The Washington Post reports that the Judge in the case against the AOL employee who stole the AOL Membership list and sold it to spammers has rejected a guilty plea on the grounds that a crime may not have been committed.
While employed at AOL the software engineer stole 92 million email addresses and sold them to spammers for $100,000. However he is charged under the Federal CAN-SPAM act which the Judge says requires proof of deception. Normally this deception is in the form of forged mail headers and return addresses.
I would suspect that this cretin would be seen as a co-conspirator with the spammer and thus the spammers deception would also be his own. So at a re-hearing in January perhaps they can push this thing through.
Still it seems to me that this is illustrative of what happens when Congress creates law for the problem of the day instead of allowing currently law to do the job. I tend to think that if this guy was charged with theft of trade secrets there wouldn’t be this grey area. Of course from my cyberlaw class, they would have had to prove that the membership list was really a trade secret and was adequately protected by AOL. At least then they wouldn’t have a clearly established area of law instead of creating a potential test case of the CAN SPAM statute and potentially having problems with activist Judges.
Archive for December 2004
Plea Rejected in AOL Membership List Theft
Trusting Firefox
Nice blog entry today over at msdn.
http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx
It describes his experience installing Firefox. Unsigned software. Download redirects to unknown sites. Installation that does not finish.
Whereas XPsp2 does a good job of trying to stop users from running every damn thing a website asks them to, Firefox is back in the old mode of do you want to run install program x. Sure why not.
Trusting Google??
Microsoft apps don’t get the love from the tech media and the Slashdot crowd. Just think what reaction there would have been if it was Microsoft’s Desktop Search tool that allowed remote users to search your hard drive. But since it was Google, there was nary a whimper. What’s even funnier is they fixed it without telling you. That’s right. Google upgrades its software on your machine without asking. Not very friendly like.
1 Billion Dollars
http://story.news.yahoo.com/news?tmpl=story2&u=/ap/20041218/ap_on_hi_te/spam_lawsuit
Robert Kramer, whose company provides e-mail service for about 5,000 subscribers in eastern Iowa, filed suit against 300 spammers after his inbound mail servers received up to 10 million spam e-mails a day in 2000, according to court documents.
AMP Dollar Savings Inc. of Mesa, Ariz., was ordered to pay $720 million and Cash Link Systems Inc. of Miami, Fla., was ordered to pay $360 million. The third company, Florida-based TEI Marketing Group, was ordered to pay $140,000.
Kramer’s attorney, Kelly Wallace, said he is unlikely to ever collect the judgment, which was made possible by an Iowa law that allows plaintiffs to claim damages of $10 per spam message. The judgments were then tripled under RICO.
Symantec to Buy Veritas??
Saw an article over at Yahoo that Symantec is in talks to purchase veritas. In the article it reports that analysts have expressed concern that this may signal that the security sector may be weakening.
“For them to be taking such a huge step away from security … it does not intuitively strike me as a positive sign for the security space over all,” said Donovan Gow, an analyst at American Technology Research
The end of the “security bubble” has definitely been a concern for those late to the security table. Sure companies are being a bit more cautions about throwing money at any product with security in the name. But that does not obviate the need for security solutions. Clearly I don’t have the inside knowledge of an analyst. But I wonder if the acquisition binge that Symantec and McAfee have been on is more of an indication of the wealth of these companies rather than an indication of their panic. Yet straying from the core security message of the company could be a problem.
Virus Analysis
The SANS Internet Storm Center diary has a good writeup today of some basic virus analysis.
SANS: What doesn’t Work
The SANS Institute has this series of webinar’s called “What Works” where a user of a product pitches it as a solution for some problem.
“SANS WhatWorks is the only web cast series that lets you talk with real
users who have real experience implementing technologies that you are
considering.”
I watched the first one was it seemed that the guy doing the pitching was more than just a customer of the vendor. It seems like the guy was a partner with the vendor he was pitching. I didn’t hear anything about pro/cons of other solutions or even points of evaluation. I figure his company got a big discount for doing the sales pitch. It happens all the time, customers become “partners”. They sell their company name for a discount on the product.
SANS has sponsors for these events. In the event I saw, the event was sponsored by the product being pitched. This doesn’t sound to me like an unbiased third party endorsement. How can this be considered a “straight from the horses mouth” when its filtered through the vendor?
This is my opinion. This is Rogers InfoSec Blog.
Kaspersky, “Security Bubble will Burst”
Eugene Kaspersky head of antivirus firm Kaspersky recently predicted the the security computing market will burst within 5 years.
He predicts this crash will occur because of a lack of experience or skill at many companies with security related products. Furthermore, the drive toward secure networks for business will alleviate the demand for other security products.
Death of the mass mailer?
An interesting aritcle by John Leyden over in the Register today forecasting the death of the mass mailing virus.
The article is based on an interview with Kevin Hogan a Symantec Europe manager. He notes that as the purpose of the virus has changed, so has the delivery method. The method of viruses used to be to get noticed. Now they are used to make money. As a result, you don’t want a mass mailing virus that will be quickly noticed and put down.
Human Error caused massive upgrade failure
EDS reports that human error took out 40,000 computers in the UK Department of Work and Pensions the week of November 22nd. EDS was attempting an upgrade to Windows XP and the push was inadvertently deployed to more systems than intended.
Availability. One of the keys of computer security. Human error, an oft overlooked cause of Information Security problems.
