Friday, January 14, 2000
1/14/00 8:38:11 AM
Chandra dazzles, Hubble boggles.
The 195th meeting of the American Astronomical Society in Atlanta
is producing, as expected, the first crop of results from the 5-month-old
Chandra orbiting X-ray observatory, and they are dazzling. The venerable
Hubble space telescope, newly refurbished by a visit from the Space Shuttle,
is not doing too badly either.
- X-ray emissions believed to be from the massive black hole at
our own galaxy's center. A faint X-ray source detected precisely
at the location of a long-known radio source called Sagittarius A*
"encourages us to believe that the two are the same," said MIT researchers.
These results are being presented in Atlanta now, and I don't have a
URL just yet.
- X-ray sources from the
billion years after the Big Bang. Chandra has resolved most of
the background X-ray glow that pervades the sky into distinct
sources. Scientists believe they are witnessing X rays from black
holes that formed in the "dark ages" of the universe's evolution,
before stars began to form. If this interpretation is correct, these
would be the most distant objects ever observed.
black holes. Until now, star-sized black holes had only been detected by their
influence on companion stars. The Hubble space telescope captured what appears
to be gravitational
lensing of a distant star by a lone, stellar-scale black hole wandering in
front of it.
Thursday, January 13, 2000
1/13/00 7:21:52 PM
1/13/00 3:26:27 PM
Fundamental Research at the [Bio:Info:Micro] Interface.
Someone who should know better sent me a link to this
which if I understand aright says essentially,
Let's put biologists, info-systems people, and micro-machine
people in the same room and bribe them to collaborate. Maybe
something really neat will happen.
My informant commented:
Now that's the ARPA of fond remembrance, the one that
thought getting a few computers scattered around the country
to talk would be cool.
1/13/00 2:56:15 PM
Four years of the X-ray sky.
An hour ago MIT researchers showed a 7-minute movie at the Atlanta meeting
of the American Astronomical Society, encapsulating four years of X-ray
data from the All-Sky Monitor experiment on the Rossi X-Ray Timing
Explorer satellite. You can download the full four-year movie (at 4 days
per second) from this page.
It's a QuickTime animation, 44 MB uncompressed, 20 MB gzipped.
1/13/00 1:35:50 PM
Wrongfooting spambots with Blackflag.
Boy what a fine idea. Rogers Cadenhead submitted the following item to
Memepool, and kindly sent me a
pointer to it: a simple script that generates an apparently infinite
regress of bogus Web pages and email addresses to trap spammers'
address-hoovering robots. Below I've replicated the Memepool item
exactly, because as Cadenhead points out, it's rather difficult to
convey the enormity of Blackflag without using HTML and a bunch of
Can you fool a spammer's robot into traveling an infinite loop through
does. The script could make the world safe again for the mailto:
1/13/00 9:19:20 AM
AntiOnline fingers credit-card thief "Maxus."
InternetNews has been out in front of coverage of the
CDuniverse credit-card theft. Now they've posted a
claiming that the security information site
AntiOnline infiltrated Maxus's
circle of associates and tracked him down to a bank account in Latvia.
The perp is one Maxim Ivancov, says AntiOnline founder John Vranesevich.
Posing as potential customers for stolen credit cards, AntiOnline
staff also claim to have identified Ivancov's right-hand man,
Evgenij Fedorov, who uses the hacker handle Diagnoz.
Vranesevich said AntiOnline has likely given the FBI enough
additional information to make an arrest -- were Ivancov a U.S.
citizen. But knowledgeable observers are doubtful that Russian
authorities will cooperate with American law enforcement officials.
Wednesday, January 12, 2000
1/12/00 11:59:20 PM
Loosened crypto export regs coming.
Cryptography export policy
See also TBTF for
[Update Thursday 2:44:55 pm EST: The ACLU, EFF, and EPIC have
cooperated on a
spelling out the limitations and ongoing constitutional problems with the new
crypto export regs.]
[Update Thursday 12:36:21 pm EST: the Dept. of Commerce's Bureau of
Export Administration has a
release available. Be patient, the server is extremely busy right now.]
On Friday the US administration will release new regulations
governing the export of crypto products and technology, and this
time it seems there is a genuine loosening of the strictures.
The bad news is that complex regulations are still part of the
picture. Alan Davidson of the Center for Democracy and Technology
called the regs "a full employment act for export-control lawyers,"
adding, "The message is 'Don't try this at home.'" CDT has posted a
of the regulations. Some salients:
- "Retail" encryption products will be exportable regardless of
key length or algorithm to all but the designated "T-7" terrorist
nations. Exporters will still need to get a one-time technical
- Open Source crypto is freely exportable to all but the T-7
countries. Posting code on a Web site for anonymous download is
allowed, and the poster is not required to check that downloaders
might be from one of the rogue nations. Exporters must to send the
Department of Commerce a copy of the code, or a URL, upon
- Export of encryption products up to 64 bits in key length is
- Non-retail products will require a license for many exports,
for example to foreign governments, foreign ISPs, or telcos.
The NY Times has the best
I've seen in the press Thursay morning (you'll need to bite the cookie and
This abandonment of key-length and key-escrow restrictions is a big
improvement. US companies will be able to compete abroad with their
crypto products -- at least the large companies that can afford the
requisite phalanxes of lawyers.
1/12/00 4:56:45 PM
States may not sell driver's license data.
The Supreme Court
unamimously today that states may not sell their citizens' personal
data from motor vehicle registrations to insurers, direct marketers,
or others. The ruling shuts off one major stream of personal data in
In 1994 the
Protection Act had established limits on how states could use
driver's license data. South Carolina, which had a law on its books
directly contrary to the DPPA, filed suit in federal court to block
its implementation. They won that case and won on appeal; but the
Supreme Court solidly disagreed.
was written by Justice William Rehnquist, who is known as a solid
supporter of states' rights. The bluntness of the ruling's conclusion
is therefore something of a surprise:
"The DPPA does not require the States in their sovereign capacity to
regulate their own citizens. The DPPA regulates the States as the
owners of databases."
Monday, January 10, 2000
1/10/00 12:17:35 PM
1/10/00 9:27:58 AM
Russian cracker posts 300K credit-card numbers.
Internet News broke the
of a Russian cracker calling himself Maxus, who claims to have
stolen 300,000 credit cards from CDuniverse.com. First the cracker
tried to blackmail the company for $100,000 to keep quiet.
CDuniverse went along, but when payment was not forthcoming Maxus
posted the cards at his site. They were available, one at a time and
complete with account names and expiration dates, to any site visitor.
Here's an archived page
from the Maxus site when it was operational.
Maxus claimed in email to Internet News that he had broken ICVerify,
a popular credit-card processing application from CyberCash, to
obtain a database of 300K+ customer records from CDuniverse. This story
is not over yet; knowledge of a vulnerability in ICVerify is in the hands
of the cracker community but not of CyberCash. Other cracks seem highly