Friday, January 14, 2000

1/14/00 8:38:11 AM

• Chandra dazzles, Hubble boggles. The 195th meeting of the American Astronomical Society in Atlanta is producing, as expected, the first crop of results from the 5-month-old Chandra orbiting X-ray observatory, and they are dazzling. The venerable Hubble space telescope, newly refurbished by a visit from the Space Shuttle, is not doing too badly either.
  • X-ray emissions believed to be from the massive black hole at our own galaxy's center. A faint X-ray source detected precisely at the location of a long-known radio source called Sagittarius A* "encourages us to believe that the two are the same," said MIT researchers. These results are being presented in Atlanta now, and I don't have a URL just yet.

  • X-ray sources from the first billion years after the Big Bang. Chandra has resolved most of the background X-ray glow that pervades the sky into distinct sources. Scientists believe they are witnessing X rays from black holes that formed in the "dark ages" of the universe's evolution, before stars began to form. If this interpretation is correct, these would be the most distant objects ever observed.

  • Lone-wolf black holes. Until now, star-sized black holes had only been detected by their influence on companion stars. The Hubble space telescope captured what appears to be gravitational lensing of a distant star by a lone, stellar-scale black hole wandering in front of it.

Thursday, January 13, 2000

1/13/00 7:21:52 PM

Businesses based on domain names See also TBTF for 2000-07-20, 04-19, 1999-12-16, 08-30, 07-08, 02-01, 1998-08-10, 04-20, 02-23, 02-09, 1997-12-08, more...

• Domain name registration for $19.95/year. Yesterday RegisterFree.com announced $19.95 pricing for domain-name registration and parking. The company said that after 15 January, customers will be able to order registrations for any period from 1 to 10 years; for this week, only 2-year terms are available. (Sounds like they didn't quite get their software done by announcement day.) Names can be up to 63 characters long, relaxing a longstanding limitation of NSI's registration. Registerfree.com lets customers edit their contact information, name server data, etc., via a browser-based form.

  Thanks to Martin Schwimmer at Fross Zelnick for the tip.

1/13/00 3:26:27 PM

• Fundamental Research at the [Bio:Info:Micro] Interface. Someone who should know better sent me a link to this DARPA solicitation, which if I understand aright says essentially,

  Let's put biologists, info-systems people, and micro-machine people in the same room and bribe them to collaborate. Maybe something really neat will happen.

  My informant commented:

  Now that's the ARPA of fond remembrance, the one that thought getting a few computers scattered around the country to talk would be cool.

1/13/00 2:56:15 PM

• Four years of the X-ray sky. An hour ago MIT researchers showed a 7-minute movie at the Atlanta meeting of the American Astronomical Society, encapsulating four years of X-ray data from the All-Sky Monitor experiment on the Rossi X-Ray Timing Explorer satellite. You can download the full four-year movie (at 4 days per second) from this page. It's a QuickTime animation, 44 MB uncompressed, 20 MB gzipped.

1/13/00 1:35:50 PM

• Wrongfooting spambots with Blackflag. Boy what a fine idea. Rogers Cadenhead submitted the following item to Memepool, and kindly sent me a pointer to it: a simple script that generates an apparently infinite regress of bogus Web pages and email addresses to trap spammers' address-hoovering robots. Below I've replicated the Memepool item exactly, because as Cadenhead points out, it's rather difficult to convey the enormity of Blackflag without using HTML and a bunch of links.

  Can you fool a spammer's robot into traveling an infinite loop through thousands of fake Web pages collecting phony e-mail addresses? Erik Schorr's Blackflag does. The script could make the world safe again for the mailto: URL.

1/13/00 9:19:20 AM

• AntiOnline fingers credit-card thief "Maxus." InternetNews has been out in front of coverage of the CDuniverse credit-card theft. Now they've posted a story claiming that the security information site AntiOnline infiltrated Maxus's circle of associates and tracked him down to a bank account in Latvia. The perp is one Maxim Ivancov, says AntiOnline founder John Vranesevich. InternetNews writes:

  Posing as potential customers for stolen credit cards, AntiOnline staff also claim to have identified Ivancov's right-hand man, Evgenij Fedorov, who uses the hacker handle Diagnoz. Vranesevich said AntiOnline has likely given the FBI enough additional information to make an arrest -- were Ivancov a U.S. citizen. But knowledgeable observers are doubtful that Russian authorities will cooperate with American law enforcement officials.

Wednesday, January 12, 2000

1/12/00 11:59:20 PM

Cryptography export policy See also TBTF for 2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more...

• Loosened crypto export regs coming.

  [Update Thursday 2:44:55 pm EST: The ACLU, EFF, and EPIC have cooperated on a press release spelling out the limitations and ongoing constitutional problems with the new crypto export regs.]

  [Update Thursday 12:36:21 pm EST: the Dept. of Commerce's Bureau of Export Administration has a press release available. Be patient, the server is extremely busy right now.]

  On Friday the US administration will release new regulations governing the export of crypto products and technology, and this time it seems there is a genuine loosening of the strictures. The bad news is that complex regulations are still part of the picture. Alan Davidson of the Center for Democracy and Technology called the regs "a full employment act for export-control lawyers," adding, "The message is 'Don't try this at home.'" CDT has posted a draft of the regulations. Some salients:

  • "Retail" encryption products will be exportable regardless of key length or algorithm to all but the designated "T-7" terrorist nations. Exporters will still need to get a one-time technical review.

  • Open Source crypto is freely exportable to all but the T-7 countries. Posting code on a Web site for anonymous download is allowed, and the poster is not required to check that downloaders might be from one of the rogue nations. Exporters must to send the Department of Commerce a copy of the code, or a URL, upon publication.

  • Export of encryption products up to 64 bits in key length is completely liberalized.

  • Non-retail products will require a license for many exports, for example to foreign governments, foreign ISPs, or telcos.

  The NY Times has the best overview I've seen in the press Thursay morning (you'll need to bite the cookie and register).

  This abandonment of key-length and key-escrow restrictions is a big improvement. US companies will be able to compete abroad with their crypto products -- at least the large companies that can afford the requisite phalanxes of lawyers.

1/12/00 4:56:45 PM

• States may not sell driver's license data. The Supreme Court ruled unamimously today that states may not sell their citizens' personal data from motor vehicle registrations to insurers, direct marketers, or others. The ruling shuts off one major stream of personal data in the flood plain that is US privacy policy today.

  In 1994 the Driver's Privacy Protection Act had established limits on how states could use driver's license data. South Carolina, which had a law on its books directly contrary to the DPPA, filed suit in federal court to block its implementation. They won that case and won on appeal; but the Supreme Court solidly disagreed.

  The brief decision was written by Justice William Rehnquist, who is known as a solid supporter of states' rights. The bluntness of the ruling's conclusion is therefore something of a surprise: "The DPPA does not require the States in their sovereign capacity to regulate their own citizens. The DPPA regulates the States as the owners of databases."

Monday, January 10, 2000

1/10/00 12:17:35 PM

Internet Freedom Journalism Awards winners announced.

(Published in TBTF -- see http://tbtf.com/archive/2000-02-06.html#notes.)

1/10/00 9:27:58 AM

• Russian cracker posts 300K credit-card numbers. Internet News broke the story of a Russian cracker calling himself Maxus, who claims to have stolen 300,000 credit cards from CDuniverse.com. First the cracker tried to blackmail the company for $100,000 to keep quiet. CDuniverse went along, but when payment was not forthcoming Maxus posted the cards at his site. They were available, one at a time and complete with account names and expiration dates, to any site visitor. Here's an archived page from the Maxus site when it was operational.

  Maxus claimed in email to Internet News that he had broken ICVerify, a popular credit-card processing application from CyberCash, to obtain a database of 300K+ customer records from CDuniverse. This story is not over yet; knowledge of a vulnerability in ICVerify is in the hands of the cracker community but not of CyberCash. Other cracks seem highly likely.