complain that their constituency cannot take advantage of such tools. "It seems that they have jumped on a technological idea without thinking through the consequences for the whole population," notes Janina Sajka of the American Foundation for the Blind, who adds that the visual test can also frustrate people with relatively minor visual impairments, such as color blindness and contrast difficulty. Some ISPs offer alternatives: Microsoft's Hotmail has an audio option in which the letters users must enter to confirm their identity are spoken rather than displayed graphically, but all of the CNET News.com reporters who tested it could only hear gibberish. Yahoo! allows visually handicapped users to fill out a Web form that is supposedly processed within 24 hours, but not all Yahoo! sign-up services have this option, although the ISP reports that engineers are working to correct this oversight. Meanwhile, a pair of working groups in the World Wide Web Consortium's Web Accessibility Initiative (WAI) are developing outlines that Web developers can use to design bot-thwarting measures accessible to the blind. Additionally, Sajka and legal experts such as Kaye Scholer's Kerry Scanlon imply that companies that deploy such visual tests could face discrimination lawsuits under the Americans with Disabilities Act, although Web sites are currently excluded from the ADA's purview under a 2002 federal court ruling.
http://news.com.com/2100-1032_3-1022814.html

Researchers have discovered that the Internet's elementary structure is modular, and determined by the number of nodes (sites) that connect to a given node. The team, based at Denmark's Nordic Institute for Theoretical Physics, Norway's Niels Bohr Institute, Brookhaven National Laboratory, and the Norwegian University of Science and Technology, employed a modified version of the random walker diffusion technique to measure the Net's modularity by studying the links between nodes rather than the nodes themselves. Using this method, the scientists learned that the Internet is comprised of around 100 modules that are rough approximations of real-world countries, with U.S. military sites and Russia having the widest gap between them, according to Lund University's Kasper Astrup Eriksen. He adds that at highly connected nodes, links "often get a free ride when a new link is connected to one of the other link ends at the same node." The random walker diffusion method posits that a walker explores a network by walking along the links between nodes, choosing a link end at random whenever he arrives at a node; multiple walkers roaming around the network making independent decisions will eventually reach equilibrium, and concentrating on how equilibrium is reached reveals the Internet's underlying patterns. The Nordic/Brookhaven/Niels Bohr research follows a top-down approach to measuring Internet modularity. Eriksen says this strategy can be used to better comprehend the Net's architecture and determine where connectivity can be improved, which is an important factor to consider as the Internet expands and undergoes changes. He notes that the technique outlined by the researchers could yield more accurate Internet topology generators.
Click Here to View Full Article

Increased government surveillance has spurred public interest in online privacy services such as Anonymizer and Germany-based Steganos, two of the most popular such services. CNET Networks reports downloads for privacy services applications from its software download portal have increased nine times since six months ago. After the Sept. 11 attacks, the U.S. Patriot Act was passed to give law enforcement more investigative leeway, including lower standards required for court-approved wiretaps. The FBI is also making more aggressive moves to monitor online activity, installing the Carnivore program at ISPs such as America Online: Carnivore tracks Internet traffic to suspect sites and scans for suspicious data patterns. Combined with data from the ISP, FBI investigators can reconstitute users' second-by-second online activity. Some online privacy services users, like St. Louis writer Thomas Knapp, say the increased government surveillance incites them to use privacy-protecting programs as a form of protest. "The purpose is to frustrate the idea, to tell the government, 'You can't make this work,'" says Knapp. Experts in the field say the government's heightened activity is prompting an online privacy arms race, with software firms looking for protections against the newest privacy threats, such as Magic Lantern. And computer scientists say privacy technologies work, demoralizing codebreakers. University of Virginia assistant professor of computer science David Evans says, "Based on a pure brute-force search, typical modern encryption systems would require not just thousands of years, but quadrillions of quadrillions of years to break."

Laid-off U.S. high-tech workers are disheartened by employers bringing in foreign workers on H-1B visas and outsourcing IT operations to overseas labor; not only are more critical white-collar positions such as programming and software engineering going to these lower-wage professionals, but studies indicate that other sectors besides high-tech are showing signs of job erosion. "Globalization is now causing insecurity higher up the food chain," observes Josh Bivens of the Economic Policy Institute. Forrester analyst John McCarthy, who estimates that the number of outsourced computer jobs will balloon from 27,171 in 2000 to 472,632 in 2015, reports that contractors will be hit hard by globalization. Outsourcing advocates both here and abroad argue that recruiting offshore will boost productivity and allow U.S. companies to weather the worldwide economic slump, but this view conflicts with that of individual American employees who claim they are being replaced by a cheaper workforce. Some economists also charge that outsourcing works against long-term American corporate interests, undercutting the buying power of American consumers. Countering this claim are analysts such as the Brooking Institute's Gary Burtless, who asserts that the incomes of high-level U.S. tech professionals are rising faster thanks to globalization, while government restrictions on outsourcing could discourage other countries from purchasing American goods and services. WashTech organizer Marcus Courtney is concerned that outsourcing is softening up the U.S. tech job market even further, and his group has requested the General Accounting Office to launch a probe into how the practice is impacting the American labor market. Concurrent with the growing animosity toward outsourcing is a grassroots movement against the H-1B visa program, and supporters of this movement harbor motives ranging from reasonable to xenophobic.
Click Here to View Full Article

Shenick Software Systems software engineer John Fitzgibbon puts forward a proposal to close a loophole in the Domain Name System (DNS) so that only outbound mail servers with legitimate DNS MX records can send email, a strategy that may help hobble the spread of spam. MX records are currently used to authenticate the identity of inbound email servers only, but Fitzgibbon writes that not only could this protocol be applied to outbound servers, but it could be accomplished without implementing any initial technological alterations to the existing DNS framework. Fitzgibbon predicts that mail servers could be eventually adjusted to not accept mail originating from other mail servers that lack an MX record, and adds that messages from servers whose owners are known spammers could also be rejected via additional filtering. The software engineer acknowledges that the solution is impractical if the contact information for the domain in question is unreliable, but he notes that ICANN-accredited domain registrars must contractually stipulate that registered domains' contact information is accurate and legitimate. Fitzgibbon writes that organizations that rely on a separation between inbound and outbound mail servers could face difficulty because MX record-bearing mail servers are presumed to be receptive to mail, but he explains that this "headache" is considerably more preferable to spam. Although Fitzgibbon recommends that organizations abandon inbound/outbound separation, he offers an approach designed to make things easier for those who choose not to. The strategy involves giving an outbound mail server's MX record a low priority, and signing up an independent domain for "outbound-only" MX records.
http://newsforge.com/article.pl?sid=03/07/02/0347225

The science of haptics, pioneered by the military and later the automotive and medical sectors to develop technologies that give users the ability to "feel" remote or virtual objects through an electronic interface, is finding its way into the entertainment industry. Computer game companies are employing peripherals such as Essential Reality's wireless P5 glove to enable players to roam and act within a virtual environment. Many new haptics devices are being developed to impart sensation through force feedback, in which motors or vibrators in peripherals activate or deactivate in response to game information relayed by the computer. Another force feedback device is the CyberGrasp glove, which automotive engineers use to virtually assemble automobile motors. Meanwhile, Canesta is developing electronic perception, a low-cost technology in which input devices use a modified form of infrared measurement to map out a 3D image of their environment; the devices can also respond to real-time changes in the environment. More immersive and intuitive input devices for the video game industry is just one of electronic perception's potential applications. Meanwhile, haptics devices geared toward the medical industry could employ actuators to convey to users the subtle tactile differences between various tissues as they are cut by a scalpel, for instance. Both automotive and medical haptics devices will probably be adapted into prototype home-market products.
Click Here to View Full Article
(Access to this site is free; however, first-time visitors must register.)

Linux creator Linus Torvalds says in an interview with Mercury News that he believes the SCO suit against IBM is not valid and that should be apparent given the transparency of open-source development. The basis of the suit, according to Torvalds, is UNIX code that had previously been disputed by AT&T and UC Berkeley. He insists the Linux origin was crafted by him alone for six months and that the first major contributions did not come until one year after he started. While Torvalds says IBM's court case basically deals with contract issues, he worries that the dispute could drag on too long and weigh on Linux. Torvalds also compares Microsoft and other proprietary software vendors to sharks, turtles, and similar species that have narrowed genetic development. Open-source software development, in contrast, is not centrally directed by the result of many diverse and sometimes competing forces. Torvalds says the hundreds of different groups involved in Linux development represent corporate, academic, and individual interests, and that version updates are passed based on technical and sometimes personal reasons. Torvalds also compares Linux to a tree where forked versions represent dead-ends that become increasingly uninteresting, but where his version remains the trunk. Torvalds say that Microsoft is responding to the threat of open-source software the same way that Unix vendors responded to Microsoft's products, which were less robust and supposedly less supported. Torvalds says his recent decision to leave Transmeta for the Open Source Development Lab was that Transmeta was refocusing on product and customer support issues due to financial tightening, and that opportunities for basic research had disappeared.
http://www.siliconvalley.com/mld/siliconvalley/6237239.htm

University at Buffalo researchers recently disclosed that they have created a haptic system that allows one person to feel the tactile sensations experienced by another over the Internet. A team led by UB Virtual Reality Lab director Thenkurussi Kesavadas has successfully relayed the sensation of feeling soft and hard objects as well as the contours of specific shapes using Phantom, a commercial device that employs a robot arm to trace the shape and texture of a computer model in three dimensions. The experiment involves one user feeling an object with a data glove, while the other uses the Phantom device to outline the object and receive the same tactile feedback; furthermore, the system preserves the sensory data, allowing sensations to be accessed repeatedly. "The big breakthrough for us was to figure out that the users needed to actively track and try to repeat what the other person is trying to do, and that was when the receiver started reliving what the sender was trying to do," Kesavadas explains. The system's viability was proven in a blind test where receivers could accurately determine that the senders were feeling a round or rectangular object 80 percent of the time. Such an innovation could have far-reaching applications in the medical, entertainment, distance learning, and e-commerce industries. Dr. James Mayrose at UB's school of medicine reports that the development of practical uses for the technology is well underway, particularly for the field of telemedicine and remote diagnosis. "I think we're on the cusp of having viable haptic interactions over long distances through sensing and force-feedback devices," declares Carnegie Mellon University's Roberta Klatzky.
http://www.wired.com/news/technology/0,1282,59462,00.html

Annodex software developed by Australia-based CSIRO Mathematical and Information Sciences purports to facilitate more interactive Web surfing by making multimedia files directly accessible and searchable. The software, which enables any section within a file to be assigned a descriptive tag, will become a standard desktop feature within five years, according to CSIRO's Silvia Pfeiffer. In addition to labeling and establishing direct links to multimedia file "chunks," Annodex allows surfers to move through audio and video files while playing them at the same time. Users can jump to specific file sections by entering their name or a time. The CSIRO development team is attempting to automate the tagging process, possibly through speech-recognition software. Annodex is being freely distributed as an open-source code, and Pfeiffer's team is planning to issue a Web browser program equipped with Annodex for the Macintosh within several weeks, as well as make a Linux and Windows version of the software available by year's end. PIVoD's Phillip Jenkins foresees "massive" media- and government-related applications for Annodex, while Pfeiffer thinks the software will have domestic applications as well.
http://www.nature.com/nsu/nsu_pf/030623/030623-11.html

The strong business value and convenience of having a Wi-Fi connection is undercut by the ineffectiveness of Wi-Fi's Wired Equivalent Privacy (WEP) protocol, which leaves Wi-Fi connections vulnerable to any hackers in close enough proximity to an access point. But help may be coming in the form of new security standards under development. Proprietary security solutions are problematic: They lock the client in to the vendor's networking hardware and may be hard to harmonize with enterprise-wide security systems. The Institute of Electrical and Electronics Engineers (IEEE) modified 802.1x, an authentication mechanism employed in wired Ethernet networks, as a way to provide strong access control and authentication for wireless LANs. Deploying 802.1x involves upgrading Wi-Fi clients' software drivers, improving firmware or replacing access points, and installing a Radius server with public key infrastructure (PKI). This may be more difficult for smaller enterprises, and the 802.11i standard the IEEE is slated to ratify in 2004 may offer relief. The specification would employ the Advanced Encryption Standard for data privacy, and probably entail the purchase of new client and access-point hardware; to make things easier, a vendor group has created Wi-Fi Protected Access (WPA), a subset of the 802.11i draft standard designed to be implemented on existing hardware and featuring cryptographic algorithms that run on Wi-Fi access and PC cards free of performance degradation.
Click Here to View Full Article

U.S. retailers are facing a deadline reminiscent of Y2K in terms of the work required, though the consequences for missing the deadline will not cause systems to crash. The Sunrise 2005 deadline was issued by the Uniform Code Council (UCC) in 1997 and expands the current 12-digit universal product code (UPC) used in the United States to 13 digits, though the UCC recommends 14-digit compliance to accommodate reduced space symbology and radio-frequency identification. Overseas manufacturers and retailers already use 13-digit product codes, and major U.S. retailers that deal in foreign goods have already begun remediating their systems. Without remediation, retailers' systems will not be able to read the new 13-digit UPCs into their back-end systems, though scanners used at point-of-sale terminals can already read 13-digit UPCs. The grocery retail sector is seen as the laggard in Sunrise 2005 compliance, especially small, independent operators without the resources to revamp their systems. Ahold chief U.S. technology officer Ed Gropp says conversion is similar to Y2K preparations in that IT staff have to hunt down scattered 12-digit fields in databases and other systems. However, because 12-digit UPCs are simply numbers and not a date field, they are even more difficult to identify. In addition, many retailers had parsed the 12-digit UPC to derive the vendor's identification, though the UCC did not officially support the practice. These systems will also be thrown off by Sunrise 2005, since the new 13-digit UPC will use vendor numbers up to 10 digits in length instead of the consistent six-digit vendor prefix used in the 12-digit UPC.
Click Here to View Full Article

Stephen Wilson of SecureNet contends that digital certificates, as part of a public key infrastructure (PKI), are better suited as application-specific "electronic business cards" rather than the one-size-fits-all electronic passports they were originally conceived to be. One chief benefit of digital certificates is that they support the integrity of electronic transactions no matter how much time passes or how far away the involved parties are; this is very appealing in light of increasing incidences of online fraud and electronic service providers' desire to streamline audit logging, forensics, and dispute resolution, and minimize the expense of fraud investigation. Another key advantage of PKI is the machine readability of digital signatures, which can be leveraged to eliminate paper-based transacting. PKI applications rated as "good"--tax returns, insurance, patent applications, customs reporting, etc.--are characterized by high transaction volumes, multiple recipients and brokers between sender and receiver, completely automated processing or straight-through processing, and the need to retain evidence over prolonged periods to deal with potential disagreements and legal complications. Constraining specific digital certificates to specific applications can significantly cut usage complexity, thus simplifying the legal ramifications of PKI accreditation procedures, Wilson argues. With a fresher perspective, it makes sense that PKI's inherent technology and processes should no more limit users than a magnetic stripe card does. This strategy makes PKI more useful, relieves users of the need to familiarize themselves with certification practice statements, reduces training responsibility, and allows the legal liabilities of PKI usage to be ascertained under existing rules. Wilson writes that reconsidering PKI also helps explain why many first-generation digital certificate applications were failures.
Click Here to View Full Article