Tuesday, December 7

AT&T has agreed to allow MindSpring access to its cable modem networks, thought the deal is not as broad-ranging as sometimes reported: the agreement only affects MindSpring, and does not allow the open access that many ISPs have sued for.

An appellate court has found Prodigy not liable for defamatory messages posted to its bulletin boards by a member. Prodigy was found to be a common carrier of information, rather than a publisher:

"We are unwilling to deny Prodigy the common-law qualified privilege accorded to telephone and telegraph companies," Judge Albert M. Rosenblatt wrote for the Court in Lunney v. Prodigy Services, No. 164. "The public would not be well-served by compelling an ISP to examine and screen millions of e-mail communications, on pain of liability for defamation."

Netscape Communicator 5.0 beta has been delayed two more months.

Wired looks for the killer app for wireless Internet.

Salon announces "The free PC is Dead! Long Live the free PC!"

Security and privacy

The A5/1 encrpytion in GSM - the cell phone protocol used widely outside of the US - has been broken by one of the inventors of the RSA encryption algorithm. A PC with 128 megabytes of RAM and two 73 gigabyte hard drives can find the A5/1 key in one second. However, the messages must first be intercepted. One person claims he can build a PC-based interceptor for less than ten thousand dollars. Also at issue is the fact that GSM changes frequencies every few seconds, though one expert believes that barrier will quickly fall.

If signed into law, the Australian Security Intelligence Organization Legislation Amendment 1999 would allow the Australian government to not only read computer files, but to change them if it were deemed a matter of security. The Australian Parliament has already passed the bill.

There's a new privacy concern with email and cookies: by imbedding cookies into HTML-formatted email, it's possible for companies to associate a profile of your activities with your email address. This is yet another reason why you shouldn't use HTML-formatted email programs. Even if you turn cookies off, HTML-formatted email compromises security in other ways. Someone can send you an HTML-formatted email with a unique GIF, and when your email client requests it from the web server, the request shows up in the web server's log files, along with your IP address. Now the person knows when you read the message. Worse, if your computer always gets the same address when you connect to the Internet (as it will for most cable modem and DSL users), your IP address and email address will then be tied together.

Once again, here's a demonstration of how trivial it is for a web server to get your IP address: The web server has to have your IP address in order to know where to send information. Here, I'm echoing your IP address via a server side include (SSI): <!--#echo var="REMOTE_ADDR"-->. Note that I'm echoing your IP address to you. Other people see their IP address, not yours.

---

Friday, December 10

British Telecom announced unlimited telephone access plans in the UK. Daytime, nighttime and weekend packages are available. Though unlimited local phone calls are taken for granted in the US, they are necessary to make widespread Internet access economical.

Jupiter Communications predicts that 13 millions US households will use free ISPs by 2003. Far from replacing paid services, free ISPs will account for just 13% of the market.

Conexant's CN9420CM cable modem reference design supports all worldwide cable modem standards and is software upgradeable. Conexant will sell the design to other companies for branding and distribution.

Security and privacy

David Smith pleaded guilty to creating and distributing the Melissa Word macro virus. The guilty plea was arranged with New Jersey prosecutors. The charge Smith pleaded guilty to was computer theft. He faces a maximum fine of US$150,000 and 10 years in prison.

The non-profit Electronic Privacy Information Center (EPIC) is suing the US National Security Agency (NSA), claiming that the NSA is illegally spying on US citizens.

Shields Up is a free, web-based service for testing your computer's vulnerability to common intrusions, such as port scans and NetBIOS attacks. PC Magazine covered the service in a recent First Looks article.

A new class of web site attacks - including Poison Null and Upload Bombing - can allow users to attack web sites that use certain CGI programs. Web sites that allow users to upload files through web pages are especially vulnerable.

A number of viruses are masquerading as Y2K patches. One - dubbed W95.Babylonia - is unique in that it can check for updates to itself and download more vicious payloads.

Previous week