Man Pleads Guilty to Rolling Own Botnet:


A man, Anthony Scott Clark,
rolled his own botnet, using a worm to take over 20,000 computers,
which he then used to launch a distributed denial of service (DDoS) attack
on eBay and others in July and August 2003.
Now he's

plead guilty in U.S. District Court in San Jose, 27 December 2005.
He could get 10 years in prison, a quarter million dollar fine, etc.,
notes
Paul Ferguson.

It's good that a bot herder got caught and may get time.
But this one was unusual, indiscreet, and probably easier to catch than most.

Apparently he actually sent the worm out himself and used the resulting
very large botnet himself.
Most bot herders don't do that.
They use off the shelf software,
they build smaller botnets, and they sell access to them to third parties
which then use them for spamming, phishing, pharming, DDoS, or whatever.
So this guy stuck his head up too high and got caught.
Let's see some harder cases get caught, too.

The worm used a Windows bug; no surprise.
Once again,
software diversity
would make this sort of thing more difficult.

The worm was controled via Internet Relay Chat (IRC),
the bot herder's communication medium of choice.
Nothing new in that.

Any convictions of bot herders may help convince them to move on to some
safer field of crime, but the law is still a slow blunt instrument and
this time caught only the most obvious of suspects.

-jsq

Posted by mikki at 08:31 PM | Permalink

Google Sued for Trademark Infringement Based on Third-Level Subdomain:


It's no surprise that Google has been sued again for trademark infringement, but the basis of this lawsuit is surprising. Rather than another lawsuit over the sale of trademarked keywords to deliver ads (along the lines of the GEICO, American Blinds, Rescuecom and JTH Tax cases, or the dozens of international lawsuits), this lawsuit is based on a Blogspot blog URL. Because of its comparative novelty, this lawsuit raises some complex and unsettled legal issues.

Posted by mikki at 08:26 PM | Permalink

Sanity breaking out all over:

First the French, now the Aussies: Reports are the Australians will legalize taping shows from television, and ripping CDs to MP3 players.

Posted by mikki at 12:51 PM | Permalink

Sony: Its Own Worst Enemy:


Doubtless everyone has heard by now the saga of Sony's rootkit DRM.
On some music CDs Sony has put some Digital Rights Management (DRM)
software that it said was intended to prevent copying of the music
on the CD.
Actually, that software also hides itself so it's hard to find or remove,
and opens several security holes, including reporting information about
the user back through the Internet.
Thus it resembles what is commonly called a rootkit,
which is software that is designed to get root (unlimited access)
and to hide the fact that it did so.
Everybody from music buyers to antivirus vendors to Microsoft to the
U.S. government complained to Sony, after which Sony put out an
uninstall kit.
But that kit turned out to open even more security holes.
EFF is suing Sony.

Apparently the software to call home
and get advertising related to each tune gets installed even if the
user says no to the End User License Agreement (EULA).

The news just keeps getting worse.
Now
the state of Texas is suing Sony under the new TX spyware laws.

I continue to wonder why Apple still seems to be the only
company that understood that online music "piracy" translates
as market demand; a demand that the iPod and iTunes satisfies.

The moral of this story could be that forcing your customers to
run software they didn't ask for, don't want, said they didn't want,
and may be illegal besides, just isn't good risk management.
Sony already had to recall the original CDs due to the furor
over the DRM, but their "fixes" still have the same kinds of problems,
so their PR problem just keeps getting bigger, and continues
expanding into a bigger legal problem.

Wouldn't it be easier just to sell music the customers want?
Or to come up with a way to leverage music copying as advertising
without putting illegal spyware on music lover's computers?

-jsq

Posted by mikki at 12:48 PM | Permalink

What's in a Name?:


Internet domain names are truly bizarre. There is nothing especially remarkable about them from a technical perspective, but from a social and political perspective they are all sorts of fun. We can have arguments over control of the DNS root, arguments over whether names are property, arguments over innate rights to specific names, arguments over a registrar's right (or lack thereof) to exploit unregistered names for private gain, and many more arguments besides. In this article, I'd like to explore the argument-space rather than defend any particular position in it. In so doing, I hope to illuminate some novel (or under-emphasised) perspectives on the matter.

Posted by mikki at 11:53 AM | Permalink

RIAA Files File-Sharing Lawsuits Against 751 People...:


RIAA Files File-Sharing Lawsuits Against 751 People

Posted by mikki at 04:42 PM | Permalink

Law Firms Not Liable in Alleged Web Hacking Case:


Two law firms that allegedly surreptitiously accessed an expert witness's password-protected Web site to show a judge that the witness violated a gag order cannot be held liable under the Digital Millennium Copyright Act, ruled a federal judge who dismissed the suit. The occupational illness expert had accused Keller & Heckman and its attorney Douglas Behr of hacking into his site by acquiring a password and sharing it with Jones Day lawyers in the midst of a landmark toxics trial.

Posted by mikki at 02:01 AM | Permalink

Wireless Nation:


Thomas Crampton
points out on Joi Ito's blog that
Macedonia has selected
Strix Systems to implement a nationwide wireless network as part of the Internet.
This may be the first entire country completely wireless.
Crampton suggests artistic uses of the network, which will be very interesting to see.
Emergency services, personal uses, and plain old business uses also seem likely.
One wonders what new will come out of Macedonia.
The most networked country in the world back in the early 1990s was Finland,
and from there Linux appeared.

-jsq

Posted by mikki at 03:49 PM | Permalink

Is a Domain Name Property?:


In an article by Sheldon Burshtein, published in the Journal of Intellectual Property Law & Practice, the author examines the view on whether domain names are properties. The following is the abstract of this article: "...Domain names have become increasingly valuable assets, in some respects more valuable than trade marks. A domain name may identify not only the source of the goods, services, business or information, but also the virtual location of the source, much as an address or telephone number does. However, there is still a significant unresolved issue as to whether a domain name is a form of intangible property or merely a contractual right."

Posted by mikki at 02:31 PM | Permalink

Investigations into ICANN transparency continue | The Register:


A new lobbying body calling itself itself the Campaign for ICANN Transparency (CFIT) has expanded its investigation into the internet overseeing organisation with a freedom of information request served on the US Department of Commerce.
The organisation has already served ICANN with a lawsuit in its home state of California claiming anti-trust abuses, and caused the EC to open an anti-competition investigation following a formal complaint.

Now it hopes to discover examples of ICANN being less than truthful by requesting "materials related to discussions, memos and meetings and related contact that the government agency has had with the Internet Corporation for Assigned Names and Numbers (ICANN) on matters relating to the .net and .com registry agreements".

Posted by mikki at 12:16 AM | Permalink

JURIST - Paper Chase: Federal judge rules Blackberry settlement invalid:


[JURIST] US District Judge James R. Spencer [JTBF profile] of the Eastern District of Virginia [official website] Wednesday rejected the disputed settlement pact between the maker of the Blackberry [product website] comunications device, Research in Motion Ltd. (RIM) [corporate website], and the patent owner of the technology behind the device, NTP, Inc. The $450 million settlement, which the companies agreed to in March, but never finalized, would have ended NTP’s infringement suit against RIM, which wanted to enforce the agreement. Spencer will next determine whether to issue an injunction that completely halts Blackberry sales and service in the US. Industry experts believe the ruling will force RIM to settle the suit for as much as $1 billion. Nasdaq stopped trading Blackberry's shares shortly before the ruling was made public. AP has more.

Posted by mikki at 11:20 PM | Permalink

RIM gets good news in patent case | CNET News.com:


Battered by two recent setbacks in court, Research In Motion won a round in its long-running patent fight against NTP on Thursday when the U.S. Patent and Trademark Office rejected one of the claims by RIM's adversary.

Patent-holding firm NTP contends that it owns the patents for the technology that powers RIM's BlackBerry handheld devices, but the Patent Office recently received information that a Norwegian firm may have filed patents prior to NTP, according to various media sources. The ruling by the Patent Office is not final and NTP will have an opportunity to file a response.

The ruling came a day after a federal judge rejected Waterloo, Ontario-based RIM's request to approve a $450 million settlement with NTP. The judge also balked when RIM requested that the case be halted until the Patent Office had re-examined the validity of NTP's patents.

In other news:
SNARFing your way through e-mail
Evolution of the couch potato
That Google feeling, but on the cheap
Perspective: Wikipedia and the nature of truth
At stake is RIM's right to operate in the United States. NTP has already won an injunction that would force RIM to pull the plug on its U.S.-based BlackBerry service. RIM has said that it could implement alternative methods to keep its service running, and experts expect that if RIM fails to triumph in court it would reach a settlement with NTP, albeit an expensive one.

RIM has asserted that the technology that enables BlackBerrys to forward e-mail automatically was not pilfered.

A final determination on the patents may not be reached for months.

Posted by mikki at 02:32 PM | Permalink

Fall of the House of Cards? (Alan Wexelblat):

A reader pointed me to a Businessweek Online piece on Sony's spyware fiasco. This brief piece contains one new tidbit, but it's crucial. According to Lorraine Woellert's story the artists themselves are finally starting to get up in arms. About bleeping time.

In my more fanboy moments, I hang out with writers (books) and artists (sculptors, photographers, musicians). For the most part they've bought into the Cartel's propaganda. They're worried about "piracy" and someone "stealing" their work. I don't have many big-name creative friends, so most of the folk I talk to are sensitive to even a small loss of income when they make very little to start with. They tend to believe that DRM is a good thing and that it'll somehow help them get paid more or better.

What we now see is that the exact opposite is true. Musicians and their managers, according to Wollert, are starting to realize that DRM is preventing sales. Bad publicity is the kiss of death and it's really unclear whether any Sony artists are going to escape at least some level of contamination. That translates to lost sales, often dramatically lost (50% drop in one week - ugh).

If the creative corp finally get it through their heads that the Cartel's DRM strategies are only there to fatten executive wallets then we might actually see a kind of revolution from within. As Wendy noted a couple weeks back, the frog may well jump out of the pot

I also have to hope that The Association of American Publishers will catch on to this. Although the current fiasco is over music disks, there's a very direct and very short line between the meme "don't use DRM to screw up fans' experience of artists' music" and the meme "don't use mistaken interpretations of copyright law to stifle readers' desire to find books."

Posted by mikki at 01:58 PM | Permalink

Mass. opens DOC:

Dan Geer writes:

No more: "Somebody upgraded, so now everyone has to." By making the "public" in "public record" mean something, Massachusetts gets better accessibility, plus competition--not a sole-source provider.



Perspective:  Massachusetts assaults monoculture
By Daniel Geer
c|net news.com
Published: November 29, 2005, 4:00 AM PST

Mass. is requiring state documents to be in an open format (OpenDocument) reaadily accessible via multiple vendors'
word processing software, not to mention by OpenOffice, an open source office suite.

Their rationale is simple: gaining access to public documents shouldn't require the public to buy a single vendor's product and thereby misuse a public good to support
a private monopoly.
By requiriing  public documents to be in a non-monopoly format, Mass. helps obviate
software monoculture.

As discussed in previous blog posts, monoculture is bad because a single bug can wipe out a monoculture crop, as happened with the beetle-like insect boll weevil and cotton in the U.S. in the early 1900s, or with the aphid-like insect phylloxera vastatrix and European winestock in the late 1800s, or the Irish potato famine.

The problem of monoculture is equally evident in software used on the Internet, as discussed in another previous blog entry, to the tune of perhaps $100 billion in economic losses for a single incident. Software diversity is the beginning of a solution to this monoculture problem. A software worm is far less likely to take down several software platforms at once than it is to take down many installations of a single software platform. 

Kudos to the Commonwealth of Massachusetts for doing the right thing.

-jsq

Posted by mikki at 01:56 PM | Permalink

Lawsuits Filed Against ICANN-VeriSign Settlement:


The new organization called Coalition for ICANN Transparency (CFIT) has filed a lawsuit against ICANN and VeriSign in order to stop implementation of the proposed .com registry agreement. According to its description, "CFIT is a not-for-profit Delaware corporation based in Washington, D.C. CFIT’s supporters include individuals, organizations, institutions and companies who are committed to the core principles on which ICANN, the internet governing body is founded."

Posted by mikki at 01:51 PM | Permalink

A View From Vancouver:

This is the strangest of ICANN meetings.  Several registrars sit in the lobby making deals; other registrars are very angry about the Verisign-ICANN "settlement"; there are domain name owners who are equally ticked off about the same thing; there are the .xxx people wearing scowls, GAC people wearing deep blue, and often shiny, suits; there are trade booths (wo-)manned with folks who could be easily mistaken for trade show bunnies; a small number of board members pass through the public areas in as short of time as they can; a larger number of board members are unseen; and ICANN "staff" is largely invisible.

Barely anybody talks about WSIS. But there is a lot of talk about lawsuits filed or contemplated.

There is a lot of quiet talk about how .xxx was suddenly removed from the agenda and how a redacted Freedom Of Information (FOIA) inquiry indicates that the Bush Administration, in the person of Karl Rove and at the behest of religious fundamentalist James Dotson, caused the US Department of Commerce to secretly instruct ICANN to deny .xxx and thus triggering a dance of the proxies as ICANN and/or the US government attempted to create a screen of deniability by getting other countries to do the dirty work.

Nobody here seems to support the ICANN-Verisign "settlement", although nobody seems to really think that ICANN will listen to the nearly universal complaints beyond making a few cosmetic adjustments.

Those who actually use domain names, the community of internet users, are nearly completely absent; the ALAC meetings were so under-attended that they could be squeezed into a small room at the end of a nearly hidden corridor.  Even as UN is demonized for its incorrectly characterized attempt to "take over the internet", at least the formative UN Internet Governance Forum will probably allow individuals to obtain credentials while ICANN relegates us to a powerless limbo.

There is talk of the splitting of the internet, not as something to come but rather as something that has already happened.  And that impossible as it is to trivalize the situation when the split involves China and other Asian nations ICANN has managed to pretend as if nothing of significance has happened.

And in a bit of stunning Orwellian NewSpeak the United States Federal Trade commission said that to protect privacy it has to kill it.

Matters of IP address policy are not discussed.

Questions about the fate of the 40 TLD applications left over from year 2000, for which ICANN collected $2,000,000, remain unanswered while a very glitzy and expensively printed, but otherwise vacuous and self-congratulatory, booklet from ICANN's ombudsman occupies space on the information tables.

Posted by mikki at 12:59 PM | Permalink