Copy Link
Add to Bookmark
Report
Atari Online News, Etc. Volume 05 Issue 28
Volume 5, Issue 28 Atari Online News, Etc. July 11, 2003
Published and Copyright (c) 1999 - 2003
All Rights Reserved
Atari Online News, Etc.
A-ONE Online Magazine
Dana P. Jacobson, Publisher/Managing Editor
Joseph Mirando, Managing Editor
Rob Mahlert, Associate Editor
Atari Online News, Etc. Staff
Dana P. Jacobson -- Editor
Joe Mirando -- "People Are Talking"
Michael Burkley -- "Unabashed Atariophile"
Albert Dayes -- "CC: Classic Chips"
Rob Mahlert -- Web site
Thomas J. Andrews -- "Keeper of the Flame"
With Contributions by:
Paul Caillet
Kevin Savetz
To subscribe to A-ONE, change e-mail addresses, or unsubscribe,
log on to our website at: www.atarinews.org
and click on "Subscriptions".
OR subscribe to A-ONE by sending a message to: dpj@atarinews.org
and your address will be added to the distribution list.
To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE
Please make sure that you include the same address that you used to
subscribe from.
To download A-ONE, set your browser bookmarks to one of the
following sites:
http://people.delphiforums.com/dpj/a-one.htm
http://www.icwhen.com/aone/
http://a1mag.atari.org
Now available:
http://www.atarinews.org
Visit the Atari Advantage Forum on Delphi!
http://forums.delphiforums.com/atari/
=~=~=~=
A-ONE #0528 07/11/03
~ Send Spammers To Jail! ~ People Are Talking! ~ Steem 2.5 News!
~ Violent Game Law Block ~ Video Gamer Stereotype ~ Dave Ahl Interview
~ Spam Gets Dangerous! ~ CU: Tougher Spam Bill! ~ Anti-Spam Bills!
~ Top 10 Spam Subjects! ~ PayPal Spoof Site Scam ~ Test Drive Lindows!
-* Hacker Challenge Fizzles Out *-
-* Judge: Kazaa Cannot Pursue Lawsuit! *-
-* Massachusetts Probes Potential MS Breaches *-
=~=~=~=
->From the Editor's Keyboard "Saying it like it is!"
""""""""""""""""""""""""""
I hope that everyone enjoyed the long holiday weekend! Well, at least the
weather has been great, although this past weekend was a scorcher. I didn't
really spend much time at our neighborhood block party this year. The heat
and humidity literally drained me. I made a couple of token appearances,
had a couple of drinks, and escaped to the confines of my cooler house.
From the sounds that we could hear from inside the house, it sounded like a
successful day.
There's an article in this week's issue that piqued my interest, and
disdain. Earlier in the week, there was an article that essentially was a
warning to web site owners that a group (or groups) had planned a contest to
deface as many web sites as possible. Essentially, they'd hack their way
into the site and deface it somehow - online graffiti, so-to-speak. Isn't
it bad enough that we have viruses, denial-of-service attacks, and other
hacking pranks that wreak havoc on the web? Now this nonsense? Don't these
people have jobs? Don't they have "a life"? They obviously have too much
free time on their hands - something that I consider a dwindling luxury.
Surely they can find better uses of their time. Does this type of activity
give them a sense of power? I just don't get it. The ironic part of this
story, as you'll read, was that the contest fizzled. There was no massive
"destruction" of web sites. And, even one of their own sites was hacked! I
guess that's poetic justice in the end.
Until next time...
=~=~=~=
Steem 2.5
Hello,
New version of Steem online (4th July 2003) :
http://www.blimey.strayduck.com/
Steem 2.5 (Windows 95/98/ME/NT/2000/XP) 235 Kb
http://www.blimey.strayduck.com/steem_v2_5.zip
XSteem 2.5 (Linux, 486+, X) 1.11 Mb
http://www.blimey.strayduck.com/xsteem_v2_5-7-i386.tar.gz
Here it finally is, the much troubled Steem v2.5. Due to various
mysterious bugs the release has been delayed a long time, but it is
finally stable (we hope), here is a list of what has changed:
Bug Fixes
. Fixed PSG write bug (X-Out)
. Implemented FDC spinup (Vroom multiplayer)
. Improved hard drive program terminate emulation (still not perfect)
. Improved MFP accuracy (Harley Davidson, Super Hang-On)
. Fixed some disk formatting bugs (Fastcopy Pro, Acopy, Chambers of Shaolin)
. Fixed GEMDOS void return bug (Amberstar hard drive install)
. Fixed hard drive read only file bug
. Fixed set video address at end of line bug (Relapse Demo)
. Fixed turn IKBD off during reset bug (Just Buggin')
. Fixed trace interrupt with exceptions
. Fixed 512Kb and 2Mb memory sizes
. Fixed FDC seek bug thanks to Kimmo Hakala (Air Supply)
. XSteem: Much improved sound
. Stupid hard drive booting bug fixed
New Features
. Macros - record keyboard/mouse/joystick input (won't work on some
versions of Windows)
. Profiles - save all settings and restore them at your leisure (won't
work on some versions of Windows)
. Disconnect drive B option (Premier Manager 2, Alternate Reality
v1.2)
. Accurate drive speed option
. More flexible shortcuts
. Customisable icons
. Disks in archives can be read/write (changes are lost on eject)
. Minimum size screenshots option
. GUI improved
. Fullscreen quit button
. XSteem: Vastly improved GUI
. DEBUG: Trace is now cycle accurate
. DEBUG: Separate memory monitor and breakpoints
. DEBUG: Step over, shift display, redraw on stop
. DEBUG: Break on interrupt
. DEBUG: Bigger memory/source dumps
. DEBUG: More versatile find in browsers
Best regards,
Paul CAILLET
Interview with Dave Ahl of Creative Computing
Kevin Savetz
18 years after the demise of Creative Computing magazine, its founder and
editor, Dave Ahl, talks about the legacy of the magazine and what he's been
doing since.
http://www.atarimagazines.com/creative/daveahl/
The Second Book Of Machine Language
The team at AtariArchives.org is pleased to announce that the full text of
the best-selling book _The Second Book Of Machine Language_ by Richard
Mansfield is now online at
http://www.atariarchives.org/2bml/
Published in 1984 by Compute! Books, this classic book is the sequel to
_Machine Language For Beginners_, another of Mansfield¹s best-selling
titles which is also available on the Web site. The Second Book Of Machine
Language walks readers through the creation of LADS (Label Assembler
Development System,) a sophisticated assembler written in machine language.
It includes examples and program code for Atari, Apple 2, PET/CBM, VIC-20,
and Commodore 64 computers.
This is the 17th classic computing book to be made available at
AtariArchives.org. Like all books at the site, it is available with the
gracious permission of the author.
=~=~=~=
PEOPLE ARE TALKING
compiled by Joe Mirando
joe@atarinews.org
Hidi ho friends and neighbors. Mark today down on the calendar! I don't
really have anything to say this week.
It's one thing when I've honestly got something on my mind and I blurt it
out here in these pages, but I don't... I never have... just created some
situation or whatever just to have something to fill up these pages.
Hell, if I did that, you'd see right through it and I'd become a laughing
stock. And there are enough indignities visited upon us as it is without
having to bring them down upon ourselves, right?
It's odd, but something usually comes along to give me something to talk
about, and I normally find a way to make it make a little bit of sense,
but it's not working out that way today.
I guess that sometimes we just need to sit there and not be witty (I sit
here and not be witty quite a lot), and to take stock of what's going on
around us. I try to do that a lot too, but it's getting harder and harder
to find... well, to FIND the time to TAKE the time. Know what I mean?
Of course you do. Unless you're independently wealthy or
institutionalized, you're being swept up by the same things that are
sweeping the rest of us along. Well, all I can tell you is that you're
not alone and that none of us seem to have a good answer.
It's kind of like yelling at the weather for ruining your plans. It can
make you feel better... until you realize that no one's listening to
you... then you just feel foolish. Well, that can be therapeutic too. And
let's face it, we can ALL use a little therapy now and then.
Well, let's get on with the news, hints, tips, and info from the UseNet.
From the comp.sys.atari.st NewsGroup
====================================
Peter Kienle asks about one of the few programs that I could never get to
to work the way I wanted it to:
"Although I am a longtime Mac user I still own three STs and use them
occassionally to print out Postscript files. This is done by Ghostscript
and so far has worked nicely with files created on the Mac.
Now I switched to InDesign 2 and the PS files created won't render on
the ST in Ghostscript.
Is there a website for Ghostscript ST? Ghostscript is even used to print
under Max OS X. Anyway, it's a silly question but this has been the only
justification to leave my MegaSTe set up on my desk."
Martin Tarenskeen tells Peter:
"The GemGS 1.3 version, based on Aladdin Ghostscript 6.01, is not actively
supported or updated by Christian Felsch anymore, but everything (binaries,
sources, fonts, docs) is still available here:
http://www.tu-harburg.de/~alumnifc/amua/download/atari/gemgs/
For the SpareMiNT version go to http://sparemint.atariforge.net
I use Ghostscript a lot to print out music scores, made with my
Atari port of abcm2ps. Looking great.
It would be nice to have an update of both GemGS and SpareMiNT
Ghostscript though."
Derryck Croker adds:
"There's no web site for the Atari version of GhostScript, and I believe
that it's safe to say that it won't be updated any more.
It might be worth your while investigating Porthos though, this is still
being updated and a demo version can be downloaded via the Calamus web site
(link is via the Newsticker page)."
Martin tells Derryck:
"Porthos doesn't handle PS files. It also will not handle PS files in
future (I asked the author). But for PDF files it is great and getting
even better. The demo only displays one page. I recommend to pay those few
Euro to get a full licence."
Christian Felsch has updated his website, including a download section for
his 1.3 version of GemGS. See my previous message of the URL.
Not updated anymore? I wouldn't be sure about that. On a FreeMiNT system it
shouldn't be such a problem to compile a newer version. On a fast Aranym
machine or using a cross-compiler on a fast Linux PC it doesn't take many
hours anymore.
The sources for the special GEM version - that doesn't need MiNT - are
also available, and someone may pick them up and integrate them with a new
Ghostscript version.
After some more studying, I may even consider trying it myself."
Piergiorgio d' Errico asks about sources of free TOS implementations:
"I have heard of one or two free, open-source implementation of the ST TOS,
one seem to me called FreeTos or something like, and another whose I can't
recall the name.
Hope that there are something kind enough to give me the links to their
sites."
Matthias Arndt tells Piergiorgio:
"EmuTOS is what you seek: http://emutos.sourceforge.net/ "
Joseph Place asks about broadband options:
"Anyone using the DaynaPort SCSI/Link T to connect to an ISP with
cable or DSL modem? I'd like to pursue this if possible, but I've
never used anything but dialup, so I'm not sure what's involved."
David Wade tells Joseph:
"I use the solution from http://hardware.atari.org/ to connect my STE to
the net using DSL. You can find details of my setup at
http://www.dwade.freeserve.co.uk/atari/main.html
You should be able to do the same things with the DynaPort card, but may
need to modify some of the entries. Basically the main challenge is that
you can't use DHCP to automatically configure an Atari adaptor, you have to
set it up manually. However once this is done there should be no problems."
Joseph replies:
"I have been able to connect with an analogue modem using my MAC as a
gateway (IPNetRouter software). I can browse the web (much faster
than with the 28,800 modem attached to my Falcon), but Newsie and
Mymail lock up (CAB did occasionally too). AFTP works, but it
choked in 256 colors. Two colors worked fine. At least it is
working, but I'm not sure if I feel confident about trying a cable or
DSL modem."
Lonny Pursell adds his thoughts:
"If you have MiNT I recommend this:
http://hardware.atari.org/ether/index.htm
I have this and it works great on my TT, setup time under MiNT, only a few
minutes.
Otherwise you need the STing inet stack and of course a broadband inet
connection. If you have some other platform at home that you can connect
to via ethernet, I would suggest getting the DaynaPort and doing some
testing before you jump into broadband. I found the DaynaPort to be
unstable and STing far to complex to setup correctly in a LAN. I dinked
around with the route.tab file for some hours and never got outside my LAN
onto the internet. It should not be that hard.
Anyway, you might need a router, Atari's don't deal with dynamic IP's so
well, and a router can solve this. A static IP is preferable and a lot
easier to setup."
Kenneth Medin adds:
"I actually tried to help a guy to setup STinG with a DaynaPort on his
Falcon yesterday at the Nordic Atari Show but did not make it work. The
STinG kernel reported that the .STX could not find the DaynaPort.
Unfortunately this guy showed up when we were about to close so I did not
have time investigate any further."
Lonny tells Kenneth:
"Glad you mentioned that, anyone thinking of getting a DaynaPort should
be aware that it requires bus arbitration or the system doesn't see it."
Rob Mahlert adds his experiences:
"DSL would be out unless you have a router, to my knowledge no internet
stack on the platform supports the pppoe protocol. Cable might be
tough also without a router. I have a linux box running as a router on
my lan using the Dayna scsi ethernet adaptor on my TT030.
I've tried the Sting Dayna drivers, like LP I was never able to get
out of my LAN.. until I installed a Proxy server on my linux box. It
was very stable, but I was only able to surf the web. I wasn't able to
use AtarIRC or AtarICQ.
I've also been lucky enough to test the Stik 2 version of the drivers,
the Stik version allowed me to surf the web without a proxy. AtariICQ
and HighWire worked great with the Stik version also! BUT.. the only
problem is the drivers still unstable. The system would freeze.
You might want to try the etherNEC LP mentioned, but you will still
need a router in my opinion."
Ulf Andersson asks for help with an STE with a bad floppy drive:
"After 8 years without a Atari I just bought a 520 STe.
When I (in a hurry) came home with my new machine the floppy was not
booting.
If I leave a disk on boot up it fails to boot and says error with disk.
If I boot and try to read disk it says error with disk or no disk in drive.
If I try to format a disk it seems to go through the format process
little bar moves all the way across the screen but on verifying format
it gives error with disk or no disk in drive.
I tried replacing the drive with a pc high density one (modified like
sony_144.zip). This didn't work either. Same errors received.
I need some help figure out what is wrong or at least some tips on
where to go now."
Alexander Beuscher tells Ulf:
"I'm not sure if I understood you correctly:
Your "new" 520STe has problems with the floppy. Clear.
So you switch your STe on with a floppy disc in the floppy?
You switch your STe on without a disc in the floppy (which takes longer
than with floppy btw.) and when the STe has booted up, then you enter a
disc into your floppy - which is not recognized properly?
Did you check the connectors and cables? They might be faulty.
Maybe your floppy disc controller IC is damaged - best way to check this
is to replace it with a "borrowed" one from another ST, but this becomes
difficult if it has no socket.
There is a faint chance that your DMA controller is damaged, but I'd check
the floppy controller first. (It's the WD1772)"
Clint Thompson asks about TOS versions on the Falcon:
"Here's a few questions I'm hoping to get answered here.
First,
What's the main differences between TOS 4.02 vs. 4.04 vs 4.92/5.00
(beta) and does anyone here use or know of someone who uses the 4.95/5.00
(beta) and is it stable, etc. etc.
Second,
Is there some place I can buy a replacement (atari falcon030) inline
sticker? Just curious?! Mine isn't perfect
I know there's more questions I have but just can't think of them,
I'll be back!"
Greg Goodwin tells Clint:
"4.04 fixes a serious bug -- 4.02 can write past the end of a partition
into the directory of the next partition! If you have 4.02, never
fill a partition 100%.
4.92 is a minor upgrade of 4.04, but is buggy from most accounts.
Best Electronics would be your most likely source for the Falcon030 sticker."
Well folks, that's it for this time around. Tune in again next week, same
time, same station, and be ready to listen to what they are saying when...
PEOPLE ARE TALKING
=~=~=~=
->In This Week's Gaming Section - Violent Games Sale Law Blocked!
""""""""""""""""""""""""""""" What's In A Video-Gamer?
=~=~=~=
->A-ONE's Game Console Industry News - The Latest Gaming News!
""""""""""""""""""""""""""""""""""
U.S. Court Blocks Washington Video Games Sales Law
A federal judge on Thursday issued an order postponing enforcement of a
Washington state law designed to restrict the sale of violent video games
to minors.
U.S. District Judge Robert Lasnik issued an injunction blocking enforcement
of the law, which was set to take effect from July 27 and would have
imposed a $500 fine on anyone who sold a video game depicting violence
against "law enforcement officers" to minors under age 17.
"Plaintiffs have raised serious questions regarding the constitutionality
of House Bill 1009 and the balance of hardships tips in their favor,"
Lasnik wrote in his order from the court in Seattle.
A spokeswoman for the Interactive Digital Software Association, the game
industry trade group that was one of the main plaintiffs, had not seen the
judge's ruling and had no immediate comment.
Washington state Rep. Mary Lou Dickerson, the Democrat who wrote the law,
had said recently that any injunction would only be preliminary and that
she expected the case to go to trial.
Study Challenges Video-Gamer Stereotype
Roughly two-thirds of college students play video games, but the image of a
nerdy guy who spends all day in a dimly lit room blowing up
computer-generated bad guys is off base, according to a new study.
College gamers are not necessarily male - or anti-social hermits. And while
about a third of those surveyed admitted playing computer games during
class, the games generally don't conflict with their studies, says the
researcher who conducted the survey for the Pew Internet & American Life
Project.
"It's not taking the place of studying; nor is it taking away from other
activities," says researcher Steve Jones, chairman of communications
department at the University of Illinois at Chicago. "What they seem to
have done is incorporated gaming into a very multitask-oriented lifestyle."
In addition to the survey data, Jones drew his conclusion from observations
he and fellow researchers made while watching students in college computer
labs - many of them writing papers, then taking short breaks to play
computer games and send online messages to friends.
Often, he says, groups of students stop to watch the game.
"What we found is that it's a very social activity," Jones says.
The survey, released Sunday, was compiled from questionnaires completed
last year by 1,162 college students on 27 campuses nationwide. Its results
have a margin of error of 3 percentage points.
Among other things, surveyors found that 65 percent of those who responded
were regular or occasional game players. Most said they played in their
rooms or parents' homes.
Nearly half said gaming keeps them from studying "some" or "a lot" - though
their study habits matched closely with those reported by college students
in general, Jones said.
"There's this stereotype of game slackers wasting time, goofing off, that
really isn't valid," says Marcia Grabowecky, a Northwestern University
psychologist who has studied visual perception in humans, including those
who play computer and video games.
Playing games is so common for this age group, it's almost second nature,
Jones says. "It's common maybe in a way Monopoly was years ago," he says.
Nearly 70 percent of those questioned said they were in elementary school
when they first played video games. By junior high and high school, about
half said they had tried computer games - software-driven games from cards
to shoot-'em-up adventures such as Doom - and 43 percent said they had
tried online games over the Internet.
David McNulty, a 19-year-old computer science major at the University of
Maine, started playing video games, such as Nintendo's wildly popular Mario
Brothers, at age 5. He now hosts game-playing parties and joins online
games with people who live across the world.
McNulty says he stopped playing during his first semester because he was
worried it would hurt his grades, but he found that his social life
suffered.
He started playing again and says it hasn't affected his studies.
"It takes less time to play a few games than to go downtown or see a movie
with your friends. It's easier to meet them online and shoot at them,"
McNulty says, chuckling.
The survey also found that, while gaming has a reputation as a
male-dominated pastime, women are avid game players, too. Of those
surveyed, 60 percent of women said they played online and computer
software-based games, compared with 40 percent of men. About the same
number of men and women said they played video games on PlayStation, Xbox
and other systems.
That news pleased Sarah Fenton, who is finishing up a degree in game art
and design at the Art Institute of Phoenix. She hopes to become a character
designer for a video game company and is convinced that even more women
would play video games if there were more characters geared toward them.
"I hope that we can bring a little equality to what's out there," she says.
=~=~=~=
A-ONE's Headline News
The Latest in Computer Technology News
Compiled by: Dana P. Jacobson
Massachusetts Probing Microsoft Settlement Gripes
Massachusetts, the state appealing Microsoft's landmark antitrust
settlement, has told a federal judge it is probing potential breaches of
the pact.
The consent decree approved by U.S. District Judge Colleen Kollar-Kotelly
in November includes provisions aimed at giving computer makers more
freedom to feature non-Microsoft software on the machines they sell.
But Massachusetts told Kollar-Kotelly, in a filing posted on the court's
Web site on Monday, that it was looking at whether the world's largest
software maker had retaliated against a computer maker for promoting Linux,
an alternative to Microsoft's Windows operating system.
Among other complaints being examined by Massachusetts was whether
Microsoft had violated portions of the settlement prohibiting pacts
requiring exclusive support of Microsoft software. Massachusetts was also
examining whether the company had properly offered communications protocols
allowing non-Microsoft software to work well with Windows.
"The Commonwealth has not at this point determined that any complaints lack
merit for decree enforcement purposes," wrote Massachusetts Attorney
General Thomas Reilly. He offered no details of the investigations.
A Microsoft spokesman was not immediately available to comment on the
Massachusetts filing. Microsoft has said it has complied with the
settlement but is open to additional feedback from government and industry.
The U.S. Justice Department and a group of states who have accepted the
settlement said on Thursday they were concerned about the charges and
conditions Microsoft was proposing to let competitors view the inner
workings of Windows.
The department and states told Kollar-Kotelly they had watched Microsoft's
dealings with computer makers to ensure that the company did not retaliate
against this group.
Kollar-Kotelly had requested status reports on the settlement, agreed by
Microsoft and Justice Department in Nov. 2001 and endorsed by the judge a
year later.
The Justice Department entered the settlement saying the business
restrictions it contained would restore competition to the software
business and prevent Microsoft from engaging in anti-competitive tactics.
But Massachusetts, one of 20 states which helped launch the case in 1998,
insists the settlement is inadequate and has appealed to the U.S. Court of
Appeals for the District of Columbia - the same court that ruled in June
2001 that Microsoft had illegally maintained its Windows monopoly.
Hacker Challenge Fizzles
A weekend competition to test the skills of malicious hackers fell apart
after poor planning by contest organizers and infighting among different
hacker groups crippled the Web site responsible for keeping score in the
competition.
Contest organizers invited hackers to tamper with up to 6000 Web sites.
Points were awarded to hackers who could successfully compromise an
organization's Web server and deface its Web pages, according to Internet
Security Systems.
The international contest, known as the Defacers Challenge, was scheduled
to begin Sunday. However, the Web site designated by contest organizers to
keep score of the defacements, www.zone-h.org, was quickly overwhelmed
with traffic Sunday morning, according to a statement released by Zone-h.
The Tallinn, Estonia-based security portal, which is the most prominent
site that tracks defacements, had no connection to the Defacers Challenge
and site organizers were dismayed to learn that Zone-h was designated as
scorekeeper for the challenge, according to Roberto Preatoni, also knowns
as "SyS64738," founder of Zone-h.org.
"Declaring Zone-h referee was the most stupid thing someone could think
of," he said.
One of Zone-h's 50 operators personally confirms each recorded defacement.
Had the contest produced the volume of defacements that were promised,
Zone-h could not have verified the flood of 20,000 or 30,000 defacements
within the six hour window specified by the contest organizers, Preatoni
said.
Compounding Zone-h's woes, the site also fell victim to a massive
distributed denial of service attack on Sunday morning beginning at 10:00
a.m. local time and lasting until 5:00 p.m., Zone-h said.
The attack downed Zone-h's Web site with 900 megabits per second of
sustained traffic and came from a group of Brazilian hackers unhappy about
the contest, Preatoni said.
"They told me that defacing is an art and that silly challenges must be
boycotted," he said.
The hackers said that taking down the Zone-h Web site was the only way to
thwart the contest organizers, Preatoni said.
The strategy worked. Defaced Web sites submitted to Zone-h for much of
Sunday were not received by Zone-h operators and could not be verified,
Preatoni said.
Despite the feuding and confusion, Zone-h received around 500 recorded
defacements. An additional 400 or 500 were received Monday, but had not
yet been verified, Preatoni said.
As predicted by Preatoni and others, the list of compromised sites included
few household names, but plenty of small Web sites in both the U.S. and
abroad, such as www.thebuffrestaurant.com in Boulder, Colorado and
www.ddwautomotive.com in Mishakawa, Indiana.
The absence of larger sites was greeted with praise by some security
companies.
"I think it's evidence that information sharing and awareness about an
issue that was coming worked," said Pete Allor, manager of X-Force Threat
Intelligence Services at Internet Security Systems Inc., which issued a
warning about the contest on Wednesday.
However, others expressed skepticism about any connection between prior
warnings of the contest and the lack of major defacements, saying that
security vendors and the media hyped a low-level threat.
"We didn't think there was much to it, and it turned out we were right,"
said Al Huger, senior director of engineering at Symantec.
The level of weekend defacements reported by Zone-h was consistent with
the level of activity Symantec noted on its DeepSight alert network, Huger
said. That level was in line with the ordinary "background" level of
defacement activity and didn't warrant the alarms, he said.
"In this case, there was no fire where there was smoke," Huger said.
Like the story of the "boy who cried wolf," false alarms from security
companies about events such as the Defacers Challenge could cause
organizations to doubt future warnings, creating the possibility of bigger
problems when a real crisis hits, Huger said.
Web Site Defacement Winner Announced
A well-known Brazilian crew won this past weekend's Web site defacement
contest, amassing more than twice as many points as the second-place team.
Crackers from the Perfect.br team racked up 152 points in winning the
contest, which put them 90 points ahead of the runners-up, the Hackbsd
Crew. For their efforts, the Brazilians won a Web hosting package.
The contest challenged crackers to deface as many Web sites as possible
within a given amount of time. Points were awarded based on the operating
system of the box that was hosting the defaced site. The less common the
OS, the more points the defacement was worth.
For example, sites running on Windows machines were worth just one point,
while sites on Macintosh systems were awarded five points. The contest,
which had been widely publicized in the days leading up to the Sunday kick
off, drew more than 60 entrants, according to the organizer's Web site.
Only about a quarter of the entrants were able to score 10 points or more,
with many apparently defacing just one or two sites.
In addition to all of the media coverage-or perhaps because of it-the
contest also attracted its share of weirdness. Zone-H.org, an independent
security site that the contest's organizer designated as the official
defacement archive for the competition, was the target of a
denial-of-service attack Sunday that knocked the site offline for most of
the day.
The group that attacked Zone-H explained its motives thusly in a note
posted on SecurityNewsPortal.com: "We think the competition is a waste of
time, therefore we will not participate. The competition was to be judged
on the statistics collected by Zone-H, since it is a popular defacement
mirror site. We planned and executed a DDoS attack directed at Zone-H so
that they were unable to take mirrors of the defacements on the 6th of
July, as a type of online protest. After the attack started Zone-H was
intermittently offline for 15 minutes. After 30 minutes we increased the
number of computer involved, which resulted in the site being completely
unreachable."
Oddly, one of the people listed as being a member of the group responsible
for the DoS attack is Gui, a member of the Perfect.br crew.
Perfect.br is widely known in the underground and its members are
responsible for a large number of previous Web site defacements.
Judge Rules Kazaa Can't Pursue Lawsuit
The distributor of the Kazaa software for sharing songs, movies and other
files online cannot pursue an antitrust lawsuit against major recording
labels and movie studios, a federal judge ruled.
Sharman Networks made the antitrust claims in January as part of its
defense of a copyright infringement suit filed by the entertainment firms.
Sharman argued that music labels and studios conspired to keep authorized
and copy-protected versions of their songs and movies off Kazaa. It
essentially blamed piracy on the entertainment companies, saying they
failed to work with Sharman to create a legal alternative.
U.S. District Judge Stephen V. Wilson dismissed Sharman's claims, which
many copyright lawyers had considered a stretch.
In Thursday's ruling, Wilson said that even if the allegations were true,
Sharman would not be entitled to damages because it distributes
file-sharing software and not online entertainment.
"Sharman Networks was grasping at straws to distract the court from their
own improper behavior," said Matthew Oppenheim of the Recording Industry
Association of America. "We are pleased that the court recognized what we
have said all along - that these claims lacked any merit."
The copyright claims against Sharman remain pending. Wilson previously
ruled that two other file-sharing companies, StreamCast Networks and
Grokster, are not to blame for any illegal copying conducted by the
services' users.
Newest Lindows Runs From A CD
Lindows.com is shipping a version of its Linux (news - web sites)-based
operating system that can be run directly from a CD-ROM drive without
needing to be installed on a hard drive, simplifying its use.
The product, called LindowsCD, has many of the features of LindowsOS 4.0,
according to representatives of Lindows.com. LindowsCD supports as hardware
detection, plug and play, and various multimedia formats and technologies,
the company says. LindowsCD can handle MP3, Real Audio, Real Video, and
Flash files.
It is available now, bundled with LindowsOS 4.0, sold direct by
Lindows.com. It can also be purased separately priced at $29.95 through
Lindows.com outlets.
Users can run LindowsCD by simply inserting it into a PC's CD-ROM drive
and restarting the machine. It makes no changes to the PC's hard drive. To
revert back to the PC's original configuration, all a user needs to do is
remove LindowsCD from the CD-ROM drive and restart the machine, according
to Lindows.com.
In addition to the operating system, the CD also contains applications.
Among those are programs that enable users to open under Linux programs
files that were created with Microsoft applications like Word, PowerPoint,
and Excel, according to Lindows.com.
Lindows.com hopes the ease of running the operating system, without
requiring configuration changes or taking other risks, will prompt people
to try out Linux.
"There's enormous interest in Linux, but computer users don't always have a
spare computer to try it out. Now with LindowsCD any user can insert the
disc, restart their computer and they're running Linux," Michael Robertson,
Lindows.com's chief executive officer, said in a statement. The company has
faced fierce competition from Microsoft in court as well as in the market.
Send Spammers to Jail, U.S. Lawmakers Say
E-mail "spammers" who flood Internet inboxes with millions of unwanted,
deceptive commercial pitches should face jail time as well as financial
penalties, U.S. lawmakers and law enforcers said on Tuesday.
But some said a proposed anti-spam bill, which has won the backing of top
lawmakers, would do little to stop the flood of unwanted commercial
pitches, as companies would still be free to send offers to anybody with
an e-mail address.
Get-rich-quick schemes, pornography and other dubious pitches now account
for between 40 percent and 80 percent of all e-mail, filtering companies
and Internet providers say, and Congress is widely expected to pass an
anti-spam bill this year.
The leading bill in the House of Representatives would require Internet
marketers to disclose their online and offline addresses, and honor
customer requests to be taken off their mailing lists, an approach backed
by business groups that want to differentiate "legitimate" marketing from
the two-thirds of spam that contains fraudulent information of some kind.
The bill also won praise from law-enforcement officials, who said spammers
who now shrug off civil penalties as a cost of doing business may think
twice when faced with a jail sentence of up to two years.
"We believe criminal sanctions will make a big difference in Virginia,"
Virginia Attorney General Jerry Kilgore told the House subcommittee on
crime.
William Moschella, an assistant attorney general at the Department of
Justice, said he supported the bill as well.
Others said the bill would not give consumers enough power over their
inboxes because companies would still be free to send them e-mail pitches
until they were told to stop.
This "opt-out" approach could prove counterproductive as spammers commonly
use opt-out requests to confirm that an e-mail address is valid, leading
to more spam, said Chris Murray, legislative counsel at Consumers Union.
A better approach would be to model the spam bill on a "junk fax" law that
allows consumers to sue companies that send them unsolicited faxes, he
said.
Murray's suggestion drew a vehement response from bill co-sponsor Rep. Bob
Goodlatte, who said it would invite a tide of frivolous lawsuits against
honest businesses that provide easy targets, rather than fly-by-night
spammers who cover their tracks.
"Legitimate businesses will suffer, consumers will receive less
information... and the people we really have a problem with are going to
continue on their merry way," said Goodlatte, a Virginia Republican.
The House Energy and Commerce Committee has scheduled a hearing on the
bill for Wednesday. In the Senate, another anti-spam bill cleared the
Commerce Committee last month.
House Panel Takes Up Anti-Spam Bills
Microsoft's filters block more than 2.4 billion junk e-mails a day, but
even the world's largest software company cannot keep up with the
ever-growing volume of spam, officials told Congress Wednesday.
"Technology needs help," Ira Rubinstein, associate general counsel for
Microsoft, said in endorsing congressional efforts to crack down on spam.
Because filters do not have detailed information about those who send spam,
they may misclassify legitimate e-mail or fail to block spammers,
Rubinstein said.
"Microsoft supports strong federal anti-spam legislation because the
current legal and regulatory regime is simply not up to the task," he said.
Microsoft was one of several high-tech companies that testified Wednesday
in support of two House bills aimed at blocking spam, which now accounts
for more than 40 percent of all e-mails sent, up from 7 percent in 2001.
America Online, EarthLink and Amazon also spoke in favor of the legislation
being considered by a House Energy and Commerce subcommittee. The bills are
among a half-dozen anti-spam proposals pending in Congress, including a
measure that has been approved by the Senate Commerce Committee.
With new studies showing that e-mailed spam costs American businesses up to
$10 billion a year in lost time and productivity, federal action is needed
"to avert deep erosion of public confidence that could hinder or even
destroy e-mail as a tool for communication and online commerce," said
Howard Beales, director of the Federal Trade Commission's Bureau of
Consumer Protection.
Beales called for a balanced approach that combines technology, law
enforcement and education.
Commerce Committee Chairman Billy Tauzin, R-La., said he favors a bill that
would let consumers opt out of receiving spam and provide criminal and
civil penalties to fight fraudulent spam. The bill, introduced by Rep.
Richard Burr (news, bio, voting record), R-N.C., also is supported by Rep.
James Sensenbrenner, R-Wis., chairman of the House Judiciary Committee.
Some lawmakers said the bill was too lenient, noting that it targets only
e-mail whose "primary purpose" is to promote a product.
Committee Democrats back a measure introduced by Reps. Heather Wilson,
R-N.M., and Gene Green, D-Texas, that would allow consumers to opt out of
all unwanted commercial e-mail. The bill also would impose tough criminal
and civil penalties on spammers.
Tauzin called the two bills "remarkably similar" and said he was confident
lawmakers would come together to find a solution.
Congress in the past has been reluctant to crack down on spam, in part
because of lobbying from retailers, marketing firms and other who use
e-mail for their businesses. But with the problem worsening, "we're likely
to get some real action this year," Tauzin said.
___
The bill numbers are H.R. 2214 and H.R. 2515.
Spam Gets Dangerous
A major anti-spam vendor is warning companies to take precautions against
an emerging form of spam designed to take advantage of unsuspecting users.
SurfControl plc execs say "brand spoofing," in which a spammer disguises
E-mail to make it appear as if it's from a trusted company in order to
extract personal information such as account details and Social Security
numbers, is a growing and dangerous form of spam. Among the companies that
have been brand spoofed in recent months are Best Buy, UPS, Bank of
America, PayPal and First Union Bank, according to SurfControl.
Sony Electronics last week warned that it had become aware of a deceptive
mass E-mailing that was sent to consumers with the subject "Sonystyle user
and email address." The message, which claimed to come from "SonyStyle
Customer Service," requested personal information, including user names and
passwords.
Michael Osterman, principal analyst with messaging research firm Osterman
Research, says brand spoofing is a newer form of E-mail spoofing, in which
spammers disguise E-mails to look like they come from familiar addresses,
such as those of co-workers. Osterman thinks brand spoofing is most
threatening to consumers who don't get a lot of E-mail and thus might be
easily fooled, but he also expects it could endanger small businesses where
the recipient is more likely to be a decision-maker.
SurfControl advises companies to take a few precautionary steps to protect
their IT systems, employees, and customers:
- Notify customers and employees that E-mails seeking personal information
are suspicious and should be reported immediately. There's no legitimate
reason for any Web site to ask for E-mail verification or an update of
confidential information via E-mail.
- Urge customers and employees not to open suspicious E-mails or even visit
Web sites mentioned, as they pose a risk, such as the possible automatic
download of a Trojan horse program, to anyone logging on to the site.
- Monitor Internet and spam security information resources.
Consumers Union Says Federal Anti-Spam Bill Doesn't Go Far Enough
None of the anti-spam legislation Congress is considering goes far enough
in tackling the problem, The Consumers Union, the company behind the
popular Consumer Reports publications, told a House subcommittee Tuesday.
So far, all the ideas floated in the Senate and the House take an 'opt-out'
approach, where e-mail users would be required to add their names and
addresses to a 'do not spam' list.
But that's not enough, said Chris Murray, the legislative counsel for
Consumers Union, in testimony before the House Judiciary's Subcommittee on
Crime, Terrorism, and Homeland Security. The hearing focused on H.R. 2214,
the Rid Spam Act introduced by Rep. Billy Tauzin (R-La.) in May.
"Thus far, the bills proposed, including H.R. 2214, have an 'opt-out' as
part of their core solution," Murray said. "In other words, an ISP must
first pass on the spam to consumers, consumers must then read the spam, and
then they can exercise their right to stop receiving messages from that
particular sender.
"H.R. 2214 needs to be improved because it lacks an 'opt-in' provision and
private right of action for consumers. This puts too much burden on
consumers to block spam and makes it too difficult to hold spammers
legally accountable for their inappropriate interference with consumers'
email."
He used the analogy of a consumer putting a 'do not solicit' sign on her
door, only to be forced to let any company in the world ring the doorbell
once before she had the option to tell the salesman to beat it. "This is
an absurd burden," Murray said.
Instead, Murray called for an 'opt-in' solution, where messages would be
sent only to those users who had explicitly agreed to receive them, and
urged Congress to give consumers the right to sue companies or individuals
who violated such agreements. "An opt-in regime appears to be the best
choice," he said.
Until then, he recommended that users do nothing. "Do not respond to spam,
do not view spam, and most especially, do not opt-out of spam because this
will tell spammers that your email address is a functioning one."
If Congress does take the opt out-style 'do not spam' road, the concept
faces some significant technological challenges, noted Vincent Schiavone,
the CEO of the ePrivacy Group, a firm that frequently consults with
government agencies and enterprises on spam and other security and
trust-related issues.
While much has been made lately about the FTC's debut of its 'do not call'
list that allows consumers to block telemarketing phone calls, a similar
'do not spam' list - which is what many of the bills before Congress
propose, is a very different beast, according to Schiavone.
"E-mail is very different than the telephone," he said. "The other end of
the phone is traceable and accountable, but we don't have that traceability
and accountability in e-mail."
Over 20 million consumers have registered phone numbers with the FTC's
DoNotCall.gov Web site since it opened less than two weeks ago. And in a
poll shortly after its release, an overwhelming majority of Americans
wanted to see the concept extended to e-mail to stem spam.
Although Schiavone said that a federal 'do not spam' list was a distinct
possibility given the interest in Congress, the idea has some hurdles to
jump before it becomes a reality and really does some good.
"E-mail is a very crude protocol," he said. "There's no common language to
differentiate spam from commercial e-mail, say a customer service notice
or a newsletter."
For an 'opt-out' approach to really work, e-mail will have to be recrafted,
Schiavone said, so that messages contain information about its content, the
relationship between the sender and recipient - so that legitimate messages
aren't blocked, and definitive proof of the identity of the sender.
"We can do this now with existing protocols," he claimed. "It's not rocket
science." Among the ideas he's proposed to the FTC, he said, are
lightweight digital signatures and an open standard for embedding
information in the header of all e-mail messages.
In other spam news, America Online on Wednesday revised its service
agreement to extend its definition of spam to include instant messages and
the back-and-forth in chat rooms. Under the new terms AOL will cancel
memberships or prosecute subscribers who use IM or chat to send spam.
PayPal Spoof Site Asks for Users' Account Info
A new Web site spoofs the PayPal online payment site and attempts to trick
PayPal customers into divulging sensitive account and billing information.
The fake Web site is the latest example in what security experts say is a
rising trend of "brand spoofing" scams.
PayPal customers are directed to the site, www.paypal-billingnetwork.net,
by an e-mail message that appears to come from the Mountain View,
California, company. The message claims that due to a "recent system
flush," the customer's billing and personal information is "temporaly
unavailable" (sic).
Customers need to verify their identity by visiting the site or risk having
their account canceled, according to the message, which is signed by "Jhon
Krepp" from the "PayPal Billing Department."
The actual site is almost identical to PayPal's real site, with the same
graphics, layout and wording. In fact, many of the links on the site point
back to the actual PayPal Web site. PayPal could not be reached for comment
about the scam site.
Adding to the ruse, visitors to the paypal-billingnetwork.net site are
greeted with an authentic-sounding pop-up message.
"We've worked hard to help make PayPal even better! However, we have to
ask you to re-enter your Billing Information," the message reads, in part.
Visitors are asked to have their last PayPal billing statement and credit
cards handy before entering the site.
PayPal members who do not enter their billing information will have their
PayPal accounts canceled, according to the message.
After acknowledging this message, users are presented with a form that asks
for a wide range of personal and financial information including Social
Security number, driver's license number, date of birth, and credit card
information.
Unlike much of the rest of the site, however, the form does not reside on
PayPal's Web site, but on a server at a different IP address.
Paypal-billingnetwork.net is registered through Vancouver,
Washington-based Web hosting company Dotster. Dotster did not immediately
respond to requests for comment.
The PayPal scam is just the latest example of brand spoofing, which
security experts say is a growing problem.
On Tuesday, e-mail filtering company SurfControl PLC of Scotts Valley,
California, issued a warning about brand spoofing, saying it has noticed a
jump since March in unsolicited e-mail messages tied to fraudulent
brand-spoofing scams.
Like the most recent PayPal scam, the fraudulent e-mail messages pretend
to be from customer service or security officials at well-known companies
and direct the spam recipient to phony Web sites that harvest their
confidential information, SurfControl said.
Because of its role as an online payments clearinghouse with a large user
base, PayPal has long been the target of online criminals.
Recently, however, other high-profile companies have been the targets of
brand spoofing, including Best Buy and Discover Financial Services'
DiscoverCard.
Sony Electronics, United Parcel Services, and Bank of America have also
been the targets of brand spoofing in the last few months, SurfControl
said.
SurfControl did not receive any brand spoofing e-mail before March, but
has received more than five new examples of brand spoofing spam each month
since then, the company said. The proliferation of open proxy servers is
largely responsible for the problem, SurfControl said.
Lists of the loosely managed or insecure proxy servers are freely available
online, as are tools for locating open proxies, according to Susan Larson,
vice president of global product content at SurfControl.
Spammers use the servers to forward large volumes of e-mail messages to
recipients. An open proxy server will not only forward the e-mail messages,
but also insert its own Internet address in place of the original source
information, effectively covering the spammer's tracks, Larson said.
Working from lists of harvested e-mail addresses, spammers target
high-profile companies, counting on the fact that a certain percentage of
recipients will have a relationship with those companies, Larson said.
Because of the low cost of sending spam and the huge sums that can be
reaped by stealing someone's identity, only a small number of recipients
need to fall for the ruse in order for the spammers to turn a profit, she
said.
Consumers' growing comfort with online retail is also partially to blame
for the increase in brand spoofing scams, according to Larson.
"So many more people are trusting the Internet to do financial business.
We're not as skeptical as we used to be about going out on the Internet
and giving passwords or credit card numbers or bank account numbers," she
said.
The U.S. Federal Trade Commission recently warned Internet users about the
problem on its Web site.
The FTC recommends checking for "sloppy copy" such as spelling mistakes or
grammatical errors in the solicitation. Consumers should also check with
the company in question before providing any personal information on a Web
site, the FTC said.
Spammers' Top 10 Deceptive Subject Lines
Anti-spam vendor FrontBridge Technologies Inc. has identified the top 10
deceptive e-mail subject lines used by spammers to lure recipients into
opening their messages.
FrontBridge's list was culled from 1,200 enterprise e-mail domains the
company filters and analyzes regularly, and the vendor expects more e-mail
containing such deceptive subject lines to appear in in-boxes.
The company reports that deceptive spam tactics grew more than 50% in the
first six months of the year.
The list reads:
* RE: Information you asked for
* hey
* Check this out!
* Is this your email?
* Please resend the email
* RE: Your order
* Past due account
* Please verify your information
* Version update
* RE: 4th of July
=~=~=~=
Atari Online News, Etc. is a weekly publication covering the entire
Atari community. Reprint permission is granted, unless otherwise noted
at the beginning of any article, to Atari user groups and not for
profit publications only under the following terms: articles must
remain unedited and include the issue number and author at the top of
each article reprinted. Other reprints granted upon approval of
request. Send requests to: dpj@atarinews.org
No issue of Atari Online News, Etc. may be included on any commercial
media, nor uploaded or transmitted to any commercial online service or
internet site, in whole or in part, by any agent or means, without
the expressed consent or permission from the Publisher or Editor of
Atari Online News, Etc.
Opinions presented herein are those of the individual authors and do
not necessarily reflect those of the staff, or of the publishers. All
material herein is believed to be accurate at the time of publishing.
