***************************************************** Edupage is a service of EDUCAUSE, a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. *****************************************************
TOP STORIES FOR WEDNESDAY, JULY 31, 2002 Clarke Urges Hackers to Find and Report Bugs H-P Uses DMCA Against Bug Finders Despite FCC, WorldCom Could End Internet Services AND Microsoft Enlists Academics for Security Board IBM to Buy Consulting Group Stiff Sentences for Online Fraud StarOffice Not Forthcoming for Mac CLARKE URGES HACKERS TO FIND AND REPORT BUGS Richard Clarke, the cybersecurity advisor to President Bush, told attendees of the Black Hat conference in Las Vegas that they should find and report software bugs that compromise computer security. Clarke said that some of those listening "have an obligation to find the vulnerabilities." According to Clarke, hackers should be responsible in their disclosures of bugs, letting the software company know first and allowing the company time to fix the bug before the weakness is made public. If someone finds a bug and acts in good faith to see that it is addressed, that person should not be prosecuted, Clarke said, saying that legal protections may need to be installed for hackers disclosing security flaws. Associated Press, 31 July 2002 http://www.nandotimes.com/technology/story/484376p-3867743c.html H-P USES DMCA AGAINST BUG FINDERS In an apparent first, Hewlett-Packard has invoked the controversial Digital Millennium Copyright Act (DMCA) to stop researchers from releasing information about software bugs. Until now, the DMCA has been used by copyright holders to prevent, for example, release of programs that allow for the circumvention of copyright protections. But H-P sent a letter to SnoSoft, a group of researchers, saying that the group faces fines of $500,000 and jail time for releasing information about a bug in an H-P Unix application. SnoSoft said that they notified H-P of the flaw early enough that a patch should have been available before public disclosure of the bug. An attorney at the Electronic Frontier Foundation said he expects more companies to try to use the DMCA in this way because the very broad terms and interpretation of the law allow for such prosecution. Even in circumstances unrelated to protecting copyright, he said, such actions "will trigger DMCA penalties." CNET, 30 July 2002 http://news.com.com/2100-1023-947325.html DESPITE FCC, WORLDCOM COULD END INTERNET SERVICES Michael Powell, chairman of the Federal Communication Commission (FCC), told a Senate committee that his agency might not have the authority to prevent WorldCom from shutting down its Internet services, potentially disrupting service to thousands of customers. WorldCom operates an Internet backbone through its UUNET subsidiary. Powell said that although the FCC could force WorldCom to continue to provide phone service through its bankruptcy, he was not confident that he had the authority to do the same for the Internet services. Despite assurances from WorldCom that it has no plans to cut off voice or data services, Powell's comments spurred lawmakers to say they would introduce legislation very soon to expand FCC authority to cover data services. Wall Street Journal, 31 July 2002 (sub. req'd) http://online.wsj.com/article/0,,SB1028040032754153920,00.html AND ***************************************************** MICROSOFT ENLISTS ACADEMICS FOR SECURITY BOARD Earlier this year, Microsoft announced its Trustworthy Computing Initiative, an effort to increase the security and reliability of all of its products. On Monday, the company announced the formation of the Trustworthy Computing Academic Advisory Board, a group fo 12 to 15 advisors to the initiative. Final members have not been selected, but the board will include representatives from Cornell University, the University of California at Santa Barbara, and the University of Maryland in College Park. A representative from Microsoft said some prospective members of the board are "critics" of the company's technology and that the board would work directly with the company's product divisions. He said, "We're seeking very candid advice and very candid feedback." InfoWorld, 29 July 2002 http://www.idg.net/ic_899403_1794_9-10000.html IBM TO BUY CONSULTING GROUP In its latest step into offering not just hardware and software but information technology services, IBM announced it will buy the consulting arm of PricewaterhouseCoopers for $3.5 billion. According to an analyst at Merrill Lynch, IBM has an advantage over its competitors in being able to integrate technology, and the purchase of the consulting group extends that advantage. Most analysts agree that the purchase is a good move for IBM. The sale benefits PricewaterhouseCoopers by separating consulting services from the auditing functions of the company, a combination that has come under intense criticism in the wake of the Enron collapse. Deloitte & Touche remains the only large auditing firm with a consulting arm, though the company has said it will spin off the consulting business before the end of the year. New York Times, 31 July 2002 (registration req'd) http://www.nytimes.com/2002/07/31/technology/31CONS.html STIFF SENTENCES FOR ONLINE FRAUD Two Missouri men convicted of committing online fraud have been given 12-year prison sentences, highlighting a trend toward tougher prosecution and longer sentences for such crimes. The men were convicted of offering items for sale on Internet auction sites but not delivering the goods after they were paid for. An official at the Federal Trade Commission said he thought that five or six years ago, prosecutors might not have pursued these cases or argued for such long sentences. The sweep that caught the two men in Missouri will lead to at least 19 other prosecutions, according to the FTC. Records show that online auction fraud is the leading source of Internet complaints to the FTC. Washington Post, 30 July 2002 http://www.washingtonpost.com/wp-dyn/articles/A21647-2002Jul30.html STAROFFICE NOT FORTHCOMING FOR MAC Contrary to recent news reports, Sun Microsystems and Apple Computer are not developing a version of StarOffice for the Mac, according to an official from Sun. Two open-source developers have produced an alpha version of OpenOffice for Mac; StarOffice is based on the OpenOffice suite, developed by OpenOffice.org. At a news conference Monday, the official from Sun and the two developers said that there have been talks between Sun and Apple, but there are no plans to move forward with such a project. The developers said it would take them another one to three years to finish work on their "Apple ready" version of OpenOffice, one with all of the features and user interface of other Apple applications. InfoWorld, 30 July 2002 http://www.idg.net/ic_899509_1794_9-10000.html ***CORRECTION*** The July 29 issue of Edupage mentioned a Web radio royalty of $.07 per song, per listener. The correct royalty rate is .07 cents, or $.0007. We regret the error. ***************************************************** EDUPAGE INFORMATION To subscribe, unsubscribe, or change your settings, visit http://www.educause.edu/pub/edupage/edupage.html Or, you can subscribe or unsubscribe by sending e-mail to [EMAIL PROTECTED] To SUBSCRIBE, in the body of the message type: SUBSCRIBE Edupage YourFirstName YourLastName To UNSUBSCRIBE, in the body of the message type: SIGNOFF Edupage If you have subscription problems, send e-mail to [EMAIL PROTECTED] For past issues of Edupage or information about translations of Edupage into other languages, visit http://www.educause.edu/pub/edupage/edupage.html ***************************************************** OTHER EDUCAUSE PUBLICATIONS EDUCAUSE publishes periodicals, including "EDUCAUSE Quarterly" and "EDUCAUSE Review," books, and other materials dealing with the impacts and implications of information technology in higher education. For information on EDUCAUSE publications see http://www.educause.edu/pub/ ***************************************************** CONFERENCES For information about EDUCAUSE conferences and other professional development opportunities, visit http://www.educause.edu/conference/ ***************************************************** COPYRIGHT Edupage copyright (c) 2002, EDUCAUSE
