The weekly newsletter for Fed2 by ibgames

EARTHDATE: August 13, 2006

Official News - page 11

WINDING DOWN

An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton

I'm back! And back in time to celebrate the 25th anniversary of the launch of the IBM PC. I seem to remember it had something like 64K of memory and came without a keyboard or monitor, which IBM considered to be optional extras!

How things have changed - my laptop has 100 times more memory than my first hard drive had, and the video memory is larger than the original PC's main memory was even theoretically capable of holding!

Ah, those were the days - 10 miles barefoot in the snow - punched cards - hex dumps - it almost makes me want to go out and bang my walking stick along the park railings...

But perhaps we should move on to move recent events :)


Shorts:

The Recording Industry Ass of America (RIAA) are not happy. This is something I can live with!

The reason for their unhappiness is that their campaign to screw money out of individuals is starting to fall apart. Their problem is a simple one. Until now the unwritten assumption has been that if you can prove that an IP address was trafficking in songs without permission, and that person X was the owner and user of that IP address, then person X was legally liable.

This always was a rather dodgy assumption given the sophistication of modern malware, but now with the increasing use of unsecured wireless networking, the assumption is completely invalid. Owners can rightly say, "I know nothing about this, it must have been someone else." And how do you prove they are lying?

That's not all. If the idea I reported in the 2nd July Winding Down (US company Fon are offering cheap wireless routers if you allow your router to be used by other Fon subscribers), takes off, it will be even more difficult to identify who was using an IP address at any given time.

Sad, isn't it...

http://www.bit-tech.net/news/2006/08/01/RIAA_forced_to_drop_download_case/

Too little, too much, too late, and too unbelievable. That's the tale of Borland's announcement that it is launching a new set of 'Turbo' software developer tools aimed at the individual professional developer. Borland effectively abandoned individual developers six or seven years ago after the launch of C++ Builder 5. Like other individual developers I bought the upgrade to version 6 at a cost of more than I paid for the original copy of C++ Builder, and soon abandoned it because there was nothing new for individual developers, and the editor had been screwed around with to an extent where it was difficult to use.

All this new stuff comes in at the time when Borland are trying to sell off their existing development tools business to, yet again, go chasing the will o' the wisp of enterprise level middleware. You've got to be joking Borland. Yes I'm nostalgic about the old Turbo Pascal and Turbo C, both of which I used early in my career. But that nostalgia doesn't extend to shelling out $500 for a copy now!

http://www.cbronline.com/article_news.asp?guid=F123FAEC-1766-44F8-A950-ECF462C75950

Could it be that the wrath of god is about to descend on Symantec? I can but hope so, since they are an arrogant bunch, and hubris was always a good reason for godly intervention.

This time they've been annoying the Church of England (C of E) by marking a chunk of its Visual Liturgy software as spyware, and urging techno-unworldly vicars to delete it.

Symantec were, of course, notified immediately - and told the incredulous C of E complainer that Symantec would respond within four weeks! What a pitiful response, especially given that the software is used to plan, create and deliver weekly church services. The bug has apparently now been fixed - after only a few days - and the C of E won't be taking any further action. Perhaps someone higher up received a divine revelation, or, more likely, thought about the consequences of annoying an organisation with the financial resources of the C of E.

Sooner or later this sort of arrogant behaviour is going to engender a class action from all those innocents whose software have been branded as malware by Symantec's Antivirus software.

http://news.zdnet.co.uk/internet/security/0,39020375,39280391,00.htm
http://news.zdnet.co.uk/internet/security/0,39020375,39280431,00.htm

Planning to vote in this year's US elections? Is your county using Diebold touch screen voting machines? How do you know that the vote you cast is the one that's being counted?

Researchers have discovered what has been described as the 'worst ever security flaw'. Actually all security problems with voting machines are serious. I think what they really mean is that this is much easier than usual to exploit - all you need is a screwdriver and some flash memory. Five minutes alone with the machine would be enough to completely subvert the machine's software, and another five minutes to restore the original software at the end of voting.

It seems that Diebold have facilities in their TS model machines that allows anyone with access to the machine to open a panel with a screwdriver, flip a few switches and load in new software from a flash drive. Not only that but they have printed the details of the switch settings in the machine, for ease of use.

Furthermore, since the TS doesn't produce a paper audit trail, there is no way of checking that the votes recorded were those that were cast, and if the original software is replaced at the end of voting there is no way of telling that the machine was tampered with!

http://openvotingfoundation.org/tiki-read_article.php?articleId=1

There are red faces at American Eagle Outfitters after a video presentation circulated at a trade show demonstrated how RFID chips could be used to secretly identify and track customers of an American Eagle outlet.

The video shows a consumer walking into an American Eagle store, being remotely identified through the American Eagle credit card in his pocket and purchasing items with hidden RFID tags. The footage concludes with a full facial biometric scan being made by a pinhole camera at the checkout. There's an animated Flash clip at the URL at the end of this item.

The video was apparently made as long ago as 2002 as a demonstration of how RFID chips could be used, and American Eagle is denying using the chips in its store.

Given the current cost of the chips, I think it's extremely unlikely that they are using them in the way depicted, but this creepy video does show what could happen in -all- retail outlets in the not so distant future as the prices of these chips drop.

http://www.spychips.com/RFIDclothingstoredemo.html

The various Western governments may well think that their planned shiny new biometric passports are uncrackable. Wrong. Earlier this month, security consultant Lukas Grunwald publicly demonstrated how to clone one such passport using a readily available commercial reader and the International Civil Aviation Organisation publicly available specification documents!

I doubt if the demonstration will have any serious effect. Government spokesdroids are already saying the demonstration is nothing significant., and no doubt the litany will continue as further problems are revealed. Too many reputations are at stake, and too much money has already been spent for an easy out to be taken.

One thing we have learned over the past 20 years is that western governments have an almost unlimited appetite for hi-tech snake oil. They will buy anything with a hi-tech - and high price tag - label on it, to the complete exclusion of tried and tested lo-tech solutions. Sadly, I really don't think this is going to be any exception to the rule.

http://www.theregister.co.uk/2006/08/04/cloning_epassports/


Personal Losses:

USA - Two laptops containing personal data for 31,000 US Navy personnel have been stolen from two different recruiting offices in the last two months. Earlier in July personal details of 100,000 naval aviators were exposed on the Naval Safety Centre's web site, and in June sensitive personal data on 26,000 sailors was similarly exposed. The navy isn't doing very well, to say the least...

USA - Even as the perpetrators of the last major potential leak of Veterans Administration (VA) personal information have their collars felt by the police, new reports have emerged of further leaks. This time a desk top PC belonging to VA subcontractor Unisys has gone for a walk. On its hard drive are the details of 36,000 veterans' names, addresses, social security numbers, dates of birth, and other information useful to identity thieves.


Homework:

Most of the material available opposing the mass use of biometrics, such as DNA testing, has focussed on two issues - whether it is actually possible without vast numbers of false positives and negatives, and the privacy implications. But, so far, there has been little analysis of the implications of what would happen if the use of biometrics became widespread.

That's now changed with the publication of a short, succinct, piece from Jerry Fishenden. In it, without assuming any anything other than existing technology, and the widespread use of DNA databases and CCTV, Jerry looks at the effects on a major terrorist trial and comes to the conclusion that the defendants would walk free.

To find out why take a look at the URL, and I guarantee that you will, like me, hope that the police don't lose their traditional detective skills before this happens!

Highly recommended.

http://ntouk.com/?view=plink&id=169


Geek Toys:

Fancy riding around on a classic motorbike? Well how about this one - a Chinese army motorbike from the Mao era? It comes with optional machine gun mountings and ammunition boxes. Make my day, punk!

http://www.marquass.com/PRC/Index.htm

If motorbikes aren't your thing, how about a backyard pool that uses water wave interference to spell out messages? Beats sky writing or car windscreen stickers saying 'Sharon & Dave' any day! The device, developed by Akishima Labs takes between 15 and 30 seconds to form each letter. Guaranteed to impress the neighbours, and to propose to your partner with!

http://blog.scifi.com/tech/archives/2006/07/24/walk_on_water_p.html


Scanner - Other Stories:

The 'terrorist' batting average
http://www.boston.com/news/globe/editorial_opinion/oped/articles/2006/07/21/the_terrorist_batting_average/

PC with veterans' data missing from VA subcontractor
http://newsletter.infoworld.com/t?r=314&ctl=1364C6E:1F69382

Security flap after US Navy loses laptops
http://www.theregister.co.uk/2006/07/28/navy_laptop_security_snafu/

Open government meets IT
http://newsletter.infoworld.com/t?ctl=12D3253:1F69382

Legalising low power FM transmitters for MP3 players in the UK
http://www.ofcom.org.uk/media/news/2006/07/nr_20060714b#content

AFP copyright case against Google stumbles over tech glitches
http://newsletter.infoworld.com/t?ctl=1330FAA:1F69382

French copyright law take effect to industry dismay
http://newsletter.infoworld.com/t?r=314&ctl=1364C6F:1F69382

US government urged again to end net role
http://kierenmccarthy.co.uk/pdfs/burr-cade-usg-icann-reform.pdf
http://www.theregister.co.uk/2006/07/21/burr_cade_usg_paper/


Acknowledgements

Thanks to readers Barbara, Fi and Lois for drawing my attention to material used in this issue. Please send suggestions for material to alan@ibgames.com.

Alan Lenton
alan@ibgames.com
13 August 2006

Alan Lenton is an on-line games designer, programmer and sociologist. His web site is at http://www.ibgames.net/alan.

Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html.


Fed2 Star index Previous issues Fed 2 home page