***************************************************** Edupage is a service of EDUCAUSE, a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. *****************************************************
TOP STORIES FOR WEDNESDAY, AUGUST 03, 2005 UT to Receive $1.8 from BlackBerry CU Suffers Another Hack Researcher Says DNS Servers Vulnerable Court Rejects Apple Deal with Georgia Schools DHS Urges Industry to Use Law to Improve Security UT TO RECEIVE $1.8 FROM BLACKBERRY The maker of BlackBerry devices will pay the University of Texas System $1.8 million to settle a patent-infringement case over technology that allows users to enter text into telephone-style keypads. Under the terms of the settlement, Research in Motion, based in Canada, will also be granted a license to continue using the technology. Part of the settlement will fund research at the UT Ssystem's Arlington campus, where the technology was developed by George Kondraske, a professor of electrical and biomedical engineering, and Adnan Shennib, who was a graduate student when the technology was invented in 1987. The UT System is pursuing similar charges against more than 40 other companies for illegally using the patented technology. The university, which earns between $11 and $14 million annually from royalties on patents it holds, has recently hired a vice chancellor for research and technology transfer and will soon appoint an associate vice chancellor to help protect its patents. Chronicle of Higher Education, 3 August 2005 (sub. req'd) http://chronicle.com/prm/daily/2005/08/2005080305n.htm CU SUFFERS ANOTHER HACK Hackers broke into a server at the University of Colorado (CU), marking the third security breach in the past six weeks. The latest attack targeted servers that held information for the school's ID card, known as the Buff OneCard. Those servers included names, Social Security numbers, and photographs but not financial information. Potentially exposed in the attack is personal information for 29,000 students, some former students, and 7,000 staff members. Students who will be entering the university in the fall were not affected. Dan Jones, IT security coordinator, said it was not clear whether this attack was perpetrated by the same people who compromised two other servers recently. In April, CU had decided to move away from using Social Security numbers as identifiers for students, based on security problems at other institutions and the risk of identity theft. Some systems on campus, however, still use Social Security numbers to track students, according to Jones. Officials at the university said they will hire an independent auditing firm to assess the institution's security measures and will also evaluate some 26,000 computers to determine which could be placed behind a firewall. The Denver Post, 3 August 2005 http://www.denverpost.com/news/ci_2909173 RESEARCHER SAYS DNS SERVERS VULNERABLE In a presentation at the Black Hat conference last week, security researcher Dan Kaminsky argued that domain name system (DNS) servers represent a broad vulnerability in the Internet. Kaminsky said that of 2.5 million DNS servers he tested, nearly 10 percent could be susceptible to so-called DNS cache poisoning. In total, about 9 million DNS servers are operating globally. DNS servers translate typed URLs into numbers necessary to locate Web sites. In cache poisoning, legitimate numeric Web addresses are replaced, causing users to be redirected to sites of the hacker's choosing. Often, users are sent to Web sites that install malware or that deceive users into disclosing personal information, which can then be used in identity theft. Incidents of cache poisoning have disrupted Internet service in the past, including this March, when users trying to access CNN.com and MSN.com were sent to sites that installed spyware. Security experts advise operators of DNS servers to audit their machines and make sure they configure them in the safest manner possible. CNET, 3 August 2005 http://news.com.com/2100-7349_3-5816061.html COURT REJECTS APPLE DEAL WITH GEORGIA SCHOOLS A Georgia court has issued a ruling that seemingly puts an end to a deal between Apple Computer and the Cobb County School District to provide as many as 63,000 iBook laptops to the district's teachers and middle and high school students. Critics of the deal argued that the school district did not adequately inform voters that a sales tax increase passed in 2003 would be used to fund the laptop program. The issue was taken to court, and the judge in the case agreed with the plaintiffs. The school board held a meeting to discuss its options, which might include appealing the ruling. For the moment, however, the deal appears to be over. Kathie Johnstone, president of the school board, said that providing a laptop to all of the district's students "is no longer an option." Because district officials had promised teachers computers before the sales tax ballot issue, teachers might still receive laptops. CNET, 2 August 2005 http://news.com.com/2100-1047_3-5816034.html DHS URGES INDUSTRY TO USE LAW TO IMPROVE SECURITY Following the terrorist attacks of September 2001, Congress passed a law designed to encourage private-sector research into security technology, but so far, relatively few companies have taken advantage of the law, according to the Department of Homeland Security (DHS). Michael Chertoff, secretary of DHS, said that despite the provisions of the Support Anti-Terrorism by Fostering Effective Technologies (SAFETY) Act of 2002, which shields approved companies from civil litigation if their technologies fail to perform, only 17 products and services have earned the law's highest level of protection. None of the 17 specifically focuses on information technology security. To increase the nation's security infrastructure, said Chertoff, "we have to look beyond the walls of DHS itself, to the private sector and to the world of high tech." Chertoff pointed to technologies currently used to screen airline passengers as one area that needs attention, saying that current screening is at a "basic, primitive" stage. ZDNet, 1 August 2005 http://news.zdnet.com/2100-1009_22-5814289.html ***************************************************** EDUPAGE INFORMATION To subscribe, unsubscribe, change your settings, or access the Edupage archive, visit http://www.educause.edu/Edupage/639 Or, you can subscribe or unsubscribe by sending e-mail to [EMAIL PROTECTED] To SUBSCRIBE, in the body of the message type: SUBSCRIBE Edupage YourFirstName YourLastName To UNSUBSCRIBE, in the body of the message type: SIGNOFF Edupage If you have subscription problems, send e-mail to [EMAIL PROTECTED] ***************************************************** OTHER EDUCAUSE RESOURCES The EDUCAUSE Resource Center is a repository for information concerning use and management of IT in higher education. To access resources including articles, books, conference sessions, contracts, effective practices, plans, policies, position descriptions, and blog content, go to http://www.educause.edu/resources ***************************************************** CONFERENCES For information on all EDUCAUSE learning and networking opportunities, see http://www.educause.edu/31 ***************************************************** COPYRIGHT Edupage copyright (c) 2005, EDUCAUSE
