***************************************************** Edupage is a service of EDUCAUSE, a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. *****************************************************
TOP STORIES FOR FRIDAY, MARCH 07, 2003 FBI Evidence Dismissed in Internet Child Pornography Case Sendmail Flaw Used to Test Cybersecurity GSA and Defense Department Join Liberty Alliance Project Gartner Warns Against Uncertified 802.11g Devices AND Hackers Swipe 55,200 IDs from University of Texas Cornell to Charge Bandwidth Hogs FBI EVIDENCE DISMISSED IN INTERNET CHILD PORNOGRAPHY CASE In a ruling that could affect similar prosecutions nationwide, Federal Judge Denny Chin struck down FBI evidence in an Internet child pornography case against a Bronx resident. In the case, the FBI was given authority to search homes and computers of members of the Candyman Internet group based on an affidavit saying all members of the group received pornography through e-mail. The FBI later acknowledged that Candyman subscribers could opt out of the e-mail list and did not necessarily receive pornography. The FBI unjustly searched the home of a Candyman member who did not receive or send e-mail images, said Judge Chin, who threw out the evidence against him. Although it is unclear how many Candyman prosecutions have relied on the affidavit, there will likely be many challenges. In another case in St. Louis, Judge Catherine D. Perry suppressed evidence based on false statements in the FBI affidavit. Daniel A. Juengel, the lawyer for the defendant in the St. Louis case, called the rulings "a major victory for the Fourth Amendment." New York Times, 7 March 2003 (registration req'd) http://www.nytimes.com/2003/03/07/nyregion/07PORN.html SENDMAIL FLAW USED TO TEST CYBERSECURITY The recent announcement of a flaw in Sendmail has turned out to be the Department of Homeland Security's (DHS) first foray into managing a cybersecurity incident. DHS first learned of the flaw in December, at which time it began working with several vendors on developing patches for the weakness and making sure that all of its own systems were patched before details of the flaw were publicly released. Several security experts agreed that DHS did an effective job in coordinating the incident, and they praised the government for safeguarding its systems before releasing information. The situation, however, highlights the ongoing argument among systems administrators about how best to handle the disclosure of flaws. Some experts complain that flaws or attacks are not disclosed until they have caused most of the damage they are likely to cause. "Hours are an eternity in IT terms," said security researcher Robert Ferrell. According to Ferrell, if DHS tries to "cover all their bases and refrains from reporting until they're sure about everything, they'll come in dead last every time." Wired News, 7 March 2003 http://www.wired.com/news/infostructure/0,1377,57945,00.html GSA AND DEFENSE DEPARTMENT JOIN LIBERTY ALLIANCE PROJECT The U.S. General Services Administration (GSA) and the U.S. Department of Defense (DoD) have joined the Liberty Alliance Project. Founded by Sun Microsystems, Inc. in 2001, the alliance seeks to develop and implement open standards for Web-based identity management. Although the alliance has much support--in excess of 160 companies and organizations are members--its standards are not widely used, due in part to Microsoft�s rival authentication system, Passport. A poll indicates, however, that more than half of the alliance�s members will implement systems based on the project�s standards. The GSA and DoD joined the alliance to help them with "eAuthentication," a government requirement that verifies the identity of citizens and companies engaged in Internet business with the U.S. government. ComputerWorld, 6 March 2003 http://www.computerworld.com/governmenttopics/government/story/0,10801,790 99,00.html GARTNER WARNS AGAINST UNCERTIFIED 802.11G DEVICES The Wi-Fi Alliance recently announced that it would begin certification testing of 802.11g devices later this year, after the Institute of Electrical and Electronics Engineers (IEEE) issues the final specifications for the new wireless standard. Research firm Gartner Inc. is advising consumers to wait until the Wi-Fi Alliance certifies products before committing resources to them. The alliance tests for a device's ability to meet the 802.11g data-transfer rate of 54 Mbps, as well as its compatibility with other 802.11g devices and backward compatibility with 802.11b devices. Investing in uncertified devices, said Gartner, could open an organization to risks of incompatibility and poor performance. The warning comes as some manufacturers have put 802.11g devices on the market, despite the lack of certification, in an attempt to grab market share. IDG, 6 March 2003 http://www.idg.net/ic_1196655_9677_1-5045.html AND ***************************************************** HACKERS SWIPE 55,200 IDS FROM UNIVERSITY OF TEXAS Officials at the University of Texas at Austin (UT) said that hackers were able to access school records for more than 55,000 students, former students, faculty, staff, and job applicants. The records included Social Security numbers, names, street addresses, and e-mail addresses. The university discovered the attacks Sunday night. A statement issued by the university said UT is working with "the U.S. Attorney's Office, the U.S. Secret Service, and other law enforcement agencies" to identify the hackers and retrieve the stolen data. The statement also said there is no evidence that any of the stolen information has so far been "distributed beyond the computer of the perpetrator." The attacker submitted millions of requests to the university's computer system, using randomly generated Social Security numbers. Of those, 55,200 matched university records, resulting in the request for records being granted. ZDNet, 7 March 2003 http://zdnet.com.com/2100-1105-991413.html CORNELL TO CHARGE BANDWIDTH HOGS A new billing system at Cornell University will charge network users whose usage exceeds two gigabytes of data per month. Cornell's expenses for providing Internet service are rising an average of 40 percent per year, and officials at the institution decided they had to implement a new billing model. Formerly Cornell charged per port, though this became problematic when some users installed multiport repeaters, allowing them to run several computers on a single port. The new, so-called "pay by the drink" program retains the per-port charge but adds an Internet use fee, which covers usage up to two gigabytes per month. Every megabyte of usage above that limit will incur a fee to the user. Officials said the new approach to billing is designed in part to recoup some of the costs of providing bandwidth but also to educate users about how much bandwidth they are using. With that information, said administrators, users can make informed decisions--and pay for them--regarding their use of the network. Officials at the school said that the two-gigabyte limit will allow 90 percent of users to avoid paying an extra fee. Chronicle of Higher Education, 6 March 2003 http://chronicle.com/free/2003/03/2003030601t.htm ***************************************************** EDUPAGE INFORMATION To subscribe, unsubscribe, or change your settings, visit http://www.educause.edu/pub/edupage/edupage.html Or, you can subscribe or unsubscribe by sending e-mail to [EMAIL PROTECTED] To SUBSCRIBE, in the body of the message type: SUBSCRIBE Edupage YourFirstName YourLastName To UNSUBSCRIBE, in the body of the message type: SIGNOFF Edupage If you have subscription problems, send e-mail to [EMAIL PROTECTED] For past issues of Edupage or information about translations of Edupage into other languages, visit http://www.educause.edu/pub/edupage/edupage.html ***************************************************** OTHER EDUCAUSE PUBLICATIONS EDUCAUSE publishes periodicals, including "EQ" and "EDUCAUSE Review," books, and other materials dealing with the impacts and implications of information technology in higher education. For information on EDUCAUSE publications see http://www.educause.edu/pub/ ***************************************************** CONFERENCES For information on all EDUCAUSE learning and networking opportunities, see http://www.educause.edu/conference/ ***************************************************** COPYRIGHT Edupage copyright (c) 2003, EDUCAUSE
