Software Thief Admits To Crimes

Nathan Peterson took on some of the world's largest computer software companies, and for a while, he won.

One-quarter of Internet users targeted in phishing scams monthly

About one in four Internet users are hit with e-mail scams every month that try to lure sensitive personal information from unsuspecting consumers, a study says.

IM worms up again in November

The number of worms that targeted instant-messaging services hit 62 in November, up 226 percent from October and hitting a new record, Akonix Systems said Tuesday. Of the worms, 58 were variants of previous pests, and four were new. In the same month, a total of 14 attacks hit peer-to-peer networks, such as Kazaa and eDonkey, according to Akonix, which sells security software and appliances.

ISPs may not carry int’l calls over VoIP

The Ministry of Communications has instructed Internet service providers (ISPs) to ensure that their systems do not carry international calls over VoIP, which bypass Israel’s authorized international calls carriers. The ministry sent the instruction following complaints.

EU expects a rush for .eu domain name

The European Union expects a surge of applications next week when its ``.eu'' regional domain name opens for registration.

Patients fear safety risk from electronic notes

Health campaigners fear that the switch from paper to electronic patient records will put patient confidentiality at risk, researchers said today.

EU committee backs telecoms data storage rule

A European Union committee agreed that details of all EU-wide phone calls and Internet use should be stored, but the steps did not go as far as some member states had wanted in the battle against terrorism and crime.

UN on electronic communications in contracting

25 November 2005 – Updating international trade law to take account of new technologies, the United Nations General Assembly has adopted a new convention on using electronic communications in international contracting, superseding law negotiated before the development of e-mail and the Internet.

A Qualified 'Non' to Snooping of P2P IP Addresses

On October 24, the French data protection authority, the Commission Nationale de I'Informatique et Libertes (CNIL), dealt a blow to music industry enforcement efforts against peer-to-peer (P2P) file-sharing by announcing that it would not permit the automated monitoring of users of P2P file sharing systems. The CNIL concluded such monitoring could lead to "a massive collection of personal data" and allow "exhaustive and continuous surveillance" of P2P sites "beyond that which was necessary for the fight against piracy". The CNIL's stance runs counter to its own ruling in April authorizing similar P2P site surveillance by the Syndicat des Editeurs de Logiciels de Loisirs (SELL), a trade association representing French video game producers, whose members include video game industry heavyweights such as Sega, Sony, and Atari. Defending its apparent volte-face, the CNIL noted that SELL had pledged to send messages to suspected P2P site users itself, rather than asking ISPs to act as third party intermediaries, and had agreed to take an anonymous approach in communicating with suspected violators. In French, we believe that's what is called "une distinction sans différence." In any event, if French Culture Minister Renaud Donnedieu de Vabres is to be believed, forthcoming consideration in the French Parliament of the implementation of the EU Copyright Directive might allow the music industry anti-piracy initiative to move forward. Consideration of the EU Copyright Directive by the French Parliament is scheduled to begin in December.

British teen cleared in 'e-mail bomb' case

A British teenager has been cleared of launching a denial-of-service attack against his former employer, in a ruling that delivers another blow to the U.K's Computer Misuse Act.

Study: IM threats zooming up

The number of threats targeting instant messaging has soared, according to IMlogic, which tracked a 1,500 percent increase in the past year.

A Viking Raid on EU Employee Email Monitoring?

The Norwegians have been a seafaring people at least since Viking days, and the Norwegian Society for Sea Rescue ("NSSR") is a humanitarian organization whose aim is "to save life and property at sea" (in 2004, the NSSR saved 40 people from drowning). But even an organization like NSSR is not outside the reach of the long arm of EU data protection law. In a move which will bring home to employers the risks of accessing or monitoring EU employee emails, the Norwegian Data Inspectorate has called for the NSSR to be prosecuted for breaching the country's Personal Data Act 2000, which implements the EU Data Protection Directive (although Norway is not part of the EU, it implements a substantial amount of EU legislation).
If the NSSR is prosecuted, the case will set a benchmark in determining the extent to which European employers can rely on work-related interests as grounds to access workers' electronic communications. And regardless of the outcome, the case will serve as a reminder to employers of both the precautions that need to be taken in relation to the monitoring of workers' emails and the risks of improperly doing so. Indeed, given the strict treatment of the a public service entity like the NSSR, the ramifications for for-profit corporations could be even more substantial
Steptoe & Johnson LLP. Steptoe & Johnson LLP weekly newsletter

How to Foil a Phish

What happens after phishers strike? Have a look at a midsize bank's cutting-edge incident response plan.

ID card a recipe for ID fraud

Microsoft UK National Technology Officer Jerry Fishenden has warned that the UK ID card scheme could trigger "massive identity fraud on a scale beyond anything we have seen before." Writing in today's Scotsman, Fishenden says that the security implications of storing biometrics centrally are enormous. "Unlike other forms of information such as credit card details," he says, "if core biometric details such as your fingerprints are compromised, it is not going to be possible to provide you with new ones."

Increased Organized Crime

Attacks on computer security infrastructure used to be little more than indiscriminate acts of vandalism perpetrated by hackers who desired bragging rights more than anything. But the perpetrators of attacks and their motivations have changed...read more

Adopt e-mail authentication

The Direct Marketing Association (DMA) will require all members to adopt authentication systems for outgoing e-mail, the group's board of directors decided today.

EFF cracks Secret Service code

EFF researchers have cracked a code which allows the US Secret Service to track information from Xerox DocuColor printers. And they believe similar codes may also feature on printers made by Canon, Epson, HP, IBM and Dell, among others

Password-based Web log-ons not sufficient

Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.

MS, Nigeria fight e-mail scammers

Microsoft has announced an anti-fraud partnership with Nigeria, the country of origin for some of the Internet's most notorious email scams.

Is Privacy of E-Mail Messages possible?

A U.S. federal court has ruled that Interloc could intercept e-mail messages sent from Amazon.com. Never assume e-mail is safe when routed through or hosted by a third party.

Hold developers liable for flaws

Software developers should be held personally accountable for the security of the code they write, said Howard Schmidt, a former White House cybersecurity adviser.

Interception of Communications - what now?!

At last !! The Regulation of Interception of Communications and Provision of Communications-Related Information Act, number 70 of 2002, and also known as RIC Act, except for sections 40 and 62(6), is now law. No more jumping between the aforesaid Act and the Prohibition and Monitoring Act of 1992.

What next? What will be the impact on your business?
Be careful for certain Service Providers that will now all of a sudden sell you 'new' policies.

1. This very important Act can not be dealt with in isolation and will have to be implemented, if not already part of your business, in combination with other very important legislation, for example the Electronic Communications and Transactions Act 2002, The Labour Relations Act 1995, and draft Directives that have already been issued to various operators in the Cellular and Telecommunication Industry;
2. A single policy is not the solution to all and will it be imperative for your business to review the following:-

• Employment Agreements;
• Independent Contractors Agreements;
• Service Provider Agreements;
• eCommunication Policy (and yes, keep it technology neutral);
• eMail Legal Notice, to be attached to every single email that leaves your business;
• For certain Industries it might be useful to implement a Interception of Communications Policy, e.g. Cellular Operators etc.;
• Records Management Policy, specifically focussing on the retention of certain records for evidential purposes or for example where, as per a specific Directive, your Company is required to retain the records then retention of records as prescribed by law;
• Disciplinary Codes to be reviewed;
• Data Retention Policy

(please take note that the above is not an exhaustive list and will definitely varies from Company to Company)

Again, this should not be an expensive exercise but definitely an exercise that should be executed sooner than later...

For more details, assistance or quote, please feel free to refer to our website and more specifically the section called eCommunications where you can select certain deliverables and request a quote. The eVG Policy Manager (see eVG Services), for implementation of the above mentioned, may also be of interest to your company

Social Engineering - The Weakest Link in InfoSec

Many of us in the computer industry understand the term 'Social Engineering' fairly well. But does your company, its managers and employees understand and practice good techniques in avoiding being the victim of Social Engineering? After all social engineering is the weakest point in your network's security! Don't believe it? Read on...

Traffic Data Retention vs. Data Privacy

The European Commission has recently released a proposed Directive on the Retention of Data Processed in Connection with the Provision of Public Electronic Communications Services (the "Directive"), as part of a package of measures intended to combat terrorism. The Commission also released a detailed Impact Assessment on the proposed Directive. The Commission proposes a uniform retention period of one year for traditional communications, and six months for "electronic communications taking place using wholly or mainly the Internet Protocol.”

Hopefully our own Law Commission will consider the above when drafting South Africa's own Data Protection legislation.

ID theft probe at Royal Bank of Canada

RBC Dain Rauscher, a unit of Royal Bank of Canada, is investigating the possible theft of the identities of a small number of its customers. A person claiming to be a former employee of RBC Dain Rauscher sent anonymous letters to some of the company's customers, saying their personal information had been stolen, RBC Dain Rauscher said Tuesday.

Software pirate to pay $1.1 million

An admitted counterfeiter has agreed to pay Microsoft and Symantec $1.1 million in restitution, a victory in the software industry's fight against software piracy.

Is Skype a Threat?

While users continue to flock to the Skype site for downloads, some security and IT staff members are beginning to feel less than thrilled about the tool. In their opinion, Skype is risky. Some of them site the fact that the many of the creators of Skype were also behind Kazaa (an often-times hated program by security teams).

Another successful Infosec User Group meeting

It is great to see that there are so many people interested in sharing their thoughts on Infosec or should we say - Risk Management...

The following topics were discussed:

1. How to value your Information Assets – A paradigm shift from Information Security to Information Risk Management;
2. Policies, procedures and tools to successfully implement Password Management;
3. Identity Management; and
4. A Vulnerability demo taken from the Certified Ethical Hacking course
   

An interesting question came up during the session : "can one say that there is such a thing as ethical hacking; the law does not differentiate between hacking (malicious intend) and ethical hacking..." - What do you think...

Ignore IT governance at your peril

A number of CIOs turn a blind eye to decision-making and the corporate governance of their organization, instead preferring the more risky approach of being inwardly focused.

Warning against anti-terrorism plans

The European Union's data protection supervisor Monday criticized EU plans to retain phone and e-mail data for use in anti-terrorism investigations, saying they failed to protect civil liberties and gave a free hand to national intelligence services.

Is this the future for VOIP in South Africa?

US - Broadband providers and Internet phone services have until spring 2007 to follow a new and complex set of rules designed to make it easier for police to seek wiretaps, federal regulators have ruled.

Credit cos to adopt one data protection standard

The top three U.S. credit reporting companies said on Thursday that they would adopt a single, shared encryption standard to better protect the huge amounts of sensitive electronic data they receive every day from banks, retailers and credit-card companies.

Encryption is key to data protection

Organizations need to look more closely at how they encrypt their databases to protect against security threats.

EU Lawyers Slam Data Retention Proposal

European Council and Commission lawyers say a controversial plan for retaining telephone and Internet data, proposed last April by the UK and several other Member States, is partly illegal.

Hackers target net call systems

The biannual Symantec Threat Report identified Voice over IP (Voip) systems as a technology starting to interest hi-tech criminals

Typo-squatters target security industry

A serial typo-squatter appears to be targeting the computer security industry, registering domain names which are similar in all but one or two characters to the domains of companies such as Computer Associates, F-Secure, McAfee, MessageLabs and Symantec.

e-Billing requirements

See below a recent article on e-billing. Before jumping into development and roll out of any e-billing system, ensure that you adhere to the SARS requirements for electronic tax invoices. For more details on the requirements - click here and under search, type "electronic invoice", then click on SARS VAT news2 (date 14 Nov 2002)

The article
E-billing adoption rates are improving steadily as more billers offer electronic document delivery, and more consumers take up these options. But there is always room to encourage the numbers through targeted initiatives aimed at pushing the adoption of e-billing faster and higher.

E-tailer records a way to fight piracy

Normal e-tailer security and records could ultimately hamper the online sale of pirated goods, says online auction site Bidorbuy.

SA TV, radio closer to digital age

Key stakeholders have set the ball rolling on SA's migration to digital radio and TV broadcasting.

Telkom defends local loop

In line with the Telecommunications Act, there will be no local loop unbundling for the first two years of operation of the second national operator (SNO), says Telkom.

UK sets out case for data logs to fight terror

Britain, which is pushing for new EU laws on data retention, said on Wednesday that logging and storing telephone calls, email and Internet use had helped its police trap suspected terrorists.

PAIA deadline extended

The majority of companies that have not yet published their information manual as required by section 51 of the Promotion of Access to Information Act (PAIA) have some breathing room, as the initial deadline of 31 August 2005 has been extended.

According to a recent government gazette, all (excluding a few 'long-term' exceptions) private bodies are exempted from submitting the manual until at least 31 December 2005. The gazette announcement also grants long-term exemptions to private bodies and private companies until 31 December 2011. The long-term exception is only applicable to privte bodies that do not exceed the turnover amounts specified per industry or where the total number of employees do not exceed 50 employees, irrespective of turnover.

Although left to the very last minute, it is definitely a welcomed extension for smaller private bodies that does not need to spend thousands of rands to get their manual drafted and submitted. The only concern we have is - why establish legislation to deal with the Right of Access to Information and then differentiate between entities based on revenue or employees? A Right is a Right is a Right and should be applicable to every single private and public body in South Africa.

ICASA positive on Convergence Bill

The Independent Communications Authority of SA (ICASA) believes that with careful implementation, the Convergence Bill will add certainty and increase confidence in the sector, says Peter Hlapolosa, GM of telecommunications services at ICASA.

Day the music died

SHARMAN Networks chief executive Nikki Hemming wasn't in court to see the music industry deliver its body blow to file sharing, but there's no doubt Justice Wilcox's ruling on the Kazaa peer-to-peer network is a major win for the big record companies.

SEC may fine Morgan Stanley $10 million over e-mail

The Securities and Exchange Commission is threatening to fine Morgan Stanley more than $10 million for failing to keep e-mails in a number of cases the agency brought against the brokerage firm.

Web copyright dispute settled

A company accused of online copyright infringement has paid an out-of-court cash settlement to the copyright owner, financial advisor directory www.FindanAdvisor.co.za.

Knowledge: The "Missing" Link in Linking Liability

When does a hyperlink violate copyright law? Traditionally, the answer to that question has been a murky one. But a few recent court decisions suggest that judges in several countries may be gradually moving toward a consensus: a hyperlink violates copyright law when the linker knows that the linked-to site contains copyright-infringing content. Most recently, a German appeals court found that a hyperlink on an online news site violated German copyright law because it sent users to the homepage of a software vendor whose product -- as the news service was aware -- could be used to circumvent copyright-protection mechanisms on DVDs. (BMG Records GmbH v. Heise Zeitschriften Verlag (July 28, 2005).) Upholding a lower court’s decision, the Intermediate Court of Appeals of Munich ruled that the hyperlink made Heise Online liable as "an aide and abettor" of “unlawful acts.” But the court refused to find Heise liable for merely reporting about the software in question, as the German music industry had wanted. But that's not all. If the recent European Commission proposal (see item above) to criminalize contributory copyright infringement is adopted, hyperlinkers like Heise Online might one day be prosecuted for a criminal offense.

Europe Adds Fuel to the Grokster Fire

Less than two weeks after file-sharers and peer-to-peer software developers got singed by the Supreme Court's decision in MGM Studios, Inc. v. Grokster, Ltd., the European Commission added fuel to the fire with its proposed directive and framework decision on copyright infringement. The EC proposal would criminalize not only direct copyright infringement, but also "attempting, aiding or abetting and inciting" such infringement. So while the EU has not gone as far as the U.S. in extending the terms of some copyrights (in 1998, the U.S. extended corporate copyrights to 95 years, to the benefit of big content owners), EU copyright enforcement rules may become even stricter than those in the land of the free and the home of the RIAA.
In Grokster, which involved peer-to-peer file sharing software that had been used to share copyrighted music and video files, the Supreme Court held that "one who disributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties." But the EC’s proposal goes even further than Grokster. For while Grokster involved potential civil liability for contributory infringement, the proposed EU directive would make such indirect copyright infringement a criminal offense.

Document management essential element of compliance

Legislation such as the ECT Act demands that businesses correctly manage electronic documents and records. According to Intervate - a software development house that assists organisations in attaining compliance with legislation and corporate best practices - local companies need to implement comprehensive electronic document and record management (EDRM) solutions to attain this compliance.

Cyber-robbers hit bank

Northern Ireland's Northern Bank has been hit by a cunning criminal cash scam, according to a Sunday Life report.

Counter-intelligence: Tackling security issues head on

Late last year, keynote speakers at the Etre Technology Conference in Cannes in Italy said that despite the huge number of IT security products and services cramming the market, businesses are more exposed than ever to emerging threats.

Report reveals cybercrime hierarchy

A new Virtual Criminology Report by McAfee shows there is a ‘hierarchy' of cyber criminals, and that ID theft is the most damaging Internet crime.

Interconnection integral to competition

“Interconnection rights are key for fair competition – otherwise it isn't really a Convergence Bill,” the Internet Service Providers Association (ISPA) said in its submission on the Convergence Bill.

Companies dinged on Web privacy

It may not come as a surprise to many online shoppers, but a new study released this week shows that many major American companies misuse information they collect from consumers over the Web.

Wiretap Act Covers Emails In Temporary Storage, Appeals Court Says

The law governing both private and governmental acquisition of Internet communications has been a perennial source of confusion for lawyers and service providers alike. Courts for years have struggled with questions such as whether a communication was "in transmission," and therefore subject to the rules of the Wiretap Act, or whether it was "in storage," and therefore subject to the less stringent Stored Communications Act (SCA). Indeed, the question has almost literally made heads spin, causing judges to change their minds in the same case after having already issued a decision. On August 11, the First Circuit, sitting en banc, added another decision to the mix. In United States v. Councilman, the court reversed an earlier panel decision and held that email messages stored temporarily as part of the transmission process are covered by the federal Wiretap Act, and that an email provider could be prosecuted under that Act for allegedly intercepting and copying his customers' emails before they were delivered. Though this was the result sought by government prosecutors and by some privacy advocates, the court's failure to clarify the boundaries between the Wiretap Act and the SCA could have unintended effects down the road both for Internet providers and for individual privacy rights.

Spyware Heats Up the Debate Over Cookies

INTERNET users are taking back control of their computers, and online marketers and publishers are not pleased with the results. But they don't quite know what to do about their conundrum - if it is a conundrum, since they can't even agree on that.

Publishers loosen rules on e-textbooks

A group of major textbook publishers has agreed to loosen restrictions in an electronic-textbook experiment beginning this month at Princeton University and other schools, following some criticism of expiration dates.

Recording industry: CD-burning a bigger problem than file-sharing

Copying music to CDs is becoming a bigger threat to record stores' and music labels' bottom line than online file-sharing, according to the head of the recording industry's trade group.

The FCC's invite to Big Brother

It's cheaper and easier than ever to make phone calls over the Internet, thanks to innovative gadgets like a Wi-Fi handset from ZyXel. Buried in the convoluted 91-page legalese of a recent Federal Communications Commission release on voice over Internet Protocol (VoIP) is a proposal with worrisome privacy implications.

Lloyd's taking on open source IP risk

Lloyd's of London is close to offering independent insurance protection worldwide against potential IP litigation involving Linux and open source software. The financial services giant has agreed to take on the risk associated with open source, and is finalizing arrangements to work through Open Source Risk Management (OSRM) who will become Lloyd's sole US representative.

Software expert's download woes

A MAN who claims he backed up data from his work-issued laptop on his home computer in case it crashed will likely be forced to leave his job because a court has found he may have intended to share trade secrets about a $500 million Telstra deal with competitors.

Hacker steals data on 61,000 students from US university

SAN FRANCISCO (AFP) - A hacker has broken into computers at Sonoma State University in California and stolen personal information on about 61,000 students, according to the college.

Web pic law canvassed

POSTING unauthorised photos of children on the internet could be outlawed under options raised in a discussion paper.

Assembling a smart defence against Internet threats

The size and vigour of the attack on corporate communication infrastructure, in particular email, is such that the level of security needs to be beefed up. Like an alert digital watchdog, any implemented solution should have the functionality to anticipate and control threats.

'Massive' identity theft ring uncovered

The FBI is reportedly investigating a criminal operation that involves the theft of confidential data from thousands of machines infected with spyware.

Sender ID's fading message

At the start of last year, Bill Gates told the world's elite at an annual conference in Davos, Switzerland, that the problem of spam would be solved in two years.

Antiphishing group casts line at new threats

Faced with a rise in so-called pharming and crimeware attacks, the Anti-Phishing Working Group will expand its charter to include these emerging threats.

Hacked: Who Else Is Using Your Computer?

This article brings to light how people tend to be complacent with their computers and not understand the little things they have overlooked that have left themselves open to others on the Internet. Chat programs today are used by millions, and yet they offer an avenue of capability to someone wanting to do harm.

EU plan could put open sourcers in court

The European Commission has proposed a law that could allowcriminal charges to be pressed against a business usingsoftware believed to infringe upon another company'sintellectual property. The proposed directive, which wasadopted by the European Commission last month, would allowcriminal sanctions against "all intentional infringements ofan IP right on a commercial scale."

Survey: ID theft hard to shake off

One in four Americans who fall victim to identity theft find it a struggle to clear their name, according to a recent survey.

Focusing on Firewalls or internal Policies and employee behaviour?

Surveys show that 60 percent of security breaches are internal, but 70 percent of people are worried about hackers on the outside. Some companies even spend 90 percent of their security efforts only on firewalls. However, time and money should be used more effectively to protect the host as well as the network perimeter.

The dangerof Cyberattacks and recommended tips

The new CSO Magazine Security Sensor™ survey of 389 chief security officers (CSOs) and senior security executives reveals the majority of security chiefs believe taking the right precautions will protect the average consumer from becoming a victim of identity theft

Attackers lurk on photo sites, firm warns

Cybercriminals are increasingly using blog sites and other free online services to spread malicious code, Websense has warned.

FDIC to banks: Watch out for spyware

The FDIC on Friday urged banks to enhance their protections against spyware, to limit the risk that customers' personal data may be stolen.

Lost a BlackBerry? Data Could Open A Security Breach

The ability to carry vast amounts of data in small but easily misplaced items such as computer memory sticks and mobile e-mail devices has transformed the way Americans work, but it has also increased the risk that a forgotten BlackBerry or lost cell phone could amount to a major security breach.

UK considers forcing ISPs to disclose blocking practices

ISPs may be forced to reveal whether or not they are blocking paedophilic Web sites

In Canada: Cache a page, go to jail?

A bill before Canada's Parliament could make it illegal for search engines to cache Web pages, critics say, opening the door to unwarranted lawsuits and potentially hindering public access to information.

Microsoft in $720K piracy win

MICROSFT has won settlements totalling $720,000 from a Queensland reseller and its former directors over the use of illegal copies of Microsoft software.

Sarbanes-Oxley could threaten security

The multimillion-dollar cost of complying with the Sarbanes-Oxley Act is diverting spending away from protecting against other security threats, according to a new report.

How Can We Stop Phishing and Pharming Scams?

Both types of scams lead unsuspecting customers to give up valuable personal and financial information. Phishing e-mails entice users to a fake website where they enter personal data. Pharming pop-up boxes appear at reputable websites and hijack the user, who enters financial data at an illegitimate URL. U.S. companies lose more than $2 billion annually as their clients fall victim, and they’ve finally started implementing a number of countermeasures.

Pulling Threads on E-Crime

The "E-Crime Watch Survey," now in its second year, points out the need for more companies to measure and report the impact of computer-related crimes

Visa, Amex cut ties with card processor over security breach

Visa USA Inc. and American Express Co. are cutting ties with the payment-processing company that left 40 million credit and debit card accounts vulnerable to hackers in one of the biggest breaches of consumer data security.

eBay tightens rules for sellers

eBay has tightened rules governing credit card acceptance and clarified its prohibition of a type of fraud known as shill bidding.

Time for lawmakers to act on Grokster?

Does Congress need to lay down new laws after last month's landmark Supreme Court decision on file swapping? Depends on whom you ask.

Copyright - Both Web Site and ISP Deemed Liable

Providing hyperlinks to third party sites where users may download infringing copies of sound recordings is itself a form of copyright infringement , the Federal Court of Australia ruled July 14 (Universal Music Australia Pty Ltd. v. Cooper, Fed. Ct. Austl., [2005] FCA 972, 7/14/05). The ruling marks the first time that an Australian court has imputed liability against a Web site for linking to infringing content. In another first, the court also ruled that the Internet service provider that hosted the site is likewise liable for infringement, as are its individual employees.
The FCA ruled that Stephen Cooper, the owner of the site mp3s4free.net, had authorized copyright infringement, even though music files were not downloaded on or saved to Cooper's site or the host server of Cooper's website. Cooper's ISP, E-Talk Communications Pty Ltd. trading as Com-Cen Internet Services, was also find liable. A director and a staff member of the ISP were also found to have authorized copyright breaches. The ISP hosted Cooper's site in exchange for free advertising. The case alleging breaches of Australia's Copyright Act 1968 was initiated by six Australian music companies and 25 foreign corporations holding copyright in sound recordings.
Michael Williams, partner in the law firm Gilbert and Tobin and counsel for the music company plaintiffs, told BNA that the case was "the first test" of how digital copyright provisions inserted into the Copyright Act in 2000 applied to Internet activity. "This decision follows American decisions that have held hyperlinking to infringe copyright."

Full text of decision is available at the Australasian Legal Information Institute, http://www.austlii.edu.au/au/cases/cth/federal_ct/2005/972.html

Firefox marketing site hacked

SpreadFirefox.com, the community marketing Web site for the open-source Firefox Web browser, was hacked earlier this week, potentially exposing user data.

Online private eyes draw privacy complaints

Want to find a long-lost college buddy? Think your husband or wife is cheating on you? Numerous Web sites make being a private investigator as easy as double clicking.

Vodafone Blocks VoIP

Vodafone Germany is dramatically increasing the amount of mobile data users can send and receive, says Arne Hess, in a post. Bad news: Vodafone is blocking independent VoIP providers. Hess notes: "I have no idea yet how they do it in detail, but I can imagine they've started to block typical VoIP ports."

Phishing concerns to delay non-English domain names

Concerns about ``phishing'' e-mail scams will likely delay the expansion of domain names beyond non-English characters, the chairman of the Internet's key oversight agency said Friday.

Dutch judge protects privacy of file swappers

Brein, a Dutch organization representing 52 media and entertainment companies, had acquired unique computer identification numbers, so-called IP addresses, of file swappers and requested personal details behind these IP addresses from five large Internet service providers.

Arbitrator sides with Google in 'typosquatting' dispute

An Internet arbitrator has awarded Google Inc. the rights to several Web site addresses that relied on typographical errors to exploit the online search engine's popularity so computer viruses and other malicious software could be unleashed on unsuspecting visitors.

Report: Computer hijacking on the rise

Personal computers that play unwitting host to "zombie" code are proliferating at a startling pace, according to a new report.

New .mobi suffix points to wireless Web sites

Consumers will soon be able to recognize Web sites specially designed for use by mobile phones by the new .mobi suffix, which will be introduced alongside the popular .com and other top-level domain names.

Giving New Meaning to 'Spyware'

Recognizing that one person's search toolbar is another's spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague.

UK lobbies for data rentention

Charles Clarke wants email and phone records kept for up to three years to aid police investigations, but critics have claimed the scheme is expensive and unwieldy

Internet banking 'still risky'

The Australian banking sector has for sometime now obtained a substantial reward in migrating their business operations to the internet, but this migration has in some extent been at the expense of the consumer...

Hague Delegates Sign Choice of Courts - Convention With Implications for Clickwraps

Delegates from 64 countries at the Hague Conference on Private International Law signed an agreement June 30 that could have broad implications for which country's courts hear international business disputes--including those dealing with clickwrap agreements.
The convention, if and when it is adopted by member states, will enforce the jurisdiction and choice of courts to which the contracting international businesses have agreed. The 13-page document is narrower and shorter than expected, some attendees told BNA. Nonetheless, its application is broad. Despite lobbying by Internet service providers to exclude clickwraps and other non-negotiated contracts (10 ECLR 501 , 5/18/05), those efforts did not prevail. Ultimately, the software and insurance industries got what they wanted: the inclusion of clickwrap contracts in the convention.

Will Individuals Be Covered When They Click? The largest exclusion was consumers. A consumer in the convention is defined as "a natural person acting primarily for personal, family or household purposes." But some worry that this definition could leave out a whole range of people who might not consider themselves a "business" and who might be caught off guard by the convention's rules, such as a teacher who downloads a program.
Others worry that the convention's inclusion of clickwrap agreements will make it harder to contest seemingly unfair demands to litigate in a far away forum.
"If a lot of your business is done through contracting, and you're concerned about the inherent difficulty in litigating pursuant to clickwrap, this convention won't give you much comfort," said Miriam M. Nisbet, legislative counsel for the American Library Association, and a delegate to the convention. "This convention will make it more difficult for you to argue that it's not fair for you to be in a particular court."

American-Style Patents Won't Cross the Pond to EU

The European Parliament overwhelmingly rejected the European Union's controversial IT patenting proposal on Wednesday, but what will that decision mean for business and open-source?

No more phone spam, says mobile industry

Leaders in the South African mobile services arena have signed a mobile service code of conduct designed to protect consumers from phone spam and hidden charges.

Gartner Outlines Top Security Threats

More than one-third of the respondents in the Gartner survey said the need to comply with new regulatory requirements, such as those mandated in the United States by the Sarbanes-Oxley Act, was the largest factor in determining spending priorities on I.T. security.

E-Commerce Hammered by Recent Hacks

Headlines highlighting misplaced data files and unauthorized access to sensitive personal information by Internet criminals are having a negative impact on consumer confidence in online commerce, according to recent research conducted by Gartner

Taking Chances with Open-Source Software

The increasing use of open-source code in commercial settings introduces new risks related to practical matters rather than to licensing.

Be smart about mitigating open-source IP risks

Many companies that have had problems with licensing and copyright infringement issues. Is there a recurring theme in these conversations?

Sony battles PSP games piracy

Hackers have cracked piracy protections on Sony's PlayStation Portable in the US, in the latest chapter in the company's battle to block unauthorised game use.

UK man convicted for modifying Xbox

A 22-year-old unnamed man has become the first person in the UK to be convicted for modifying a video games console.

Charter group awaits DTI code

The ICT empowerment charter working group is awaiting this week's release of the DTI's Code of Good Practice before finalising the draft charter.

IT, business strategy should merge

The ITWeb 2005 IT Governance Survey found that the majority of respondents view regulatory compliance as the main motivation for implementing an IT governance process

VOIP: Transforming business, inviting attack

Internet Security Systems (ISS) today announced that Internet Security Systems' R&D - the renowned X-Force - has issued its latest Threat Insight Quarterly (Threat IQ) report featuring the most pressing security issues surrounding voice over Internet Protocol (VOIP).

Supreme Court Decides Grokster Case for Media Industry

The US Supreme Court ruled unanimously against file-sharing service providers Grokster and Streamcast Networks (developers of Morpheus) on Monday, vacating the 9th circuit appeals court summary judgment that found them innocent of secondary copyright infringement.

Jail for Cyber criminals

Two men have been sentenced to a total of 10 years in prison for their roles in a wide range of online fraud activities in the UK.

63% of US companies employ or plan to employ personnel to monitor employee e-mail

Proofpoint's 2005 survey of 332 technology decision-makers at large US companies reveals a growing concern over sensitive information leaving the enterprise through outbound e-mail.

Utah Bank Caught In Cardsystems Breach

A small bank in Utah is the latest company to become entangled in the controversy over the CardSystems security breach that has put personal data on 40 million cardholders at risk for fraud.

Study Finds Online Banking Use Widespread

According to a Yahoo-commissioned study, a majority ofadults are comfortable monitoring their finances and payingbills over the Internet, while older people remain more cautious. In an online survey of 2,687 people, 64 percent said they check their bank account balances primarily online and 56 percent said they use the Internet as their primary way to check their investment portfolios.

Enjoy the weekend

We wish you all a blessed weekend. Rest, because Monday is going to kick of an existing week for van Gaalen Attorneys...

After Two Security Assessments I Must Be Secure, Right?

...Shortly thereafter, your relief turned to concern. "Is it really possible that we are completely secure?" Given you're skepticism, you decide to get one more opinion...

Earthlife goes to court to get Eskom information

The Earthlife Africa case against Eskom – it is demanding that power utility Eskom release its board minutes – has been set down for August 30 in the Johannesburg High Court. ‘This legal case is to review a decision on internal appeal by Eskom to refuse Earthlife Africa access to certain information requested by it in terms of the Promotion of Access to Information Act

Cellphone firms urge competition to be put ahead of regulation

Vodacom and MTN are in agreement for once. Commenting on the proposed Convergence Bill, which aims to introduce a common, technologically neutral platform for a converged industry, they urged government to allow competition rather than regulation to determine the development of the telecommunications sector.

Vodacom warns customers against virus outbreak

Vodacom is warning customers about a virus outbreak called Commwarrior that could affect most phones with Bluetooth and multi-media service functions.

EU ruling favours big IT companies

Large tech companies scored a significant victory this week when a key European parliament committee rejected plans that would have curtailed the ability of tech firms to win patents for their inventions.

Dutch court asked to identify music downloaders

The Brein Foundation, an Internet piracy watchdog, has called on the Dutch judicial authorities to force five Internet service providers to hand over personal data on people downloading music and films on a large scale.

Canada extends copyright law to cyberspace

Canada has amended its Copyright Act in a bid to give greater protection to the recording industry against sharing digital music files. The Bill will also exempt ISPs from copyright liability for providing Canadians with access to the Internet, reports The Globe and Mail. The Bill says explicitly that the ‘making available’ right, which gives the copyright holder the exclusive right to control who gets the material and how, has been extended to cyberspace. The original Copyright Act was not clear on that issue. Copyright holders are to get new rights, including the right to technological protection measures, rights-management information, the ability to control the first distribution of material in tangible form, new moral rights for performances, performers would get reproduction rights, and an adjustment in the term of protection for sound recordings.

'Misleading' autotrader links dropped

The Trading Post, which publishes classified advertising inprint and online, has stopped linking its autotrader Website to the name of a competitor, following an investigation by the Australian Competition and Consumer Commission. NSW Hunter Valley company Stickybeek, which operates a Web site used by businesses in the region for advertising, alleged the Trading Post was misleading Internet users into believing it was associated with Stickybeek's business.

Security breach may hit 40 million credit cards

MasterCard has reported that more than 40 million creditcard accounts of all brands, including 13.9 million MasterCards, may have been exposed to fraud through a security breach at a third-party payment processing company. MasterCard said in a statement that its analysts and law enforcement officials identified a security hole at CardSystems Solutions, a company based in Tucson, Arizona,that processes more than $15 billion in Visa, MasterCard,American Express, Discover, online debit and electronic transfer transactions a year for small to midsize merchants and financial institutions.

Security risks of USB flash drives are ignored, says survey

Insecure hi-tech devices such as USB flash drives and media players are being used in 84% of companies, but little is being done to address the information security risks that they present, according to a survey by Pointsec.

UK warns of e-mail hacker attacks

A well-organized group of hackers has engaged in an"industrial scale" attack designed to cull commercially and economically valuable data from vital computer networks across Britain. In one of its most high-profile warnings about sophisticated electronic attacks, the normally secretive National Infrastructure Security Coordination Center said hackers believed to be from Asia have targeted parts of the country's "critical national infrastructure."

Phishing complaints double in Australia

According to the Australian Securities and Investments Commission, the number of people complaining about falling victim to or being targeted by a phishing scam has doubled in Australia over the past few months. ASIC commissioner Professor Berna Collier she feels the issue is accelerating so fast that a general warning to raise awareness is necessary.

YAHOO launches search of "Deep web"

Yahoo began testing a service yesterday that allows people to perform simultaneous searches for information contained within subscription-based Web sites. While most search engines crawl the Web and troll freely accessible sites, they cannot get into much of the so-called deep Web, vast amounts of data stored within paid and password-protected sites. Yahoo Search Subscriptions will allow search access to seven different subscription Web sites simultaneously, including the Financial Times and The Wall Street Journal Online.

UK Employers told to report Child Porn Downloads

UK police have urged companies to report staff caught downloading child abuse images from the Internet. The deputy director general of the National Crime Squad reassured employers that they need not fear prosecution as long as they promptly informed the police about any indecent images of children stored on their computer network.

E-Commerce thrives amid Phishing fears

The Cyber Security Industry Alliance reports that while consumers' concern over phishing and pharming attacks is leading some to curtail their online shopping, e-commerce still continued to rise this year. Nearly half of voters surveyed in the US last month said fear of identity theft was keeping them from conducting business online.

Court rules false claimes in an email body falls outside Can-Spam

A federal court in Idaho has ruled that the CAN-SPAM Act doesnot supply a cause of action for false information includedin the body of an allegedly unsolicited e-mail message. Thecourt concluded that the anti-spam law only covers falseinformation in email headers, not the text of the email.

VOIP provider targets SMEs

An international voice over IP (VOIP) provider is set to target SA's SME market with an offering of cheap Internet telephony.

Fraudsters use iPods to steal corporate data

Anti-fraud experts warn that Apple iPods, along with other music players that boast hard drives with up to 20 Gbytes of memory, could become widely used by employees to fool security officials and breach data security rules. In one case a recruitment agency found much of its client database had been copied to an iPods's memory and used to defraud the firm.

VOIP will indeed take-off in SA

Contrary to reports that VOIP take-up will be slow, implementations in corporate SA will gather momentum and VOIP will become a high growth and lucrative market, says Jaco Voigt, DataPro operations executive.

No redraft for Convergence Bill

The Department of Communications and MPs have rejected suggestions that the Convergence Bill should be redrafted

UK may extend Electronic Commerce Directive protection

The UK is seeking views on whether the protection given to ISPs under the Electronic Commerce Directive should be extended to cover providers of search engines, providers of keyword advertising services, and content aggregators.

Sarbonese-Oxley causes confusion in US IT sector

A report in CNET News examines the impact of the Sarbanes-Oxley Act and questions whether relief from the onerous provisions of the legislation is on the way. The Act, passed by Congress in the wake of scandals such as the Enron debacle, has caused confusion and been expensive for the IT sector. An absence of clear guidance from government officials or auditing firms about the anti-fraud law has meant that IT personnel have felt compelled at times to go to extremes, said one IT expert. Some IT departments seem to have responded to the law, commonly known as SOX, by documenting a wide range of activities, including apparently trivial ones. However, new official guidance was issued last month in a bid to clarify what needs to be tested when it comes to ‘general IT controls’. General IT controls include controls over program development, program changes and access to programs and data.

P orn is biggest IT abuse for British public servants

What is the biggest IT abuse across public services in the UK? Answer: The downloading of p ornography, according to public spending watchdog, the Audit Commission. The Times reports that according to the commission, downloading of p orn now represents nearly 50% of all cases of IT abuse. The commission has called for software to be installed urgently in all public sector computers to prevent users from accessing p ornographic sites. It gives warning that once staff gain access to some of these Web sites they can be tempted into more dangerous and illegal areas such as child p ornography.

While companies scramble tp protect personal data

The NY Times reports on the increased corporate urgency to protect sensitive data with a move toward transferring such information via secure networks. The article focuses on the recent CitiFinancial case.

And increase their email monitoring

A new study has found that 63 percent of corporations with1,000 or more employees either employ or plan to employstaff to read or otherwise analyze outbound e-mail. Thereport, released Monday by e-mail security specialistProofpoint, said 36.1 percent of companies employ staff tomonitor e-mail today, with another 26.5 percent saying theyintend to employ such staff in the future.

Citifinancial loses consumer data on nearly 4 million people

CitiFinancial, the consumer finance division of Citigroup,said yesterday it has begun notifying 3.9 million UScustomers that computer tapes containing information abouttheir accounts -- including Social Security numbers andpayment histories -- have been lost. Citigroup said thetapes were lost by the courier UPS in transit to a creditbureau.

Group seeks to define spyware

Makers of anti-spyware software are taking another shot atcreating a definition of spyware, this time with help from consumer organizations. A new group, tentatively named the Anti-Spyware Coalition, plans to publish proposed guidelines later this summer that define spyware, best practices for desktop software development, and a common lexicon.

Phishers widen net by targeting Credit Unions

Phishers are widening their net to take in credit unions,according to a new report by the Anti-Phishing WorkingGroup. While most of the fraud schemes still focus on bigbusinesses such as major banks, smaller financial companiesare increasingly being hit.

The battle for the soul of the internet

Elliot Noss, the CEO of Tucows, writes an interestingeditorial highlighting the current battle over Internetgovernance. Noss is strongly in the ICANN camp, arguing thatif the U.N. and the ITU were successful in gaining control,it is not difficult to envision a Balkanization of theInternet as whole portions of the Internet decide they didnot want to rely on the U.N. and the ITU for their singleauthoritative root.

Microsoft agrees to give rivals access to software

Microsoft has agreed to give rival software firms freeaccess to some of its software codes and full operability onits Windows-based servers, European regulators said Monday.The announcement is part of Microsoft's last-ditch effort tomeet a June 1 deadline set by regulators to comply with lastyear's antitrust ruling.

UK Lawmakers pass internet 'Grooming' law

A bill to clamp down on paedophiles grooming children on theInternet has been passed by MSPs in the UK. The Protectionof Children Bill will make it an offence to set up meetingswith under-16s via Internet chatrooms and carry a maximum10-year sentence.

Dell aplogizes for Sales Rep's E-mail disapproving Lenovo

Dell says it will take disciplinary action as appropriateagainst a US-based salesperson who sent an e-maildiscouraging former IBM clients from buying Lenovo products.Last year, IBM sold its personal computer business to LenovoGroup Ltd., which is partially owned by the Chinesegovernment.

Commission to restrict data retention proposals

The European Commission is shortly to put forward proposals for EU data retention legislation that will limit the retention period to one year, announced the Information Society and Media Commissioner Viviane Reding.

APWG pools data to trap Phishers

The Anti-Phishing Working Group is coordinating efforts tobuild a central repository for phishing data, to betterprotect Internet users and help catch cybercriminals. Thegroup has expanded its simple list of phishing scams into adatabase that can be used for analyses and to shareinformation with members. Additionally, a standard XML formhas been created to facilitate the submission of data onattacks to the organization.

Four Major French Banks hit with simultaneous phish scam

Four major French banks have issued warnings to their clients after Internet fraudsters made a simultaneous attempt to gain access to confidential customer information.BNP Paribas, Societe Generale, CCF and CIC all issued warnings to their clients via their websites after the massive attempted fraud on Friday which police are investigating.

Australian Regulator issues net Codes of Conduct

The Australian Broadcasting Authority has issued newInternet and mobile content guidelines which will ban thedistribution of adult videos to mobile phones in Australia.The three codes - one for Internet content hosts and two forInternet service providers - were developed by the InternetIndustry Association. They replace the previous codes,registered by the ABA in May 2002

French class action suit launched over DVD copy protection

A group of French attorneys have filed suit against six of France's leading audio-visual sector firms, claiming that the use ofanti-copy technology on DVDs violated consumers' right to make private copies for personal use. The complaint is largely based on a French appellate court's recent ruling that the use of anti-piracy technology to protect DVDs from unauthorized copying usurps consumers' right to make personal copies.

WIPO recommends new regulation for new gTLD registrations

WIPO has recommended the introduction of a uniform IPprotection mechanism designed to further curb unauthorizedregistration of domain names in all new generic Top-LevelDomains (gTLDs). The proposal says that new gTLDs would berequired to offer IP owners the option of registering theirprotected identifiers during a specified period beforeopening registration to the general public. In sponsored orrestricted gTLDs where IP owners may not be eligible toregister domain names, IP owners could instead be given theoption of obtaining defensive registrations during thisinitial period.

EC figure accuses IT Giants of exploiting Open Source

Jesus Villasante, a senior figure at the EuropeanCommission, has launched an outspoken attack on severalmajor American IT firms, accusing them of exerting too muchinfluence on the progress of the open-source community.Villasante said that big companies such as IBM, HP, and Sunare just using the open-source community as subcontractorsrather than encouraging the community to develop independentcommercial products.

SMS leads to damages...in South Africa

In the first case of its kind to come before the Durban Equality Court a white woman was found guilty of hate speech and unfair discrimination (based on an SMS message) and ordered to pay financial damages to a black complainant...

Google print services launches

Google opened the door to its online library late Thursdaywith the launch of a book-specific search page.Print.Google.Com makes official the search giant's projectto digitize the world's books.

The Government Accountability Office Report warns of Radio Frequency ID misuse

Radio frequency identification is becoming increasinglypopular inside the U.S. government, but agencies have notseriously considered the privacy risks, federal auditorssaid. In a report published Friday, the GovernmentAccountability Office said that 13 of the largest federalagencies are already using RFID or plan to use it. But onlyone of 23 agencies polled by the GAO had identified anylegal or privacy issues--even though three admitted RFIDwould let them track employee movements.

EU to fund global research on Open Source

The European Union is putting money toward research intoopen-source software and standards across the world. Thenewly approved funding of 660,00 euros is for the two-yearFLOSSWorld project, Europe's first initiative to supportinternational research and policy development on"free/libre/open source software."

Government lets go of encryption regulation powers

Digital rights activists are celebrating today with the expiry of powers in the UK's Electronic Communications Act of 2000 that gave the Government the right to regulate companies selling encryption services.

OECD releases latest national broadband stats

The OECD has released the latest national broadbandstatistics. As of December 2004, South Korea continues tolead the world in broadband penetration at 24.9 percent. Itis followed by the Netherlands, Denmark, Iceland, andCanada.

European parliament committee set to debate software patents

A proposal to extend patent protection in Europe couldthreaten the existence of open-source software unless theEuropean Parliament amends it, say advocates of freelydistributed programs such as Linux. However, companies suchas Microsoft and Apple Computer argue that they need broaderpatent protection to prevent open-source companies, whichgive away their software and make money through service,from effectively expropriating their development costs.A European Parliament committee will debate the issue thisweek and vote on it next month.

Morgan Stanley Case points to importance of email retention

The $1.45 billion judgment against Morgan Stanley fordeceiving billionaire Ronald Perelman over a business dealhas a lesson all companies should learn--keeping e-mails isnow a must, experts say. Banks and broker-dealers areobliged to retain e-mail and instant messaging documents forthree years under U.S. Securities and Exchange Commissionrules. But similar requirements will apply to all publiccompanies from July 2006 under the Sarbanes-Oxley corporatereform measures.

Mastercard shuts down 1,400 Phishing sites

MasterCard International today said it had acted to shutdown 13 fraudulent financial Web sites based in Australiaunder an 11-month campaign that saw around 1,400 terminatedglobally. The credit card company last June launched aninternational campaign, called Operation Stop IT, in a bidto curb online identify theft.

Canning SPAM in Canada requires new Law

My weekly Law Bytes column takes a closer look at therelease last week of the Canadian National Task Force onSpam Report. The report calls for the creation of new lawthat features an opt-in regime by making failure to obtainappropriate consents before sending commercial email anoffence, thereby taking the pressure off the currentnational privacy statute, which is ill-equipped to deal withserious spam issues. Freely available hyperlinked version at

FTC to pressure ISPS to take action against zombies

CNET reports that the FTC will today pressure ISPs to takegreater action against zombie networks. The FTC and morethan 30 of its counterparts abroad are planning to contactInternet service providers and urge them to pay moreattention to what their customers are doing online. Requestsinclude identifying customers with suspicious e-mailingpatterns, quarantining those computers and offering help incleaning the zombie code off the infected PCs.

Study finds confusion over spyware

The 2005 National Spyware Study finds that 84% ofrespondents report that they have been spyware victims. Fromthis group, an overwhelming 97% do not remember viewing enduser licensing agreements (EULAs) before downloading spywaresoftware on their computers.

Study says 1 in 2 employers have fired worker for net abuse

A study by the American Management Association and theePolicy Institute finds that companies increasingly are"putting teeth in technology policies." The study revealedthat about a quarter of employers have fired workers formisusing the Internet and another 25 percent have terminatedemployees for e-mail misuse.

Test your own software code for infringement

Software houses can check whether the code they develop has copied even just one snippet of code from any of 38 million open source files, using a new product that relies on source code 'fingerprinting' to reduce the risk of getting sued.

Employers fail to manage instant messaging, says survey

One in five people now use instant messaging at work, but 62% of companies are totally unprotected from the threats arising from misuse of the communications tool, says a YouGov survey commissioned by Akonix Systems.