Week in review: Net threats

Cyberattacks on the information technology systems of banks and insurance companies are on the rise worldwide, according to a survey released Thursday. The study showed that nearly 83 percent of respondents said their systems had been compromised in the past year, compared with 39 percent in 2003. Nearly 40 percent of the respondents whose systems were attacked reported financial losses.

In addition, security technology company Symantec reported that it has analyzed what it believes to be the first known threat to 64-bit Windows systems, a virus labeled W64.Rugrat.3344. However, the threat was merely a so-called proof-of-concept virus--a worm developed by someone to show that vulnerabilities are present in a particular type of system--and not a virus spreading in the wild.

Symantec said the W64.Rugrat.3344 can attack 64-bit Microsoft Windows files successfully, but it doesn't infect 32-bit files and will not run on 32-bit Windows systems. Since 64-bit systems have yet to be installed widely, Symantec maintains that the virus does not yet represent a serious threat.

Mac OS X systems are still vulnerable to a security hole after a patch issued by Apple Computer last week failed to fix the underlying problem, security experts said. The security issue could allow an attacker to transfer and then run a malicious program on a Mac, if the Mac's user can be enticed to go to a fake Web page on which the program has been placed.

"This, in my mind, is the first critical vulnerability on OS X," said Richard Forno, a security researcher and the former chief of security for domain registrar Network Solutions.

As more corporate IT managers are becoming fed up with security flaws, many are employing technology known as "static source code checkers" to analyze the code created by developers and flag potential errors. Microsoft found the tools so helpful in earlier Windows development that it bought the company that provided the technology.

A handful of other companies have started to sell tools similar to the static source code checker used by Microsoft. Although the tools have been developed mainly by academics intent on collecting data about software flaws, these companies think the programs are mature enough for commercial applications.

Net bills come due
The California State Senate approved a bill that takes aim at Google's new Gmail service, placing strict limits on e-mail providers that seek to scan customer messages for advertising and other purposes. The bill passed after the removal of a key provision that would have required e-mail providers to get the consent of message senders to the scanning.

The bill explicitly allows e-mail and instant-messaging providers to scan the content of messages to deliver advertisements, as long as the providers meet certain restrictions on how the data is used. Information gleaned from e-mails cannot be retained, shared with a third party, or shown to any employee or other "natural person," according to the bill. In addition, instant-messaging providers must permanently delete messages at the request of customers.

File-swappers concerned about getting in trouble with record labels over illegal downloads may soon have a new worry: the U.S. Department of Justice. As early as next week, the Senate may vote on a proposal that would let federal prosecutors file civil lawsuits against suspected copyright infringers, with fines reaching tens or even hundreds of thousands of dollars.

The so-called Pirate Act is raising alarm among copyright lawyers and lobbyists for peer-to-peer firms, who have been eyeing the recording industry's lawsuits against thousands of peer-to-peer users with trepidation. The Justice Department, they say, could be far more ambitious.

But apparently, the threat of lawsuits isn't always a deterrent on the Internet. Spammers flooding the Internet with pornographic solicitations are apparently not abiding by a new federal rule that took effect last week.

Not only did illegal, sexually explicit spam fail to slow down after the regulations took effect May 19, but one antispam company found that pornographic e-mail traffic jumped from about 2 million messages in a 40-hour period last week to about 2.5 million during the same period this week.

Making the call
Cingular Wireless plans to test a wireless broadband network in Atlanta, using Universal Mobile Telecommunications System (UMTS) equipment from Lucent Technologies. The equipment, which currently supports data speeds of up to 2 megabits per second, ultimately could support speeds of up to 14.4mbps.

With the new network, Cingular said it might offer downloads of film trailers and sports highlights; access to e-mails with large attachments; and the locations of automated teller machines, movie theaters or restaurants.

In a major turnaround, top U.S. cable company Comcast said it will rely more on voice over Internet Protocol (VoIP), an emerging technology for placing phone calls over the Net. The move could increase the cable industry's momentum toward unseating traditional phone companies, but some analysts said it may be too late to do Comcast much good.

Comcast now plans to outfit half its network with VoIP technology by year's end and to have the entire network outfitted by the end of 2005. Executives said the company will use the technology to sell phone services this year in Philadelphia, Indianapolis and Springfield, Mass. Comcast expects to begin selling phone service nationwide in 2006 to about 40 million homes.

Meanwhile, Verizon Communications will soon become the second Baby Bell in the United States to offer broadband to consumers, regardless of whether they are customers of its local phone service. The company plans to offer what's been called "naked" digital subscriber line (DSL) service to customers within its local phone region by the end of 2004. Qwest Communications International in February announced plans to offer a similar service to its customers.

Up until that point, the Baby Bells typically offered DSL as part of a package with local phone service. Customers who switched local phone providers risked losing their DSL service. Consumer groups argued that this practice locked customers into services with the Baby Bells, while shutting out DSL competitors.

Coming attractions
Cisco Systems introduced a high-end router for large telecommunications companies with networks that handle the greatest levels of Internet traffic. The Carrier Routing System-1, or CRS-1, is the first router designed by Cisco that will enable several boxes to be clustered together to function as a single router. It is perhaps the most highly anticipated addition to the company's next generation of devices.

Among the features added to CRS-1 is newly designed operating software, Cisco IOS XR, which the company said it invented for terabit-scale routing systems built on massively distributed multishelf architectures. The machine also offers system capacity of up to 92 terabits per second, optical carrier packet interface, a 40 gigabyte-per-second integrated circuit, an interface based on XML (Extensible Markup Language) and visual management tools.

On the browser front, America Online said it plans to release a new version of its Netscape Web browser this summer, though the effort does not appear to signal a return to major browser development work for the company.

An AOL representative said the new software will be based on Mozilla 1.7 code developed by Netscape's open-source offshoot. The representative described it as a relatively minor upgrade that will include a few security patches but leave the interface mostly unchanged.

Also of note
Microsoft agreed to pay Norway's Opera Software $12.75 million to head off a threatened lawsuit over code that made some Web pages on MSN look bad in certain versions of Opera's Web browser...Software maker Computer Associates International told investors that it has offered to pay $10 million to settle allegations that the company has violated securities law...Microsoft has launched an effort to produce a version of Windows for high-performance computing, a move seen as a direct attack on a Linux stronghold...Oracle will finish switching its 9,000-person in-house programming staff to Linux by the end of 2004.