DOM Viewer and Browser
MS has a web accessory that lets you browse the DOM structure of a
web page. It is at the bottom of the list on the Web Accessories
page.
http://microsoft.com/Windows/IE/WebAccess/default.asp
It should be a big help in debugging JavaScript and writing custom
DHTML scripts.
Dan
Saturday, July 14, 2001
Video for the WWW
For those of you with questions about putting video onto your web site, here is a nice link to read:
http://www.techtv.com/screensavers/answerstips/story/0,23008,3336434,00.html
For those of you with questions about putting video onto your web site, here is a nice link to read:
http://www.techtv.com/screensavers/answerstips/story/0,23008,3336434,00.html
Tuesday, July 10, 2001
Date: Wed Jun 6, 2001 4:04 pm
Subject: RIAA tries to block report on encryption
Scientists Take Recording Industry to Court By Nate Mook and David Worthington, BetaNews
June 6th, 2001, 8:07 AM
In a bold move, the Electronic Frontier Foundation (EFF) has filed a lawsuit in federal court to protect the First Amendment rights of Princeton University Professor Edward Felten and his team of scientists. Felten intended to publish academic findings detailing the successful circumvention of digital audio copyright technologies.
A coalition of the RIAA, SDMI, and Verance, sought to prevent public disclosure of the research. The court will decide whether Felten's team may present details of the study at the USENIX Security Conference in August.
The EFF calls into question the constitutionality of a clause in the Digital Millennium Copyright Act (DMCA) prohibiting the publication of methods to bypass security controls in digital media. In a letter to Professor Felten, the Recording Industry Association of America (RIAA) and Secure Digital Music Initiative (SDMI) threatened legal action if the results were made public. But the research community maintains that mathematics and code are not circumvention devices and thus do not violate any laws.
Felten and his team answered a challenge put forth last September by the SDMI to hack the initiative's audio watermark technology. The watermarks, including one developed by Verance, help to prevent unauthorized distribution of copyrighted works. Ironically, the hacking contest was intended to advance the technology by exposing any potential flaws.
"Studying digital access technologies and publishing the research for our colleagues are both fundamental to the progress of science and academic freedom," stated Professor Felten in today's press release. "The recording industry's interpretation of the DMCA would make scientific progress on this important topic illegal."
Attempts to protect copyrights have collided with the longstanding notion of open access to research. If victorious, the EFF hopes to further scientific freedom and use the ruling to overturn anti-distribution provisions of the DMCA.
Subject: RIAA tries to block report on encryption
Scientists Take Recording Industry to Court By Nate Mook and David Worthington, BetaNews
June 6th, 2001, 8:07 AM
In a bold move, the Electronic Frontier Foundation (EFF) has filed a lawsuit in federal court to protect the First Amendment rights of Princeton University Professor Edward Felten and his team of scientists. Felten intended to publish academic findings detailing the successful circumvention of digital audio copyright technologies.
A coalition of the RIAA, SDMI, and Verance, sought to prevent public disclosure of the research. The court will decide whether Felten's team may present details of the study at the USENIX Security Conference in August.
The EFF calls into question the constitutionality of a clause in the Digital Millennium Copyright Act (DMCA) prohibiting the publication of methods to bypass security controls in digital media. In a letter to Professor Felten, the Recording Industry Association of America (RIAA) and Secure Digital Music Initiative (SDMI) threatened legal action if the results were made public. But the research community maintains that mathematics and code are not circumvention devices and thus do not violate any laws.
Felten and his team answered a challenge put forth last September by the SDMI to hack the initiative's audio watermark technology. The watermarks, including one developed by Verance, help to prevent unauthorized distribution of copyrighted works. Ironically, the hacking contest was intended to advance the technology by exposing any potential flaws.
"Studying digital access technologies and publishing the research for our colleagues are both fundamental to the progress of science and academic freedom," stated Professor Felten in today's press release. "The recording industry's interpretation of the DMCA would make scientific progress on this important topic illegal."
Attempts to protect copyrights have collided with the longstanding notion of open access to research. If victorious, the EFF hopes to further scientific freedom and use the ruling to overturn anti-distribution provisions of the DMCA.
From ECommerce Times http://www.ecommercetimes.com/perl/story/10222.html
--------------
Offering further evidence that media companies and online portals will control the bulk of e-commerce traffic, four Web properties -- America Online (NYSE: AOL), Yahoo! (Nasdaq: YHOO), Microsoft (Nasdaq: MSFT) and Napster -- now account for more than half of all the time spent online by U.S. surfers, Jupiter Media Metrix (Nasdaq: JMXI) said Monday.
Jupiter's report found that the number of Web sites controling 50 percent of surfing time shrunk to four from 11 two years ago.
Moreover, 14 companies control 60 percent of online time, down from 110 Web sites in March 1999.
Jupiter said the data helps dispel the long-held myth that market dominance on the Web would be difficult to achieve.
Myth Shattered?
"The data show an irrefutable trend towards online media consolidation and indicate that the playing field is anything but even," said Jupiter senior analyst Aram Sinnreich.
According to Sinnreich, a major share of the market is being absorbed by a handful of companies, and those same companies are continuing to direct traffic across their own networks of sites.
What has changed, Jupiter said, is that marketing and advertising power has replaced infrastructure investment as the main barrier to entry and success on the Web. In other words, bigger is better.
Merger Mania
Jupiter said a spate of mergers, most notably the AOL-Time Warner marriage, has created more powerful companies, which have in turn been helped by the death of many smaller companies that did not have the funding power to survive the shakeout.
The top pure e-commerce site on the list was eBay (Nasdaq: EBAY), which controlled just under 2 percent of all surfing time.
However, Jupiter noted that all of the media and portal companies use their dominance in attracting Web traffic to generate e-commerce income.
Power Brokers
In fact, a study released in April by Forrester Research argued that portals are slowly morphing into e-commerce brokers.
Forrester analyst Carrie Johnson said at the time that the winners in that race will be the dominant sites in terms of Web traffic.
"Comparison-shopping engines, product-review sites and portal wannabes don't have what it takes, but affiliate programs and major portals like AOL, MSN and Yahoo! do," Johnson said.
Amazon the Portal?
Meanwhile, the Yankee Group said earlier this year that portals such as AOL and Yahoo! saw sales grow faster than traditional e-tail sites did during the 2000 holiday season.
In fact, some e-tail companies have begun to act more like portals and media sites. For instance, Amazon.com (Nasdaq: AMZN) last month unveiled its first non-retail offering when it launched a movie-listings site that will be supported solely by advertising revenue.
--------------
Offering further evidence that media companies and online portals will control the bulk of e-commerce traffic, four Web properties -- America Online (NYSE: AOL), Yahoo! (Nasdaq: YHOO), Microsoft (Nasdaq: MSFT) and Napster -- now account for more than half of all the time spent online by U.S. surfers, Jupiter Media Metrix (Nasdaq: JMXI) said Monday.
Jupiter's report found that the number of Web sites controling 50 percent of surfing time shrunk to four from 11 two years ago.
Moreover, 14 companies control 60 percent of online time, down from 110 Web sites in March 1999.
Jupiter said the data helps dispel the long-held myth that market dominance on the Web would be difficult to achieve.
Myth Shattered?
"The data show an irrefutable trend towards online media consolidation and indicate that the playing field is anything but even," said Jupiter senior analyst Aram Sinnreich.
According to Sinnreich, a major share of the market is being absorbed by a handful of companies, and those same companies are continuing to direct traffic across their own networks of sites.
What has changed, Jupiter said, is that marketing and advertising power has replaced infrastructure investment as the main barrier to entry and success on the Web. In other words, bigger is better.
Merger Mania
Jupiter said a spate of mergers, most notably the AOL-Time Warner marriage, has created more powerful companies, which have in turn been helped by the death of many smaller companies that did not have the funding power to survive the shakeout.
The top pure e-commerce site on the list was eBay (Nasdaq: EBAY), which controlled just under 2 percent of all surfing time.
However, Jupiter noted that all of the media and portal companies use their dominance in attracting Web traffic to generate e-commerce income.
Power Brokers
In fact, a study released in April by Forrester Research argued that portals are slowly morphing into e-commerce brokers.
Forrester analyst Carrie Johnson said at the time that the winners in that race will be the dominant sites in terms of Web traffic.
"Comparison-shopping engines, product-review sites and portal wannabes don't have what it takes, but affiliate programs and major portals like AOL, MSN and Yahoo! do," Johnson said.
Amazon the Portal?
Meanwhile, the Yankee Group said earlier this year that portals such as AOL and Yahoo! saw sales grow faster than traditional e-tail sites did during the 2000 holiday season.
In fact, some e-tail companies have begun to act more like portals and media sites. For instance, Amazon.com (Nasdaq: AMZN) last month unveiled its first non-retail offering when it launched a movie-listings site that will be supported solely by advertising revenue.
Date: Sun Jun 3, 2001 7:12 pm
Subject: Notes from the past week
There are a lot of links here. I hope you take a look through them.
-------
I am starting the process of moving away from depending on the Yahoo
Groups system for our archive and messages. I'll keep you up to date
as things progress. The student support link from my main page
(http://www.zse4.com/beacon) already has changed and you'll start
seeing more things there as I build our new support section.
-------
Notes from the week:
Comparing the efficacy of low cost adevertising on the web
http://danny.oz.au/design/publicity/experiment/index.html
--------
Another beacon instructor's site - good stuff take some time on this
one
http://mysite.thebeaconinstitute.com/users/davec/
--------
The national discussion forum area for Beacon Web Commerce studentshttp://www.thebeaconinstitute.com/cgi-bin/forum/dcboard.cgi?az=list&forum=ECOMM
--------
Custom icon on favorites list (This trick only works with IE5.)
If you have ever visited sites such as Yahoo and added them as a favorite, you would have noticed that the icon is very different to
other favorites in your menu.
Create an Windows format icon in 16x16 pixel size. To do this you will need an icon editor (similar to a paint program) such as Microangelo -
http://www.impactsoftware.com/muangelo/themaster/prodinfo.htm
Save it as favicon.ico.
Upload the favicon.ico file to the root directory of the website.
If you go to Wronganswers.com and add the page as a favorite, you can see my icon.
You can also associate other custon icons with different pages using the Link tag.
For more instuctions see:
http://www.webdevelopersjournal.com/articles/favicon.html
-------
Hotels in space in a decade
http://www.space.com/businesstechnology/technology/bigelow_station_010531.html
-------
Duct tape is not good for ducts:
Here's a good money saving idea: According to government research, leaks in heating and air-conditioning ducts waste 20 to 40 percent of the heating and cooling energy in a typical house. Blame the duct tape. Homeowners and contractors commonly use it to seal up the leaks.
Max Sherman/GOVERNMENT RESEARCHER; "Our tests show that the one thing you shouldn't use duct tape for is ducts. After it's been in your attic for a year or two, the adhesive breaks down and no longer sticks." Your best bet at sealing up the leaks is old fashioned mastic, a sticky goo that virtually anyone can apply.
Subject: Notes from the past week
There are a lot of links here. I hope you take a look through them.
-------
I am starting the process of moving away from depending on the Yahoo
Groups system for our archive and messages. I'll keep you up to date
as things progress. The student support link from my main page
(http://www.zse4.com/beacon) already has changed and you'll start
seeing more things there as I build our new support section.
-------
Notes from the week:
Comparing the efficacy of low cost adevertising on the web
http://danny.oz.au/design/publicity/experiment/index.html
--------
Another beacon instructor's site - good stuff take some time on this
one
http://mysite.thebeaconinstitute.com/users/davec/
--------
The national discussion forum area for Beacon Web Commerce studentshttp://www.thebeaconinstitute.com/cgi-bin/forum/dcboard.cgi?az=list&forum=ECOMM
--------
Custom icon on favorites list (This trick only works with IE5.)
If you have ever visited sites such as Yahoo and added them as a favorite, you would have noticed that the icon is very different to
other favorites in your menu.
Create an Windows format icon in 16x16 pixel size. To do this you will need an icon editor (similar to a paint program) such as Microangelo -
http://www.impactsoftware.com/muangelo/themaster/prodinfo.htm
Save it as favicon.ico.
Upload the favicon.ico file to the root directory of the website.
If you go to Wronganswers.com and add the page as a favorite, you can see my icon.
You can also associate other custon icons with different pages using the Link tag.
For more instuctions see:
http://www.webdevelopersjournal.com/articles/favicon.html
-------
Hotels in space in a decade
http://www.space.com/businesstechnology/technology/bigelow_station_010531.html
-------
Duct tape is not good for ducts:
Here's a good money saving idea: According to government research, leaks in heating and air-conditioning ducts waste 20 to 40 percent of the heating and cooling energy in a typical house. Blame the duct tape. Homeowners and contractors commonly use it to seal up the leaks.
Max Sherman/GOVERNMENT RESEARCHER; "Our tests show that the one thing you shouldn't use duct tape for is ducts. After it's been in your attic for a year or two, the adhesive breaks down and no longer sticks." Your best bet at sealing up the leaks is old fashioned mastic, a sticky goo that virtually anyone can apply.
Date: Tue May 29, 2001 10:19 am
From SlashDot - Insurer Considers Microsoft NT High-RiskBy Robert Bryce, Interactive Week - May 28, 2001 5:45 AM ET
Microsoft's server software is easy to install, loaded with features and fairly reliable. It may also be more costly to insure against hack attacks.
J.S. Wurzler Underwriting Managers, one of the first companies to offer hacker insurance, has begun charging its clients 5 percent to 15 percent more if they use Microsoft's Windows NT software in their Internet operations. Although several larger insurers said they won't increase their NT-related premiums, Wurzler's announcement indicates growing frustration with the ongoing discoveries of vulnerabilities in Microsoft's products.
Some industry observers believe other insurers may follow Wurzler's lead, which could affect the overall hacker insurance market, a sector that the Insurance Information Institute estimates may generate $2.5 billion in annual premiums by 2005.
"We saw that our NT-based clients were having more downtime" due to hacking, says John Wurzler, founder and CEO of the Michigan company, which has been selling hacker insurance since 1998.
Wurzler said the decision to charge higher premiums was not mandated by the syndicates affiliated with Lloyd's of London that underwrite the insurance he sells. Instead, the move was based on findings from 400 security assessments that his firm has done on small and midsize businesses over the past three years.
Wurzler found that system administrators working on open source systems tend to be better trained and stay with their employers longer than those at firms using Windows software, where turnover can exceed 33 percent per year. That turnover contributes to another problem: System administrators are not implementing all the patches that have been issued for Windows NT, Wurzler said.
According to Microsoft's Web site, more than 50 vulnerabilities - and the patches to fix them - have been issued for Windows NT server software since June 1998.
Microsoft spokesman Jim Desler said the hacker insurance market is still too young to declare Wurzler's move a trend. "There's not enough history or business to draw conclusions about rate-setting practices," Desler said. As the market matures, rates are likely to be based on best practices, rather than on platforms or products, he predicted. "We provide unparalleled support in the area of security."
American International Group, the country's largest insurance underwriter, said it will not raise its rates for Windows NT-based systems. Nor will Aon, the world's second largest insurance broker. The use of NT is "just one factor in the overall assessment of risks. It can be an indicator of other vulnerabilities, but you may also have other things in place to counter that, like firewalls and intrusion-detection systems," said Kevin Kalinich, a director in Aon's technology and telecommunications group.
However, Harry Croydon, CEO of Safeonline, a London risk analysis firm that works with underwriters at Lloyd's, predicted that Wurzler's decision to charge more for Windows NT machines is "a trend we will see increasing." Just as drivers who own rare cars pay more to insure them, Croydon said, "certain types of software expose you to different risks."
Although Wurzler's company is small - eight employees - digital security firms are watching it closely. Bruce Schneier, Counterpane Internet Security's co-founder and chief technical officer, said it makes sense for underwriters to differentiate premiums based on the type of software and hardware that's used. "Insurance companies are looking to manage their risk effectively. If there's a technology that reduces risk, they'll charge lower premiums," Schneier said.
Indeed, several insurers offer discounts to clients that use managed security service providers or put certain security devices on their networks. For example, last week, AIG said it will cut premiums up to 10 percent for clients that use a new security device made by Invicta Networks, a Virginia company headed by Victor Sheymov, a former KGB agent. Invicta claims its device, which uses an Internet Protocol address-shifting technology, is impossible to hack.
Windows-based servers are frequently victimized by hackers. From August 1999 to November 2000, 56 percent of all the successful, documented hack attacks occurred on systems using Microsoft server software, according to statistics posted at Attrition.org, a Web site that records hackers' exploits.
Given Windows NT's record, Gene Spafford, the director of Purdue University's Center for Education and Research in Information Assurance and Security, believes higher insurance premiums may be justified. "NT is more difficult to install correctly and keep up to date than Linux," Spafford said.
Right now, it appears that Wurzler is going it alone among insurers by charging higher premiums to Windows NT users. But Wurzler said the higher prices are not costing his company customers.
A policy covering revenue lost due to hacking costs about $4,000 per year for each $1 million in coverage, he said.
About half of his clients use Windows NT, Wurzler said; the rest use Linux or Unix. Given that breakdown, he said it's easy to justify higher rates for NT machines. "Why should a Unix player with fewer vulnerabilities subsidize NT users?" Wurzler asked.
And Wurzler's not through with Microsoft. He said his firm is looking at vulnerabilities in Microsoft's Internet Information Server software, and that it may soon begin charging higher premiums for that product, too.
From SlashDot - Insurer Considers Microsoft NT High-RiskBy Robert Bryce, Interactive Week - May 28, 2001 5:45 AM ET
Microsoft's server software is easy to install, loaded with features and fairly reliable. It may also be more costly to insure against hack attacks.
J.S. Wurzler Underwriting Managers, one of the first companies to offer hacker insurance, has begun charging its clients 5 percent to 15 percent more if they use Microsoft's Windows NT software in their Internet operations. Although several larger insurers said they won't increase their NT-related premiums, Wurzler's announcement indicates growing frustration with the ongoing discoveries of vulnerabilities in Microsoft's products.
Some industry observers believe other insurers may follow Wurzler's lead, which could affect the overall hacker insurance market, a sector that the Insurance Information Institute estimates may generate $2.5 billion in annual premiums by 2005.
"We saw that our NT-based clients were having more downtime" due to hacking, says John Wurzler, founder and CEO of the Michigan company, which has been selling hacker insurance since 1998.
Wurzler said the decision to charge higher premiums was not mandated by the syndicates affiliated with Lloyd's of London that underwrite the insurance he sells. Instead, the move was based on findings from 400 security assessments that his firm has done on small and midsize businesses over the past three years.
Wurzler found that system administrators working on open source systems tend to be better trained and stay with their employers longer than those at firms using Windows software, where turnover can exceed 33 percent per year. That turnover contributes to another problem: System administrators are not implementing all the patches that have been issued for Windows NT, Wurzler said.
According to Microsoft's Web site, more than 50 vulnerabilities - and the patches to fix them - have been issued for Windows NT server software since June 1998.
Microsoft spokesman Jim Desler said the hacker insurance market is still too young to declare Wurzler's move a trend. "There's not enough history or business to draw conclusions about rate-setting practices," Desler said. As the market matures, rates are likely to be based on best practices, rather than on platforms or products, he predicted. "We provide unparalleled support in the area of security."
American International Group, the country's largest insurance underwriter, said it will not raise its rates for Windows NT-based systems. Nor will Aon, the world's second largest insurance broker. The use of NT is "just one factor in the overall assessment of risks. It can be an indicator of other vulnerabilities, but you may also have other things in place to counter that, like firewalls and intrusion-detection systems," said Kevin Kalinich, a director in Aon's technology and telecommunications group.
However, Harry Croydon, CEO of Safeonline, a London risk analysis firm that works with underwriters at Lloyd's, predicted that Wurzler's decision to charge more for Windows NT machines is "a trend we will see increasing." Just as drivers who own rare cars pay more to insure them, Croydon said, "certain types of software expose you to different risks."
Although Wurzler's company is small - eight employees - digital security firms are watching it closely. Bruce Schneier, Counterpane Internet Security's co-founder and chief technical officer, said it makes sense for underwriters to differentiate premiums based on the type of software and hardware that's used. "Insurance companies are looking to manage their risk effectively. If there's a technology that reduces risk, they'll charge lower premiums," Schneier said.
Indeed, several insurers offer discounts to clients that use managed security service providers or put certain security devices on their networks. For example, last week, AIG said it will cut premiums up to 10 percent for clients that use a new security device made by Invicta Networks, a Virginia company headed by Victor Sheymov, a former KGB agent. Invicta claims its device, which uses an Internet Protocol address-shifting technology, is impossible to hack.
Windows-based servers are frequently victimized by hackers. From August 1999 to November 2000, 56 percent of all the successful, documented hack attacks occurred on systems using Microsoft server software, according to statistics posted at Attrition.org, a Web site that records hackers' exploits.
Given Windows NT's record, Gene Spafford, the director of Purdue University's Center for Education and Research in Information Assurance and Security, believes higher insurance premiums may be justified. "NT is more difficult to install correctly and keep up to date than Linux," Spafford said.
Right now, it appears that Wurzler is going it alone among insurers by charging higher premiums to Windows NT users. But Wurzler said the higher prices are not costing his company customers.
A policy covering revenue lost due to hacking costs about $4,000 per year for each $1 million in coverage, he said.
About half of his clients use Windows NT, Wurzler said; the rest use Linux or Unix. Given that breakdown, he said it's easy to justify higher rates for NT machines. "Why should a Unix player with fewer vulnerabilities subsidize NT users?" Wurzler asked.
And Wurzler's not through with Microsoft. He said his firm is looking at vulnerabilities in Microsoft's Internet Information Server software, and that it may soon begin charging higher premiums for that product, too.
Date: Tue May 22, 2001 7:56 pm
Subject: Timetable for .biz and .info TLDs
From WebProNews- For those of you interested in getting a .biz domain name, the process started Monday (May 21, 2001). The way the controlling company of .biz, neulevel.com, is doing it is in a three step process:
Step One (May 21 to July 9)
If you have your domain name trademarked, you will have the first right to preserve your name in the .biz world. It started Monday 21st, 2001 and will end on July 9th, 2001. After this date, you won't have the special preference to claim your right of having your trademarked name also registered as a .biz.
Step Two (July 9th? to September 25th)
This step allows the registrars to collect cash early...uh..I mean "allow businesses and individuals to submit domain name requests prior to the actual launch of .biz."
"At the end of the Domain Name Application window (September 25), domain names will be awarded to selected registrants."
"Because Step 2 provides entry into the Name Selection process, it increases your chances of registering your first choice of names."
Step Three (October 1st until you run out of money)
On October 1, 2001 .biz domain names is an open name game for everyone.
Check neulevel.com for more info.
A Name On The .Info World
Sunrise Period (June 25th/July 1st to July 30th appx.)
"Owners of any current trademark or service mark that have national effect prior to October 2, 2000 are eligible to register a domain name during the Sunrise period."
"The Sunrise Period is estimate to commence approximately 45 days following the signing of the agreement with ICANN."
According to the controller, afilias.com's website, May 15, 2001 was the day that they signed with ICANN. Therefore, it should be somewhere around the last week in June when the trademarked dates can be registered.
"The Sunrise period will be available to IP owners for approximately 30 days, and will be followed by a quiet period of up to 15 days."
Start-Up Period (August 15th - No completion date given)
"The Start-Up Period, estimated to begin about 15 days after the completion of the Sunrise Period, will open registration to the general public."
Post-Start-Up Period (Unknown Dates)
"The Post-Start-Up Period, estimated to begin approximately 3 days after the completion of Start Up, is also open to anyone wishing to register a .info domain and will allow for real-time registration on a first-come, first-served basis."
Check afilias.com for more info. on .info
Subject: Timetable for .biz and .info TLDs
From WebProNews- For those of you interested in getting a .biz domain name, the process started Monday (May 21, 2001). The way the controlling company of .biz, neulevel.com, is doing it is in a three step process:
Step One (May 21 to July 9)
If you have your domain name trademarked, you will have the first right to preserve your name in the .biz world. It started Monday 21st, 2001 and will end on July 9th, 2001. After this date, you won't have the special preference to claim your right of having your trademarked name also registered as a .biz.
Step Two (July 9th? to September 25th)
This step allows the registrars to collect cash early...uh..I mean "allow businesses and individuals to submit domain name requests prior to the actual launch of .biz."
"At the end of the Domain Name Application window (September 25), domain names will be awarded to selected registrants."
"Because Step 2 provides entry into the Name Selection process, it increases your chances of registering your first choice of names."
Step Three (October 1st until you run out of money)
On October 1, 2001 .biz domain names is an open name game for everyone.
Check neulevel.com for more info.
A Name On The .Info World
Sunrise Period (June 25th/July 1st to July 30th appx.)
"Owners of any current trademark or service mark that have national effect prior to October 2, 2000 are eligible to register a domain name during the Sunrise period."
"The Sunrise Period is estimate to commence approximately 45 days following the signing of the agreement with ICANN."
According to the controller, afilias.com's website, May 15, 2001 was the day that they signed with ICANN. Therefore, it should be somewhere around the last week in June when the trademarked dates can be registered.
"The Sunrise period will be available to IP owners for approximately 30 days, and will be followed by a quiet period of up to 15 days."
Start-Up Period (August 15th - No completion date given)
"The Start-Up Period, estimated to begin about 15 days after the completion of the Sunrise Period, will open registration to the general public."
Post-Start-Up Period (Unknown Dates)
"The Post-Start-Up Period, estimated to begin approximately 3 days after the completion of Start Up, is also open to anyone wishing to register a .info domain and will allow for real-time registration on a first-come, first-served basis."
Check afilias.com for more info. on .info
MasterClone? Credit Card ‘Skimming’ Costs Millions
By Samira Beavis
L O N D O N, May 21 — If you think cloning is just about creating identical sheep, you better grab hold of your wallet. Cloning, also known as skimming, is a burgeoning and highly effective form of credit card fraud.
STORY HIGHLIGHTS
Unknowing Victim Fraud Adds up to Millions Working the Scam Used, Discarded London at Heart 'A Global Problem'
Skimming is costing credit card users stateside and worldwide millions in phony charges, as stolen clones are sold and used in the United States and elsewhere around the globe.
The practice took off in the United States several years ago and is beginning to approach the scale of fraud that plagued credit cards in the early 1990s before new precautions were taken, according to Gregg James, a special agent with the Secret Service's Financial Crimes Division in Washington.
As many as 10 to 15 restaurants a week around the United States are cited by industry sources as harboring skimmers, James says. And while the agency and credit card companies are tight-lipped about the actual dollar losses because of competitive concerns, he called New York a "hotbed" of skimming among U.S. cities. Skimming is also keeping Canadian authorities busy and is growing in Mexico.
"Any place you use your card, you could be a victim," adds James.
An Unknowing Victim
Kathryn Mangold learned that the hard way.
A manager at a leading hospital in London — where the scam so far is centered — she unknowingly became a victim in April, when a week after shopping in central London she received a letter from Barclaycard, Britain’s biggest credit card company, which had issued her Visa card.
Normally very vigilant and careful with her cards, she was shocked to read that there had been abnormal activity on her account. After speaking directly to the bank she found out that someone had gone on a shopping spree the weekend after her shopping trip and, using her card details, they had spent the equivalent of more than $800 in a computer superstore and a toy store chain.
Lucky for her, the bank acted quickly and canceled her account number.
Says Mangold, “Although my faith in credit cards has been shaken there is no viable alternative at the moment.”
Fraud Adds up to Millions a Year
Mangold has plenty of company. Skimming is costing credit card issuers the equivalent of more than $350,000 a day.
According to the group that manages the United Kingdom’s payment clearance system, such counterfeit fraud is responsible for losses of $72 million in Britain in 1999. That figure almost doubled last year and is expected to double again this year.
And experts say skimming is also one of the most difficult types of credit card fraud to prevent, because the criminals work so fast that they leave almost no trace.
Interactive Step-by-Step Guide to Skimming
Working the Skimming Scam
Here’s how the scam is run. Criminal gangs recruit gofers, who then find temporary work within restaurants, hotels and retail outlets. The recruits are given small, illicit, electronic devices known as skimmers that capture all of the credit or debit card’s details in the few seconds that it takes to swipe the card through the machine.
When unsuspecting customers go to pay their bill, their card is first swiped through the legitimate credit card machine, but then, secretly, it is also swiped through the smaller skimmer machine.
The gofers then pass the gadgets onto counterfeiters, who pay them the equivalent of around $150 for their part in the crime. Once the details have been given to counterfeiters, they download the information onto a computer and make up a fake card.
The "cloned" card is embossed with the details of the victim’s credit card and passed on to gang members who, police say, may sell it for between $400 and $700, depending on the perceived credit limit.
Used for Two Days, Discarded
Gold or platinum cards are normally targeted because of their higher credit limit, meaning the bank takes longer to realize there is a problem. And criminals spend, on average, about $2,800 per card, with large and frequent transactions typically over a two-day period before discarding the card, according to one expert.
While the whole process of getting a cloned card onto the streets can take less than a day, the customer is none the wiser, since his own his credit card is in his wallet. In fact, victims may not realize they’ve been taken until they check their statements at the end of the month.
By that time the criminal has moved on and the electronic and paper trails are cold. In lucky circumstances, like Mangold’s, bank computers pick up on unusual account activity and contact their client sooner.
How to Avoid Getting ‘Cloned’
Never let your credit or debit card out of your sight.
Rigorously check monthly statements.
Contact your bank immediately if there are any transactions that are not recognized.
Do not throw away card receipts. Keep them to check against your statement.
London at Heart of the Action
While skimming is affecting credit card users throughout the world, London has become the center for this latest scam. London police recently cracked a massive credit card fraud ring and earlier this year, two Russian nationals were sentenced to four years each and also served with a deportation order for their part in the crime.
One, Vladimir Stronguine, distributed skimming devices and controlled a network of Eastern European waiters working throughout London’s restaurants. The second, Alexander Tanov, was the “card maker” who had turned his bedroom into a credit card factory.
Tanov’s equipment was capable of producing near perfect replicas of American Express, Visa and MasterCard credit cards. Police found 500 credit card details on his computer — only one in five had been taken from cards issued by British banks, the rest had been lifted from cards issued in the United States and Europe.
At the time of the arrests, police found evidence of fraud totaling $300,000. Had the Russians been left to continue, authorities believe the operation would have resulted in losses of $7 million.
'It Is a Global Problem'
According to Tim Parsons of the City of London Police, organized crime gangs from the Continent and Eastern Europe, Asia, Russia and Africa, are targeting central London because of the thousands of people who visit daily.
“Tourists areas are especially being hit because they tend to be easy targets,” added Parson. “People normally always have credit cards on them.”
But while card details are often stolen in Britain, experts say the cloned cards are used all over Europe, the Middle East, Asia and America.
“The rapid growth in counterfeit fraud is not a U.K.-based problem, it is a global problem,” says Brian Moore of Europay, the European arm of MasterCard International. “Coupled with the fact that fraud is no longer an opportunist crime but an organized crime, people need to be very aware of where their card is at all times.”
Skimming, Step by Step
Protecting Cards With Chips, Pins
In a drive for new technology to avoid such scams, the banking industry is spending about $300 million rolling out credit cards implanted with “smart chips.” The chips will hold all the details that the magnetic strip have on them but they are securely wrapped in technology and “virtually impregnable.” If a duplicate card is made and used then the terminal that the card is used at will recognize that it should have a chip implanted in it and it will be programmed to retain the card.
In the last few months MasterCard and U.S.-based Mag-Tek, the international provider of card reader technology and products, have also joined forces to research and develop solutions to combat this type of fraud.
Ideas being looked at include encoding the data on the magnetic strip so that each credit card is unique and not replicable. Also under exploration is the introduction of a PIN system, in which the signature on the back of the card is abolished and, instead, when it comes to paying your bill the retail shop or restaurant provides a hand-held terminal on which users type their secret PIN numbers. Adopted in France 10 years ago, it has reduced French credit card fraud by 80 percent.
But Richard Tyson-Davies of APACS, which oversees the British payment clearance system, says the industry’s technology-based response to this problem will take at least two or three years to have any effect.
Meanwhile, combat this type of fraud with extra vigilance, advises Brian Moore of Europay. “When paying your bill follow the assistant or waiter to the credit card terminal and keep eye contact with your card at all times. Do not let it out of your sight.”
By Samira Beavis
L O N D O N, May 21 — If you think cloning is just about creating identical sheep, you better grab hold of your wallet. Cloning, also known as skimming, is a burgeoning and highly effective form of credit card fraud.
STORY HIGHLIGHTS
Unknowing Victim Fraud Adds up to Millions Working the Scam Used, Discarded London at Heart 'A Global Problem'
Skimming is costing credit card users stateside and worldwide millions in phony charges, as stolen clones are sold and used in the United States and elsewhere around the globe.
The practice took off in the United States several years ago and is beginning to approach the scale of fraud that plagued credit cards in the early 1990s before new precautions were taken, according to Gregg James, a special agent with the Secret Service's Financial Crimes Division in Washington.
As many as 10 to 15 restaurants a week around the United States are cited by industry sources as harboring skimmers, James says. And while the agency and credit card companies are tight-lipped about the actual dollar losses because of competitive concerns, he called New York a "hotbed" of skimming among U.S. cities. Skimming is also keeping Canadian authorities busy and is growing in Mexico.
"Any place you use your card, you could be a victim," adds James.
An Unknowing Victim
Kathryn Mangold learned that the hard way.
A manager at a leading hospital in London — where the scam so far is centered — she unknowingly became a victim in April, when a week after shopping in central London she received a letter from Barclaycard, Britain’s biggest credit card company, which had issued her Visa card.
Normally very vigilant and careful with her cards, she was shocked to read that there had been abnormal activity on her account. After speaking directly to the bank she found out that someone had gone on a shopping spree the weekend after her shopping trip and, using her card details, they had spent the equivalent of more than $800 in a computer superstore and a toy store chain.
Lucky for her, the bank acted quickly and canceled her account number.
Says Mangold, “Although my faith in credit cards has been shaken there is no viable alternative at the moment.”
Fraud Adds up to Millions a Year
Mangold has plenty of company. Skimming is costing credit card issuers the equivalent of more than $350,000 a day.
According to the group that manages the United Kingdom’s payment clearance system, such counterfeit fraud is responsible for losses of $72 million in Britain in 1999. That figure almost doubled last year and is expected to double again this year.
And experts say skimming is also one of the most difficult types of credit card fraud to prevent, because the criminals work so fast that they leave almost no trace.
Interactive Step-by-Step Guide to Skimming
Working the Skimming Scam
Here’s how the scam is run. Criminal gangs recruit gofers, who then find temporary work within restaurants, hotels and retail outlets. The recruits are given small, illicit, electronic devices known as skimmers that capture all of the credit or debit card’s details in the few seconds that it takes to swipe the card through the machine.
When unsuspecting customers go to pay their bill, their card is first swiped through the legitimate credit card machine, but then, secretly, it is also swiped through the smaller skimmer machine.
The gofers then pass the gadgets onto counterfeiters, who pay them the equivalent of around $150 for their part in the crime. Once the details have been given to counterfeiters, they download the information onto a computer and make up a fake card.
The "cloned" card is embossed with the details of the victim’s credit card and passed on to gang members who, police say, may sell it for between $400 and $700, depending on the perceived credit limit.
Used for Two Days, Discarded
Gold or platinum cards are normally targeted because of their higher credit limit, meaning the bank takes longer to realize there is a problem. And criminals spend, on average, about $2,800 per card, with large and frequent transactions typically over a two-day period before discarding the card, according to one expert.
While the whole process of getting a cloned card onto the streets can take less than a day, the customer is none the wiser, since his own his credit card is in his wallet. In fact, victims may not realize they’ve been taken until they check their statements at the end of the month.
By that time the criminal has moved on and the electronic and paper trails are cold. In lucky circumstances, like Mangold’s, bank computers pick up on unusual account activity and contact their client sooner.
How to Avoid Getting ‘Cloned’
Never let your credit or debit card out of your sight.
Rigorously check monthly statements.
Contact your bank immediately if there are any transactions that are not recognized.
Do not throw away card receipts. Keep them to check against your statement.
London at Heart of the Action
While skimming is affecting credit card users throughout the world, London has become the center for this latest scam. London police recently cracked a massive credit card fraud ring and earlier this year, two Russian nationals were sentenced to four years each and also served with a deportation order for their part in the crime.
One, Vladimir Stronguine, distributed skimming devices and controlled a network of Eastern European waiters working throughout London’s restaurants. The second, Alexander Tanov, was the “card maker” who had turned his bedroom into a credit card factory.
Tanov’s equipment was capable of producing near perfect replicas of American Express, Visa and MasterCard credit cards. Police found 500 credit card details on his computer — only one in five had been taken from cards issued by British banks, the rest had been lifted from cards issued in the United States and Europe.
At the time of the arrests, police found evidence of fraud totaling $300,000. Had the Russians been left to continue, authorities believe the operation would have resulted in losses of $7 million.
'It Is a Global Problem'
According to Tim Parsons of the City of London Police, organized crime gangs from the Continent and Eastern Europe, Asia, Russia and Africa, are targeting central London because of the thousands of people who visit daily.
“Tourists areas are especially being hit because they tend to be easy targets,” added Parson. “People normally always have credit cards on them.”
But while card details are often stolen in Britain, experts say the cloned cards are used all over Europe, the Middle East, Asia and America.
“The rapid growth in counterfeit fraud is not a U.K.-based problem, it is a global problem,” says Brian Moore of Europay, the European arm of MasterCard International. “Coupled with the fact that fraud is no longer an opportunist crime but an organized crime, people need to be very aware of where their card is at all times.”
Skimming, Step by Step
Protecting Cards With Chips, Pins
In a drive for new technology to avoid such scams, the banking industry is spending about $300 million rolling out credit cards implanted with “smart chips.” The chips will hold all the details that the magnetic strip have on them but they are securely wrapped in technology and “virtually impregnable.” If a duplicate card is made and used then the terminal that the card is used at will recognize that it should have a chip implanted in it and it will be programmed to retain the card.
In the last few months MasterCard and U.S.-based Mag-Tek, the international provider of card reader technology and products, have also joined forces to research and develop solutions to combat this type of fraud.
Ideas being looked at include encoding the data on the magnetic strip so that each credit card is unique and not replicable. Also under exploration is the introduction of a PIN system, in which the signature on the back of the card is abolished and, instead, when it comes to paying your bill the retail shop or restaurant provides a hand-held terminal on which users type their secret PIN numbers. Adopted in France 10 years ago, it has reduced French credit card fraud by 80 percent.
But Richard Tyson-Davies of APACS, which oversees the British payment clearance system, says the industry’s technology-based response to this problem will take at least two or three years to have any effect.
Meanwhile, combat this type of fraud with extra vigilance, advises Brian Moore of Europay. “When paying your bill follow the assistant or waiter to the credit card terminal and keep eye contact with your card at all times. Do not let it out of your sight.”
And an explanation about why Airplanes don't fly the way that physicists say they do:
http://www.nationalpost.com/home/story.html?f=/stories/20010508/555561.html
From: "Dan L. Barker"
Date: Tue May 8, 2001 12:30 pm
Subject: Steganography
An article about steganography (the alternative to cryptography) in today's Slashdot:
http://slashdot.org/features/01/05/03/2043244.shtml
The next major battle between hackers and the Corporate Republic will almost surely involve the relatively unknown fields of steganography and digital watermarking, otherwise known as Information Hiding, a scientific discipline to take very seriously. This is where the big three digital policy issues -- privacy, security and copyright -- all collide head-on with corporatism. If they hated Napster, they'll really go nuts over rapidly evolving research into how to hide data inside data. (Read more.)
The engineers and nerds who still run the Tech Nation generally keep their noses to the grindstone. They're disinclined to ponder the long view when it comes to developing new technology, preparing for the many public-policy issues surrounding the things they create.
And policy and technology collide all the time, from the building of the Interstate Highway to the space program to the Net. Three particular hot points emerge, when it comes to civics and technology: security, privacy and intellectual property. Naturally, there's very little rational public or media discussion of any of them, beyond hysteria about violence, cracking, theft and porn.
Steganography is the means by which two or more parties may communicate using invisible communications -- even the act of communicating is disguised. This sort of Information hiding -- as opposed to traditional cryptography -- could upend conventional wisdom about copyright, intellectual property and control of data online. The very idea of digital information hiding is almost bitterly ironic: The Net is the most open information culture ever, yet encroachments by corporatism and government are spawning an entire movement and discipline devoted to new techniques for hiding rather than opening data.
Some parties already understand the import of this struggle. Several weeks ago, academic SDMI (Secure Digital Music Initiative) researchers canceled a presentation they'd planned at the Fourth Information Hiding Workshop in Pittsburgh. The reason: pressure from the Recording Industry of America (RIAA), concerned that the release of data about advances in watermarking would undermine its long, expensive and still largely unsuccessful efforts to shut down free music on the Net.
Last week, Declan McCullagh of Wired News reported from the conference that Microsoft has developed a prototype system that limits unauthorized music playback by embedding a watermark that remains permanently attached to audio files. (Note: A conventional watermark is a normally invisible pressure mark in expensive paper which can be seen only when the paper is held up to a strong light. Digital watermarks are embedded in computer files as a pattern of bits which appear to be part of the file and are not noticeable to the user. These patterns can be used to detect unauthorized copies.)
During a security panel, reported McCullagh, a Microsoft research scientist demonstrated how the hidden copyright infringement fingerprint is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded. If the recording industry begins to include watermarks in its song files, Windows would refuse to play copyrighted music that was obtained illegally (as defined by the Digital Millenium Copyright Act, written by corporate lobbyists, enthusiastically passed by a Congress besotted with corporate money, and signed by a pliant President Clinton two years ago).
Every few years, the war over control of information online seems to escalate. Cryptography suddenly became critical when businesses started to buy and build networked computer systems and people began exchanging money online. Viruses and other epidemics gained widespread national attention once substantial numbers of computer users began trading programs. When the Net exploded, manufacturing firewalls became an industry.
Now the digerati are making a lot of noise about collaborative filtering and blocking and discussions systems, from weblogs to blogs to other peer-to-peer systems, but steganography is a vastly more significant development. Information Hiding, driven by the most significant policy issues of the Digital Age -- privacy, copyright protection and state surveillance -- is the battleground. It comes as the stakes rise in the conflict between proprietary and open information systems.
This week, according to the New York Times, Microsoft will unveil a broad campaign to counter the open source and free software movements, arguing that it undermines the intellectual property of nations and businesses. The campaign, says John Markoff in the Times, is part of Microsoft's new effort to raise questions about the limits of innovation in open-source approach, to advance the idea that companies who embrace open source are putting their intellectual property at risk. In this context, as the battle lines around content and property become clear, the role of Information Hiding grows more critical.
During much of its growth, the Net escaped the attention of government and politics. That's hardly the case now. Federal law enforcement agencies want the right to track information online. Businesses are terrified about the rise in free and shared data. In the Corporate Republic, business and government both grasp the essence of copyright, security and privacy issues. The war over free music has, almost from the first, been the aspect of this Information Age conflict most visible to the public, a testing ground for new technologies and applications that bring new threats and spark the reinvention of new protection philosophies and mechanisms.
Corporate lobbyists have successfully advanced the idea -- via an expensive, sophisticated media and political campaign -- that new laws and initiatives (from the SDMI to the Sonny Bono Copyright Act to the Digital Millenium Copyright Act) -- are necessary to protect intellectual property from pirates online. It's not so simple. These laws, some horrific in their impact on free speech and the fluid movements of creative works, primarily protect corporate revenues, not intellectual freedom or the rights of creators and artists.
Hiding information in modern media, sometimes in plain sight, has cropped up in music and DVD battles, especially regarding DeCSS, the program developed to allow the descrambling of DVD movies. (The writers of the program reverse-engineered the CSS scrambling methods that the Motion Picture Association of America uses to prevent DVD's from playing on unlicensed player.)
There's little published material about steganography, and what has been written costs a fortune. Information Hiding: Techniques for Steganography and Digital Watermarking edited by Stefan Katzenbeisse and Fabien A.P. Petitcolas, published by Artech House, costs nearly $100. But for anyone whose future work in the future involves information, privacy, security or copyright, you couldn't spend the money more wisely. Steganography manuals may be essential tools of the hacker nation in the coming years, as they fend off corporate and government regulations and intrusions.
The book provides an authorative overview of steganography and digital watermarking. Steganography, the book explains, studies ways to make communication invisible by hiding secrets in innocuous messages, whereas watermarking originates from the perceived need for copyright protection of digital media.
Until recently, traditional cryptography received much more attention in the tech world, but that's changing quickly. The first academic conference on stenography took place in l996, driven by concern over copyright and the growing corporate panic over the ease of making perfect digital copies of audio, video and other works. Katzenbeisse and Petitcolas have assembled reports that describe the new field of information hiding and its many possible applications, and describes watermarking systems and digital fingerprinting. The book also talks about the increasingly complex legal implications of copyright.
Anyone interested in the future of open media, or in issues related to privacy, copyright or security, will be particularly mesmerized by the chapter "Fingerprinting," written by John-Hyeon Lee. In this context, "fingerprints" are characteristics of an object that tend to distinguish it from similiar objects. The primary application of digital fingerprints is copyright protection. The techniques Lee describes don't prevent users from copying data or works, but they enable owners to track down users distributing them illegally.
Since corporate lobbyists have re-defined what is and isn't legal when it comes to copyright in the 21st Century, this kind of fingerprinting has stunning civil liberties implications. This technology goes well beyond the software programs tracking Web use and pages; it gives governments, lawyers and corporations a way to follow and identify, thus control, almost every kind of digitally transmitted information. Fingerprints can also be used for high speed searching.
"Fingerprinting," writes Lee, "is not designed to reveal the exact relationship between the copyrighted product and the product owner unless he or she violates its legal use. Compared with cryptography, this property may look incomplete and imprecise, but it may appeal to users and markets." It sure will.
Fingerprinting may not be designed to reveal relationships between copyrighted products and owners, but there's no reason it wouldn't be used for that purpose. That seems inevitable given the high priority billion dollar media and entertainment conglomerates have put on enforcing copyright online.
Information hiding arises against a backdrop of growing confusion and confrontation about security and copyright, which has no global standard. In China, intellectual property is owned by the state. In the United States, copyright is being redefined by corporatists to grant businesses total contol over ideas in perpetuity, a perversion of the original American idea, which was to give creators and the public both acess to intellectual property, never intended to fall exclusively and in perpetuity into private hands. How can these legal and technical applicatiions be handled rationally, let alone democratically, when every country that hosts the Net sets different standards for privacy and security?
Different cultures not only have radically different notions about copyright, but view culture itself very differently. What the United States considers pornographic might be perfectly acceptable in saner countries like Holland or Finland. Conversely, what is protected as free speech here isn't protected at all in much of the world.
So Information Hiding becomes politically important, as well as technologically central. Steganographers may ultimately decide whether movements like open source and free software can prosper and grow in the face of well-funded and organized attacks by corporations like Microsoft and industries like the record companies. They may give music lovers a way to defy powerful corporations and retain the right of access to the culture they've experienced freely for years. They may preserve the idea of security against state surveillance, intrusive educational systems, or even the private businesses forever collecting personal data.
It's not a huge stretch to say that steganographers may determine whether the Net -- and much of the data that moves through it -- stays free or not. All the more important to understand what they do.
Date: Tue May 8, 2001 12:30 pm
Subject: Steganography
An article about steganography (the alternative to cryptography) in today's Slashdot:
http://slashdot.org/features/01/05/03/2043244.shtml
The next major battle between hackers and the Corporate Republic will almost surely involve the relatively unknown fields of steganography and digital watermarking, otherwise known as Information Hiding, a scientific discipline to take very seriously. This is where the big three digital policy issues -- privacy, security and copyright -- all collide head-on with corporatism. If they hated Napster, they'll really go nuts over rapidly evolving research into how to hide data inside data. (Read more.)
The engineers and nerds who still run the Tech Nation generally keep their noses to the grindstone. They're disinclined to ponder the long view when it comes to developing new technology, preparing for the many public-policy issues surrounding the things they create.
And policy and technology collide all the time, from the building of the Interstate Highway to the space program to the Net. Three particular hot points emerge, when it comes to civics and technology: security, privacy and intellectual property. Naturally, there's very little rational public or media discussion of any of them, beyond hysteria about violence, cracking, theft and porn.
Steganography is the means by which two or more parties may communicate using invisible communications -- even the act of communicating is disguised. This sort of Information hiding -- as opposed to traditional cryptography -- could upend conventional wisdom about copyright, intellectual property and control of data online. The very idea of digital information hiding is almost bitterly ironic: The Net is the most open information culture ever, yet encroachments by corporatism and government are spawning an entire movement and discipline devoted to new techniques for hiding rather than opening data.
Some parties already understand the import of this struggle. Several weeks ago, academic SDMI (Secure Digital Music Initiative) researchers canceled a presentation they'd planned at the Fourth Information Hiding Workshop in Pittsburgh. The reason: pressure from the Recording Industry of America (RIAA), concerned that the release of data about advances in watermarking would undermine its long, expensive and still largely unsuccessful efforts to shut down free music on the Net.
Last week, Declan McCullagh of Wired News reported from the conference that Microsoft has developed a prototype system that limits unauthorized music playback by embedding a watermark that remains permanently attached to audio files. (Note: A conventional watermark is a normally invisible pressure mark in expensive paper which can be seen only when the paper is held up to a strong light. Digital watermarks are embedded in computer files as a pattern of bits which appear to be part of the file and are not noticeable to the user. These patterns can be used to detect unauthorized copies.)
During a security panel, reported McCullagh, a Microsoft research scientist demonstrated how the hidden copyright infringement fingerprint is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded. If the recording industry begins to include watermarks in its song files, Windows would refuse to play copyrighted music that was obtained illegally (as defined by the Digital Millenium Copyright Act, written by corporate lobbyists, enthusiastically passed by a Congress besotted with corporate money, and signed by a pliant President Clinton two years ago).
Every few years, the war over control of information online seems to escalate. Cryptography suddenly became critical when businesses started to buy and build networked computer systems and people began exchanging money online. Viruses and other epidemics gained widespread national attention once substantial numbers of computer users began trading programs. When the Net exploded, manufacturing firewalls became an industry.
Now the digerati are making a lot of noise about collaborative filtering and blocking and discussions systems, from weblogs to blogs to other peer-to-peer systems, but steganography is a vastly more significant development. Information Hiding, driven by the most significant policy issues of the Digital Age -- privacy, copyright protection and state surveillance -- is the battleground. It comes as the stakes rise in the conflict between proprietary and open information systems.
This week, according to the New York Times, Microsoft will unveil a broad campaign to counter the open source and free software movements, arguing that it undermines the intellectual property of nations and businesses. The campaign, says John Markoff in the Times, is part of Microsoft's new effort to raise questions about the limits of innovation in open-source approach, to advance the idea that companies who embrace open source are putting their intellectual property at risk. In this context, as the battle lines around content and property become clear, the role of Information Hiding grows more critical.
During much of its growth, the Net escaped the attention of government and politics. That's hardly the case now. Federal law enforcement agencies want the right to track information online. Businesses are terrified about the rise in free and shared data. In the Corporate Republic, business and government both grasp the essence of copyright, security and privacy issues. The war over free music has, almost from the first, been the aspect of this Information Age conflict most visible to the public, a testing ground for new technologies and applications that bring new threats and spark the reinvention of new protection philosophies and mechanisms.
Corporate lobbyists have successfully advanced the idea -- via an expensive, sophisticated media and political campaign -- that new laws and initiatives (from the SDMI to the Sonny Bono Copyright Act to the Digital Millenium Copyright Act) -- are necessary to protect intellectual property from pirates online. It's not so simple. These laws, some horrific in their impact on free speech and the fluid movements of creative works, primarily protect corporate revenues, not intellectual freedom or the rights of creators and artists.
Hiding information in modern media, sometimes in plain sight, has cropped up in music and DVD battles, especially regarding DeCSS, the program developed to allow the descrambling of DVD movies. (The writers of the program reverse-engineered the CSS scrambling methods that the Motion Picture Association of America uses to prevent DVD's from playing on unlicensed player.)
There's little published material about steganography, and what has been written costs a fortune. Information Hiding: Techniques for Steganography and Digital Watermarking edited by Stefan Katzenbeisse and Fabien A.P. Petitcolas, published by Artech House, costs nearly $100. But for anyone whose future work in the future involves information, privacy, security or copyright, you couldn't spend the money more wisely. Steganography manuals may be essential tools of the hacker nation in the coming years, as they fend off corporate and government regulations and intrusions.
The book provides an authorative overview of steganography and digital watermarking. Steganography, the book explains, studies ways to make communication invisible by hiding secrets in innocuous messages, whereas watermarking originates from the perceived need for copyright protection of digital media.
Until recently, traditional cryptography received much more attention in the tech world, but that's changing quickly. The first academic conference on stenography took place in l996, driven by concern over copyright and the growing corporate panic over the ease of making perfect digital copies of audio, video and other works. Katzenbeisse and Petitcolas have assembled reports that describe the new field of information hiding and its many possible applications, and describes watermarking systems and digital fingerprinting. The book also talks about the increasingly complex legal implications of copyright.
Anyone interested in the future of open media, or in issues related to privacy, copyright or security, will be particularly mesmerized by the chapter "Fingerprinting," written by John-Hyeon Lee. In this context, "fingerprints" are characteristics of an object that tend to distinguish it from similiar objects. The primary application of digital fingerprints is copyright protection. The techniques Lee describes don't prevent users from copying data or works, but they enable owners to track down users distributing them illegally.
Since corporate lobbyists have re-defined what is and isn't legal when it comes to copyright in the 21st Century, this kind of fingerprinting has stunning civil liberties implications. This technology goes well beyond the software programs tracking Web use and pages; it gives governments, lawyers and corporations a way to follow and identify, thus control, almost every kind of digitally transmitted information. Fingerprints can also be used for high speed searching.
"Fingerprinting," writes Lee, "is not designed to reveal the exact relationship between the copyrighted product and the product owner unless he or she violates its legal use. Compared with cryptography, this property may look incomplete and imprecise, but it may appeal to users and markets." It sure will.
Fingerprinting may not be designed to reveal relationships between copyrighted products and owners, but there's no reason it wouldn't be used for that purpose. That seems inevitable given the high priority billion dollar media and entertainment conglomerates have put on enforcing copyright online.
Information hiding arises against a backdrop of growing confusion and confrontation about security and copyright, which has no global standard. In China, intellectual property is owned by the state. In the United States, copyright is being redefined by corporatists to grant businesses total contol over ideas in perpetuity, a perversion of the original American idea, which was to give creators and the public both acess to intellectual property, never intended to fall exclusively and in perpetuity into private hands. How can these legal and technical applicatiions be handled rationally, let alone democratically, when every country that hosts the Net sets different standards for privacy and security?
Different cultures not only have radically different notions about copyright, but view culture itself very differently. What the United States considers pornographic might be perfectly acceptable in saner countries like Holland or Finland. Conversely, what is protected as free speech here isn't protected at all in much of the world.
So Information Hiding becomes politically important, as well as technologically central. Steganographers may ultimately decide whether movements like open source and free software can prosper and grow in the face of well-funded and organized attacks by corporations like Microsoft and industries like the record companies. They may give music lovers a way to defy powerful corporations and retain the right of access to the culture they've experienced freely for years. They may preserve the idea of security against state surveillance, intrusive educational systems, or even the private businesses forever collecting personal data.
It's not a huge stretch to say that steganographers may determine whether the Net -- and much of the data that moves through it -- stays free or not. All the more important to understand what they do.
From: "Dan L. Barker"
Date: Sat May 5, 2001 7:50 am
Subject: Hacking War
Today's news in the hacker week
--------------------
A hacker's site view on the US-China hacker's war.
http://attrition.org/security/commentary/cn-us-war.html
It includes links to many of the hacked sites, and examples of the
hack pages that were put up.
History of hacked chinese sites 1997-today (See bottom for recent
hacks): http://attrition.org/mirror/attrition/cn.html
History of .Com Hacks 1997-today (See bottom for recent hacks):
http://attrition.org/mirror/attrition/com.html
Hacks categorized by TLD: http://attrition.org/mirror/attrition/country.html
Over-all, signs of people who need something to do in their free time.
Date: Sat May 5, 2001 7:50 am
Subject: Hacking War
Today's news in the hacker week
--------------------
A hacker's site view on the US-China hacker's war.
http://attrition.org/security/commentary/cn-us-war.html
It includes links to many of the hacked sites, and examples of the
hack pages that were put up.
History of hacked chinese sites 1997-today (See bottom for recent
hacks): http://attrition.org/mirror/attrition/cn.html
History of .Com Hacks 1997-today (See bottom for recent hacks):
http://attrition.org/mirror/attrition/com.html
Hacks categorized by TLD: http://attrition.org/mirror/attrition/country.html
Over-all, signs of people who need something to do in their free time.
From Slashdot:
"A writer at the LA Times actually responded to every spam he got for a week. The resulting article about his descent into marketing hell is here.
http://www.latimes.com/business/cutting/features/lat_junk010503.htm
Of course, everything turned out to be a scam. (Duh!) But some of the scams were just pathetic enough to be funny. My faves? The pyramid scheme that helped '"George" reach his goal of making $7,000 a month within two years of getting out of prison.' And the bogus weight-loss plan that caused one sucker, er, customer, to gush, "This didn't work, but it was full of fiber and I was very regular!"" And at this very moment, some hot babes who have been clamoring to meet me electronically are finally at the door -- hallelujah!
-------------------------
Also:
eEye Digital Security was doing some testing that apparently Microsoft hadn't done on its own webserver (IIS 5.0) running on its latest OS (Windows 2000, all versions). "Within a matter of minutes," they say, "a debugger kicked in on inetinfo.exe because of a 'buffer overflow error'" -- and two weeks later, we got simultaneous announcements from Microsoft and eEye. This is a remote SYSTEM-level exploit in a popular webserver, in the wild, i.e., Danger Will Robinson. eEye says about a million servers will need to be patched; it may be more. See also eEye's droll and informative writeup, which, now that an exploit is confirmed to be in the wild today, has added some source code.
"A writer at the LA Times actually responded to every spam he got for a week. The resulting article about his descent into marketing hell is here.
http://www.latimes.com/business/cutting/features/lat_junk010503.htm
Of course, everything turned out to be a scam. (Duh!) But some of the scams were just pathetic enough to be funny. My faves? The pyramid scheme that helped '"George" reach his goal of making $7,000 a month within two years of getting out of prison.' And the bogus weight-loss plan that caused one sucker, er, customer, to gush, "This didn't work, but it was full of fiber and I was very regular!"" And at this very moment, some hot babes who have been clamoring to meet me electronically are finally at the door -- hallelujah!
-------------------------
Also:
eEye Digital Security was doing some testing that apparently Microsoft hadn't done on its own webserver (IIS 5.0) running on its latest OS (Windows 2000, all versions). "Within a matter of minutes," they say, "a debugger kicked in on inetinfo.exe because of a 'buffer overflow error'" -- and two weeks later, we got simultaneous announcements from Microsoft and eEye. This is a remote SYSTEM-level exploit in a popular webserver, in the wild, i.e., Danger Will Robinson. eEye says about a million servers will need to be patched; it may be more. See also eEye's droll and informative writeup, which, now that an exploit is confirmed to be in the wild today, has added some source code.
Date: Mon Apr 30, 2001 9:22 pm
Subject: Meta Tags - beyond the basics
From WebProNews - April 30, 2001- The Daily eZine for eBusiness Executives
Everything You Need to Know About Meta Tags
There's a plethora of different META Tags that you can make use of on your site. Because there are so many, it's impossible for me to cover all of them in this article. However, I will describe the most common ones. But let's start from the beginning, shall we?
What Are META Tags?
META tags are similar to standard HTML tags. However, there is one big difference: You have to insert all META tags between the tags on your page(s). META tags are used primarily to include information about a document. The META tags will be invisible to your site's visitors, but will be seen by browsers and search engines.
For The Search Engines
Several of the major search engines make use of the META Keyword tag, and virtually all of them make use of the Description tag. These tags help the search engine spider determine the content of your web site so that it can be indexed properly.
This is what they look like:
<META name="keywords" content="widgets, widget guide">
<META name="description" content="The ultimate guide to Widget design!">
You can also instruct the search engine robot/spider how to index your site using the robots META Tag. This is what it looks like:
<META name="robots" content="noindex,nofollow">
What the tag above does is tell the spider not to index the page that it appears on, and not to follow the links on that page. Here's a complete list of attributes for the robots tag:
index - the default, the page is added to the search engine database
noindex - the page is not added to the search engine database
nofollow - the spider doesn't follow the links on that page
none - same as "noindex, no follow"
To use any of these attributes simply replace the "noindex,nofollow" text in the example above with whatever you want to use. If you need to use more than one attribute, seperate them with a comma.
Client Pull
Have you ever seen a page that automatically refreshes to another URL after a few seconds? Did you ever wondered how it was done? I'll tell you. The page made use of one of the http-equiv META Tags to automatically "pull" you to a different page after a few seconds. Here's what the code looks like:
<META http-equiv="refresh" content="1; url=newpage.htm">
The value of content denotes how many seconds will pass before the new page is called for. If you want it to happen as soon as a person hits that page, then set the value to "0".
Prevent Caching
If you want to prevent a page being saved in your visitor's cache you can do so by inserting the following three tags:
<META HTTP-EQUIV="expires" CONTENT="0">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
Why would you want a page not to be cached? If your site is updated frequently and you always want your visitors to see the newest content/changes, or if you want to ensure that a new banner is loaded each time from your server when a page is accessed, you'll want to use the tags above.
A quick note here on banner caching: In addition to using the tags above, you'll want to append random numbers at the end of the tag calling the image. The ad serving software that I use, Spinbox, does this for me.
Rating Your Content
By using the rating META tag on your site, you can specify the appropriateness of your web site for kids. The tag looks like this:
<META name="rating" content="general">
In addition to the general rating, you can use three others. They are:
mature
restricted
14 years
Misc. Tags
Below I've listed several other popular tags that you may have seen around the web.
The generator META tag is used to specify what program was used to create your web site. Many HTML editing tools automatically insert this so that a company can gauge their market penetration. The tag looks like this:
The author tag is used to identify the author of a page. Simply replace "author's name" with your name or email address.
<META name="author" content="author's name">
The copyright tag identifies the individual or company that holds the copyright to a particular page. This is what it looks like:
<META name="copyright" content="This page and all its contents are copyright 1997-1999 by Matt Mickiewicz. All Rights Reserved.">
Tip: If you want a quick way to generate the META Keyword, Description, and no-cache tags try MetaTag Generator http://www.webmasterbase.com/free/metagen.php3
by Matt Mickiewicz
Subject: Meta Tags - beyond the basics
From WebProNews - April 30, 2001- The Daily eZine for eBusiness Executives
Everything You Need to Know About Meta Tags
There's a plethora of different META Tags that you can make use of on your site. Because there are so many, it's impossible for me to cover all of them in this article. However, I will describe the most common ones. But let's start from the beginning, shall we?
What Are META Tags?
META tags are similar to standard HTML tags. However, there is one big difference: You have to insert all META tags between the tags on your page(s). META tags are used primarily to include information about a document. The META tags will be invisible to your site's visitors, but will be seen by browsers and search engines.
For The Search Engines
Several of the major search engines make use of the META Keyword tag, and virtually all of them make use of the Description tag. These tags help the search engine spider determine the content of your web site so that it can be indexed properly.
This is what they look like:
<META name="keywords" content="widgets, widget guide">
<META name="description" content="The ultimate guide to Widget design!">
You can also instruct the search engine robot/spider how to index your site using the robots META Tag. This is what it looks like:
<META name="robots" content="noindex,nofollow">
What the tag above does is tell the spider not to index the page that it appears on, and not to follow the links on that page. Here's a complete list of attributes for the robots tag:
index - the default, the page is added to the search engine database
noindex - the page is not added to the search engine database
nofollow - the spider doesn't follow the links on that page
none - same as "noindex, no follow"
To use any of these attributes simply replace the "noindex,nofollow" text in the example above with whatever you want to use. If you need to use more than one attribute, seperate them with a comma.
Client Pull
Have you ever seen a page that automatically refreshes to another URL after a few seconds? Did you ever wondered how it was done? I'll tell you. The page made use of one of the http-equiv META Tags to automatically "pull" you to a different page after a few seconds. Here's what the code looks like:
<META http-equiv="refresh" content="1; url=newpage.htm">
The value of content denotes how many seconds will pass before the new page is called for. If you want it to happen as soon as a person hits that page, then set the value to "0".
Prevent Caching
If you want to prevent a page being saved in your visitor's cache you can do so by inserting the following three tags:
<META HTTP-EQUIV="expires" CONTENT="0">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
Why would you want a page not to be cached? If your site is updated frequently and you always want your visitors to see the newest content/changes, or if you want to ensure that a new banner is loaded each time from your server when a page is accessed, you'll want to use the tags above.
A quick note here on banner caching: In addition to using the tags above, you'll want to append random numbers at the end of the tag calling the image. The ad serving software that I use, Spinbox, does this for me.
Rating Your Content
By using the rating META tag on your site, you can specify the appropriateness of your web site for kids. The tag looks like this:
<META name="rating" content="general">
In addition to the general rating, you can use three others. They are:
mature
restricted
14 years
Misc. Tags
Below I've listed several other popular tags that you may have seen around the web.
The generator META tag is used to specify what program was used to create your web site. Many HTML editing tools automatically insert this so that a company can gauge their market penetration. The tag looks like this:
The author tag is used to identify the author of a page. Simply replace "author's name" with your name or email address.
<META name="author" content="author's name">
The copyright tag identifies the individual or company that holds the copyright to a particular page. This is what it looks like:
<META name="copyright" content="This page and all its contents are copyright 1997-1999 by Matt Mickiewicz. All Rights Reserved.">
Tip: If you want a quick way to generate the META Keyword, Description, and no-cache tags try MetaTag Generator http://www.webmasterbase.com/free/metagen.php3
by Matt Mickiewicz
World Rock Paper Scissors Society - http://www.worldrps.com/index1.html
---------------------------------------------
The dangers of boozing and online banking Cahoot: sometimes rather 'out-of-focus' after a night on the town
Online bank Cahoot has highlighted the dangers of boozing and then banking from the comfort of home.
It says that more than 1,000 customers a day log on after midnight - with "numerous" cases of people later regretting their alcohol-fuelled transactions.
"There have been instances when our helpline has recorded sheepish calls from people who carried out late night transactions while under the influence of alcohol," said Tim Sawyer, the business development director at the online bank.
"They wake up in the morning and find they've forgotten what transactions they carried out," he added.
Tipsy transactions
One 29-year-old man from Manchester admitted to Cahoot that after a night out on the town he enjoyed buying items online - usually CDs and books.
"It can mean it's quite a shock when I check my statements online, or of course, when the things arrive," he said.
Another 27-year-old from London said he once "shuffled a whole load of money around" from his current account to savings accounts in error.
"When I next went to check my balance I'd forgotten all about it and thought I'd completely overspent," he said.
One customer contacted the Cahoot call centre at 3am from a London nightclub, after his credit card had been declined.
He claimed the incident, in front of Japanese clients, could lose him a lucrative £100m contract and demanded £50,000 be put in his account immediately.
He claimed to have been a company director for nine years, but call centre records showed him to be 22-years-old. Not surprisingly his request was declined. The call centre survey for Abbey National also showed that most of Cahoot's customers are aged 25 to 44, with about a third being female.
The number of pensioners, or so-called 'grey surfers', had also doubled in the past few months.
http://news.bbc.co.uk/hi/english/business/newsid_1291000/1291313.stm
------------------------
Disgruntled CNN employees: http://www.tedsturnovers.com/
-------------------------
Other humor news: http://fark.com
---------------------------------------------
The dangers of boozing and online banking Cahoot: sometimes rather 'out-of-focus' after a night on the town
Online bank Cahoot has highlighted the dangers of boozing and then banking from the comfort of home.
It says that more than 1,000 customers a day log on after midnight - with "numerous" cases of people later regretting their alcohol-fuelled transactions.
"There have been instances when our helpline has recorded sheepish calls from people who carried out late night transactions while under the influence of alcohol," said Tim Sawyer, the business development director at the online bank.
"They wake up in the morning and find they've forgotten what transactions they carried out," he added.
Tipsy transactions
One 29-year-old man from Manchester admitted to Cahoot that after a night out on the town he enjoyed buying items online - usually CDs and books.
"It can mean it's quite a shock when I check my statements online, or of course, when the things arrive," he said.
Another 27-year-old from London said he once "shuffled a whole load of money around" from his current account to savings accounts in error.
"When I next went to check my balance I'd forgotten all about it and thought I'd completely overspent," he said.
One customer contacted the Cahoot call centre at 3am from a London nightclub, after his credit card had been declined.
He claimed the incident, in front of Japanese clients, could lose him a lucrative £100m contract and demanded £50,000 be put in his account immediately.
He claimed to have been a company director for nine years, but call centre records showed him to be 22-years-old. Not surprisingly his request was declined. The call centre survey for Abbey National also showed that most of Cahoot's customers are aged 25 to 44, with about a third being female.
The number of pensioners, or so-called 'grey surfers', had also doubled in the past few months.
http://news.bbc.co.uk/hi/english/business/newsid_1291000/1291313.stm
------------------------
Disgruntled CNN employees: http://www.tedsturnovers.com/
-------------------------
Other humor news: http://fark.com
Date: Mon Apr 23, 2001 12:35 pm
Subject: Stray links and news
The Internet Law Journal - current articles about many things we've
talked about in class or will.
http://www.tilj.com/content/ecommerce.htm
------------------------------
A link comparing advantages of the common Server Side Scripting
Languages.
http://www-106.ibm.com/developerworks/web/library/wa-sssl.html
-----------------------------
Steven Hawking - Author, Physicist, Rap Artist
http://www.mchawking.com
----------------------------
Judge Blocks Parody of 'Gone with the Wind' Sat Apr 21 16:27:32 2001 GMT
ATLANTA (Reuters) - The estate of Margaret Mitchell, the author of the Civil War epic "Gone With the Wind," won a victory on Friday when a federal judge blocked publication of a parody called "The Wind Done Gone."
U.S. District Judge Charles Pannell ruled in a 51-page decision that "The Wind Done Gone," written by Alice Randall, infringed on the copyright of Mitchell's 1936 novel. He granted a preliminary injunction against the book's publication, which had been set for June.
Mitchell's estate had sued Houghton Mifflin Co., publishers of "The Wind Done Gone," in federal district court in Atlanta, charging copyright infringement.
Houghton Mifflin said in a statement that it and Randall were disappointed in the ruling and that it planned to appeal.
"The Wind Done Gone" aims to counter Mitchell's work by depicting 19th century Southern plantation life from an African-American viewpoint. It is written from the point of view of a mixed-race plantation owner's daughter -- who might be a half sister of "Gone With the Wind" heroine Scarlett O'Hara -- on a Georgia plantation after the Civil War.
Lawyers for Mitchell's estate said Randall committed "wholesale theft of major characters" from "Gone With the Wind," which was made into a wildly popular 1939 film starring Vivian Leigh and Clark Gable.
Pannell, who heard from both sides in court on Wednesday, found that "substantial similarities" existed between the two works and that those similarities involved copyrighted material.
"The new work's use of copyrighted materials from 'Gone With the Wind' goes well beyond that which is necessary to create a parody and, thus, makes excessive use of the original work," Pannell said in his order.
Randall and her publisher had argued that her parody simply revisited the world of a famous book and did not violate copyright law.
"Today's ruling, if allowed to stand, will have a chilling effect on all those who seek to use free expression and parody to explode myths and provoke new thinking," the Boston-based publisher said in its statement after the ruling.
"I wrote this parody to ridicule a book that has wounded generations of Americans," Randall, who is black, said in the statement. "I look forward to the day when readers will be able to judge my book for themselves."
The original novel's depiction of black slaves, portrayed as a cheerful and supportive backdrop to the white protagonists' lives, is offensive to many African-Americans.
Authors who have defended the parody include novelist Harper Lee, author of "To Kill a Mockingbird," and Nobel laureate Toni Morrison.
Copyright ) 2001 Reuters Limited. All rights reserved.
Republication or redistribution of Reuters content or maintenance releases or similar, including by framing or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters and the Reuters Sphere logo are registered trademarks and trademarks of the Reuters group of companies around the world.
Subject: Stray links and news
The Internet Law Journal - current articles about many things we've
talked about in class or will.
http://www.tilj.com/content/ecommerce.htm
------------------------------
A link comparing advantages of the common Server Side Scripting
Languages.
http://www-106.ibm.com/developerworks/web/library/wa-sssl.html
-----------------------------
Steven Hawking - Author, Physicist, Rap Artist
http://www.mchawking.com
----------------------------
Judge Blocks Parody of 'Gone with the Wind' Sat Apr 21 16:27:32 2001 GMT
ATLANTA (Reuters) - The estate of Margaret Mitchell, the author of the Civil War epic "Gone With the Wind," won a victory on Friday when a federal judge blocked publication of a parody called "The Wind Done Gone."
U.S. District Judge Charles Pannell ruled in a 51-page decision that "The Wind Done Gone," written by Alice Randall, infringed on the copyright of Mitchell's 1936 novel. He granted a preliminary injunction against the book's publication, which had been set for June.
Mitchell's estate had sued Houghton Mifflin Co., publishers of "The Wind Done Gone," in federal district court in Atlanta, charging copyright infringement.
Houghton Mifflin said in a statement that it and Randall were disappointed in the ruling and that it planned to appeal.
"The Wind Done Gone" aims to counter Mitchell's work by depicting 19th century Southern plantation life from an African-American viewpoint. It is written from the point of view of a mixed-race plantation owner's daughter -- who might be a half sister of "Gone With the Wind" heroine Scarlett O'Hara -- on a Georgia plantation after the Civil War.
Lawyers for Mitchell's estate said Randall committed "wholesale theft of major characters" from "Gone With the Wind," which was made into a wildly popular 1939 film starring Vivian Leigh and Clark Gable.
Pannell, who heard from both sides in court on Wednesday, found that "substantial similarities" existed between the two works and that those similarities involved copyrighted material.
"The new work's use of copyrighted materials from 'Gone With the Wind' goes well beyond that which is necessary to create a parody and, thus, makes excessive use of the original work," Pannell said in his order.
Randall and her publisher had argued that her parody simply revisited the world of a famous book and did not violate copyright law.
"Today's ruling, if allowed to stand, will have a chilling effect on all those who seek to use free expression and parody to explode myths and provoke new thinking," the Boston-based publisher said in its statement after the ruling.
"I wrote this parody to ridicule a book that has wounded generations of Americans," Randall, who is black, said in the statement. "I look forward to the day when readers will be able to judge my book for themselves."
The original novel's depiction of black slaves, portrayed as a cheerful and supportive backdrop to the white protagonists' lives, is offensive to many African-Americans.
Authors who have defended the parody include novelist Harper Lee, author of "To Kill a Mockingbird," and Nobel laureate Toni Morrison.
Copyright ) 2001 Reuters Limited. All rights reserved.
Republication or redistribution of Reuters content or maintenance releases or similar, including by framing or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters and the Reuters Sphere logo are registered trademarks and trademarks of the Reuters group of companies around the world.
Date: Sat Apr 21, 2001 1:52 pm
Subject: From Space to Disney.
Interesting images - movies. Scroll to bottom of page. Great on the classroom projector.
http://www.gsfc.nasa.gov/GSFC/EARTH/imaging/landsat.htm
Subject: From Space to Disney.
Interesting images - movies. Scroll to bottom of page. Great on the classroom projector.
http://www.gsfc.nasa.gov/GSFC/EARTH/imaging/landsat.htm
Subject: Further down the same Silicon Daily page
http://www.siliconalleydaily.com/issues/sar04182001.html
Joining the parade of companies denying that they're Internet companies, broadband ASP On2.com (Amex: ONT) announced it would
change its name to "On2 Technologies, The Duck Corporation."
The company is returning to its roots as The Duck Corporation, while adding the techy-sounding (but not Internet-related) On2 Technologies moniker. The name change is subject to shareholder approval at the company's annual meeting in May.
On2 is the latest Alley tech company to flee the guilt-by-association of being called anything that smacks of the Internet. Back in the middle of last year, About.com never officially changed its name, but around June the company quietly began referring to itself as the more grown-up "About Inc." In April, Mail.com dropped the quite passé dot-com part and even the "Mail," changing its name to EasyLink Services, the name of a company it had recently acquired. Before it met its maker last week, Kozmo.com decided to jettison the dot-com part of its name the way John Mellencamp discarded "Cougar" in the mid-'80s. Yesterday, EarthWeb tired of that "Web" in its name, choosing instead to go by "Dice," which is the name of its IT jobs site, Dice.com. (Note: the dot-com didn't make the cut.)
In what may be the sign that we have officially arrived at the end of the era of slapping something Internet-related on every company name, Internet.com--double whammy--said it would change its name to INTMedia Group.
http://www.siliconalleydaily.com/issues/sar04182001.html
Joining the parade of companies denying that they're Internet companies, broadband ASP On2.com (Amex: ONT) announced it would
change its name to "On2 Technologies, The Duck Corporation."
The company is returning to its roots as The Duck Corporation, while adding the techy-sounding (but not Internet-related) On2 Technologies moniker. The name change is subject to shareholder approval at the company's annual meeting in May.
On2 is the latest Alley tech company to flee the guilt-by-association of being called anything that smacks of the Internet. Back in the middle of last year, About.com never officially changed its name, but around June the company quietly began referring to itself as the more grown-up "About Inc." In April, Mail.com dropped the quite passé dot-com part and even the "Mail," changing its name to EasyLink Services, the name of a company it had recently acquired. Before it met its maker last week, Kozmo.com decided to jettison the dot-com part of its name the way John Mellencamp discarded "Cougar" in the mid-'80s. Yesterday, EarthWeb tired of that "Web" in its name, choosing instead to go by "Dice," which is the name of its IT jobs site, Dice.com. (Note: the dot-com didn't make the cut.)
In what may be the sign that we have officially arrived at the end of the era of slapping something Internet-related on every company name, Internet.com--double whammy--said it would change its name to INTMedia Group.
Subject: Biggest advertising mistake ever
From Slashdot: "While I know that the issue has been beat to death several times over, Charlie Hall of LinuxGram sent me a story from Silicon Alley Daily that's currently running concerning banner ads, and some editorial musings. The proposition of the editorial is good, but man, does interruption based advertising irritate me."
http://www.siliconalleydaily.com/issues/sar04182001.html
or
http://www.siliconalleydaily.com/issues/sar04182001.html#Headline8299
From Slashdot: "While I know that the issue has been beat to death several times over, Charlie Hall of LinuxGram sent me a story from Silicon Alley Daily that's currently running concerning banner ads, and some editorial musings. The proposition of the editorial is good, but man, does interruption based advertising irritate me."
http://www.siliconalleydaily.com/issues/sar04182001.html
or
http://www.siliconalleydaily.com/issues/sar04182001.html#Headline8299
Date: Tue Apr 17, 2001 3:35 pm
Subject: A Cultural Note
The geek code http://www.geekcode.com
This has been around for a while, and if you get deep into the web side, you'll start recognizing it on people's sites.
Dan
G+++GCCGEDd+s:aC+UL-P+++W+++N+w+M++PE-Y+PGPt---5--X+R-b++DI++D---
e+++h--
Subject: A Cultural Note
The geek code http://www.geekcode.com
This has been around for a while, and if you get deep into the web side, you'll start recognizing it on people's sites.
Dan
G+++GCCGEDd+s:aC+UL-P+++W+++N+w+M++PE-Y+PGPt---5--X+R-b++DI++D---
e+++h--
Date: Mon Apr 16, 2001 11:25 am
The newest version of Microsoft Office, XP, will not include the office assistant(s).
Here is the paper clip's site to tell you about his being laid off from the computer industry:http://www.officeclippy.com/indexyes.html
There are also some Flash animations with Gilbert Godfreid as the voice of clippy. (funny that MS is using Flash on their own site.)
The newest version of Microsoft Office, XP, will not include the office assistant(s).
Here is the paper clip's site to tell you about his being laid off from the computer industry:http://www.officeclippy.com/indexyes.html
There are also some Flash animations with Gilbert Godfreid as the voice of clippy. (funny that MS is using Flash on their own site.)
Date: Thu Apr 12, 2001 6:09 pm
Subject: Remembering the past few years of the internet
The 100 dumbest events in eCommerce History: http://www.ecompany.com/edit/0,,11274,00.html
Subject: Remembering the past few years of the internet
The 100 dumbest events in eCommerce History: http://www.ecompany.com/edit/0,,11274,00.html
Subject: XHTML 1.1
from http://www.w3.org/MarkUp/
NEWS
6 April 2001: W3C is pleased to announce the advancement of XHTML 1.1 to Proposed Recommendation. The specification defines a new XHTML document type that is based upon the module framework and modules defined in Modularization of XHTML. This document type is essentially a cleaned-up version of XHTML 1.0 Strict using XHTML Modules, with the addition of ruby annotation markup. Proposed Recommendation period lasts until 7 May.
XHTML 1.1 specifications are at: http://www.w3.org/TR/2001/PR-xhtml11-20010406/
from http://www.w3.org/MarkUp/
NEWS
6 April 2001: W3C is pleased to announce the advancement of XHTML 1.1 to Proposed Recommendation. The specification defines a new XHTML document type that is based upon the module framework and modules defined in Modularization of XHTML. This document type is essentially a cleaned-up version of XHTML 1.0 Strict using XHTML Modules, with the addition of ruby annotation markup. Proposed Recommendation period lasts until 7 May.
XHTML 1.1 specifications are at: http://www.w3.org/TR/2001/PR-xhtml11-20010406/
Date: Thu Apr 5, 2001 5:48 pm
Subject: A side article
This is an article about NIST. The government agancy which defines standards in the US. They set definitions for computer standards in the US.
http://washingtonpost.com/wp-dyn/articles/A17404-2001Mar30.html
Subject: A side article
This is an article about NIST. The government agancy which defines standards in the US. They set definitions for computer standards in the US.
http://washingtonpost.com/wp-dyn/articles/A17404-2001Mar30.html
Date: Wed Apr 4, 2001 8:17 pm
Subject: Getting CIW credit for the iNet+
I've had a few of you asking about getting iNet+ credit for CIW, here
you go.
Here is the scoop:
http://www.ciwcertified.com/exams/examcredit.asp?comm=home&llm=12
Here is the actual form:
http://www.ciwcertified.com/exams/inetappform.doc
Dan
Subject: Getting CIW credit for the iNet+
I've had a few of you asking about getting iNet+ credit for CIW, here
you go.
Here is the scoop:
http://www.ciwcertified.com/exams/examcredit.asp?comm=home&llm=12
Here is the actual form:
http://www.ciwcertified.com/exams/inetappform.doc
Dan
Date: Mon Apr 2, 2001 8:13 pm
Subject: techies.Com
Miguel Gave me this link: http://northcarolina.techies.com/
It looks like some good resources for finding jobs and contracts as well as for being found in the area.
You can also see their survey results:
http://northcarolina.techies.com/Common/Home/Main/WeeklyPollResults_m.jsp?QuestionID=1500087
When you join (for free) it will take resume and job info so you can
be found by employers.
Dan
Subject: techies.Com
Miguel Gave me this link: http://northcarolina.techies.com/
It looks like some good resources for finding jobs and contracts as well as for being found in the area.
You can also see their survey results:
http://northcarolina.techies.com/Common/Home/Main/WeeklyPollResults_m.jsp?QuestionID=1500087
When you join (for free) it will take resume and job info so you can
be found by employers.
Dan
Date: Sat Mar 31, 2001 8:38 am
Subject: Space Weather
An explanation as to why the computers and internet are acting funny
today.
http://www.spaceweather.com/
SHOCK WAVE: An interplanetary shock wave passed NASA's ACE spacecraft
at 0030 UT on March 31st (7:30 pm EST on March 30th) and struck
Earth's magnetosphere about 30 minutes later. The leading edge of the
shock front was dense (~150 protons/cc) and strongly magnetized --
traits that can give rise to powerful geomagnetic disturbances.
Sky watchers living above ~40 deg. geomagnetic latitude (this
includes nearly all of the continental United States) should remain
alert for auroras after local nightfall. [NOAA geomagnetic latitude
maps: North America, Eurasia, South Africa & Australia, South America]
The March 31st shock wave might have been the first of two coronal
mass ejections (CMEs) that left the Sun earlier this week -- or
perhaps a cannibalistic combination of the two. The pair were hurled
into space by explosions near the giant sunspot 9393 on Wednesday and
Thursday. Thursday's X-class eruption (pictured right) also triggered
an ongoing S1-class proton storm around our planet.
Subject: Space Weather
An explanation as to why the computers and internet are acting funny
today.
http://www.spaceweather.com/
SHOCK WAVE: An interplanetary shock wave passed NASA's ACE spacecraft
at 0030 UT on March 31st (7:30 pm EST on March 30th) and struck
Earth's magnetosphere about 30 minutes later. The leading edge of the
shock front was dense (~150 protons/cc) and strongly magnetized --
traits that can give rise to powerful geomagnetic disturbances.
Sky watchers living above ~40 deg. geomagnetic latitude (this
includes nearly all of the continental United States) should remain
alert for auroras after local nightfall. [NOAA geomagnetic latitude
maps: North America, Eurasia, South Africa & Australia, South America]
The March 31st shock wave might have been the first of two coronal
mass ejections (CMEs) that left the Sun earlier this week -- or
perhaps a cannibalistic combination of the two. The pair were hurled
into space by explosions near the giant sunspot 9393 on Wednesday and
Thursday. Thursday's X-class eruption (pictured right) also triggered
an ongoing S1-class proton storm around our planet.
From: "Dan L. Barker"
Date: Thu Mar 29, 2001 4:26 pm
Subject: Hacker Diary
Insight into how hackers collecet victums and spend their money.
http://www.zdnet.com/zdnn/stories/news/0,4586,2703351,00.html
"This articles chronicles a day in the life of two hackers. Seems
like a reporter anonymously paid these hackers to log in their
typical day. In the article, they talk about how they fool people
with their spams and phreaking scams. Its in quite a bit of detail in
terms of what these guys do to make money (and tons of it). Obviously
these guys are breaking the law and nibbling on innocent/naive users.
Looks like AOL and other ISPs still have to beef up thier filters to
stop spamming." Not a lot of details, but its kinda interesting.
Date: Thu Mar 29, 2001 4:26 pm
Subject: Hacker Diary
Insight into how hackers collecet victums and spend their money.
http://www.zdnet.com/zdnn/stories/news/0,4586,2703351,00.html
"This articles chronicles a day in the life of two hackers. Seems
like a reporter anonymously paid these hackers to log in their
typical day. In the article, they talk about how they fool people
with their spams and phreaking scams. Its in quite a bit of detail in
terms of what these guys do to make money (and tons of it). Obviously
these guys are breaking the law and nibbling on innocent/naive users.
Looks like AOL and other ISPs still have to beef up thier filters to
stop spamming." Not a lot of details, but its kinda interesting.
This one is not a student, but it is flash. This gives another idea of what you can do with Flash and ActionScript in Flash:
http://www.dancingpaul.com/
It also makes you ask why a guy would do such a thing.
http://www.dancingpaul.com/
It also makes you ask why a guy would do such a thing.
Date: Tue Mar 27, 2001 10:46 pm
Subject: IE6 Public Beta
The public Beta of Internet Explorer 6 came out today.
Here is a review:
http://www.lockergnome.com/updates/archive/2001_03_25_index.html#29476
91
Here is the download site:
http://www.microsoft.com/windows/ie/download/preview/ie6/ie6preview.as
p
If you want a daily computer and web update I recommend you subscribe
to LockerGnome.Com. The source for the review.
Dan
Subject: IE6 Public Beta
The public Beta of Internet Explorer 6 came out today.
Here is a review:
http://www.lockergnome.com/updates/archive/2001_03_25_index.html#29476
91
Here is the download site:
http://www.microsoft.com/windows/ie/download/preview/ie6/ie6preview.as
p
If you want a daily computer and web update I recommend you subscribe
to LockerGnome.Com. The source for the review.
Dan
Date: Thu Mar 22, 2001 5:01 pm
Subject: Fake Microsoft Signatures
http://www.microsoft.com/technet/security/bulletin/MS01-017.asp
From the Microsoft Security Bulletin: 'VeriSign, Inc., recently
advised Microsoft that on January 30 and 31, 2001, it issued two
VeriSign Class 3 code-signing digital certificates to an individual
who fraudulently claimed to be a Microsoft employee. The common name
assigned to both certificates is "Microsoft Corporation".' See the
bulletin for more information. Brings a whole new meaning to the
concept of 'Windows Update.' ;)" Most users probably ignore the name
on a certificate presented to them anyway, but even that minimal
protection is worthless if certificate authorities don't perform
their job.
Microsoft Security Bulletin (MS01-017)
Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
Originally posted: March 22, 2001
Summary
Who should read this bulletin: All customers using Microsoft®
products.
Impact of vulnerability: Attacker could digitally sign code using the
name "Microsoft Corporation".
Recommendation: All customers should follow the administrative
procedures detailed in the FAQ. A software update will be issued
shortly to provide permanent remediation
Subject: Fake Microsoft Signatures
http://www.microsoft.com/technet/security/bulletin/MS01-017.asp
From the Microsoft Security Bulletin: 'VeriSign, Inc., recently
advised Microsoft that on January 30 and 31, 2001, it issued two
VeriSign Class 3 code-signing digital certificates to an individual
who fraudulently claimed to be a Microsoft employee. The common name
assigned to both certificates is "Microsoft Corporation".' See the
bulletin for more information. Brings a whole new meaning to the
concept of 'Windows Update.' ;)" Most users probably ignore the name
on a certificate presented to them anyway, but even that minimal
protection is worthless if certificate authorities don't perform
their job.
Microsoft Security Bulletin (MS01-017)
Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
Originally posted: March 22, 2001
Summary
Who should read this bulletin: All customers using Microsoft®
products.
Impact of vulnerability: Attacker could digitally sign code using the
name "Microsoft Corporation".
Recommendation: All customers should follow the administrative
procedures detailed in the FAQ. A software update will be issued
shortly to provide permanent remediation
For more fascinating articles and tutorials like this one, visit
http://www.webmonkey.com/.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The Webmonkey.com Article: Freelancing in the Web World
So you finally gave into the siren call of freelancing ("I want to work when and only when I feel like it! I want to earn insane hourly rates! No more ruts to get caught in, no more office politics to get sucked into! I'm going solo.
["Born Free" swells, fade out]). That, or your head rolled in the latest round of layoffs at your company. Or maybe your company folded altogether.
Whichever way you managed to exit Dodge, you now find yourself unencumbered by a salaried position. So you've printed up your own business cards, buffed up that e-r and e-portfolio, and now you're ready to start lining up those
clients.
But are you sure, quite sure, that you're right for the job (or lack thereof)? You may have been burned, or just burned out, by full-time employment, but are you positive that you're ready to give up the relative comfort and security of a "real" job? Like oh-so many things in life, freelancing comes with its own list of pros and cons. So before you totally break up with your steady job, let's make sure you're freelance material.
To get the rest of this article, visit: http://www.hotwired.com/webmonkey/98/44/index4a_page2.html
http://www.webmonkey.com/.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The Webmonkey.com Article: Freelancing in the Web World
So you finally gave into the siren call of freelancing ("I want to work when and only when I feel like it! I want to earn insane hourly rates! No more ruts to get caught in, no more office politics to get sucked into! I'm going solo.
["Born Free" swells, fade out]). That, or your head rolled in the latest round of layoffs at your company. Or maybe your company folded altogether.
Whichever way you managed to exit Dodge, you now find yourself unencumbered by a salaried position. So you've printed up your own business cards, buffed up that e-r and e-portfolio, and now you're ready to start lining up those
clients.
But are you sure, quite sure, that you're right for the job (or lack thereof)? You may have been burned, or just burned out, by full-time employment, but are you positive that you're ready to give up the relative comfort and security of a "real" job? Like oh-so many things in life, freelancing comes with its own list of pros and cons. So before you totally break up with your steady job, let's make sure you're freelance material.
To get the rest of this article, visit: http://www.hotwired.com/webmonkey/98/44/index4a_page2.html
From: "Udo S Reisinger"
Date: Tue Mar 20, 2001 3:20 pm
Subject: The Right Web Job for You????
I found this great article on Web Monkey...
Enjoy,
Udo
To help demystify the meanings of job titles in this ever changing industry, we've (Web Monkey) put together this special package of job descriptions. Reading through this series, you'll get an inside look at our version of these job descriptions and find out what experience and skills you'll need to land a job at a new media company.
Each author in this series will lay out what they look for when hiring for various positions...
And if your goal is to find a new job, but you don't think your skills are up to snuff for the position you have your eye on, we'll provide you with a list of Webmonkey tutorial links so you can do your homework before that next interview.
http://hotwired.lycos.com/webmonkey/98/41/index2a.html?tw=jobs
Date: Tue Mar 20, 2001 3:20 pm
Subject: The Right Web Job for You????
I found this great article on Web Monkey...
Enjoy,
Udo
To help demystify the meanings of job titles in this ever changing industry, we've (Web Monkey) put together this special package of job descriptions. Reading through this series, you'll get an inside look at our version of these job descriptions and find out what experience and skills you'll need to land a job at a new media company.
Each author in this series will lay out what they look for when hiring for various positions...
And if your goal is to find a new job, but you don't think your skills are up to snuff for the position you have your eye on, we'll provide you with a list of Webmonkey tutorial links so you can do your homework before that next interview.
http://hotwired.lycos.com/webmonkey/98/41/index2a.html?tw=jobs
Date: Mon Mar 12, 2001 11:28 am Subject: Excellent XML resource
Here's a good XML overview and reference that I received today. It is a very good technical overview of XML.
http://www.troubleshooters.com/tpromag/200103/200103.htm#_whatisxml
Dan
Here's a good XML overview and reference that I received today. It is a very good technical overview of XML.
http://www.troubleshooters.com/tpromag/200103/200103.htm#_whatisxml
Dan
From: Katherine Kantner
Sent: Friday, March 09, 2001 2:43 PM
To: dan@barker.net
Subject: interesting info on internet growth
http://www.netsizer.com/
Sent: Friday, March 09, 2001 2:43 PM
To: dan@barker.net
Subject: interesting info on internet growth
http://www.netsizer.com/
From http://www.zdnet.com/intweek/stories/news/0,4164,2692337,00.html
Tag - You're HitBy Laura Lorek, Interactive Week
March 5, 2001 6:38 AM ET
As if things weren't already hard enough, online retailers are experiencing yet another e-rip-off: electronic price tag alteration.
An estimated one-third of all shopping cart applications at Internet retailing sites have software holes that make them vulnerable to the price switching scam, said Peggy Weigle, chief executive of Sanctum, a security software company in Santa Clara, Calif.
For example, a major PC manufacturer sells a sleek new laptop for $1,600, but Weigle knows how to manipulate the company's shopping cart software code to change the price to $1.60. It's so easy, even novices can alter prices, she said.
"Thieves are coming in the front door," Weigle said. "A lot of security products have been geared to the network level, not the application level."
Here's how it works: After choosing a product and receiving pricing information, a hacker can use a standard browser's "edit page" feature to show the hidden HTML code on the page. The thief then saves the page to his computer, alters the price information and then hits the "publish" key on the browser. In many cases, that page is then accepted by the shopping cart software - and that $999 watch becomes a $3 special.
The problem isn't just in the U.S. - an estimated 40 percent of all e-commerce sites in the U.K. are susceptible to the price changing glitch, according to Saalim Chowdhury, CEO of e-commerce software development company Alphakinetic, which has been studying the flaw.
Internet retailers in the U.K. such as concert ticket sales site Aloud.com, domain name retailer CheapNames.co.uk and Welsh Internet shop Wales Direct have all been victims of the price changing scam, according to The Daily Telegraph in London.
Gauging the scope of the problem is difficult because few Internet retailers will talk about the rip-offs or admit to being hacked. Overall, fraud is estimated to occur in 11 percent of all online transactions, said Paul Fichtman, president and CEO of the Internet Fraud Council.
Many Web sites are vulnerable to hackers because the task of auditing their applications and detecting hacking is time-consuming, Weigle said.
Yet Tom Arnold, chief technology officer at CyberSource, an e-commerce software company, said most major merchants are aware of the problems and are fixing them. The merchants also have 24 hours to review orders, Arnold said, and many of them catch the pricing mistakes before the merchandise leaves the warehouse. "The more sophisticated merchants look at their orders on a daily basis," he said.
Egghead.com, an Internet retailer of electronics and software, has a software program that alerts its staff to any irregular pricing on its products, said Jeff Sheahan, Egghead's president and CEO. If a price comes up low or negative, Egghead does not honor it, he said.
Some Web sites, however, don't discover the price changes until they audit their sales at the end of the quarter or the end of the year, said Yaron Galant, director of product management at Sanctum. By that time, the thief can be far away.
To prevent price tag tampering on Web sites, Sanctum offers software tools AppScan and AppShield. AppScan is an offline security program that engineers can use while developing Web-accessible software applications. The program runs simulated hacking attacks so that programmers can plug holes before the application is made accessible to the public.
In the past few months, many Web sites have been plagued with pricing snafus resulting in a smorgasbord of bargains for consumers. Most of the problems resulted from internal computer glitches or typos, according to the companies.
A few weeks ago, 143 consumers bought round-trip tickets to Paris for $25 from United Airlines during a 55-minute window on the company's Web site. United said a computer bug caused the pricing snafu by zeroing out fares so that travelers were charged only tax and miscellaneous fees. After initially refusing the fares and getting bad publicity, the air carrier finally agreed to honor the tickets.
"Internet retailers don't want the bad publicity, so they will not admit to being hacked. It's often advertised as glitches, but looking under the hood, it's nothing more than a hack," Galant said.
Tag - You're HitBy Laura Lorek, Interactive Week
March 5, 2001 6:38 AM ET
As if things weren't already hard enough, online retailers are experiencing yet another e-rip-off: electronic price tag alteration.
An estimated one-third of all shopping cart applications at Internet retailing sites have software holes that make them vulnerable to the price switching scam, said Peggy Weigle, chief executive of Sanctum, a security software company in Santa Clara, Calif.
For example, a major PC manufacturer sells a sleek new laptop for $1,600, but Weigle knows how to manipulate the company's shopping cart software code to change the price to $1.60. It's so easy, even novices can alter prices, she said.
"Thieves are coming in the front door," Weigle said. "A lot of security products have been geared to the network level, not the application level."
Here's how it works: After choosing a product and receiving pricing information, a hacker can use a standard browser's "edit page" feature to show the hidden HTML code on the page. The thief then saves the page to his computer, alters the price information and then hits the "publish" key on the browser. In many cases, that page is then accepted by the shopping cart software - and that $999 watch becomes a $3 special.
The problem isn't just in the U.S. - an estimated 40 percent of all e-commerce sites in the U.K. are susceptible to the price changing glitch, according to Saalim Chowdhury, CEO of e-commerce software development company Alphakinetic, which has been studying the flaw.
Internet retailers in the U.K. such as concert ticket sales site Aloud.com, domain name retailer CheapNames.co.uk and Welsh Internet shop Wales Direct have all been victims of the price changing scam, according to The Daily Telegraph in London.
Gauging the scope of the problem is difficult because few Internet retailers will talk about the rip-offs or admit to being hacked. Overall, fraud is estimated to occur in 11 percent of all online transactions, said Paul Fichtman, president and CEO of the Internet Fraud Council.
Many Web sites are vulnerable to hackers because the task of auditing their applications and detecting hacking is time-consuming, Weigle said.
Yet Tom Arnold, chief technology officer at CyberSource, an e-commerce software company, said most major merchants are aware of the problems and are fixing them. The merchants also have 24 hours to review orders, Arnold said, and many of them catch the pricing mistakes before the merchandise leaves the warehouse. "The more sophisticated merchants look at their orders on a daily basis," he said.
Egghead.com, an Internet retailer of electronics and software, has a software program that alerts its staff to any irregular pricing on its products, said Jeff Sheahan, Egghead's president and CEO. If a price comes up low or negative, Egghead does not honor it, he said.
Some Web sites, however, don't discover the price changes until they audit their sales at the end of the quarter or the end of the year, said Yaron Galant, director of product management at Sanctum. By that time, the thief can be far away.
To prevent price tag tampering on Web sites, Sanctum offers software tools AppScan and AppShield. AppScan is an offline security program that engineers can use while developing Web-accessible software applications. The program runs simulated hacking attacks so that programmers can plug holes before the application is made accessible to the public.
In the past few months, many Web sites have been plagued with pricing snafus resulting in a smorgasbord of bargains for consumers. Most of the problems resulted from internal computer glitches or typos, according to the companies.
A few weeks ago, 143 consumers bought round-trip tickets to Paris for $25 from United Airlines during a 55-minute window on the company's Web site. United said a computer bug caused the pricing snafu by zeroing out fares so that travelers were charged only tax and miscellaneous fees. After initially refusing the fares and getting bad publicity, the air carrier finally agreed to honor the tickets.
"Internet retailers don't want the bad publicity, so they will not admit to being hacked. It's often advertised as glitches, but looking under the hood, it's nothing more than a hack," Galant said.
Date: Sun Mar 4, 2001 12:45 am
Subject: Weekend Update
1) WAP and HDML
Some of you have asked about Wireless Web and Cell Phone Browser
access to web sites. Here's a link to good info:
http://www.4guysfromrolla.com/webtech/LearnMore/WAP.asp
2) MySite Database connection
Below is a code example of how to use SQL commands with database
files on MySite without creating the connection in System
ODBC.
Note the path in the MICROSOFT.JET driver. You will
substitute your username for dlbarker. If you want to be able to
upadate the database they need to place the database file in the
cgi_bin directory.
Report any problems to me and we'll get them fixed.
3) More ASP Tutorials
http://www.1001tutorials.com/asp/index.shtml
Dan
--------------------ASP Code Follows--------------------
<%
Dim Connection, query, ItemList
uid = Request.QueryString("id")
Set Connection = Server.CreateObject("ADODB.Connection")
Connection.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0; DATA
SOURCE=d:\users\dlbarker\cgi_bin\store.mdb"
query = "SELECT * FROM Items"
Set ItemList = Server.CreateObject("ADODB.Recordset")
Call ItemList.Open(query, connection)
On error Resume Next
%>
Our Catalog.
Subject: Weekend Update
1) WAP and HDML
Some of you have asked about Wireless Web and Cell Phone Browser
access to web sites. Here's a link to good info:
http://www.4guysfromrolla.com/webtech/LearnMore/WAP.asp
2) MySite Database connection
Below is a code example of how to use SQL commands with database
files on MySite without creating the connection in System
ODBC.
Note the path in the MICROSOFT.JET driver. You will
substitute your username for dlbarker. If you want to be able to
upadate the database they need to place the database file in the
cgi_bin directory.
Report any problems to me and we'll get them fixed.
3) More ASP Tutorials
http://www.1001tutorials.com/asp/index.shtml
Dan
--------------------ASP Code Follows--------------------
<%
Dim Connection, query, ItemList
uid = Request.QueryString("id")
Set Connection = Server.CreateObject("ADODB.Connection")
Connection.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0; DATA
SOURCE=d:\users\dlbarker\cgi_bin\store.mdb"
query = "SELECT * FROM Items"
Set ItemList = Server.CreateObject("ADODB.Recordset")
Call ItemList.Open(query, connection)
On error Resume Next
%>
Our Catalog.
| &id=<%=uid%
>"><% =ItemList("Name") %> |
<% =ItemList("Size") %> |