Week in review: Facing the music

The Recording Industry Association of America (RIAA) filed 261 lawsuits against alleged file swappers, charging them with "egregious" copyright infringement potentially worth millions of dollars in damages. The lawsuits mark the first time that copyright laws have been used on a mass scale against individual Internet users. The lawsuits also mark a turning point in the industry's three-year fight against online song-trading services such as Kazaa and the now-defunct Napster.

Monday's lawsuits are just the first wave of what the group said ultimately could be "thousands more" lawsuits filed over the next few months. Under copyright law, violators can be held liable for up to $150,000 per violation--a measure that could result in stunningly high damage figures for some of the defendants in this round of suits.

One of those targets wound up being a 12-year-old honors student who lives in a New York City Housing Authority apartment. Just 24 hours after filing the lawsuits, the RIAA settled with Brianna Lahara, agreeing to drop the suit in exchange for $2,000. The trade group noted that it had agreed to settle with the preteen's mother for a sum considerably lower than previous settlement arrangements.

The quick settlement points both to the public relations dangers of the RIAA's shotgun lawsuit approach and to its simultaneous effectiveness. Other sympathetic defendants are likely to emerge, but the group is setting a fast precedent of pushing people toward settlement.

However, a peer-to-peer group said it would cover the settlement costs for the girl. P2P United, a peer-to-peer industry trade group that includes Grokster, StreamCast Networks, Lime Wire and other file-trading software companies, said it had offered to reimburse Brianna.

Here's a quick look at how the RIAA has done its investigations and what kind of information it has used to find people and file the lawsuits.

Duck and patch
Microsoft identified three vulnerabilities in Windows that could have a similar effect to that of the dreaded MSBlast worm of August. The flaws, which affect Windows NT 4.0, Windows 2000, Windows Server 2003, Windows XP and the 64-bit versions of Windows XP, are the latest in a string of critical weaknesses recently identified in Windows.

The first two flaws are buffer overruns, which allow a hacker to take over a computer by swamping it with data. The third is a denial-of-service flaw. By using the flaws in tandem, a hacker could load unwanted programs onto computers through the buffer overrun flaws and then use the infected computers to launch a denial-of-service attack.

"An attacker who successfully exploited either of the buffer overrun vulnerabilities could gain complete control over a remote computer," Microsoft stated.

A virus or worm that exploits newly revealed vulnerabilities could emerge fairly soon, security experts say, in part because the vulnerabilities are very similar to the flaws exploited by the MSBlast worm.

"This is essentially the same type of vulnerability," said Alfred Huger, senior director of engineering at Symantec Security Response. "We?re likely to see them (new viruses) in the near future."

A damaging outbreak could well hinge on how quickly people and institutions move to inoculate their PCs against potential attacks. Often, businesses and consumers can be slow to patch systems.

The exploding problems caused by malicious worms and viruses has not escaped the attention of Congress, which has asked whether additional laws and criminal prosecutions are necessary to protect the public. Rep. Adam Putnam, the chairman of a House subcommittee that oversees government use of technology, suggested at a hearing that the U.S. Department of Justice and the FBI are not doing enough to identify and prosecute those responsible for the havoc caused by such viruses.

"There are hundreds of viruses released every year...but you can only recall two arrests, two convictions, two jail times?" Putnam asked a Justice Department official.

Other members of the subcommittee said they are particularly concerned about the effect that vulnerabilities in common operating systems such as Windows could have on government agencies.

It's an OracleWorld, after all
As its acquisition battle for PeopleSoft continues, the database software maker talked up grid computing at this week's OracleWorld conference in San Francisco. Oracle executives have called grid computing the most significant new business technology to come along since the Internet, and they say Oracle is making its most innovative technology leap in a decade with a host of new database and related software products it's readying around the grid concept.

The much-ballyhooed technology involves pooling the computing power of hundreds of servers over a network to run programs more reliably and reduce the cost of maintaining data centers.

"This OracleWorld is a milestone event for us and the industry, as we usher in an era of grid computing for the enterprise," Chuck Phillips, executive vice president of Oracle, said Monday before an audience of thousands at the conference. Oracle will release its new grid computing product line, called 10G, around the end of the year, Phillips said. Hundreds of customers are already testing the beta version of the products.

However, grid computing is in danger of being overexposed and misunderstood, Hewlett-Packard CEO Carly Fiorina believes. "Grid computing has been more hype than reality," she said in a speech.

Fiorina said much work lies ahead in bringing the vision of grid computing to the average business user, with technical standards and other wrinkles still needing to be ironed out. She predicted that it would take three to five years before companies use grid computing as the foundation of their payroll and other business systems.

On another Oracle front, Phillips said it's unlikely the company would raise its $7.25 billion unsolicited bid for rival PeopleSoft before regulators weighed in on the deal, if ever. Phillips told reporters that "it wouldn't make sense" for Oracle to raise its $19.50-per-share offer while awaiting regulatory clearance.

The company doesn't expect a decision from the U.S. Department of Justice, which is reviewing the deal, until sometime in October or November. Regulators in the European Union and Canada are also looking at the deal.

Also of note
Sun Microsystems' co-founder Bill Joy, who helped develop its Java software, SPARC microprocessor architecture and the Solaris operating system, is leaving the company ... Adrian Lamo, who won notoriety for his public claims of electronic intrusions, was jailed in New York and then released to face federal hacking charges ... Apple Computer introduced two new iMacs that boast speeds of up to 1.25GHz, and two larger iPods featuring capacities of 20GB and 40GB, up from 15GB and 30GB ... A customer of Apple's iTunes Music Store said he has successfully resold a song he purchased through the service, ending a weeklong exercise he hoped would highlight the legal and technical nuances of emerging digital music services.