Wednesday, July 23, 2003

Faster Methods of cracking Windows passwords

Improvements in cracking passwords or encrypted data will continue to push the envelope - limited only by processing power, memory and creativity.

"NEW METHOD CRACKS PASSWORDS IN SECONDS
A senior research assistant at the Swiss Federal Institute of Technology's Cryptography and Security Laboratory has published a paper outlining a way to speed up the process of cracking alphanumeric Windows passwords to only 13.6 seconds on average. The previous average time was 1 minute, 41 seconds. The new method uses massive lookup tables to match encoded passwords to the original text entered by a person, thus reducing the time it takes to break the code. 'Windows passwords are not very good,' says researcher Phillippe Oechslin. 'The problem with Windows passwords is that they do not include any random information.' The only requirement for the cracker is a large amount of memory in order to accommodate the lookup tables. The larger the table, the shorter the time it takes to crack the password. Users can protect themselves by adding nonalphanumeric characters to a password, which adds another layer of complexity to the process. Any cracker would then need more time or more memory or both to accomplish the break-in. For more information on Oechslin's method, check out {{the post inserted below}} (CNet News.com 22 Jul 2003) "
Source: NewsScan Daily: July 23, 2003


LASEC: Search Results
Making a Faster Cryptanalytic Time-Memory Trade-Off
Philippe Oechslin

Published:
To appear in Lecture Notes in Computer Science (Proceedings of Crypto'03)

Abstract:
In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since. We propose a new way of precalculating the data which reduces by two the number of calculations needed during cryptanalysis. Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the param-eters used.

Monday, July 21, 2003

POPFile - Automatic Email Classification

Opensource Baysian filtering of email to learn to catch all your SPAM.

POPFile - Automatic Email Classification: "POPFile automatically sorts your messages and fights spam. "

Also at Source Forge

YahooPOPs! :: Free POP3/SMTP access to Yahoo Mail!

Open source software tools to access Yahoo email. Free email is a good thing but problems eventually occur with space on the server for "sent" and "saved" emails. This is a potential solution.

YahooPOPs! :: Free POP3/SMTP access to Yahoo Mail!: "YahooPOPs! is an open-source initiative to provide free POP3 and SMTP access to your Yahoo! Mail account. YahooPOPs! is available o­n the Windows and Unix platforms.
YahooPOPs! emulates a POP3/SMTP server and enables popular email clients like Outlook, Netscape, Eudora, Mozilla, IncrediMail, Calypso, etc., to download and send emails from Yahoo! accounts."

Saturday, July 19, 2003

Another Security issue related to user and devious marketing company

VIRAL MARKETING' STOOPS TO NEW LOW
Internet security company Sophos is warning of a new marketing scheme reported by its Australian tech support team, which tricks users into visiting a Web site featuring free comic video clips and then installs software that sends out e-mails from their computers to people listed in their address book. The Web site, run by Curacao-based Avenue Media, uses ActiveX to display a humorous video clip and at the same time downloads an additional software component called 'Internet Optimizer' onto the PC, which then sends the e-mails. Peter Ducklin, head of technology at Sophos' Asia Pacific division, says: 'What tricks a lot of people is that the ActiveX control which kicks the process off is digitally signed. Many users assume that a program which has been signed in this way is automatically both trustworthy and desirable. Ironically, even though Internet Explorer presents a 'security warning,' many people treat this as some kind of a 'security approval' and are more inclined to go ahead.' (ZDNet Australia 16 Jul 2003)"
Source: NewsScan Daily: July 17, 2003

Measuring Computing Consumption

"HOW DO YOU MEASURE COMPUTING CONSUMPTION?
'We're looking for that single unit of measurement that will be the tech industry's equivalent of the kilowatt,' says Bernardo Huberman, a director at Hewlett-Packard's research laboratories. Identifying and agreeing on such a unit is essential to the future success of the much-hyped initiative called 'utility computing,' touted by tech giants HP, IBM and Sun Microsystems. Currently, the three companies offer a jumble of pricing schemes for their utility-computing offerings, but all agree that finding a simple and standard way to measure and charge for computer use would enable the nascent market to really take off. At HP's labs, researchers have coined the term 'computon' -- a mix of 'photon' and 'computation' -- to describe the unit, but coming up with exactly what a computon is, isn't as easy. The problem is that unlike a kilowatt, a computon can't be a strictly scientific quantity. It must cover aspects such as data-storage capacity and processing power, and must be flexible enough to accommodate the evolving needs of customers. 'Ten to 20 years from now, you might see computing companies as closer to the electrical utility of today,' says Nick van der Zweep, HP's director of utility computing. 'Tech companies will have big computer-processing generation stations all over the world, and there may be meters on everybody's houses measuring how much computing power they use.' (Wall Street Journal 17 Jul 2003) "
Source: NewsScan Daily: July 17, 2003

YESTERDAY A MICROSOFT FLAW, TODAY A CISCO FLAW

It had to happen eventually - the movement of very public hacks of computer networking to the backbone of the internet: Cisco. Microsoft has been beaten and abused over the years over security issues. Ok, so maybe that is what it took to get them to ship server software with defaults for "some" security rather than "no" security!!

YESTERDAY A MICROSOFT FLAW, TODAY A CISCO FLAW
Cisco, which makes communications routers and switches, has found a flaw in its software that could be used by network vandals to cause widespread outages; the company has released a free patch to fix the flaw in its Internetworking Operating System. No vandals have exploited the vulnerability up to this point, and Cisco says: 'We literally have people working around the clock right now to get this situation taken care of.' According to the company, the vulnerability could only be exploited by sending a 'rare sequence' of data packets to a device running IOS, the equivalent of Windows for routers and switches. (AP/San Jose Mercury News 17 Jul 2003) "
Source: NewsScan Daily: July 18, 2003

IMPLANTABLE MICROCHIP STRIKES A CHORD IN MEXICO

More news of the linkage between technology and humans. I'm not sure if these are advances or ...? Someday we'll figure out the privacy implications, advantages of the technology, etc. Untill then these types of news releases will cause concern on the privacy front, wonder for the technocrats, and mild amusement for everyone else.


"IMPLANTABLE MICROCHIP STRIKES A CHORD IN MEXICO

Palm Beach, Fla.-based Applied Digital Solutions, maker of the implantable VeriChip, is targeting consumers south of the border, where people see the tiny devices as a possible new way to thwart crime. The microchips, which are available in the U.S. as well, are implanted under the skin and can be used to link to information on identity, blood type and other information housed on a central computer. In Mexico, citizens hope the tiny devices could prove one more weapon in the arsenal needed to combat a rising wave of kidnappings, robberies and other crimes. The Mexican company in charge of distribution says it hopes to implant 10,000 chips in the first year and ensure that 70% of all hospitals contain the technology necessary to read the chips. Company officials say they are working on developing a similar technology that would use satellites to locate people who've been kidnapped, an application that is popular with Mexicans, but has raised privacy concerns in the U.S. (AP 18 Jul 2003) "
Source: NewsScan Daily: July 18, 2003

Friday, July 18, 2003

Adding a link /// Internet Traffic Report

Interesting visual information about the internet.

Adding a link /// Internet Traffic Report: "The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections."

SecurityFocus BASICS Columnists: Blogs: Another Tool in the Security Pro's Toolkit

Interesting column which seems to reach the same conclusions that I have about reasons to blog. I'm interested in following up on these ideas - looking for further improvements in efficiently handling information. Particularly the RSS feeds -- I've had that documentation printed out for about 3 months now and haven't really read it yet! I think that the actionable idea is to convert from an email push to a web feed push. Similar but different - but how? Benefits? Disadvantages? stay tuned.

SecurityFocus BASICS Columnists: Blogs: Another Tool in the Security Pro's Toolkit: "Blogs: Another Tool in the Security Pro's Toolkit (Part One)
By Scott Granneman Jul 16 2003 09:11AM PT

My name is Scott, and I'm an information addict.

I'll admit, I love information. No, make that I love and need information. If you're interested in keeping up with trends and changes in security, you're probably an information addict as well. You absorb security-related information and then ponder, examine, and analyze it before reshaping it in a way that helps protect your data, your systems, and your networks. "

Thursday, July 17, 2003

glish.com : CSS layout techniques

This is the css used in my web blog. There are great references and information sources here for making changes. In general this is a very clever method for web page layout.

glish.com : CSS layout techniques: "CSS Layout Techniques: for Fun and Profit"
"Look Ma, No Tables.
If you are looking for help making the transition to CSS layout (that's Cascading Style Sheets), you've come to the right place. I am cataloging here as many useful cross-browser CSS layout techniques as I can find, and some that I made up when I was bored last Thursday. All the examples on this site have been reduced to only their essential code, and you will find the source displayed on each page to hopefully make it quick and easy to understand the inner workings of the CSS. Feel free to steal all the code you find on this site, and consider linking back here on your site or in your source comments.

You will also find below links to various online CSS resources and tutorials, appropriate for both the novice and the seasoned CSS veteran.

I started this collection because of the dearth of resources I found out there when I went looking for information on how to translate typical table based layouts to CSS layouts. I know it is not nearly exhaustive, so if you see that there is something missing, whether it is a particularly good tutorial, or a site that is using a complex CSS layout, please let me know about it. I will pay you $3750 for each link you submit that I use.

If you don't have any idea why anyone cares about this topic, because like tables can do all that stuff and more, please read this: To Hell with Bad Browsers. And then read this follow up interview with Zeldman. And then read about the Web Standards Project's Browser Upgrade campaign. The future is bright, kids!"


McAfee Security - Anti Virus Security Updates for Computer Protection

The all important web site which lists the current DAT version for VirusScan. I'm surprised that the software I installed yesterday was DAT = 4246 when the current DAT is 4277? I'll have to watch the update process for a couple of weeks to get comfortable with the settings.

McAfee Security - Anti Virus Security Updates for Computer Protection: "Anti-Virus Updates"

And for UT specific information check out:
UT Antivirus Software Distribution

Wednesday, July 16, 2003

Gnod - self adapting system for finding books, movies, and music

This is a very creative site with artificial intelligence to guide you to authors, music, web pages that are similar to what others like. Appears to be in development yet.
Gnod - The global network of dreams

Virus Bulletin - Independent Anti-virus Advice

This is the motherlode of virus information from an apparantly independent source.

Virus Bulletin - Independent Anti-virus Advice
"Virus Bulletin started in 1989 as a magazine dedicated to providing PC users with a regular source of intelligence about computer viruses, their prevention, detection and removal, and how to recover programs and data following an attack. "

Free Excel and VBA for Excel Newsletter Archive

Free Excel and VBA for Excel Newsletter Archive

This looks like an interesting resource for Excel tips and tricks - advanced features!!

RoboForm for pc and palm

RoboForm is free for personal use and includes a Palm version which syncs with the data from your pc
"AI RoboForm
http://www.roboform.com
RoboForm is an application that serves as a password manager and a one-click Web form filler. RoboForm has a variety of useful features, including its ability to generate Secure Random Passwords, the encryption of passwords, and the synchronization of passwords to a Palm device. Additionally, RoboForm contains no adware, and is available as an add-on to such popular browsers as Internet Explorer and Mozilla. Roboform is compatible with all systems running Windows 95 and higher."

current ver is 5.2.9 (7/16/03)

US Business on Data Disaster - Recovery

"BUSINESS/TECHNOLOGY DISCONNECT ON DATA DISASTER
U.S. business executives may be a bit overly optimistic in their estimates of the impact a major data disaster would have on their operations. A survey sponsored by data storage firm EMC indicates that only 14% of senior business executives regard their company's data as very vulnerable, compared to 52% of senior IT executives. And only 9% of business execs said it would take three days or more to get back to normal following a data disaster, compared with 23% of tech executives. 'Our customers tell us that their greatest challenge isn't backing up their information -- it's recovering and resuming operations in a timely manner. We don't believe U.S. business leaders are being misled by their IT teams. Instead, it is likely a misperception that, if the data is backed up, there is no issue,' says an executive VP for EMC. Meanwhile, European executives were more in synch with their IT counterparts regarding the likely vulnerability of their data -- 40% of business executives and 44% of technology executives regarded their data as very vulnerable. (CNet News.com 11 Jul 2003) http://news.com.com/2100-1009_3-1025121.html?tag=fd_top "

QUOTES

Writing comes more easily if you have something to say.
Sholem Asch

I am personally convinced that one person can be a change
catalyst, a 'transformer' in any situation, any organization.
Such an individual is yeast that can leaven an entire loaf. It
requires vision, initiative, patience, respect, persistence,
courage and faith to be a transforming leader.
Steven R. Covey

i thank You God for most this amazing day: for the leaping greenly spirits of trees and a blue true dream of sky; and for everything which is natural which is infinite which is yes
e.e.cummings


Not everything that can be counted counts; and not everything that
counts can be counted.
Albert Einstein

Ever Lost a Pen??

Yes - I remember losing my Waterman roller ball that I bought in NYC on Lexington Ave. Lost it somewhere on the ASU campus - maybe at a quiet table in the architecture library on a summer day.

NewsScan Daily: July 15, 2003
"WORTH THINKING ABOUT: PEN BEREAVEMENT
Have you ever loved a fountain pen? Where did you lose it? Writer and editor Anne Fadiman recalls the attachment many people have felt for their favorite pens:
'Pen-bereavement is a serious matter. Ten years ago, my pen disappeared into thin air. Like a jealous lover, I never took it out of the house, so I have always believed that in rebellion against its purdah it rolled into a hidden crack in my desk. A thousand times have I been tempted to tear the desk apart; a thousand times have I resisted, fearing that the pen would not be there after all and that I would have to admit that it was gone forever. For a time I haunted shops that sold secondhand pens, pathetically clutching an old writing sample and saying, 'This is the width of the line I want.' I might as well have carried a photograph of a dead lover and said, 'Find me another just like this.' Along the way I learned that my pen had been a Parker 51, circa 1945. Eventually I found one that matched mine not only in vintage but in color. But after this parvenu came home with me, it swung wantonly from scratching to sputtering, unable, despite a series of expensive repairs, to find the silken mean its predecessor had so effortless achieved. Alas, it was not the reincarnation of my former love; it was a contemptible doppelganger. Of course, I continued to write, but ever after, the feat of conjuring the first word, the first sentence, the first paragraph, has seemed more like work and less like magic.'
*** See http://www.amazon.com/exec/obidos/ASIN/0374527229/newsscancom/ref%3Dnosim/103-5049436-4415068 for Anne Fadiman's 'Ex Libris: Confessions of a Common Reader' -- or look for it in your favorite lib"

Tuesday, July 15, 2003

Channel Verdana

Interesting information about Verdana fonts - but I also like the pinhole continuous feed paper concept in the webdesign (well ok it does have page breaks!).

Channel Verdana

Comic Sans Cafe

A creative "page" based format with links on the rights to the separate pages. Creative (from 1997!) web design.

Comic Sans Cafe

AxCrypt AES-128 Encrypt/Compress/Edit

Open source example of encryption software - actively updated.

AxCrypt AES-128 Encrypt/Compress/Edit: "AxCrypt - AES-128 File Encryption, Compression and double-click Edit/View for secure document storage on Windows 95/98/ME/NT/2K/XP, locally or remote.

Copyright (C) 2002 Svante Seleborg/Axon Data, All rights reserved.

This program is free software;"

Encryption for Files, Folders, and Virtual Drives

see clipped comments on choices

InformationWeek > Fred Langa > Langa Letter: Easy Encryption > June 2, 2003: "Langa Letter: Easy Encryption June 2, 2003
Fred Langa looks at the universe of products that help you protect sensitive files and data from prying eyes and hackers.
By Fred Langa



A recent change in federal privacy laws is causing huge numbers of IT departments to examine the steps they take to keep data secure. Although the specific law affects organizations that store or process medical records--hospitals, insurance companies, human-resource departments, and so on--the change actually touches on an even larger issue, that of keeping any kind of private information truly private, as this reader letter suggests: ...."


"The tool I use most is File2File, a free Windows utility by Cryptomathic. Like many current encryption tools, it uses AES, the "Advanced Encryption Standard" with a 128-bit key. Assuming you use a good passphrase--no less than seven characters long, containing at least one number and one symbol character (e.g., punctuation), not containing your name or user name or any simple variation thereof, and not a common word or name (nothing found in a dictionary)--128-bit AES provides reasonable security for most routine needs. (For more information on generating secure passwords. see the resources at Passphrase FAQs or see the section called "Passwords And Availability" on page two of XP Professional's "Remote Control".) Cryptomathic also offers many other security tools, including more advanced E-security suites and toolboxes. "

GnuCash - Open Source Accounting Software

GnuCash - Open Source Accounting Software: "Welcome to GnuCash.org
If you've been looking for a way to manage your personal finances using Free Software, you've found it! Designed to be easy to use, yet powerful and flexible, GnuCash allows you to track bank accounts, stocks, income and expenses. As quick and intuitive to use as a checkbook register, it is based on professional accounting principles to ensure balanced books and accurate reports. GnuCash is backed by an active development community and is blossoming into a full-fledged accounting system. Developed under the GPL, you have no need to worry about obsolescence: GnuCash will be there for you. "


Interesting to find free personal finance software when Quicken and Money are so inexpensive. Makes me wonder about the motivation to develop software when competing products already swamp the marketplace.

Monday, July 14, 2003

Free & Custom Excel Templates

Free & Custom Excel Templates
I've always wondered about salability of templates - I guess here is the model.

InformationWeek > Privacy > "Privacy Appliance" Seeks To Harness Government Snooping > July 14, 2003

Big news item but the research only began in April and is expected to last 3 1/2 years! Interesting note about TIA name change from "Total" to "Terrorism" hmmm!

InformationWeek > Privacy > "Privacy Appliance" Seeks To Harness Government Snooping > July 14, 2003: "A researcher is working on a way for the government's Terrorism Information Awareness system to work without trampling individual rights.
By Matthew Fordahl, AP Technology Writer



PALO ALTO, Calif. (AP) -- The Pentagon's plan to sniff out terrorists from a sea of personal data collected by the government, banks, airlines, credit card companies and other sources has been criticized as the most sweeping invasion of privacy in history.
But Teresa Lunt believes that the much-maligned Terrorism Information Awareness system can work without stomping on individual rights. The researcher has proposed--and the government is funding--the creation of a device that could watch and rein in the watchers.
Civil libertarians aren't so sure about Lunt's so-called privacy appliance, which is being developed at the famed Palo Alto Research Center, now a subsidiary of Xerox Corp., under a $3.5 million, 3-1/2-year contract awarded in April. Critics question whether it will work, and if it does, whether clever snoops can bypass it.
'One of my civil liberties nightmares is that you have a system that sounds very good with a privacy appliance, but it's got some sort of a breaker switch that in an emergency is shut off,' said Lee Tien, senior staff attorney at the Electronic Frontier Foundation.
Lunt's appliance is being developed under Project Genisys, one branch of the Defense Advanced Research Projects Agency's wide-ranging TIA program.
The appliance would be controlled by whomever owns the data, Lunt says. With the owner's permission, government analysts would submit queries to the appliances, which would filter out identif"

Corporate Governance ? - Clayton Homes, Inc. Issues Letter to Stockholders

What is the duty of a BOD - to obtain maximum value for stockholders or to protect the company? Obviously there are conflicting responsibilities where a company's major shareholder's / management wishes are at odds with shareholders who will be cashed out when the deal is done. Interesting goverance issue - others also play a part: communities who wish for stability in their local employment opportunities, tax base, etc. And even universities which may benefit from financial gains from stock sales.


Clayton Homes, Inc. Issues Letter to Stockholders: "Clayton Homes, Inc. Issues Letter to Stockholders
Sunday July 13, 9:46 pm ET
KNOXVILLE, Tenn.--(BUSINESS WIRE)--July 13, 2003--Clayton Homes, Inc. (NYSE: CMH - News):
Dear Fellow Stockholders:
We would like to eliminate any confusion surrounding Cerberus Capital Management's expression of interest in the company three business days prior to the stockholders vote on the Berkshire Hathaway offer to acquire Clayton Homes. Since the vote is scheduled for Wednesday of this week, we want to provide you with the current facts.
Some would have you believe that there is now, or that there will be, a higher offer for your stock. The fact is, there is no offer--not from Cerberus or from anyone other than Berkshire--despite the fact that since announcement of the Berkshire Hathaway offer on April 1, 2003, it has been public knowledge that superior offers could be considered by our board. I repeat, there is only one offer on the table--the Berkshire Hathaway offer of $12.50 per share in cash.
Interestingly Cerberus waited until late last Thursday to advise the company that they were considering making a proposal that could provide greater value to our stockholders than the Berkshire Hathaway transaction. Cerberus is a company that specializes in acquiring the debt and other assets of distressed companies and is acting in its own best interests. First and foremost, Cerberus has not made any sort of binding offer for our company. Cerberus simply faxed, without any prior communication, a brief letter indicating that they wanted to perform due diligence, and possibly make a superior offer to that of Berkshire.
Why did a company with a significant new investment in a competing finance company (Conseco) wait until three business days before the vote on the merger to publicly state its"

Thursday, July 10, 2003

Forms for Daily Action Plan and Plan of Action

>> Success Digest <<
Volume 8, Issue 07.2 - July 9, 2003

1. Daily Inspired Action Plan ** BRAND NEW **
Manage, direct and inspire your day with this one-sheet
planner. It will help you stay focused on the things that
matter most.

Word Format
http://SuccessNet.org/files/DailyActionPlan.doc
Daily Action Word

PDF Format
http://SuccessNet.org/files/DailyActionPlan.pdf
Daily Action PDF


2. Plan of Action Template * * NEW * *
Use for each goal to help you get clearer, stay focused and
remain in action toward what you really want.
http://SuccessNet.org/files/PofA.pdf
Plan of Action PDF

Plan of Action in MS Word Format
http://SuccessNet.org/files/PofA.doc
Plan of Action
Word
"

RFID in retail stores / clothes

NewsScan Daily: July 9, 2003

TALKING CLOTHES: HARMLESS CHIT-CHAT OR VICIOUS GOSSIP?
RFID technology (the acronym stands for 'radio frequency identification'), which embeds tiny computer chips and radio antennae into products and transmits inventory and supply-chain data to manufacturers and retailers, is being criticized by Marc Rotenberg of the Electronic Privacy Information Center: 'Simply stated, I don't think most people want their clothes spying on them. It's also clear that there could be some very invasive uses of these techniques if merchants use the tracking technology to spy on their customers after purchase.' In rebuttal, Ron Margulis of the National Grocers Association says that privacy concerns are far outweighed by the benefits of RFID, which could help retailers respond much more quickly to product recalls and prevent people from becoming ill from tainted products: 'You do give up a bit of privacy but the benefit could be that you live.' (AP/USA TODAY 9 Jul 2003) http://www.usatoday.com/tech/news/2003-07-08-rfid-chip_x....
WAL-MART CANCELS 'SMART-SHELF' TRIAL
Bowing to criticism from consumer privacy groups, Wal-Mart has canceled what was billed as the biggest trial yet of a so-called smart-shelf system that would use RFID sensors to pick up data transmitted by microchips in partner Gillette's product packaging. The system would then alert store managers via computer when stock was running low or when items may have been stolen. A Gillette representative declined to comment on Wal-Mart's decision, but said it plans to focus on helping UK supermarket chain Tesco and German retailer Metro conduct similar trials in Europe. Meanwhile, Wireless Data Research Group analyst Ian McPherson says privacy advocates' concerns were likely overblown: 'Consumers that"

Wednesday, July 09, 2003

Stephen Marq - International Steinway Piano Artist

Stephen Marq - International Steinway Piano Artist: "With the release of 'Time With You,' his second CD, he was telephoned by Steinway & Sons Pianos, in New York, requesting his portfolio and a sample of his music compositions. Upon hearing 'Time With You', he was added to the Distinguished International Roster of Steinway Piano Artists, including Billy Joel, Harry Connick, Jr., George Winston, Bobby McFerrin, Roger Williams-- Stephen's inspiration as a young boy, and classical artists all over the world."

Privacy statements on web sites (Chey & Stephen Cobb)

NewsScan Daily: July 8, 2003

"SAFE & SOUND IN THE CYBER AGE WITH CHEY & STEPHEN COBB
This week, security consultants Chey and Stephen Cobb devote their NewsScan Daily column to the question: 'Guess Who's Got To Do Better?'
*
Does your company Web site contain statements that assure consumers any personal information they impart to you will be secure and protected? Do you visit Web sites that offer such assurances? Well, those assurances had better be more than mere words, otherwise the Federal Trade Commission may come knocking. Which is good news for consumers, on whose behalf the FTC has become an Internet security watchdog with teeth.
And it's also good news for companies that go the extra mile to get security right. The FTC has now established, very firmly, that it is not only unfair for competitors to gain an edge by skimping on the security budget, it is also illegal. The FTC accomplished this with three landmark settlements, the third of which was handed down last month, although the decision was somewhat eclipsed by excitement over the commission's Do Not Call list.
The first of these settlements was with Eli Lilly (see NewsScan, December 12, 2002) and we should point out that Stephen and his colleagues at ePrivacy Group assisted the FTC in that case, helping to assess the problem and determine what form the settlement should take. That case involved the inadvertent disclosure of PII or personally identifiable information (specifically the email addresses of persons who had expressed and interest in Prozac). The second of the three cases was Microsoft, which was not accused of exposing PII, but"

NewsScan Daily: July 8, 2003 THUMBNAIL IMAGE LINKING IS FAIR USE

NewsScan Daily: July 8, 2003

"COURT SAYS THUMBNAIL IMAGE LINKING IS FAIR USE
A federal appeals court ruled that a search engine's display of miniature images of copyrighted works is allowed under fair use, upholding a similar ruling in February 2002. The plaintiff in the case, photographer Leslie Kelly, had sued image search engine firm Arriba Soft over thumbnail images of her works that were accessible via Arriba's Ditto.com search engine. Yesterday's decision, however, failed to confirm the legality of displaying full-size images in search results -- a practice known as in-line linking or framing -- and that case is now ordered to go to trial. 'As to the first action (on thumbnails), the district court correctly found that Arriba's use was fair. However, as to the second action, we conclude that the district court should not have reached the issue because neither party moved for summary judgment as to the full-size images,' according to the opinion. The framing technique is used by a number of visual search engines, including Google, Lycos and AltaVista. Nevertheless, the ruling was viewed as a victory by the Electronic Frontier Foundation, which had filed a brief in favor of Arriba. 'Web site owners can rest a bit easier about linking to copyrighted materials online,' said an EFF staff attorney. 'By revising its ruling, the court removed a copyright iceberg from the main shipping lanes of the World Wide Web.' (CNet News.com 7 Jul 2003) http://news.com.com/2100-1025_3-1023629.html?tag=lh "

Tuesday, July 08, 2003

Mother Goose & Grimm
Comics archive
AWStats - Free log file analyzer for advanced statistics (GNU GPL).

Use this log file analyzer for the Agile server and for the Faith Lutheran website to analyze traffice. The Agile server logs should be "full" and have lots of data to analyze. I wonder if I can automate the retreival of the logs from the Yahoo server every 14 days for Faith??
First post of a new blog - not very interesting, but when has it ever been interesting to establish initial settings? My intent is to use this private blog hosted on blogspot to link with the "blog this" on the new Google toolbar.