(A Javascript-enabled browser is required to email me.)

TBTF for 1996-08-25: A simple twist of spam

Keith Dawson (dawson@atria.com)
Sun, 25 Aug 1996 13:41:43 -0500



Threads Domain name policy
See also TBTF for
2000-04-19, 03-31, 1999-12-16, 10-05, 08-30, 08-16, 07-26, 07-19, 07-08, 06-14, 05-22, more...

More top-level international domains are on the way

If you want to put your business on the Internet today your choices for domain names are sorely limited. Effectively you must register in the .com domain, and you must do it through a single source: Network Solutions Inc., the SAIC subsidiary that runs the one and only InterNIC registry. This chokepoint is responsible in part for the proliferation of increasingly fractious trademark / domain-name disputes [1]. At last the IANA (Internet Assigned Numbers Authority) has a plan -- [2], details at [3] -- to foster competition in the business of granting domain names. Bottom line: an undetermined number of new granting authorities will be in business by the end of January 1997, dispensing domain names from an undetermined number of new and existing domains. Service should improve and prices come down.

Thanks to Dan Kohn <dan at teledesic dot com> for the quick heads-up on this news, barely a day old at this writing.

[1] < http://www.tbtf.com/archive/1996-05-05.html>
[2] <http://www.iana.org/iana/registries.html>
[3] <ftp://ftp.isi.edu/in-notes/iana/administration/new-registries>

___

Netscape and Microsoft turn up the heat

Do you remember the palmy days when software product development cycles were measured in years, not quarters? In quarters, not months? In months, not weeks? Netscape bears much of the credit, or blame, for setting the now-dizzying pace of Internet tool development, where availavility of beta code for version n+1 often precedes the official release of version n. When Microsoft joined the fray with all guns blazing the pace, amazingly, accelerated. Now the two companies are urging the once-leisurely disciplines of public-opinion shaping and legal maneuvering to the same blistering pace. Netscape, following up on its anti-competitive charges against Microsoft (see TBTF for 1996-08-08 [4]), on 8/12 sent a second letter [5] to the Justice Department, this one filled with chewy details of the alleged practices turned up in a Netscape "investigation." Within days Microsoft had posted a rebuttal [6] on their Web site, with links to some of the vendors cited as sources by Netscape, disclaiming any coersion or damage. In my opinion this round is a draw, and I would like both parties please to withdraw to their corners, bloodied.

Dan Kohn <dan at teledesic dot com> forwarded me information on this latest escalation (this is getting repetitive -- Dan, do you want to just write for TBTF?) in a mail message titled "Banging on an elephant with a twig."

[4] <http://www.tbtf.com/archive/1996-08-08.html>
[5] <http://www.tbtf.com/resource/netscape-letter.html>
[6] <http://www.microsoft.com/ie/press/nscresp.htm>

___

Threads Macro viruses
See also TBTF for
1997-07-28, 01-11, 1996-08-25, 08-08, 05-20

Princeton's crack team fingers a hole in Internet Explorer

The Princeton team that found numerous security holes in Sun Microsystems' Java language and implementation (see TBTF for 1996-03-10 [7]) has now turned its spotlight on Microsoft's Internet Explorer browser. Judging from the Hack Microsoft page [8] and the Exploder [9] (and similar topics covered in TBTF for 1995-12-15 [10] and 1995-11-19 [11]), you might expect these experts not to encounter heavy sledding in finding holes in a Microsoft product. But MSIE 3.0 is reported by Microsoft's friends and adversaries alike to be woven of sterner stuff. Nonetheless, the Princeton group reported finding a serious flaw in Explorer 3.0 running under Windows 95. Quoting from the comp.risks newsgroup posting by Ed Felten <felten at cs dot princeton dot edu>: "An attacker could exploit the flaw to run any DOS command on the machine of an Explorer user who visits the attacker's page." The group found a way to deliver a document to the visitor's browser, bypassing the security checks that would normally be applied. Such a document could contain, for example, a Microsoft Word macro that executes arbitrary DOS commands. The following response, from Thomas Reardon <thomasre at microsoft dot com>, was posted to Risks the next day.

> We now post the virus warning dialog on local files (file: urls). We
> have always posted it on remote files (http: urls). Note that the root
> of the problem is not Java or the browser, but in macro-enabled appli-
> cations. IE3 has a mechanism to warn users about safety of documents
> when used with common macro-enabled applications. We are have updated
> Microsoft Word such that by default it will not run macros embedded in
> documents.

This posting leaves me uncertain of the exact status of these fixes. Are patches to be made available? In what shipping versions of what Microsoft products will the fixes appear?

[7] <http://www.tbtf.com/archive/1996-03-10.html>
[8] <http://www.c2.org/hackmsoft/>
[9] <http://www.halcyon.com/mclain/ActiveX/>
[10] <http://www.tbtf.com/archive/1995-12-15.html>
[11] <http://www.tbtf.com/archive/1995-11-19.html>

___

Phil Zimmermann wins Norbert Wiener award

Phil Zimmermann, the man who let the genie of strong crypto out of the bottle, will be presented the Norbert Wiener award in October. The Wiener award is given annually by the Computer Professionals for Social Responsibility [12] to honor excellence in promoting the responsible use of technology. (I would nominate this vehicle [13] for next year's award, but it would be redundant.)

[12] <http://www.cpsr.org/home.html>
[13] <http://weber.u.washington.edu/~oinker/KKPsi/wiener.jpg>

___

Mac cryptography conference scheduled

Are you a Mac developer? Want to learn details of implementing crypto software on that platform? Then register for a free conference to be held in Cupertino on 9/5 and 9/6, 1996. The conference is hosted by Vinnie Moscaritolo <vinnie at apple dot com> and is billed as The First- Ever- Last- Minute- Under- the- Radar- Ask- Forgiveness- but- Not- Permission Macintosh Cryptography and Internet Commerce Software Development Workshop. For details and a registration form see [14].

[14] <http://webstuff.apple.com/~opentpt/crypto.html>

___

Hackers hit Justice Department Web site

You may have heard that hackers invaded the Web site of the Department of Justice a week ago and made "interesting" alterations. For at least several hours the site displayed anti-government propaganda, a swastika, and other content that rendered it illegal under the Communications Decency Act. DoJ technicians turned off the server on Saturday morning and restored its proper content, but not before enterprising Netizens captured the doctored site in all its glory and reposted it elsewhere. Examples may be found at [15] and [16]. For CNN reportage on the breakin see [17]. Thanks to Jon Callas <jon at worldbenders dot com> and the others who sent news of the bit of hacker lore in the making.

[15] <http://www.otol.fi/~jukkao/usdoj/>
[16] <http://www.doobie.com/~baby-x/usdoj/>
[17] <http://cnn.com/US/9608/17/website.sabotage.wir/>

___
Threads Commercial spammers
See also TBTF for
1997-10-20, 1996-10-31, 10-09, 09-08, 08-25, 1995-12-22, 11-29

A simple twist of spam

Nathan Syfrig <nsyfrig at condor dot depaul dot edu> wrote to the e$ mailing list to describe a recent development in the spam wars. A company called Cyber-Promo, well known to spamfighters, has come up with a new twist to avoid ISPs' prohibitions on unsolicited commercial messages.

> A friend of mine got an innocuous e-mail with a reply-to address of
> zol@answerme.com, saying that she was the recipient of an "electronic
> postcard"... [she was instructed] to reply with the word "POSTCARD" in
> the mail header. So she responded (thinking that this was a new twist
> to the recent Web greeting card fad): It was a marketing spam! However,
> because the original was not commercial and the actual content had to
> be "requested," it was not unsolicted... In my book, this is worse than
> being direct about it!

So if spam offends you, don't reply "POSTCARD" to an unknown address. The next time Cyber-Promo runs this spam the return address will almost certainly be different.


TBTF alerts you weekly to bellwethers in computer and communications tech-
nology, with special attention to commerce on the Internet. See the archive
at <http://www.tbtf.com/>. To subscribe send the message
"subscribe" to tbtf-request@world.std.com. TBTF is Copyright 1996 by Keith
Dawson. Commercial use prohibited. For non-commercial purposes please for-
ward and post as you see fit.
______________________________________________________
Keith Dawson dawson dot tbtf at gmail dot com dawson@atria.com
Layer of ash separates morning and evening milk.


TBTF
H
OME
CURRENT
ISSUE
TBTF
L
OG
TABLE OF
CONTENTS
TBTF
T
HREADS
SEARCH
TBTF

Copyright © 1994-2017 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.