A Washington law firm has sued IBM, claiming that the computing giant is responsible for a 2005 attack on its e-mail server.

Butera & Andrews claims that an unknown IBM employee attempted to attack its e-mail server in November of last year, shortly after the law firm discovered that its computer had been taken over by an unknown attacker. Security investigators traced the source of the attack to a computer within IBM’s Cornwallis Road facility in Durham, N.C., the law firm alleges.

The lawsuit was filed April 7 in the U.S. District Court for the District of Washington.

An analysis of computer logs revealed “over 42,000” attempts by IBM-controlled machines to attack Butera & Andrews servers during 2005, the lawsuit claims.

Butera & Andrews is asking the court to force IBM to disclose information related to the attacks, and to award it damages, including the $61,000 it spent investigating the matter.

IBM has asked for the case to be dismissed, saying that Butera & Andrews “alleges no facts to justify its supposition that its systems were attacked by an IBM employee, as opposed to a computer hacker.”

The law firm may have a hard time proving that IBM is to blame for this attack, according to a computer security expert.

Though Butera & Andrews may have traced their attack to an IP address controlled by IBM [170.224.68.57, according to court filings], that address may have been spoofed, or IBM’s servers themselves may have been taken over by outside attackers, said Russ Cooper, a senior information security analyst at Cybertrust Inc. “There are lots of possibilities.”

Butera & Andrews senior partner James Butera declined to comment on the matter, except to point out that IBM had not denied that its computers were involved in the attack.

IBM representatives were not immediately available to comment for this story.

Advertisements

Freedom of speech online is under its fiercest threats in a decade because of two proposals in the U.S. Congress, the Center for Democracy and Technology (CDT) said.”Free speech online is facing some of its most serious assaults” since the Child Online Protection Act (COPA) was passed in late 1998, said Leslie Harris, executive director of CDT, a civil liberties advocacy group. One of those proposals would require schools and libraries to block Internet chat and social networking tools.

The U.S. government continues to spend millions of dollars to fight successful court challenges to COPA, which required adult-themed Web sites to get proof of age before allowing Web surfers to access adult content, the CDT said Thursday.

On July 26, the House of Representatives passed the Deleting Online Predators Act (DOPA), which would ban social networking Web sites and instant messaging programs from schools and libraries. And a provision requiring Web sites with sexually related content to include warning labels is included in a wide-ranging broadband bill awaiting action in the Senate.

Both proposals go too far in their attempts to protect children from online pornography or sexual predators, the CDT said.

The adult labeling provision, authored by Sens. Conrad Burns, a Montana Republican, and John Kerry, a Massachusetts Democrat, requires any Web site with sexually explicit “depictions” to be labeled. Such a broad definition could mean that sites would have to include labels if they have text descriptions of sexual acts, sex education content or videos with no nudity, said John Morris, director of the CDT’s Internet Standards, Technology and Policy Project.

A site with PG-rated video including implied sex, with two people rolling around under blankets, may have to be labeled under the provision, Morris said.

Spokesmen for Burns and Kerry didn’t immediately respond to a request for comments.

DOPA, sponsored by Rep. Mike Fitzpatrick, a Pennsylvania Republican, would give the Federal Communications Commission “remarkable power” to determine which Web sites and applications schools and libraries must block, Harris said. The legislation would require any schools or libraries receiving funding through the federal E-Rate program to block those sites or applications.

The broad labeling requirement likely violates the free speech protections in the First Amendment of the U.S. Constitution, Morris said. DOPA would add “a whole new category of social conversation” that’s restricted speech, he said.

Morris said, “99.999% of instant messages that minors participate in are healthy. And they’re perfectly legal.”

A representative of Fitzpatrick didn’t immediately respond to a request for comments.

New Zealand could set an example to other governments with its “principles and policies” on digital rights management (DRM) and managing trusted computing (TC) within government.A State Services Commission (SSC) report looks at the risks to government ownership and the use of information on behalf of citizens when protection schemes controlled by computer hardware and software vendors and other third parties are taken into account.

The SSC says it deliberately couched the report in international terms. “We hope other jurisdictions pick up on our ideas and participate in international debate on the questions [involved here],” says SSC spokesman Jason Ryan.

Local factors, such as New Zealand’s Privacy Act, have been sidelined to a “scope and interpretation” section at the end of each part of the report.

It seems New Zealand is an early mover when it comes to considering these issues.

“We have raised it in a variety of international forums, and a lot of overseas people said they’d not really considered it and that our work was quite groundbreaking,” says Ryan.

In particular, a paper on the subject, by a delegate from the New Zealand Privacy Commissioner’s Office, presented to a recent meeting of the International Working Group on Data Protection, held in Berlin, was very well received. It has since been further publicized on the working group’s Web site.

The New Zealand government expressed concern about some consequences of and DRM and the TC model as far back as 2004, when it forbade government agencies to use some of the first modules of the new security model, produced by Microsoft, for fear it could lose control over the integrity of its own information, and so imperil the privacy rights of citizens.

The SSC report still advises caution and outlines the checks that must be made before using DRM or trusted computing software.

The concern is not only about access to, and integrity of, information, but also the possibility of worm and virus infection passing undetected in a file encrypted by a third party for TC or DRM purposes.

The government’s response has been expressed as a series of principles (why things are done) and policies (what is done to implement the principles). Agencies must further decide for themselves on standards (how things are done and compliance measured).

For example, the “information availability principle” says: “For as long as it has any business or statutory requirements to do so, government must be able to use the information it owns/holds [and] provide access to its information to others, when they are entitled to access it.”

The key policy under that principle is: “Any information that is relied on for execution of public business must be free from encumbrance by externally-imposed digital restrictions, except with the informed consent of government.”

Other principles provide for confidentiality, integrity, security and information availability.

Google Inc. is actively complying with requests for data about its Orkut social networking service ordered by Brazilian courts, the company said Thursday.Google has provided Brazilian authorities with data about Orkut users in response to 30 court orders, and it plans to respond to eight more orders before their deadlines expire, said Debbie Frost, a Google spokeswoman.

Brazilian prosecutors investigating allegations of illegal activities on Orkut sued Google last month in a Brazil civil court, saying Google hadn’t responded to their requests for information.

Google defended itself, saying the prosecutors were requesting the information from Google’s Brazil subsidiary, which doesn’t operate Orkut. Google runs Orkut from the U.S., so requests have to be sent to its headquarters in Mountain View, California, it said.

Frost acknowledged that there are eight other orders mentioned in last month’s lawsuit that the company hasn’t responded to because it hasn’t received them at its Google Brazil subsidiary or its U.S. headquarters.

Google informed the court about its compliance with data requests regarding Orkut on Thursday in an official response to the lawsuit filed with the court, Frost said.

“We have and will continue to provide Brazilian authorities with information on users who abuse the Orkut service, if their requests are reasonable and follow an appropriate legal process,” she said.

Brazilian authorities reportedly are investigating a variety of allegedly illegal uses of Orkut by members in Brazil, including child pornography.

In their lawsuit, Brazilian prosecutors asked the court to fine Google and close its Brazil subsidiary for allegedly failing to provide the requested information.

Orkut, an invitation-only service, is immensely popular in Brazil.

It is obviously a tradeoff between the privacy issue and the compliance with court’s order.  So long as the court’s order is reasonable, Google should provide courts with the users’ information to the extend that the users’ privacy are also protected.

Prof told to pull podcasts

September 20, 2006

A North Carolina professor who offered his course lectures as paid downloads has been asked to suspend the service while the school decides whether it is appropriate. Robert Schrag, a North Carolina State communications professor, had begun making his lectures available for download by students and the general public alike, according to a university paper. Schrag charged $2.50 a lecture—he received part of the money, while the rest went to the download site.

Now Schrag has been asked to suspend the practice by university administration while the school struggles to develop a comprehensive policy for the use of this sort of intellectual property. While some students objected to paying for the lectures, Schrag told the Chronicle of Higher Education that the complaints are without merit. “We’re talking about the price of a draft beer,” he said. “You go to a concert. Your tuition buys you access to the concert, it doesn’t buy you the CD.” Of course, if the concert costs $597.88, you might expect the CD to be included.

This isn’t big business; Schrag made only $11 before the lectures were pulled, and he says the money simply goes toward defraying his recording and editing costs.

Podcasting raises a host of questions for those within the Ivory Tower. Should lectures be available to the public, who will pay only a fraction of the tuition price for the same in-class material? Are professors allowed to profit or charge for work done in the service of their schools? Will students come to class, or will “class” become 45 minutes on a Stairmaster with an iPod clipped to the waist? These questions have taken on prominence as professors wonder if the new technology is helping or hindering their mission to educate.

Many of us at Ars have spent (too much?) time haunting the corridors of graduate departments and teaching courses, and we’re excited about the recent trend to more broadly disseminate the knowledge bottled up in the academy. Still, downloading Stanford lectures from iTunes does not a Stanford education make. Attending lectures from an excellent professor in person is one of the most stimulating mental experiences possible, but isn’t fully replicable on a recording for various reasons (no personal interaction, no building of an intellectual community with other students, less accountability, no facial expression or body language, etc). Suffice it to say that podcast listeners will miss out on the copious arm-waving of people like our own Dr. John Timmer, who can convey complex embryonic information using nothing more than his fingertips.

The European Union’s antitrust chief said Tuesday she had no personal feud with Microsoft Corp. despite an ongoing legal fight between her office and the software company.”Far from pursuing a vendetta against Microsoft, the Commission’s actions are guided by the desire to create the most innovation- friendly business climate in Europe to the ultimate benefit of European consumers,” Neelie Kroes wrote in a letter to the Financial Times.

The EU antitrust commissioner said she is trying to ensure that Windows Vista, the new version of Microsoft’s computer operating system, complies with EU competition rules.

Microsoft had no immediate comment on the letter.

European Union officials have warned Microsoft not to shut out rivals in the security software market, as the company plans to launch Vista with built-in protection against hackers and malicious programs.

Microsoft has said it is concerned that regulators might require the removal of some of the new security features, and warned that EU actions could delay the launch of Vista in Europe.

Kroes said the Commission has provided Microsoft with guidance on Vista and has regularly detailed its concerns.

“There appears to be a co-ordinated campaign to portray the Commission in a negative light,” Kroes wrote. “For example, I have seen it suggested that the Commission may seek to prevent Microsoft from improving the security of its operating system.

“This is categorically not the case,” she said.

Microsoft is still embroiled in a long-running legal challenge to the EU’s 2004 antitrust order, which found the company broke competition law and fined it a record 497 million euros ($613 million). The EU subsequently fined the company another 280.5 million euros ($357 million) for failing to obey that antitrust order.

SANTA CLARA, Calif. – At the helm of Sun Microsystems Inc., Jonathan Schwartz became “un blogeur” last week when he started publishing his blog in French and nine other languages.

Schwartz, whose Web journal attracts 50,000 viewers each month, says going international will generate new customers and attract prospective employees in Europe, China and elsewhere. That puts the 40-year-old CEO at the vanguard of a trend in corporate communications, one that tears down barriers between executives and the general public.

“The blog has become for me the single most effective vehicle to communicate to all of our constituencies – developers, media, analysts and shareholders,” Schwartz said in his Silicon Valley office. “When I go out and have dinner with a key analyst on Wall Street or a key investor from Europe and ask them if they’ve read my blog, they almost universally say yes.”

Chief executives of smaller companies have already seized on blogs, and big companies are increasingly joining in – despite the potential for disastrous backfires.

In its unfiltered form, blogging lets CEOs bypass the public relations department, journalists and industry analysts and speak directly to the public.

Executive coach John Agno said blogs can also cure the dreaded “CEO disease” – the isolation that envelops a leader when subordinates become reluctant to disclose bad news or worst-case scenarios that might trigger a shoot-the-messenger response.

“Blogs are personal. They humanize the Web and keep CEOs in touch with what’s going on out there in America,” said Agno, head of Ann Arbor, Mich.-based consulting firm Signature Inc. “People feel they can really have a conversation with someone who has a blog.”

Thirty Fortune 500 companies are now publishing corporate blogs, nearly double the number in December 2005, according to the Fortune 500 Blogging Wiki, a collaborative tracking site. Technology companies like Amazon.com Inc., Cisco Systems Inc. and Oracle Corp. were early adopters, but senior executives at leading industrial companies like Boeing Co. and General Motors Corp. have also embrace the trend.

Yet few company blogs are from the chiefs.

Schwartz’s entries are often risque. In his zeal to tout Sun, Schwartz has crossed paths with the company’s legal department, whose attorneys have asked him to include “safe harbor” statements on blog entries that discuss future business strategies and products.

How much time executives spend blogging vary, but few seem to update more than once a week. Some executives – including Whole Foods Market CEO John Mackey – do little beyond posting excerpts from public speeches and press releases.

GM Vice Chairman Bob Lutz’s “Fast Lane” blog includes entries from other GM executives and links to his favorite German and French auto enthusiast sites. Lutz’s site has generated 10,000 reader responses since January 2005 and, along with a smaller GM corporate blog, gets 4,000 to 6,000 unique daily visitors.

The blog allows the Swiss-born executive to write directly to hard-core motorheads around the world. More than 900 readers asked Lutz, who oversees product development, to revive the Chevrolet Camaro. GM said last month it would develop a new Camaro based on a concept car unveiled in January.

“I’m not going to tell you that Camaro is happening because the blogosphere demanded it; that would be disingenuous,” Lutz wrote. “But I will tell you that the enthusiasm shown for Camaro in this forum is a shining and prominent example of the passion that exists for this automobile.”

More than 3,000 of Sun’s 30,000 employees maintain blogs on Sun’s sites, a practice Schwartz says helps Sun attract workers with specialized interests. Schwartz says the most esoteric blog entries – discussions on chip multithreading or Sun’s Java programming language – attract passionate responses.

“If you really care about Java in the medical device community, the fact that there’s a Sun blog where someone focuses on that suggests there’s someone at Sun you can relate to,” Schwartz said. “There may be three people at Sun who care deeply about this stuff, and you can go hang out with them if you come work for us.”

Karen Christensen, CEO of Great Barrington, Mass.-based Berkshire Publishing Group, usually updates her blog weekly but spent a half-hour a day blogging during a recent visit to China.

She says the blog gives colleagues a sense of her long hours and concern for details, making book reviewers – her harshest critics – consider her work in new light.

“I had a reviewer write to me and say, ‘I never knew there were real people behind this,'” Christensen said.

The publishing industry is rife with bloggers, including Macmillan Publishers Ltd. CEO Richard Charkin, whose “Chark Blog” includes slice-of-life entries from the British executive. Consultants say blogging suits natural-born writers – but it’s tough for other executives.

“Ultimately, a good blog is good writing. Most CEOs are not good writers,” said Debbie Weil, a Washington-based consultant and author of “The Corporate Blogging Book.””The packaging and controlling of the corporate message has always been done for them, so often they don’t realize that writing well is hard work and takes time and thought and practice.”

Blogs can also become a publicity land mine.

Nondisclosure agreements and financial regulations can turn the most literary CEOs into scribes who post rehashed speeches or press releases. CEOs may also lack the thick skin required for blogging, said David Taylor, an executive consultant in Boulder, Colo.

“One of the inevitabilities of blogging is that you get critical, hostile responses from trolls – people who post provocative things just to inflame a reaction,” Taylor said.

CEO bloggers can also take heat when companies stumble.

Sun’s annual revenue has declined in four of the past five years, and shares have plummeted to just over $5 from a September 2000 high of about $64.

“As much as I’m impressed by Jonathan’s blog, I wonder how he has time to blog when he has a company that desperately needs management steered in the right direction,” Taylor said.

Schwartz shrugs off criticism, insisting that blogging makes sense at Sun.

“Mainstream communication is horrible at serving niches,” Schwartz said. “This is a good way to take the expertise around Sun, which can be pretty esoteric, and ensure it’s available to the marketplace.”

Nathan Peterson, the owner of the iBackups.net – one of the largest U.S. Internet software piracy Web sites that sold products copyrighted by companies such as Microsoft and Adobe at a huge discount – has just been sentenced to more than 7 in prison.

http://ibackups.net/

In a landmark federal court decision issued earlier this week, a motion to dismiss a class-action lawsuit against Target Corp. was denied, marking what prosecutors called a victory for the visually-impaired community.”This judgment was a victory of an important battle, but not of the overarching war,” said UC Berkeley senior Bruce Sexton, one of the plaintiffs in the class-action lawsuit.

The judge issued his decision after Target motioned to dismiss a class-action lawsuit filed Feb. 7 that claimed that the corporation’s Web site was inaccessible to blind customers.

The suit claimed that the Web site violates the Americans with Disabilities Act, the California Unruh Civil Rights Act and the California Disabled Persons Act.

Target wanted the case dismissed, arguing that only its physical retail locations, not its Web site, are subject to state and federal accessibility laws.

But the judge struck down the motion, saying the Americans with Disabilities Act, which requires all commercial locations to be accessible to citizens with disabilities, extends to Web sites as well as physical retail locations.

Many Web pages are designed to be compatible with screen-reading software, which takes visual information from computer screens and reads it out loud, said John Pare, who is the director of public relations for the National Federation of the Blind.

Such sites also allow users to use keyboard shortcuts instead of relying on a mouse, he said.

“Target didn’t have these shortcuts installed in their own Web site,” Pare said.

Representatives from Target could not be reached for comment.

The ruling could hopefully spur more companies to adapt their Web sites to comply with federal and state accesibility laws, said Daniel Goldstein, a partner in the civil rights law firm Brown, Goldstein & Levy, one of the prosecuting firms in the suit.

While a final ruling has yet to be issued, disability-rights advocates said this is an important setback for Target and they are cautiously optimistic.

“This is the first step,” Pare said, “but we’ve still got a long way to go.”

“This judgment was a victory of an important battle, but not of the overarching war,” said UC Berkeley senior Bruce Sexton, one of the plaintiffs in the class-action lawsuit.

In an unprecedented decision for disability rights advocates, a federal district court judge ruled Tuesday that retail company Web sites must be accessible to the blind.

The lawsuit, filed Feb. 7 against Target Corp., claims

the Web site’s inaccessibility violates the

This technology is crucial for blind individuals, said Daniel Goldstein of

civil rights law firm Brown, Goldstein & Levy, since they cannot drive and need to do much of their shopping and other business online.

And while most sites are software compatible, said Goldstein, there’s a difference between acessibility and usability. While most sites are at least somewhat accessible, he said, “the number of both accessible and usable Web sites are … but still very few.”

Goldstein said the changing face of the high-tech industry has furthered the quality of life for the blind, it has also left other aspects behind. “One might have expected new tech to be liberating, and it has been … but now the thermostat is now digital, the washer is now digital,” he said.

It is when companies have to modify such existing infrastructure to make them accessible that compliance with state and federal laws becomes expensive and possibly unappealing.

Google: Don’t Be Evil

September 9, 2006

Google’s mantra is “Don’t be evil,” which as corporate mottoes go is the equivalent of “Build an eternal bonfire in the parking lot and fuel it with thousand-dollar bills and the occasional Gutenberg Bible.”The worldwide market for evil is stratospheric, and Google is uniquely positioned to take advantage of it. They’ve made some halting inroads in China, but economists — many of whom are themselves evil — estimate that if Google abandoned its inefficient policy completely, it could capture 38 percent of the evil market. That’s more than Microsoft and Lindsay Lohan combined. Here are just a few of the many ways Google could provide cutting-edge, convenient and extremely evil services.

Google TortureSure, Google provides access to nearly all the public information on the web, but what about data people aren’t willing to share? Google could enhance its core search engine by deploying goons and/or thugs to beat information out of people — anything from the location of their valuables to interesting sports trivia. Finally you can search on terms like “why did my neighbor come home at 3 a.m. all last week” and expect to get some real answers.

Google MurderWhy pay top dollar for a professional hit man when an amateur will do it for a few bucks and a good alibi? Google could leverage the technology behind Google Answers to match amateur killers with those looking to eliminate a business rival or key witness. While high-end assassins have all sorts of overhead and pass the costs on to you, Google Murder could match you up with sociopaths who were thinking of going on a rampage anyway, and who would be willing to shoot up the office building or motel of your choosing for a reasonable fee.

Google BlackmailYouTube and Flickr are tough competitors in the world of user-supplied content, but they’re hobbled by terms of service that discourage the most profitable content of all: incriminating evidence. Google could use the code behind Google Video to allow users to upload sordid videos and indelicate photos and set them to be displayed after a reasonable amount of time if the ransom isn’t met. If the victim pays up, Google gets a cut. If the ransom isn’t paid and evidence of degradation and betrayal is made public, everybody wins!

Google InfidelityMore than one affair has brought a marriage to an asset-dividing end thanks to an electronic trail left in the guilty party’s browser. With a couple of changes to Google Desktop and Google Toolbar, these sad results can be a thing of the past. The code could change the browser history so that searches for “crotchless panties” and “motels that bill by the hour” look like searches for “anniversary presents” and “spouse-only massage classes.” And, in case that doesn’t work, the software can automatically block access to the websites of private detectives and divorce lawyers.

Google NudityGoogle Earth may give you a great view of the Grand Tetons, but those aren’t the natural formations most people using Google Image Search are looking for. Sure, turning off SafeSearch can net you all sorts of porn even if you don’t actually want it, but the worldwide demand for naked pictures of famous people still far exceeds the supply. As satellite and rendering technology improve, Google will be in the enviable position of being able to map the topology of anyone who goes outdoors, and extrapolate it into nude pictures indistinguishable from actual perverted photography. Finally you’ll be able to see anyone from your favorite movie star to your Pilates instructor naked as a jaybird and twice as aroused.

I think you can see how evil, properly abused by the benevolent tyrants at Google, could benefit us all while only harming most of us. I think it would be a good trade-off, as long as Google doesn’t start spamming. Some things are too evil to even consider.