Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Kazaa, China and Microsoft

Last week, the long-awaited verdict was finally handed down in the Australian court case against the Kazaa filesharing application. The verdict that was handed down appears to be inline with what the US Supreme Court handed down in the recent Grokster decision, where the actual software itself is not illegal, but the promotion of the software for illegal usage by the developers is illegal. In the Kazaa case, the argument was that the developers were licencing users to access a network which they knew was being used for copyright infringement purposes. The numerous corporate reshuffles and ownership rearrangements did not help, either, as it suggested an elaborate attempt to avoid liability.

In the greater scheme of things, the decision will not change much in terms of file sharing or copyright infringement. The relevancy of Kazaa as one of the primary file trading networks has been in decline for some time, with numerous alternatives surfacing to take its place. Some of these tools have also drawn attention, such as BitTorrent, where tracker sites (sites which host the .torrent files which point to the actual content) have been under legal pressure to close, when they have been hosting .torrents which point to files which have compromised copyright (such as the suprnova.org site). The ongoing efforts by content owners to prosecute, and shut down, file trading efforts will only continue to pick off the low hanging fruit. There will be new filesharing technologies and anonymous access methods which will emerge, which will only serve to make it more difficult to track down copyright infringers. Anonymous networking applications and initiatives, such as Tor and Freenet, will be a part of this approach.

Unfortunately, Australia still does not have suitable provisions for fair use in legislation, which might be leading end users to seek content via copyright infringement purposes. What this means, in practical terms, is that iPod owners can not legitimately fill their portable devices with their music collections, as there is no legal download service for MP3 formatted files in Australia, and media shifting of their existing CD collections is not permitted under the current fair use laws.

As the Kazaa verdict is being sorted out, Sharman Networks (the company responsible for Kazaa) has indicated that it will be appealing the ruling, but the appeal is not likely to start before the end of the year. In order for the appeal to take place, they need to lodge their request within three weeks of the verdict date. With the music companies that led the prosecution calling for damages of billions of dollars to be paid by Sharman Networks (or Kazaa users), it has yet to be determined what the financial cost will be, and who will have to pay it. Sharman Networks have also indicated that they will fight the sections of the ruling which they do not agree with.

The hyperbole and irrational fear that this case has resulted in appears very similar to that which surrounded the Grokster decision, and the Napster decision before that. Decisions such as this seem to polarise responses, and allows people marginally involved with the case to use the outcome as a platform to forward their own agendas. While the arguments being put forward by the various interest groups have their own merit (or lack of), the underlying dichotomy between technical advancement / acceptance and the knowledge held by law makers and major corporations about such technology continues.

China is also facing similar issues, as the government seeks to manage the access of residents to external information sources. Reports started circulating towards the end of the week of moves by China Telecom to block Skype VoIP services to their customers. Currently only affecting the southern city of Shenzen, the blockage has drawn the conspiracy theorists out of the woodwork, claiming that the Chinese are doing this to prevent unregulated information access by residents. While this is a possibility, it appears that the reason behind the move may be more commercial than anything else. The presence of VoIP services allows users to bypass most calling costs for telephone calls, buy using the existing network connection. When the incumbent telecommunications providers charge in the order of $1 - $2 USD per minute for international telephone calls, the presence of an alternative which is essentially free can threaten the viability of the existing services. A China Telecom representative observed that the current legislation in China strictly regulates VoIP style services, and only China Telecom and China Netcom are permitted to conduct trials. Concerns have been raised by telecommunication companies in other countries over similar issues, and it represents an ongoing concern for them.

Activities of foreign companies within China have also drawn some news in the last week. Yahoo! has been accused of complicity in supplying information to the Chinese authorities which was used to jail a Chinese journalist for ten years. According to the claims made in an Associated Press article, the Internet Search Engine giant provided information on the content of a a Yahoo! mail message that was then traced to the journalist's computer. The Chinese authorities claim that the message contained state secrets, and the journalist was illegally passing them to foreign interests. The message in question apparently contained the journalist's notes on a government information circular which outlined media restrictions. Claims were also made that it is a symptom of the Chinese Government's difficulty in controlling information flow in the digital era, and other Chinese journalists have faced similar charges.

Remaining with news from China, and in a followup to last week's details on the Microsoft - Google court case details, claims have been made that the Microsoft executive that Google hired away was engaged in corporate espionage prior to his departure from Microsoft. The claim is that he was passing Microsoft secrets to Google, even before he had accepted the new job at Google - even that the passing of the secrets was critical to him gaining the role at Google.

The executive has since lashed out at Microsoft with claims of 'Incompetence' by the software giant in its attempts to establish a presence in China. He also claimed that Microsoft chairman, Bill Gates, verbally attacked him, but declined to provide adequate details as to what prompted the outburst. If true, it would place on record significant outbursts from both the chairman and CEO of Microsoft within the space of a week. Other reports suggested that the outburst was targeted at the bureaucracy in China, and the difficulties that Microsoft was facing in establishing viable business in the country.

Microsoft has also launched an appeal against the EU ruling which dictated that they have to open up various elements of their software to open sourced competition, in an effort to promote interoperability from the competing software. Microsoft is seeking an overturning of the original ruling, and are expected to launch an appeal against the fine levied by the EU.

Microsoft also ran into further difficulty last week, when the Commonwealth of Massachusetts, in the United States promulgated that all official electronic documents will have to adhere to the OpenDocument format, as is implemented by applications such as OpenOffice.org. Due to Microsoft Word not supporting this document format, it is apparent that the Commonwealth will be moving away from Microsoft's format, focussing, instead, on alternative office suites. It does not mean that they will be moving away from the Windows platform, as some observers suggested.

Open Source advocates are celebrating the announcement, and have even suggested that such a move should be pre-requisite for all Governmental levels. One of the leading arguments is that matters of public record should be held in a format which is not proprietary, and which adheres to agreed standards. Taking such an approach should ensure that the data is future-proofed, and easy to extract in the future.

Other advantages to this sort of approach become apparent when it is understood that most of the alternate formats are nearly human readable, and rely upon conditional formatting which isn't binary. This means that data mining suddenly becomes much easier, and it is possible to operate on the data in multiple files with ease, opening the way for a wide range of future uses. The other benefit to a standardised storage format is that the files will almost certainly be useable in any future version of the office suite in use, which is an issue that Microsoft Office has struggled with over the years, and which continues to plague installations of Microsoft Office.

Microsoft's monthly security patch release (dubbed 'Black Tuesday' by some), has been delayed for September. Patches are normally released on the second Tuesday of every month, and earlier this week, Microsoft announced that they would be releasing a single patch which was rated as critical. According to news issued by Microsoft, the patch has been withdrawn due to difficulties which were encountered late in the Quality Assurance cycle.

It is rumoured that the patch will be for Internet Explorer, and will fix the earlier reported vulnerability for that product, although Microsoft's information only indicates that Windows will be affected. Internet Explorer is a critical component of the Windows Operating System, as was discovered during the anti-trust court proceedings against Microsoft. Black Tuesday will still see updates for the Microsoft Malicious Software Removal Tool, along with a non-security, highly critical update for Windows.

One thing which has taken the attention away from Microsoft last week was the disclosure of vulnerabilities affecting Mozilla-derived Internet browsers. The vulnerabilities caused the browsers to crash, and it has been confirmed that they can now be used to execute code of choice (on all platforms). The flaws are buffer overflows caused by failures in IDN character set support in the URL. The IDN character set is used to display non-English characters, and in this specific case it is the handling of the character represented by the 0xAD hexadecimal code.

The announcement has ignited yet more argument about the practice of vulnerability disclosure. The researcher who has claimed the discovery of the vulnerabilities is the same one who recently uncovered a vulnerability fixed in last month's Microsoft patch updates (MS05-041), and who has claimed discovery of an Internet Explorer vulnerability which can be exploited, irrespective of patches and security updates. With disclosing information on the Mozilla-derived browsers, the researcher included sample exploit code, which marks a different approach to the handling of Microsoft-related vulnerabilities. Some observers are crying foul, that the researcher failed to alert the developers, and of the apparent bias in the approach to information disclosure between Microsoft-related, and other vulnerabilities.

12 September 2005

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.