Contractors
and US government employees are sharing hundreds of secret documents on
peer-to-peer networks, in many cases overriding the default security settings
on their P2P software to do so, according to a company that monitors the
networks.
Among the files shared were physical threat assessments
for multiple cities, including Philadelphia and Miami; a physical security
attack assessment for a US Air Force base; a detailed report from a government
contractor on how to connect two secure Department of Defense (DOD) networks;
a document titled, “NSA (National Security Agency) Security Handbook.”
In many cases, P2P users override the default security
settings in the software. In LimeWire, the default setting allows users
to share files only from a “shared” folder, but many users apparently
override the default settings, ignore warnings from the software, and
share their entire “my documents” folder or other folders, Lime
Group CEO Mark Gorton testified.
In other cases, government employees or contractors
apparently ignore policies prohibiting the use of P2P software on computers
containing sensitive government information, witnesses testified.
In preparation for the congressional hearing, Tiversa
scanned the three most popular P2P networks, including the Gnutella network
LimeWire uses, for two days. Tiversa staff entered common military search
terms and found more than 200 secret US government documents, Boback said.
Among the files shared from the contractor’s
computer: The infrastructure diagram for the entire Pentagon secret backbone
network; password change scripts for secret Pentagon network servers;
Secure Sockets Layer instructions and certificates allowing access to
the contractor’s IT systems; a contract issued by the US Army Contracting
Agency authorising $1.5 million in fees from the contractor.
The contractor’s shared files also included
a letter from the US White House Office of Management and Budget warning
about the risks of P2P networks.
‘Attempted infringement’ appears in
new bill
Rep.
Steve Chabot, has introduced legislation to enhance enforcement of IP
based on the proposals in Congress, complete with stiffer jail terms for
violators and the controversial “attempted infringement” clause.
H.R. 3155, the Intellectual Property Enhanced Criminal
Enforcement Act of 2007, aims widely. Everything gets a section: unauthorised
recording of films in theaters, circumventing copy protection, trafficking
in counterfeit goods. The bill even directs the Attorney General to send
federal prosecutors to take up permanent residence in Hong Kong and Budapest
and specifies the number and makeup of FBI investigative teams.
In most cases, the bill appears to simply double
existing penalties. Section 12 alone, for instance, makes a 10-year prison
term into a 20-year term, three years into six, five into 10, and
six into 12. One of the bill’s controversial features is the fact
that people can be charged with criminal copyright infringement even if
such infringement has not actually taken place. “Any person
who attempts to commit an offense under paragraph (1) shall be subject
to the same penalties as those prescribed for the offense, the commission
of which was the object of the attempt,” says the bill. While copyright
infringement is sometimes believed to be solely a civil matter, that’s
not the case. US Code 17, section 506 (a) spells out the conditions for
criminal infringement under which the government can actually do the prosecuting,
and they are quite modest. The infringement must be willful, and the material
in question must have a total retail value of over $1,000. This wouldn’t
be a difficult threshold for many P2P users to clear, except for the fact
that this section also requires that the infringement be done “for
purposes of commercial advantage or private financial gain.”
The attempted infringement clause actually falls
under this criminal infringement statute, meaning that it won't apply
to file-sharing unless the courts suddenly take a hugely expansive view
of "commercial advantage or private financial gain," and it's
unlikely that the government has some new interest in such cases.
Seagate plans to stop manufacturing IDE drives
Seagate
is planning to cease the manufacturing of IDE hard drives by the end of
the year and focus exclusively on SATA-based products. Seagate is the
first major hard drive manufacturer to announce such plans, though others
will likely follow suit as SATA continues to deplete PATA’s market
share. According to a report published at Australian-based ITNews last
January, SATA now accounts for 66.7 percent of desktop hard drive sales,
44 percent of laptop sales, and an unspecified (but increasing) amount
of enterprise storage connectivity.
Not only has SATA overtaken PATA as the interface
of choice for hard drive connectivity, but it’s become the main interface
for primary hard drive connectivity as well—meaning that a majority
of OEM system shipments now contain a SATA-based hard drive rather than
one confirming to the older PATA standard. Accomplishing all of this in
less than a decade is impressive, particularly when compared to the slow
pace at which floppies or the original USB interface have been supplanted
by newer technologies. Unlike the slow pace of adoption that characterised
other standards, SATA has virtually sprinted across the finish line.
That’s not to say support for the 21-year-old
PATA standard is going to vanish overnight; 34 percent of global hard
drives is still an awful lot of hardware, and quite a few CD/DVD drives
still rely on PATA. This means that most motherboard manufacturers
will probably keep at least one PATA slot around for a while longer, similar
to how ISA slots were available long after most of us had ditched our
old ISA peripherals. Add in the PCI/PCIe-based expansion slot market,
and its unlikely that PATA support is going anywhere any time soon—a
fact which should reassure anyone who is afraid Seagate’s SATA-only
policy could leave us all with mountains of PATA drives and no way to
access them.
Dell to expand Linux PC offerings
Dell
Inc will soon offer more personal computers that use the Linux operating
system instead of Microsoft Corp’s Windows, said the founder of a
company that offers Linux support services.
Mark Shuttleworth, who created a version of Linux software named Ubuntu,
said Dell is happy with the demand it has seen for Linux PCs that were
introduced in May.
Dell, the world’s second-largest PC maker after Hewlett-Packard
Co, now offers three consumer PCs that run Ubuntu Linux. Open-source software
refers to computer programs, generally available over the Internet at
no cost, that users can download, modify and redistribute. The Linux operating
system is seen as the biggest rival to Microsoft’s Windows operating
system. Companies like Shuttleworth’s privately held Canonical Inc,
Red Hat Inc and Novell Inc make money by selling standardised versions
of Linux programs and support contracts to service them. There are dozens
of versions of Linux, available for all sorts of computers from PCs to
mainframes and tiny mobile devices.
Shuttleworth said his company was not in discussions with Hewlett-Packard
or the other top five PC makers to introduce machines equipped with Ubuntu.
The other three top PC makers are Lenovo Group Ltd, Acer Inc and Toshiba
Corp.
Encrypted USB key with TOR, Firefox
Designed
to be the world’s most secure flash drive, the IronKey employs military-grade
AES hardware-based encryption through its IronKey Cryptochip. The encryption
keys are stored on the drive itself and your password is required in conjunction
with the keys to access and decrypt files. If you forget your password,
you may be in trouble; after ten consecutive failed password attempts,
the IronKey self-destructs (internally) and erases everything on the drive
using “flash-trash” technology that physically overwrites every
byte, making the data completely unrecoverable.
Hardware encryption is one aspect of the IronKey,
but the online component is another. When you log on to the IronKey Web
site (which again requires both your password and that your IronKey is
physically plugged into your machine), you can activate their secure Web-browsing
service which turns Firefox into a malware-proof, “stealth surfing”
application. Other security features include a “potting” technique
that fills the innards of the key with black goo, waterproofing it past
military standards and preventing hardware crypto-analysis.
Malaysia cracks down on bloggers
The
Malaysian government has warned that it could use tough anti-terrorism
laws against bloggers who insult Islam or the country’s king. The
move comes as one of Malaysia’s leading online commentators has been
questioned by police following a complaint by the main governing party.
The new rules would allow a suspect to be detained
indefinitely, without being charged or put on trial. But officials insist
the law is not intended to strangle Internet freedom.
Raja Petra Kamarudin, the editor of one of Malaysia’s
most popular political Web sites, Malaysia Today, turned himself in to
police to answer allegations that he had mocked Islam and threatened racial
harmony. Raja Petra is known for his frequent criticism of Prime Minister
Abdullah Ahmad Badawi and other government figures.
He defended his Web site, saying that many people,
especially the non-Malays in this country, do not have a forum to air
their views. Malaysia Today is believed to attract around a quarter of
a million visitors a day, giving it more readers than most Malaysian newspapers.
BitTorrent for cell phones
The
new µTorrent mUI(mobile UI) has all the basic features you could
want in order to remotely control your µTorrent application. You
can stop, start, pause, and resume a torrent, while also throttling bandwidth.
The one big thing that µTorrent mUI lacks is the ability to add
torrents, which the official µTorrent Web interface does nicely.
However, Sindre Sorhus, the developer behind the project informs that
this is a feature he greatly desires, and that he’s actively working
on it for future versions. The complexity of doing so over a mobile device
remains challenging, as no current BitTorrent trackers support such portables.
However if Sindre was able to overcome the challenge of reverse engineering
the undocumented µTorrent web API (Application Programming Interface),
incorporating the ability to add torrent files shouldn’t be too far
behind.
Remotely controlling a P2P application via the
Web is nothing new. eMule popularised the feature, while µTorrent
and Azureus introduced the concept to the BitTorrent community. This technology
allows the individual to log into his home machine from a remote location
and, among many other things, add torrents, pause a download, or discontinue
a download.
µTorrent mUI is a fascinating step forward
in bringing file-sharing technology to mobile devices. It’s useful
in that it allows the individual to remotely monitor a download, or kill
a download that’s become idle. Sindre told Slyck.com that when the
Mac µTorrent is eventually released, he will certainly make his
application compatible.
µTorrent mUI is a work in progress, however
should not be underestimated. The developer behind the project has demonstrated
a degree of talent, and it’s likely the file-sharing community will
be expecting great things. So for now, enjoy µTorrent mUI for what
it is. If you’re out and about, and absolutely must know the status
of your really.great.creative-commons.movie.avi.torrent, uTorrent mUI
delivers the goods. And best of all, it’s open source.
Microsoft seeks Open-source certification
After
months of antagonising the open-source community, Microsoft Corp. now
appears to be trying to engage it by seeking an official stamp of approval
for the licenses that the company uses to share its own software and source
code.
During a keynote speech at the O’Reilly Open
Source Convention in Portland, Bill Hilf, Microsoft’s general manager
of platform strategy, said that the software vendor is submitting its
so-called shared source licenses to the Open Source Initiative for certification
as true open-source licenses.
The plans were also detailed on Port 25, a blog
written by workers at Microsoft’s Open Source Software Lab. Neither
OSI President Michael Tiemann nor Mark Radcliffe, the organisation’s
general counsel, returned e-mails and calls seeking comment on Microsoft’s
announcement.
Microsoft has released 650 internally developed
software programs to the general public via its shared source program,
according to Hilf. But don’t expect Microsoft to release open-source
versions of products such as Windows or Office anytime soon. Most of the
products released under the shared source licenses are lesser-known applications
hosted on Microsoft’s CodePlex site, the company’s equivalent
to SourceForge Inc.’s popular open-source development site.
Nonetheless, the latest move may come as a surprise
to many who have watched Microsoft over the past year. For example, the
software vendor has encouraged Linux vendors to sign controversial cross-licensing
deals in order to avoid any potential legal repercussions from Microsoft’s
claims that Linux and other open-source products infringe on 235 of its
patents.
Microsoft has reached agreements with Novell Inc.
and two other vendors, but it was rebuffed by three other companies, including
Red Hat Inc.—raising the specter of a split within the Linux camp.
And Microsoft CEO Steve Ballmer, who once called
Linux “a cancer,” further fanned the flames by declaring that
because of the alleged infringement of the software vendor’s intellectual
property, “every Linux customer basically has an undisclosed balance-sheet
liability.”
Microsoft wouldn’t be the first vendor not
normally associated with open-source technology to have licenses approved
by the OSI. Among the 50 or so software licenses that the group has certified
are ones submitted by companies such as Apple Inc., CA Inc., Nokia Corp.,
RealNetworks Inc. and Sybase Inc.
Other OSI-approved licenses include the GNU General
Public License and the Mozilla Public License, which is used with the
Firefox Web browser.
Contractors
and US government employees are sharing hundreds of secret documents on
peer-to-peer networks, in many cases overriding the default security settings
on their P2P software to do so, according to a company that monitors the
networks.
Rep.
Steve Chabot, has introduced legislation to enhance enforcement of IP
based on the proposals in Congress, complete with stiffer jail terms for
violators and the controversial “attempted infringement” clause.
Seagate
is planning to cease the manufacturing of IDE hard drives by the end of
the year and focus exclusively on SATA-based products. Seagate is the
first major hard drive manufacturer to announce such plans, though others
will likely follow suit as SATA continues to deplete PATA’s market
share. According to a report published at Australian-based ITNews last
January, SATA now accounts for 66.7 percent of desktop hard drive sales,
44 percent of laptop sales, and an unspecified (but increasing) amount
of enterprise storage connectivity. 
Dell
Inc will soon offer more personal computers that use the Linux operating
system instead of Microsoft Corp’s Windows, said the founder of a
company that offers Linux support services.
Designed
to be the world’s most secure flash drive, the IronKey employs military-grade
AES hardware-based encryption through its IronKey Cryptochip. The encryption
keys are stored on the drive itself and your password is required in conjunction
with the keys to access and decrypt files. If you forget your password,
you may be in trouble; after ten consecutive failed password attempts,
the IronKey self-destructs (internally) and erases everything on the drive
using “flash-trash” technology that physically overwrites every
byte, making the data completely unrecoverable. 
The
Malaysian government has warned that it could use tough anti-terrorism
laws against bloggers who insult Islam or the country’s king. The
move comes as one of Malaysia’s leading online commentators has been
questioned by police following a complaint by the main governing party.
The
new µTorrent mUI(mobile UI) has all the basic features you could
want in order to remotely control your µTorrent application. You
can stop, start, pause, and resume a torrent, while also throttling bandwidth.
The one big thing that µTorrent mUI lacks is the ability to add
torrents, which the official µTorrent Web interface does nicely.
However, Sindre Sorhus, the developer behind the project informs that
this is a feature he greatly desires, and that he’s actively working
on it for future versions. The complexity of doing so over a mobile device
remains challenging, as no current BitTorrent trackers support such portables.
However if Sindre was able to overcome the challenge of reverse engineering
the undocumented µTorrent web API (Application Programming Interface),
incorporating the ability to add torrent files shouldn’t be too far
behind.
After
months of antagonising the open-source community, Microsoft Corp. now
appears to be trying to engage it by seeking an official stamp of approval
for the licenses that the company uses to share its own software and source
code.
