X

Week in review: Net threat--or not

The Internet is vulnerable to collapse due to a protocol flaw--or not--depending on whom you believe.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
4 min read
The Internet is vulnerable to collapse because of a protocol flaw--or not--depending on whom you believe.

An advisory this week warned that the most popular communications protocol for sending data on the Net could let attackers shut down connections between servers and routers. The vulnerability allows for what's known as a reset attack.

Many network appliances and software programs rely on a continuous stream of data from a single source--called a session. Prematurely ending the session can cause a wide variety of problems for devices. Paul Watson, a security specialist for industry automation company Rockwell Automation, discovered a method that makes disrupting the data flow far easier than previously thought.

However, Watson said Wednesday that widespread reports about the flaw were overblown. He referred to the media reaction as an "inordinate level of attention in respect to the amount of risk."

"The actual threat to the Internet is really small right now," Watson said. "You could have isolated attacks against small networks, but they would most likely be able to recover quickly."

At greatest risk, he said, may be e-commerce sites that manage their own routers--owners of those sites may not believe they're vulnerable to attack and may not have implemented a fix.

Malicious code has been unearthed that can exploit the flaw, but experts say the risk of real-world problems remains fairly low. Security-software maker Symantec said that it had confirmed that software now exists that can take advantage of the vulnerability and that the software has been released publicly. Symantec did not create the exploiting software but has confirmed that it could work.

Gone phishin'
Your personal finances may be at risk too, since the number of "phishing" e-mails circulating on the Web has increased from 279 to 215,643 during the past six months.

Phishing is an Internet-scam technique in which unsuspecting users receive official-looking e-mails that attempt to fool them into disclosing online passwords, usernames and other personal information. Victims are usually persuaded to click on a link that directs them to a doctored version of an organization's Web site.

EarthLink this week became the first Internet service provider to offer protection from phishing. The antiphisher software is part of EarthLink's ScamBlocker feature, a downloadable browser-based toolbar that includes a Google-powered search engine and EarthLink's Pop-Up Blocker. EarthLink said it also offers a program that keeps tabs on all spyware software on customers' computers.

Microsoft's European woes
The European Commission released a massive report explaining the record fine it imposed on Microsoft last month, saying the penalty arose from the long-standing nature of the software company's anticompetitive practices.

The 300-page document says the more than five-year duration of those practices pushed the fine to 497 million euros--now about $590 million--well above what Microsoft would have been charged simply on the basis of its business practices.

"The amount of the fine to be imposed on the basis of the gravity of the infringement should therefore be increased by 50 percent to take account of its duration. On that basis, the base amount of the fine is EUR 497,196,304," the document says.

Responding to the report, which it had seen before the public release, Microsoft posted a seven-page paper to its Web site that aimed to portray the company as the victim of overreaching regulators. The paper called the March ruling a "new law" and cited both the ruling's potential to cause damage and its alleged legal shortcomings.

Staffing changes
Sanjay Kumar, Computer Associates International's chief executive officer and chairman, stepped down after two years of investigation into the company's accounting practices. Analysts said the resignation clears up some uncertainty around CA, but the company faces ongoing challenges.

Kumar is stepping aside and resigning from CA's board but is becoming chief software architect, a newly created position. Lewis Ranieri, the lead independent director on CA's board, is becoming chairman.

The move came days after CA fired nine employees in its legal and finance departments.

Meanwhile, more job cuts may be in store at Gateway. Hoping to turn a profit by year's end, the PC maker's executives are crafting a restructuring plan that could reduce the company's product lines and, in a worst-case scenario, slash its work force by half.

As part of its planning, Gateway management is evaluating at least one scenario that would cut its work force to about 2,000 employees, about half of its current figure of 4,000, according to sources. It was only three weeks ago that Gateway said it would eliminate 2,500 jobs, or nearly 40 percent of its work force, to get to the 4,000 mark.

Also of note
Network security company Palisade Systems launched software designed to identify and block copyrighted songs as they are being traded online...Researchers set a data transmission record over the Internet2's high-speed backbone, transmitting data across nearly 11,000 kilometers at an average speed of 6.25 gigabits per second...Blasting Gmail as a horrific intrusion into Internet users' privacy, a California state senator has introduced legislation to block Google's free e-mail service.