Friday, June 03, 2005

Girls in the Board Room!. Beginning July 1, Norway will require all corporate boards to be 40 percent female or the companies will face sanctions, even dissolution, according to Womens eNews. Norway already has the highest percentage of women board members in any country at 22.5 percent. The figure is 18 percent in neighboring Sweden; 11 percent in the U.K. In the U.S. women comprise 14 percent of board members at Fortune 500 companies. The cynical view is that as board membership in the U.S. becomes more burdensome and less lucrative under new ethics and personal liability rules, "opportunity" will open for women. [Girl in the Locker Room!] 5:29:03 PM    comment []

KGB successor wants Great Firewall of Russia [bOing bOing] 5:28:35 PM    comment []

Dave on Google Sitemaps appears to be a feature I've been asking search engines to implement since 1997. Basically it lets you give the search engine a complete list of all files on your site and when they've last changed. That way the search engine doesn't have to re-read your whole site every day. This is especially useful for archives of weblogs. I'll support it on Scripting News as soon as I possibly can. 5:28:32 PM    comment []

Attack on the Bluetooth Pairing Process. There's a new cryptographic result against Bluetooth. Yaniv Shaked and Avishai Wool of Tel Aviv University in Israel have figured out how to recover the PIN by eavesdropping on the pairing process. Pairing is an important part of Bluetooth. It's how two devices -- a phone and a headset, for example -- associate themselves with one another. They generate a shared secret that they use for all future communication. Pairing is why, when on a crowded subway, your Bluetooth devices don't link up with all the other Bluetooth devices carried by everyone else. According to the Bluetooth specification, PINs can be 8-128 bits long. Unfortunately, most manufacturers have standardized on a four decimal-digit PIN. This attack can crack that 4-digit PIN in less than 0.3 sec on an old Pentium III 450MHz computer, and in 0.06 sec on a Pentium IV 3Ghz HT computer. At first glance, this attack isn't a big deal. It only works if you can eavesdrop on the pairing process. Pairing is something that occurs rarely, and generally in the safety of your home or office. But the authors have figured out how to force a pair of Bluetooth devices to repeat the pairing process, allowing them to eavesdrop on it. They pretend to be one of the two devices, and send a message to the other claiming to have forgotten the link key. This prompts the other device to discard the key, and the two then begin a new pairing session. Taken together, this is an impressive result. I can't be sure, but I believe it would allow an attacker to take control of someone's Bluetooth devices. Certainly it allows an attacker to eavesdrop on someone's Bluetooth network. News story here. [Schneier on Security] 5:16:31 PM    comment []

Offering != Distribution (Donna Wentworth). Judge Marilyn Patel issued a ruling (PDF) Wednesday that settles an important question in the ongoing Napster (yes, Napster) case -- whether under the law, simply offering copyrighted material to others (say, by listing it in an index) means you're distributing it. The record label lawyers, as Ernie Miller so delicately puts it, "were bloody idiots because they didn't nail down evidence of direct infringement before launching the Napster lawsuit." They have therefore been working hard at making the Artists' Rights and Theft Prevention Act of 2005 (ART Act) work for them, hoping Judge Patel would adopt a new, broader standard for the right of distribution based on one of its provisions. If Judge Patel found Napster liable for direct infringement on the theory of making-available-as-distributing, the labels could press forward against Napster's investors on that basis. No such luck. Rather than requiring proof of the actual dissemination of a copyrighted work or an offer to distribute that work for the purpose of its further distribution or public performance, plaintiffs' theory is premised on the assumption that any offer to distribute a copyrighted work violates section 106(3). This is not sufficient to satisfy plaintiffs' burden of proving that Napster or its users directly infringed their copyrighted musical compositions and sound recordings, as they must do if they are to hold defendants secondarily liable for that infringement. Accordingly, the court holds that defendants are entitled to summary judgment on this issue. In other words, copyright holders have to prove that someone actually downloaded the file from you before you can be found liable for distributing. The simple act of offering isn't enough. Accordingly, the court holds that defendants are entitled to summary judgment on this issue. In the context of the case, this is a minor victory -- Judge Patel did not dismiss the other theories for direct infringement, so the case will continue against Napster's investors on those grounds. But it does clarify the law, providing a safeguard against the over-reach that the ART Act threatened. [Copyfight] 5:16:20 PM    comment []

Two Korea stories in one day . . . coincidence? Microsoft admits popular MSN site hacked in Korea, by Ted Bridis (AP). Microsoft acknowledged Thursday that hackers booby-trapped its popular MSN Web site in Korea to try to steal passwords from visitors. The company said it was unclear how many Internet users might have been victimized. Microsoft said it cleaned the Web site, www.msn.co.kr, and removed the dangerous software code that unknown hackers had added earlier this week. . . . . . . . The Korean site, unlike U.S. versions, was operated by another company Microsoft did not identify. Microsoft's own experts and Korean police authorities were investigating, but Microsoft believes the computers were vulnerable because operators failed to apply necessary software patches, said [Adam] Sohn, an MSN director. 1:46:50 PM    comment []

Five reasons social networking doesn't work, by Molly Wood, CNET.com. I've gotten a lot of invitations to Friendster over the years, which, to be honest, I ignored. I always just assumed I didn't have time for that tomfoolery. Plus, I already had a boyfriend, and I already had friends. I know that all sounds horribly snobby, but there it is. But then, along came Orkut. Suddenly, because I was working in the Geek Zone, my coworkers were sending me Orkut invites. Every geek I knew was into it, and the peer pressure got too strong. I signed up. I filled out my little Orkut profile (I think I even uploaded a photo), and for about three weeks, my friends, coworkers, and I obsessively hung out on Orkut. And then, suddenly, we just got bored--weirdly, all at the same time. My entire Orkut generation, all the people who'd found it at the same time I did, just up and lost interest. Of course, round about that time, Orkut got painfully slow, and although it's better now (I just checked it out in the course of writing this column--hey, maybe I'll have a resurgence of interest!), it's still a heck of a lot easier to just e-mail or instant-message the people I know. . . . 1. There's nothing to do there . . . . 2. It takes too much time . . . . 3. Traffic alone isn't enough . . . . 4. Strangers kind of suck (or, put nicely, the social hierarchy is really not that attractive) . . . . 5. We already have the Internet . . . . I agree -- BUT. I think there's still one application of social networking that could be killer: special-purpose, within an existing organization (rather than general purpose, invite-your-acquaintances) application could add real value, in providing a way to, y'know, network. 8:46:12 AM    comment []

N.K. hacking ability matches that of CIA, analyst says, by Lee Sun-young, Korea Herald. Computers are a rarity and Internet access is almost nonexistent for most people in the reclusive country, but Byun Jae-jung, researcher at a state-run Agency for Defense Development, believes that North Korea is capable of cyber attacks on both the command and control system of the U.S. Pacific Command and the critical infrastructures of the U.S. mainland, such as electric power. Our electronic warfare simulation indicates that North Korea's capability has reached a substantial level, unlike what is generally known to the outside world, Byun told the Defense Information Security Conference 2005 held yesterday at Korea University in Seoul. The conference is organized annually by the Defense Security Command and the Korea Information Security Agency. He said the simulation was based on reliable information from the DSC, but refused to give any details. According to him, the communist country since 1981 has been training about 100 hackers through an elite electronic warfare academy known as Mirim College and now operates a crack contingent of 500 or 600 cyber soldiers. The academy is believed to have changed its name from Mirim to Kim Il Military Academy and then to Pyongyang College. The North Korean hackers use Web servers from various countries, including the United States, to gather military information on South Korea, the United States and others and erode the online defense command network, he added. 8:46:03 AM    comment []