IOCOM Internet News

Wednesday, May 15, 2002

Several large Internet trade associations, joined by corporate giant Yahoo!, filed papers on Monday in a Federal Appeals Court, seeking to overturn a Minnesota court ruling that would require uniformed law enforcement officers to be present on-site whenever a search warrant is served and executed on an Internet service provider, which is becoming increasingly common these days. The Minnesota case involved a search warrant served on Yahoo! in a child pornography investigation, and the defendant in that case contended that his Fourth Amendment rights against unreasonable search and seizure had been violated because the computer search was conducted by civilian technicians. The U.S. Justice Department has already challenged the ruling, saying that it puts an unreasonable burden on law enforcement agencies to provide non-technical uniformed personnel as little more than window dressing while the actual searches are carried out by those qualified to do so. The papers filed Monday by the Internet trade groups were an "amici curiae" brief in support of the government's position, which said in part, "A large Internet service provider can receive literally thousands of search warrants and other requests for information during the course of a year," and "it is entirely possible that at any given time a dozen or more law enforcement officers would be on the premises of a given service provider." The number of search warrant served on ISPs is up sharply since the attacks of September 11, 2001, and will grow even faster under a new international treaty that requires the U.S. government to obtain information from Internet service providers at the request of foreign governments that are treaty signatories. Jonathan Brand, an attorney for the group filing the supporting brief, "You could have countries halfway around the globe requiring these searches, and we would have to comply. All the work is going to be done by the service providers, and their technicians and engineers. Having police present will add no value."

The most common type of search warrant issued on ISPs like IOCOM with many dial-up customers is an excerpt from one of our "Radius server logs," which shows which specific username (and the corresponding actual account holder's real name) on our network was associated with a specific dynamically-assigned IP address at a certain time. Much cybercrime is web-based, and web server software is able to record the times at which specific client IP addresses connected to the website, unless some sort of proxy or "anonymizer" service is employed. Thus, correlating the data in a web server log with that of an often-distant ISP that provided the connection for someone browsing that website is a common way to investigate legitimate possibilities of criminal wrongdoing, in much the same way the police departments are accustomed to obtaining warrants for "LUDS" - or "local use details" - from the telephone companies to inspect the times, dates and phone numbers of incoming and outgoing calls to or from a specific number.

As we have said a number of times, we are pretty staunch civil libertarians here at IOCOM. We don't want to specifically comment if we've dealt with search warrants before, but given our corporate heritage, if we were ever to be presented with one, we would inspect it carefully to make sure that it was valid and properly executed by the proper authorities before complying with the law. And like the trade group that filed the supporting brief on Monday, we see little value to having an Austin Police Department or Travis County Deputy Sheriff standing in our lobby while either a police technician or one of our own qualified personnel retrieves the specifically requested information, and only that information. But if the current ruling stands and we are asked to cooperate in any sort of criminal investigation in the interim, we have coffee and donuts ready for our "boys in blue" just in case. Stop by our nice, new Metric Blvd. offices any time during business hours, and we'll let you have some, too.

You can read more about this story on Reuters News Service's website at (http://www.reuters.com/news_article.jhtml?type= internetnews&StoryID=954446).

• Joel Rennie (jrennie@io.com)

Monday, May 13, 2002

We all breathed a collective sigh of relief when the calendar year 1984 came and went 14 years ago, and Big Brother didn't seem to be in control of anything, we were all still speaking our native tongues rather than "Newspeak," and the original Apple Macintosh was introduced with a "dare to be different" marketing pitch. And then came the Internet. When one of the early versions of Netscape's pioneering web browsers included support for the so-called "magic cookie," it prompted Sun Microsystems CEO Scott McNealy to utter his famous quote, "You have zero privacy anyway." You can read those possibly prophetic words in big block letters on (http://www. cookiecentral.com/).

Well, things could actually get worse, at least in theory. Researchers in Scotland are developing "highly classified" web monitoring software that they say can collect enormous amounts of data on web use while remaining nearly undetectable. The Steve Jackson Games vs. Secret Service federal lawsuit - which lead to what is today IOCOM - was one of the principal forces behind the creation of the Electronic Frontier Foundation. Acccording to Lee Tien, senior staff attorney for the EFF, "Technology like this, once it's spread around, means people can be tracked from site to site. Whatever (the Scottish Enterprise) is doing, this is part of a long-standing practice by governments to fund the development of spying technology or, more generally, technology that facilitates law enforcement and national security." The European Union has accussed the U.S. government of espionage for the so-called "Echelon" system, an alleged cooperative venture between the National Security Agency and its counterpart agencies in the United Kingdom, Australia and other countries to actively monitor the domestic communications of each other's citizens and then swap data with each other, so as not to violate the letter of each individual country's constitutional promises of privacy.

As chilling as it all sounds, the good news appears to be that the technology - secret though it still is - can only work if there is a component part of the software system installed on the "client" computer. But considering all of the recent news stories about so-called commercial "spyware" being bundled with other applications, which then installs itself on many people's computers without their knowledge or consent, it may be scant comfort.

As we said in an earlier editorial item here, as one of the very first Internet service providers anywhere, IOCOM takes on-line privacy very seriously. We helped to establish many of the legal precedents for civil liberties in "cyberspace" that exist today. Technology of any sort frequently outstrips man's ability to use it wisely, and this new "research" project may be a prime example of this phenomenon. While it is difficult to know the actual truth behind the implementation of such things because they are frequently cloaked in official secrecy and deniablity, we would urge the decision-makers who actually decide how, when and whether such techniques should be implemented to think about the very serious moral and ethical implications of their actions.

And since we changed our official name to "IOCOM Corporation" from the old "Illuminati Online" that provoked many an amusing e-mail question to us about our possible omniscience in such matters, we can honestly claim to not know anything more about it than anybody else. You can read the whole thing for yourself on News.com at (http://news.com.com/ 2102-1023-909397.html).

• Joel Rennie (jrennie@io.com)

Wednesday, May 8, 2002

Along with security, privacy is at the top of the list with most Internet users in terms of things that personally concern them as being part and parcel of the brave new world we all live in. The ability of computers to gather, aggregate and correlate all sort of personal information from websites and e-mails that may seem innocuous is a powerful capability. The fact that this information can then be bought, sold and brokered as a commodity item between corporations,government agencies or simply anybody willing to pay the going price for it is a chilling prospect.

A bill introduced today in the U.S. House of Representatives does little to advance the cause of protecting personal information in our increasingly computerized world, especially compared to an alternative measure proposed in the U.S. Senate.

The measure offered by the Chairman of the House Energy and Commerce Consumer Protection Subcommittee, Republican Cliff Stearns of Florida, has some good intent, but it relies on the enforcement of existing laws - which are inadequate - to protect such things as health and financial data. In contrast, a bill introduced last month by Senate Commerce Committee Chairman Fritz Hollings, Democrat of South Carolina, requires Internet businesses to specifically obtain customers' consent before collecting or sharing medical or financial data, as well as information regarding religious or political affiliations.

An existing law, called "Gramm-Leach-Bliley" after its co-sponsors, theoretically gave consumers the right to "opt out" of having their financial information shared with affiliates and marketers, but the expensive opt-out notices mailed by banks last summer in compliance with the law were so complex that many people simply threw them away, and their data is probably thus being swapped, quite possibly against their true wishes.

The political battle over privacy legislation frequently boils down to a fundamental confrontation between various business interests operating from a profit motive, and civil libertarians who believe this data should not be blithely exchanged just because computers make it so easy to do so. As one of the very first commercial Internet service providers anywhere, IOCOM gravitates
toward the civil libertarian viewpoint that privacy is very nearly a sacred matter, although we are obviously in business ourselves. The "letter" or our privacy policy is not only one of the strongest you will find anywhere on the Internet, but so is the company "spirit" behind it.

We hope that the House bill introduced by Representative Stearns is ultimately tabled, or moves more in the direction of Senator Hollings' proposed measure, which could probably stand a lot of improvement itself. At any rate, it is good to see our elected officials taking the subject of on-line privacy seriously, because is obviously a very serious matter.

You can read more about this story on The Washington Post's website at ( http://www.washingtonpost.com/wp-dyn/articles/A45904-2002May7.html).

• Joel Rennie (jrennie@io.com)

Thursday, May 2, 2002

One of the principal problems in ending the universal plague of "spam" - or unsolicited commerical e-mail - has been the lack of stiff penalties for spammers, and the ability to effectively enforce them. Well, that may be about to change, as a bill co-sponsored by Montana Republican Conrad Burns of Montana and Democrat Ron Wyden of Oregon is slated for a Senate Commerce Committee vote on May 16th. The committee is expected to report the bill out for passage by the full Senate, and although Majority Leader Tom Daschle has not yet committed to a floor vote on the measure, Senator Burns expressed confidence that the bill would pass the entire chamber, saying "it looks like we're finally going to get some action on spamming." The Burns-Wyden bill imposes no new legal restrictions on spam, but strengthens the hand of the Federal Trade Commission and the individual state attorneys general, allowing them to impose fines of up to $30 per e-mail, with a $1.5 milllion cap for each individual offender. Since February, the FTC has been trying to crack down on spammers who violate existing laws or use false and deceptive trade practices, but it has rarely resulted in fines or jail time. Under the proposed bill, spammers that hide their identities face criminal penalties - and most importantly from our standpoint at IOCOM - the bill would allow ISPs to readily sue spammers to keep them off of our networks and out of your inbox.

Senator Burns personalized the issue by talking about his own e-mail, saying, "I bet there's 50 (unsolicited messages) on there when I get home tonight, and not one of them I recognize."

We at IOCOM heartily endorse the essence of the Burns-Wyden bill, whether it becomes law as currently written or not. If it passes the Senate, it likely faces tougher opposition in the Republican-controlled House of Representatives, where the direct-marketing lobby groups that represent spammers wield more infuence. But the bill is a good blueprint for action, and we hope something closely resembling it receives President Bush's signature as soon as possible. He probably gets a lot of spam, too, at his ( president@whitehouse.gov) e-mail address.

You can read more about the Burns-Wyden anti-spam bill on Reuters News Service's website at (http://www.reuters.com/news_article.jhtml?type= internetnews&StoryID=908651#).

• Joel Rennie (jrennie@io.com)

Tuesday, April 16, 2002

OK, so we ripped off the U.S. Postal Service for a headline, although contrary to popular belief, what we paraphrased is not any kind of official motto. What actually prompts this brief item is that our Senior Network Admininstrator Brent Oswald recently ran some statistics on "Deliverator," which is the given name of our principal incoming mail server computer. (We have six other servers that will accept incoming mail, three of which can also handle outbound traffic.) In the last 380 days, or one year plus about two weeks, Deliverator has sent out 35 million separate e-mail messages, totalling 917 terabytes (roughly 939,008 gigabytes) of data, and has received another 32 million messages that add up to 926 terabytes of information. That's obviously a whole lot of disk read/write operations, not to mention great gobs of traffic passing through that machine's ethernet network card. Brent adds that these statistics only reflect the messages sent and receieved by the well-known "Sendmail" program, and do not reflect the numerous messages that were handled by our own "nospam" filter. Despite a number of new uses, basic e-mail continues to be the lifeblood and "killer application" of the Internet, and we just thought you might like to know how much of it we actually "move" for you on a 24/7 basis.

• Joel Rennie (jrennie@io.com)

Friday, April 12, 2002

No one knows for certain when the Grim Reaper will call, but Benjamin Franklin's other inevitability of life is upon us, namely tax time, and with it there is a surge of traffic on a number of tax-related Internet sites. Not only can you electronically file your tax return on-line with tax preparation software loaded on your own computer, but a number of web sites will allow you to interactively prepare your return on-line without buying any software at all. Without endorsing any of these for-fee services, we simply note that during the week ending April 7, traffic at H&R Block's website ( http://www.hrblock.com) jumped 51 percent over the week before, while 46 percent more people visited Intuit's TurboTax (http://www.turbotax.com) than in the preceding seven days. Likewise according to Nielsen NetRatings, visitors to the Internal Revenue Service's own website (http://www.irs.gov) swelled 28 percent to 1.2 million surfers, many of them probably looking to download and print out the Adobe PDF version of the ever-popular Form 4868, "Application for Automatic Extension of Time to File U.S. Individual Income Tax Return" (http://www.irs.gov/pub/ irs-pdf/f4868.pdf). You still have to pay on-time, but it's more convenient than the pre-Internet days when you had to drive to the nearest U.S. Post Office, which never had the form you actually needed in stock. If you'd like to read more about the on-line rush to pay Uncle Sam his due, you can do so on Reuters News Service's website at
(http://www.reuters.com/news_article.jhtml?type= internetnews&StoryID=802202).

• Joel Rennie (jrennie@io.com)

Wednesday, April 10, 2002

A recent study by the Computer Security Institute and FBI has gotten wide media coverage, largely because it revealed that fully 90 percent of those surveyed said that they had detected security breaches in the past year. Of the 540 respondents, the 44 percent who were willing and able to put a dollar cost on the hacking attacks put their total losses at 455.8 million dollars.

The good news? According to experts, home users are far less likely to be the direct or indirect targets of hackers than are businesses. At the same time, those same experts warned that most home computers users are wide open to hacking attacks, and that those attacks could be related to their jobs. Richard Power, editorial director of the Computer Security Institute, called this phenomenon "the Deutch factor," after John Deutch, who served as Director of the Central Intelligence Agency in the Clinton Administration. In violation of CIA security policies, Deutch took classified material home with him on floppy disks and then accessed it on his non-secured home computer, which was connected to the Internet over a standard, plain-vanilla AOL dial-up account. Although there was no evidence that any of the data was ever stolen while on-line, there is evidence that it could have been, and Deutch actually received a presidential pardon so the Justice Department would not prosecute.

While most home users don't have anything potentially that sensitive on their computers, some simple, no-cost precautions are still in order. First, make sure you have the most recent patches to your operating system software. Since most IOCOM customers use some version of Microsoft Windows, a visit to the Windows Update website at ( http://windowsupdate.microsoft.com) will accomplish this. Second, anti-virus software is essential. Since anti-virus software must be constantly updated by a company that stays abreast of all of the latest virus threats, it is difficult for us to recommend any free programs in this category, but you can try downloading AVG AntiVirus Free Edition at ( http://www.grisoft.com/html/us_downl.htm); it's certainly better than either no or badly outdated anti-virus software. Third, a personal software firewall can prevent many types of hacking attacks, and ZoneLabs free edition of ZoneAlarm is excellent; you can get it at ( http://download.cnet.com/downloads/0-10105-108-57636.html ?bt.37282.10014..dl-57636). Although it's not strictly security-related, eliminating "spyware" on your computer, which can report information about your Internet use back to various sever computers without your knowledge is also a good idea. LavaSoft's free Ad-aware program is a good pick for this purpose, and you can get it at
( http://download.cnet.com/downloads/0-10106-100-7302674.html).

If you have additional questions regarding computer security in general, and what IOCOM can possibly do to help, you can direct them to our Brian Faure at (bfaure@io.com). If you'd like to read more about the recent study on cybercrime, you can do so on Wired News at ( http://www.wired.com/news/politics/0,1283,51646,00.html).

• Joel Rennie (jrennie@io.com)

Thursday, April 4, 2002

We've made frequent mention of various Internet security news stories here recently, but along with security, the other big concern on many people's minds related to the Internet is the issue of privacy. Like security, privacy is a very complex matter, with technical, economic, political and social aspects. Internet consumers still rate online privacy as one of their top priorities, said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "We see it in opinion polls, that people are concerned about what happens to personal information when they visit a Web site," he said.

In what may amount to a very limited response to the problem, both IBM and AT&T have just released new software tools to make intricate privacy policies easier to use, both for companies running websites and those who browse them. IBM's "Tivoli Privacy Wizard," which is available as a free download from IBM at (http://www.tivoli.com/resource_center/maximize/privacy/wizard_code.html ) allows companies to translate their written privacy policies into the industry standard "P3P" (Platform for Privacy Preferences) format. Of more interest to most readers here will be AT&T's free "Privacy Bird" software, which installs into Microsoft's Internet Explorer web browser and makes the P3P-encoded privacy policies easy for the average person to use and understand. The AT&T Privacy Bird program is available for download at (http://privacybird.com/).

As a pioneering Internet service provider, IOCOM takes the subject of on-line privacy very seriously. If you'd like to review our own privacy policy, you can do so at ( http://www.io.com/help/policy.html). Perhaps we need to download and run the IBM Tivoli Privacy Wizard to translate it from English to P3P. You can read more about today's software anouncements and the matter of on-line privacy in general on the Reuters News Service website at
(http://www.reuters.com/ news_article.jhtml?type=technologynews&StoryID=773438).

• Joel Rennie (jrennie@io.com)

Tuesday, April 2, 2002

In past years, when we were feeling more clever and paying closer attention to the calendar, "IOCOM Revealed!" has had its own incredible news items on April 1st. This year, we're a day late (and perhaps a dollar short), and all we can do is point out some of the better April Fool's gags that appeared yesterday on the web. The Napster buyout of Microsoft, reported on GigaLaw.com's website at (http://www.gigalaw.com/articles/2002-all/ napster-microsoft-2002-04-01.html) wins first prize; Napster's former top lawyer David Boies is to be named chairman of the new company, and another old Boies client, ex-Vice President Al Gore, will be named "chief intellectual officer." In a telephone interview, Gore said, "during my service in the United States Congress, I took the initiative in creating file-swapping."

In other April 1st news, Microsoft's MSN has launched the "Gates Open Directory" service, otherwise known as "GOD," which seeks to simplify copyright law on the Web by merely purchasing all copyrighted material outright. Those are the highlights, but if you'd like to read more about April Fool's obsevations elsewhere on the web, you can do so at News.com at ( http://news.com.com/2100-1023-873177.html). That's a real URL, by the way; it's April 2nd now, and we wouldn't try to pull your leg.

In a much more serious vein, we are having some trouble with our voice telephone system, but we would direct you to our Network Operations Center page on the web at ( http://www.io.com/noc/) for constantly-updated developments in that situation.

• Joel Rennie (jrennie@io.com)

Tuesday, March 26, 2002

On February 4th, we announced here that the monthly limit on the amount of Usenet news data that any one IOCOM customer could download was being increased from five gigabytes to 10 gigabytes. We thought that we had effectively controlled abuse of our GigaNews (http://www.giganews.com) news feed by a relative handful of users, and changed our contractual terms with GigaNews accordingly. Unfortunately, it now appears that we were premature in making that assumption. Last year we began requiring all users logging on to news.io.com to authenticate themselves with their e-mail address and password so we could keep rack of aggregate usage (no individual statistics are kept) and look for those few who were using up most of our monthly quota with GigaNews. What we didn't do then was require our telnet customers to authenticate themselves through their newsreaders, and we have now come to find out that those telnet customers account for about 85-90% of all of our GigaNews traffic. So, we are reducing the monthly limit for each individual IOCOM account holder from 10 gigabytes to five to make sure that we don't exceed the large monthly allotment we purchase from GigaNews, and that everybody gets their fair share of news. (We hasten to point out that five gigabytes per month is still a LOT of binary files, and more text than any normal person could probably ever read in a month.)

Additionally, after 5 PM today, we are going to require that all of our telnet customers authenticate themselves to GigaNews, which will require them to do some minor tinkering with the various newsreader programs we provide on our userhost computers. Here are the instructions for our telnet customers to follow with their newsreader-of-choice:

1. PINE

S>etup your collection <L>ists such that you have an entry for giganews that looks like this:

Nickname  : News
Server    : news.io.com/service=nntp/user=you@io.com
Path      : #news.
View      :

Then (S)etup your <C>onfiguration so that the NNTP server looks like this:

nntp-server = news.io.com/user=you@io.com

You will be prompted for your password when appropriate.

2. TIN

At the prompt, simply type tin with the -A flag:

% tin -A

You will be prompted for your username and password.

3. TRN

In order to access the newsgroups, users must manually create the file
".trn/access" with the following stanzas:
[default]
NNTP Server = news.io.com
Auth User = <yourname>@io.com
Auth Password = <yourpassword>

It is strongly advised that you "chmod 600 .trn/access"
to keep other shell users from reading your password.

If this still does not work, make sure the environment variable
NNTPSERVER is -not- set (try "unset NNTPSERVER"). Also, make sure that trn version 4 or
higher is being run.

Thanks to Lance Purple for these more precise instructions.

4. SLRN

• FILES

  $HOME/.slrnrc - the slrn's initialization file

EXAMPLE OF AN INITIALIZATION FILE

        % -*- slang -*-
        % This is a sample startup file for the slrn news reader.  The
        % percent
        % character is used for comments.

% SERVER to NEWSRC mapping

        %server "hsdndev.harvard.edu" ".jnewrc-hsdndev"
        %server "news.uni-stuttgart.de" ".jnewsrc-stuttgart"

        % The next line is for those servers that require a password.
        %nnrpaccess "HOSTNAME" "USERNAME" "PASSWORD"
        %nnrpaccess "HOSTNAME" "USERNAME" ""         % Prompt for password
        %nnrpaccess "HOSTNAME" ""         ""         % Prompt for username
                                                       and password

We also note that we continue to vigorously lobby GigaNews for a secure protocol for transmission of the logon information necessary for authentication. We don't like transmitting passwords over network connections in unencrypted cleartext any more than our customers do, but we've taken every security measure that we can to protect that information short of a policy change from GigaNews, which we still pursue. We hope that all of our customers will be tolerant of these changes, which are necessary to protect the equitable usage of finite Usenet resources.

• Joel Rennie (jrennie@io.com), with Thomas Mills (tmills@io.com)

Monday, March 25, 2002

A study released recently by the security services firm ICSA Labs shows that computer virus outbreaks at corporations continue to rise steadily, with many firms reporting virus "disasters" affecting 25 or more servers or PCs. ICSA Labs has been conducting the virus survey since 1996, and the number of infections per 1,000 machines has risen by about 20 encounters each month, currently working out to about 113 encounters for each thousand machines on a monthly basis. In the last 20 months, there have been roughly 1.2 million total virus incidents.

Although e-mail remains the principal way that many viruses and worms spread themselves, other means of infection are fast becoming a threat. The Nimda virus, for example, used four different methods to infect various versions of the Windows operating system. On a positive note, more corporations now appear to be taking prevention seriously; last year's study found little or no protection for most firewalls and e-mail and proxy servers, whereas this year's survey found many such machines now have virus protection.

Providing constantly-updated virus protection for multiple computers in a corporate network is one of the security services IOCOM now offers its customers. While effective virus protection sometimes involves deploying multiple products from multiple vendors, Symantec Corporation's Norton AntiVirus program is IOCOM's first-line defense tool. Rather than installing multiple copies of the consumer version on each computer in a business network environment, Norton AntiVirus Corporate Edition (http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=23& PID=11213268&EID;=0) is often a preferrable approach, and IOCOM's Microsoft Certified System Engineer Brian Faure (bfaure@io.com) is qualified to implement and administer it on your company's network.

You can read more about the ICSA Labs study of the toll computer viruses are taking on U.S. corporations at News.com at (http://news.com.com/ 2100-1001-850391.html).

• Joel Rennie (jrennie@io.com)

Thursday, March 21, 2002

We've dealt with the topic of Internet "filtering" software here in IOCOM Revealed! before. In fact, state law requires that all Texas-based Internet service providers have a link on their home page offering information about such software, and we comply by linking to a page maintained by the Texas ISP Association (TISPA) at: (http://www.tispa.org/info/kinnaman/filtering.htm).

Filtering programs have been the cause of controversy in the past, as they sometimes bring up difficult First Amendment issues, particularly when they are implemented in taxpayer-funded facilities like public libraries. And the design of some filtering programs is very crude and discriminatory; one commercial product some years back blocked the entire IO.COM domain, simply because some of our customers had personal web pages with mature content, or what someone deemed as mature content. Much the same sort of non-policed material can be found on individual AOL members' web pages, as well as that of other large web companies like Yahoo! Geocities.

But matters like this aside, we don't for an instant dispute that a lot of material on the Internet is clearly unsuitable for children, and that parents have an obvious interest in their children's media consumption, whether or not they try to use software to help regulate the process. That is why a new filtering system unveiled today by the Internet Content Rating Association caught our eye. While any such software carries certain trade-offs and compromises, the ICRA approach seems to balance the legitimate protection of children with likewise safeguarding freedom of speech. The ICRA labeling system is largely voluntary, the filtering software itself is free, and the fact that it comes from a non-profit organization backed by many well-known, respected technology firms means that it is also free of any specific political or religious agenda. While no filtering software can ever be a substitute for parental involvement, if you have a legitimate interest in this sort of thing, we would encourage you to read the story about today's announcement on News.com at (http://investor.cnet.com/investor/news/newsitem/0-9900-1028-9426218-0.html) or to visit the ICRA site itself at ( http://www.icra.org).

• Joel Rennie (jrennie@io.com)

Friday, March 15, 2002

Well, you have to give the person(s) who wrote this particular worm/virus points for creativity: A very credible-sounding e-mail appearing to come from "Microsoft Corporation Security Center" (with the actual return address of "rdquest12@microsoft.com") encourages recipients to run the attached file, "q216309.exe" to protect their computers from a number of real, legitimate Windows security vulnerabilities that we've previously told you about here. DON'T DO IT. Windows security updates should ONLY be gotten directly from Microsoft at
(http://windowsupdate.microsoft.com), not from e-mail messages, no matter how genuine they may sound.

I've personally received this worm twice today, and Norton Anti-Virus 2002 (the various versions of which are IOCOM's first-line defense tool for virus detection, prevention and removal) has dutifully intercepted it each time to be quarantined. IOCOM's resident Microsoft Certified System Engineer, Brain Faure, further tipped me off that this was indeed a genuine threat, and referred me to this page on Symantec's website for more information: (http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@ mm.html).

This worm only demonstrates how clever and insidious those faceless individuals with destructive intent can be. If you'd like help protecting your own computer or your company's computer network from all the potential dangers that lurk in cyberspace, Brian supervises IOCOM's new network and security consulting services, and can be contacted at (bfaure@io.com).

• Joel Rennie (jrennie@io.com)

Thursday, February 28, 2002

We can't say that we didn't expect it, but a series of amendments that would have at least diluted the monopolistic effects of H.R. 1542 were debated and rejected yesterday, and the U.S. House of Representatives passed the "The Internet Freedom and Broadband Deployment Act" by a vote of 273-157 and thus sent it to the Senate, where it will likely and hopefully die.

If it were to become law, the act would give the four remaining regional Bell operating companies a virtual monopoly on high-speed residential DSL Internet service. Quite ingenuously, the "Baby" Bells claimed they needed to be exempted from key aspects of the Telecommunications Reform Act of 1996, or they couldn't compete with high-speed Internet delivered over cable TV systems. While fewer than 10% of U.S. homes with Internet service have so-called "broadband" access, among those that do, cable has a more than 2-to-1 advantage over DSL. The fight over Tauzin-Dingell was one of the most expensive Congressional lobbying efforts of all time, with those favoring and opposing the legislation spending countless millions of dollars in advertising and campaign contributions to individual lawmakers. And while almost all independent Internet service providers like IOCOM vigorously opposed the bill, the big bucks to fight it came from long-distance companies WorldCom, Sprint and AT&T, which just also happens to be the largest corporate owner of cable television systems in the United States.

Thankfully, the outlook for the bill in the U.S. Senate is not good. Democratic Senator Ernest Hollings of South Carolina, the chairman of the Commerce Committee who could effectively keep the measure from ever reaching the Senate floor, called the bill "blasphemy," and said "It's a total fraud that will extend the power of monopolists rather than promote competition." On the other side of the Senate aisle, the bill is also opposed by Republican Minority Leader Trent Lott from Mississippi, which happens to be the home of WorldCom's corporate headquarters. But even if this bill never becomes law, it still has a chilling effect in that it lends support to recent regulatory findings by the Federal Communications Commission, which is endorsing the notion of increasingly widespread deregulation, even if it leads to windfall profits for a relative few giant corporations.

No matter what the regulatory climate, IOCOM remains committed to offering the best Internet service we possibly can. As soon as we can offer reliable, affordable residential broadband service - regardless of the specific technology employed to do so - and do it at something that at least approaches a break-even point for us, you can bet that we'll do it. In the meantime, we'll continue to support the David-and-Goliath struggle against the few giant corporations that would like to first control how everyone accesses the Internet, and then steer us all directly toward their own media properties and subscription services. One of the major truths proven in the early days of the public Internet, of which IOCOM was very much a key player, is that a multitude of information choices and sources is an inherently good thing. We hope to keep it that way in the long run, and take setbacks like the House passage of Tauzin-Dingell in stride.

News reports of yesterday's House vote abounds all over the web; News.com has its typically good coverage at (http://news.com.com/ 2100-1033-846956.html).

• Joel Rennie (jrennie@io.com)

Tuesday, February 26, 2002

While IOCOM has many customers with high-speed Internet connections, either through ISDN or full or fractional T-1 lines, we are sometimes asked if we have any product that directly competes with Southwestern Bell's DSL service or AOL-Time Warner's "RoadRunner" cable system. The short answer is that we don't - at least for the moment - and the short answer as to why we don't is because of the unfair and uneven economic playing field with these giant corporations, which is largely the product of various government regulations that were ostensibly enacted to protect the public interest, and have done exactly the opposite.

Well, a bad situation could get worse tomorrow, as the U.S. House of Representatives takes a full vote on H.R. 1542, euphemistically named "The Internet Freedom and Broadband Deployment Act" by its sponsors, Billy Tauzin, a Louisiana Republican and John Dingell, a Michigan Democrat. If passed into law, this bill would effectively undo critical portions of the Telecommunications Reform Act of 1996 so that four phone giants - Verizon, Qwest, Bellsouth and SBC, the parent corporation of Southwestern Bell - could completely monopolize high-speed Internet access over the telephone wires running into almost every home in America. Along with the companies granted licenses to install and operate cable television systems, telephone companies were allowed to operate government-regulated monopolies to benefit the public, and now through proposed legislation like H.R. 1542 the government is proposing to effectively abandon its regulatory role, leaving all of us at the mercy of a few giant corporations that will have almost total control of DSL and cable Internet access. Just two weeks ago, the Federal Communications Commission proposed reclassifying high-speed Internet access as an "information" rather than "telecommunications" service, which would effectively exempt it from many regulations designed to protect consumers.

How does a bad bill like H.R. 1542 have a chance to become law? Quite simply, the giant telephone and cable corporations have huge staffs of well-paid lawyers and lobbyists who convince individual legislators - most with limited understandings of complex technical issues - that its passage will "stimulate investment" and "accelerate deployment" of residential high-speed Internet access. Translation: It will raise prices and remove choices for consumers in a classic monopolistic power grab.

IOCOM remains committed to offering the best Internet service possible, including low-cost, high-speed access for residential users someday. We haven't given up on the notion of DSL or cable service if government regulators will make the giant corporations that physically own the telephone and cable TV wires running into your house play truly fairly, and if they won't, there's still various wireless and satellite technologies we continue to investigate.

In the meantime, you can tell your Representative in the U.S. House that you are for fairness and competition, and against H.R. 1542, or "Tauzin-Dingell" as it is commonly referred to. The "Voices for Choice" website at (http://www.voicesforchoices.com/1091/) has a link that will allow you to send an e-mail to your Congressperson, and among the many news stories on the web about this potentially disastrous bill, there are very readable editorial columns from the San Jose Mercury News at (http://www.siliconvalley.com/mld/siliconvalley/business/ columnists/2733094.htm) and the St. Petersburg Times at
(http://www.stpetersburgtimes.com/2002/02/22/ Opinion/Broadband_captives.shtml).

• Joel Rennie (jrennie@io.com)

Thursday, February 21, 2002

As part of its new corporate emphasis on security, Microsoft is developing a new program, dubbed the Microsoft Baseline Security Advisor (MBSA), which will scan Windows computers for software requiring update patches, as well as weak passwords and other insecurities and vulnerabilities. Although the scanner has not yet been released, Microsoft product manager Jeff Shaw says the program should be available as a free download from Microsoft's website next month. According to Shaw, "Our goal is to allow (home) users to check their own machines. Company administrators can also use it to check their entire network." The wizardlike MBSA program will automatically download a 700KB XML vulnerability and patch database from Microsoft, which the company says it will maintain for free.

We can't yet evaluate whether the new tool will be sufficiently easy-to-use for the average Windows user, but IOCOM gladly offers its consulting services - including our own on-staff Microsoft Certified System Engineer Brian Faure - to anyone who would like help. We will also keep you posted as soon as Microsoft makes this important program available for public download. In the meantime, you can read more about it at News.com at ( http://news.com.com/2100-1001-841770.html).

• Joel Rennie (jrennie@io.com)

Tuesday, February 12, 2002

Without further belaboring the topic of Internet security, if you use Microsoft's Internet Explorer web browser program, either versions 5.01, 5.5 or 6.0, the company yesterday issued a "cumulative" patch that simulataneously fixes a half-dozen vulnerabilities, the most severe of which could allow an attacker to effectively take remote control of your computer. On their advisory web page, Microsoft calls the vulnerability "critical" and says that "customers using an affected version of IE should install the patch immediately." It can be downloaded directly from (http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp). You can read more about the story, including the 31-year-old Austin-area security researcher who discovered the problem on News.com at (http://news.com.com/2100-1001-834826.html).

• Joel Rennie (jrennie@io.com)

Monday, February 11, 2002

A number of recent "IOCOM Revealed!" news items have dealt with the topic of Internet security, and for good reason. A recent survey by Digital Marketing Services revealed that a startling 97% of their poll respondents were vulnerable to well-known Internet security threats, since those answering the poll's questions confessed that they did not practice the basic measures necessary to protect their systems from such attacks. That is one of the findings behind a new push by prominent government agencies and high-tech companies to promote security awareness, particularly among home and small business computer users. While some of the recent media emphasis on security is related to the additional vulnerability posed by the fixed IP addresses associated with various kinds of high-speed "always on" Internet connections, it is worth noting that many of the publicly available hacking and cracking tools being distributed on the Internet itself are capable of targeting the dynamically-assigned IP addresses that regular dial-up modem users typically use.

The new security campaign is called Stay Safe Online, and is sponsored by the FBI, Department of Defense, Federal Trade Commission, Microsoft, Cisco, AT&T and more than 30 other agencies and companies. Part of the campaign is a website ( http://www.staysafeonline.info) that offers a beginner's guide to on-line safety, as well as a number of security tips and self tests you can take to rate your own vulnerability. While many of the tips may seem rudimentary or common-sense, the Digital Marketing Services survey revealed that only half of 700 corporate managers update their antivirus software weekly, and that 77% of the survey's total respondents don't update their antivirus software regularly, which effectively makes it useless or even worse, in that it offers users a false sense of security.

Without necessarily promoting the security consulting services IOCOM is now offering its customers, we would encourage everybody to become more security conscious, and if you would like help to do so, please contact us. You can read more about the Stay Safe Online Campaign on News.com at (http:// news.com.com/2100-1001-832644.html).

• Joel Rennie (jrennie@io.com)

Tuesday, February 5, 2002

On December 21st of last year, this column warned that all Windows XP users (and some users of Windows ME and 98SE as well) needed to download a critical security patch from Microsoft at ( http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS01-059.asp as soon as possible. If you currently use Windows XP and are unfamiliar with this story, we urge you to scroll down in the "IOCOM Revealed!" web page (http://www.io.com/revealed) and read it now. Since that item ran, the FBI's cyber-crime unit, the National Infrastucture Protection Center, first asserted that Microsoft's patch was inadeqaute and recommended that all Windows XP users manually turn off the "Universal Plug and Play" (UPnP) feature that was causing the dangerous vulnerability, a position which they later reversed for unknown reasons. This particular Windows XP problem may have been the ultimate motivation for a widely-reported memo a couple of weeks ago from Microsoft chairman Bill Gates to all of his employees saying that security would be Microsoft's new "first priority," leaving many to wonder what spot in the design heirarchy security had occupied before that.

The reason for our renewed mention of this story is that IOCOM has a computer still running an authorized pre-release version of Windows XP Professional - for which the Microsoft patch cannot be used - on our internal network that was experiencing some problems. While it is difficult to be certain, some evidence indicates that it might have been due to the UPnP vulnerability. We found a free 22-kilobyte program from highly-respected programmer and security analyst Steve Gibson at (http://grc.com/UnPnP/UnPnP.htm) that neatly allowed us to completely turn off the UPnP feature on both the IOCOM XP Professional pre-release computer here in the office, as well as a mixture of XP Pro and Home versions that several IOCOM employees use at home. There is a lot of good reading on the web pages referenced above, reminding us that Internet security is everybody's business in an increasingly networked world. IOCOM is now offering security consulting services to our customers, including such things as insuring that all software is properly patched with all of the latest updates, as well as providing constantly updated virus protection and customized firewalls. If you are interested in our new security services, call or e-mail our on-staff Microsoft Certified System Engineer Brian Faure at ( bfaure@io.com).

• Joel Rennie (jrennie@io.com)

Monday, February 4, 2002

On September 4 of last year, we announced that IOCOM was instituting a 5-gigabyte per month download limit on Usenet news for each individual account holder, and then on November 14 we began to require that all users log on to news.io.com using their e-mail address and password, in order to help us enforce that limit. The rationale for both moves was to cut down on abuse of the Usenet feed that we purchase from GigaNews (http://www.giganews.com) by a relative handful of users, at the potential expense of everybody else wanting to read news. Since then, we've acquired more recent usage statistics that have allowed us to change the terms of our agreement with GigaNews so that we can double the monthly download limit for each user from five to ten gigabytes, which is a lot of binary files, to say nothing of simple text. IOCOM will have fewer simultaneous connections available to GigaNews, but usage data indicates this should not pose any problem. We want to provide the best possible Usenet service we can offer, which is one of the reasons why we originally contracted with GigaNews rather than continue to maintain our own news servers. We will continue to watch news traffic for signs of possible abuse, but almost all IOCOM customers should find the monthly 10-gigabyte limit to be thoroughly adequate. The 30-day metering program begins on the first of each calendar month. If you have questions regarding your IOCOM Usenet service, call Customer Support at 512-462-0999, or send e-mail to (admin@io.com).

• Joel Rennie (jrennie@io.com)

June 03, 2002