* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.

Date: Mon, 11 Aug 2003 09:16:20 -0700
From: "NewsScan" 
Subject: Man proves he was victimized by network vandals

In the U.K., a man has been acquitted in Exeter Crown Court after
successfully arguing that child pornography found on his personal computer
had been placed there without his knowledge by network vandals who had used
a "Trojan horse" program to infect his machine. The case creates
two worries: one, that actual child pornographers now have a new alibi that
would be difficult to disprove; two, that innocent Web surfers might find
themselves charged with possessing illegal material planted on their
computers by malicious invaders. Former U.S. federal computer crime
prosecutor Mark Rasch says, "The scary thing is not that the defense
might work. The scary thing is that the defense might be right. The
nightmare scenario is somebody might go to jail for something he didn't do
because he was set up."  [*The New York Times*, 11 Aug 2003; NewsScan
Daily, 11 Aug 2003]
http://partners.nytimes.com/2003/08/11/technology/11PORN.html

(RJT:  With so many layers of "stuff" going on and so little
understanding of most of it by most computer users,  I expect that this is
probably going to become real common,  as a defense...)



Date: Thu, 7 Aug 2003 21:31:17 +0100
From: M Taylor 
Subject: Worker deletes herself out of job

A Nova Scotia [Canada] government employee has been fired for deleting her 
own speeding ticket from a computer database. ... The unidentified woman will 
not face criminal charges.

Now the kicker is she was found by an audit conducted after another employee
had also altered entries in the database of driver's records.  Why can
people delete records from such a database?  Shouldn't it operate like the
accountant's double-entry ledger?  Where mistakes are not deleted, but a
correction entry is appended.

http://novascotia.cbc.ca/regional/servlet/View?filename=ns_firedwork20030806

M Taylor  http://www.mctaylor.com/

--

Date: Fri, 08 Aug 2003 11:08:16 -0700
From: "NewsScan" 
Subject: UCITA support fading fast

Key backers of the Uniform Computer Information Transactions Act (UCITA)
have bowed to pressure from opposition groups and will stop lobbying for
the bill's passage. The bill was intended to protect software developers
from intellectual property theft by bringing into conformity conflicting
software licensing laws in various states, but critics, including the
American Bar Association and the American Library Association, said the
legislation would grant software makers too much power over their products
at the expense of consumers. So far, UCITA has been enacted in only two
states, Maryland and Virginia, and now that the effort has lost the support
of the National Conference of Commissioners on Uniform State Laws (NCCUSL),
UCITA is unlikely to gain further consideration from other states, says an
NCCUSL spokeswoman. Opponents of the bill commended NCCUSL for its
decision: "It is heartening to see NCCUSL backing away from a very
flawed statute, but it will never be able to write sound law for the
information economy until it takes to heart the criticisms of the user
sector," said Jean Braucher, a law professor at the University of
Arizona and a member of AFFECT -- Americans For Fair Electronic Commerce
Transactions.  [CNet News.com 7 Aug 2003; NewsScan Daily, 8 August 2003]

http://news.com.com/2100-1028_3-5061061.html?tag=fd_top

--

Date: Mon, 11 Aug 2003 09:16:20 -0700
From: "NewsScan" 
Subject: Judge throws out RIAA subpoenas

A federal judge in Boston has rejected subpoenas filed by the Recording
Industry Association of America last month as part of its nationwide
crackdown on digital music file-sharing. The subpoenas targeted students at
Boston College and the Massachusetts Institute of Technology who used
various screen names to share songs online. In his ruling, Judge Joseph L.
Tauro said that under federal rules, subpoenas issued in Washington cannot
be served in Massachusetts. The RIAA called the ruling "a minor
procedural issue" but declined to say whether it would refile in
Boston.  pAP 8 Aug 2003; NewsScan Daily, 11 Aug 2003]
  http://apnews.excite.com/article/20030809/D7SQ5LC80.html



Date: Fri, 08 Aug 2003 15:09:26 -0400
From: Lillie Coney 
Subject: Software patching gets automated (William Jackson)

By William Jackson, GCN Staff

Whenever the Defense Department's Computer Emergency Response Team
Coordination Center sends out a vulnerability alert, each DoD systems
administrator must acknowledge it and respond with a plan for closing the
hole.  The notification and response is becoming more automated, said a
security manager at a DoD software development shop, who contacted GCN and
asked that neither he nor his agency be named in print.  The problem is that
the remediation is manual.  When you get two or three alerts an hour, it
gets out of control.  The DoD security manager said he uses the Hercules
automated remediation tool from Citadel Security Software Inc. of Dallas to
cut the time for fixing flaws in multiple machines from weeks to days or
hours.  [...]

  [And when it is *fully* automated, think of how wonderful it will be to
  have new Trojan horses and security flaws installed instantaneously,
  without having to require human intervention.  Perhaps someday we might
  have systems that do not require continual patching, but I'm not holding
  my breath.  PGN]



Date: Fri, 8 Aug 2003 17:04:27 -0400
From: "Stephen R. Holmes" 
Subject: Re: New online futures market bets on next White House scandal

Having just re-read John Brunner's 1975 novel "The Shockwave
Rider", I was, umm, shocked to open RISKS 22.83 and find "New
online futures market bets on
next White House scandal" and "Pentagon's online trading market plan draws
fire".

In Brunner's future world (circa 200x), citizens gamble on the
"Delphi" odds
that such-and-so (everything from war and famine to soap opera events) will
come to pass, in exactly the same fashion. Both schemes mentioned in RISKS
could have been taken directly from the novel.

Life imitating art?

---