Week in review: No holiday for hackers

The Global Name Registry confirmed that its .name Web site was hacked over the weekend, blaming the attack on the company's move to relaunch its services. GNR representatives said the site, which administers registration of .name Web domains, was attacked a few days after Thanksgiving.

The hackers exploited a hole in one of the software packages used to maintain the site, but a representative from the registry indicated that the situation did not cause major damage to its overall operations.

Hackers also attacked the Debian Project, exploiting a flaw in the core Linux software, or kernel, to compromise four of the open-source software project's development servers. During several intrusions on Nov. 19, the flaw enabled an attacker who already had access to a server to remove the limitations that protected the system from everyday users. The technique is known as a privilege escalation.

Members of the development team found the flaw in September and fixed the latest version of the kernel. The fix came a bit late, however. The latest version of the kernel, 2.4.23, was released Friday, eight days after the Debian breach.

Meanwhile, a new glitch in one of Microsoft's server software packages is causing headaches for some small businesses. The problem affects all customers who installed SharePoint Services after Nov. 24, preventing it from installing properly.

SharePoint, which is used to create a company intranet, is included as part of the standard and premium editions of the recently launched Small Business Server 2003 package, which also includes the Windows Server 2003 operating system and Microsoft Exchange e-mail software.

Microsoft was also battling newly discovered security flaws in Internet Explorer that could let attackers invade a user's PC. When used together, the flaws could allow an attacker to execute malicious code on a user's PC.

Instructions on disabling active scripting, which may keep some sites from functioning properly, are available from the Computer Emergency Response Team.

Rescuing cybersecurity
Officials from the Department of Homeland Security used the National Cyber Security Summit to praise industry-led initiatives, and they promised to forestall any legislation. However, Department of Homeland Security Secretary Tom Ridge and Robert Liscouski, assistant secretary for infrastructure protection, said they would go to bat for industry efforts to better corporate network security. They warned that companies had better not strike out.

"There should be no mistake about where we stand," Liscouski said during a press conference at the summit. "We are not going to let anybody who operates in this space dodge their responsibility, and I will be sticking my finger into people's chests to make sure they live up to their responsibilities."

Working groups at the summit pledged to release white papers, by March 1, 2004, which outline their recommendations for securing businesses and consumers, and creating more secure software. The next meeting, tentatively set for September 2004, will be the deadline for each group to deliver at least some results.

The quick deadlines are a nod to the urgency expressed by policy-makers and consumers. Critics have snubbed the United States' cybersecurity policy--the National Strategy to Secure Cyberspace--as largely voluntary and lacking regulatory prescriptions.

Sun: Down but not out
Sun Microsystems came in to its first European user conference under heavy criticism from Wall Street analysts after a $286 million loss on its declining revenue in the company's most recent quarter. Questions are also being asked about Sun's ability to compete in the low-end market.

However, CEO Scott McNealy maintained that the only challenge facing Sun is getting its message across to customers, and that the public perception of his company is a result of the spin put out by rivals and analysts. Customers, he said, "can't find a hole" in Sun's strategy.

Sun is hoping to increase the penetration of Linux on the enterprise desktop by slashing the price of its Java Desktop System, which is designed to replace Microsoft's Windows operating system and Office suite. Sun said it will provide management, support, tools and servicing at a 50 percent discount until the middle of 2004.

Meanwhile, Sun announced that it had decided not to join the Eclipse open-source tools effort backed by rival IBM. In addition to dropping the plan to join Eclipse, Sun said it will no longer try to merge the Sun-sponsored NetBeans open-source Java tools project with Eclipse. The Eclipse open-source project, founded by IBM in 2001, is an IBM-owned consortium that has gained the membership of several development-tools companies over the past year.

Sun, the Java founder and steward, decided with Eclipse that overcoming the technical and organizational differences between the two groups would adversely affect current participants in the NetBeans and Eclipse projects.

Stopping swapping
The Recording Industry Association of America has sued another 41 people in its ongoing legal campaign against file swappers who are trading copyrighted music online. This is the RIAA's third batch of suits against computer users since early September, bringing the total number of people sued to 382.

The recording industry claimed progress in a controversial legal campaign, but its optimism appeared to clash with at least some of the evidence, which remains murky. By some measures, usage of peer-to-peer software such as Kazaa has been cut in half since the RIAA announced in late June that it would begin suing alleged file traders. But by other measures, file swapping is hitting an all-time high.

Also of note
America Online is offering a $299 bundle of PC, 17-inch monitor and color printer to subscribers who sign up for its Internet service for one year--its latest effort to prop up its subscriber base...U.S. cell phone customers, excited about new regulations that let them keep their old numbers when switching carriers, are finding that they can't use their old phone with their new service...Nearly one-third of all spam circulating the Web is relayed through PCs that have been compromised by malicious programs known as Remote Access Trojans.