Volume 5, Issue 28 Atari Online News, Etc. July 11, 2003 Published and Copyright (c) 1999 - 2003 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: Paul Caillet Kevin Savetz To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm http://www.icwhen.com/aone/ http://a1mag.atari.org Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #0528 07/11/03 ~ Send Spammers To Jail! ~ People Are Talking! ~ Steem 2.5 News! ~ Violent Game Law Block ~ Video Gamer Stereotype ~ Dave Ahl Interview ~ Spam Gets Dangerous! ~ CU: Tougher Spam Bill! ~ Anti-Spam Bills! ~ Top 10 Spam Subjects! ~ PayPal Spoof Site Scam ~ Test Drive Lindows! -* Hacker Challenge Fizzles Out *- -* Judge: Kazaa Cannot Pursue Lawsuit! *- -* Massachusetts Probes Potential MS Breaches *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" I hope that everyone enjoyed the long holiday weekend! Well, at least the weather has been great, although this past weekend was a scorcher. I didn't really spend much time at our neighborhood block party this year. The heat and humidity literally drained me. I made a couple of token appearances, had a couple of drinks, and escaped to the confines of my cooler house. From the sounds that we could hear from inside the house, it sounded like a successful day. There's an article in this week's issue that piqued my interest, and disdain. Earlier in the week, there was an article that essentially was a warning to web site owners that a group (or groups) had planned a contest to deface as many web sites as possible. Essentially, they'd hack their way into the site and deface it somehow - online graffiti, so-to-speak. Isn't it bad enough that we have viruses, denial-of-service attacks, and other hacking pranks that wreak havoc on the web? Now this nonsense? Don't these people have jobs? Don't they have "a life"? They obviously have too much free time on their hands - something that I consider a dwindling luxury. Surely they can find better uses of their time. Does this type of activity give them a sense of power? I just don't get it. The ironic part of this story, as you'll read, was that the contest fizzled. There was no massive "destruction" of web sites. And, even one of their own sites was hacked! I guess that's poetic justice in the end. Until next time... =~=~=~= Steem 2.5 Hello, New version of Steem online (4th July 2003) : http://www.blimey.strayduck.com/ Steem 2.5 (Windows 95/98/ME/NT/2000/XP) 235 Kb http://www.blimey.strayduck.com/steem_v2_5.zip XSteem 2.5 (Linux, 486+, X) 1.11 Mb http://www.blimey.strayduck.com/xsteem_v2_5-7-i386.tar.gz Here it finally is, the much troubled Steem v2.5. Due to various mysterious bugs the release has been delayed a long time, but it is finally stable (we hope), here is a list of what has changed: Bug Fixes . Fixed PSG write bug (X-Out) . Implemented FDC spinup (Vroom multiplayer) . Improved hard drive program terminate emulation (still not perfect) . Improved MFP accuracy (Harley Davidson, Super Hang-On) . Fixed some disk formatting bugs (Fastcopy Pro, Acopy, Chambers of Shaolin) . Fixed GEMDOS void return bug (Amberstar hard drive install) . Fixed hard drive read only file bug . Fixed set video address at end of line bug (Relapse Demo) . Fixed turn IKBD off during reset bug (Just Buggin') . Fixed trace interrupt with exceptions . Fixed 512Kb and 2Mb memory sizes . Fixed FDC seek bug thanks to Kimmo Hakala (Air Supply) . XSteem: Much improved sound . Stupid hard drive booting bug fixed New Features . Macros - record keyboard/mouse/joystick input (won't work on some versions of Windows) . Profiles - save all settings and restore them at your leisure (won't work on some versions of Windows) . Disconnect drive B option (Premier Manager 2, Alternate Reality v1.2) . Accurate drive speed option . More flexible shortcuts . Customisable icons . Disks in archives can be read/write (changes are lost on eject) . Minimum size screenshots option . GUI improved . Fullscreen quit button . XSteem: Vastly improved GUI . DEBUG: Trace is now cycle accurate . DEBUG: Separate memory monitor and breakpoints . DEBUG: Step over, shift display, redraw on stop . DEBUG: Break on interrupt . DEBUG: Bigger memory/source dumps . DEBUG: More versatile find in browsers Best regards, Paul CAILLET Interview with Dave Ahl of Creative Computing Kevin Savetz 18 years after the demise of Creative Computing magazine, its founder and editor, Dave Ahl, talks about the legacy of the magazine and what he's been doing since. http://www.atarimagazines.com/creative/daveahl/ The Second Book Of Machine Language The team at AtariArchives.org is pleased to announce that the full text of the best-selling book _The Second Book Of Machine Language_ by Richard Mansfield is now online at http://www.atariarchives.org/2bml/ Published in 1984 by Compute! Books, this classic book is the sequel to _Machine Language For Beginners_, another of Mansfield¹s best-selling titles which is also available on the Web site. The Second Book Of Machine Language walks readers through the creation of LADS (Label Assembler Development System,) a sophisticated assembler written in machine language. It includes examples and program code for Atari, Apple 2, PET/CBM, VIC-20, and Commodore 64 computers. This is the 17th classic computing book to be made available at AtariArchives.org. Like all books at the site, it is available with the gracious permission of the author. =~=~=~= PEOPLE ARE TALKING compiled by Joe Mirando joe@atarinews.org Hidi ho friends and neighbors. Mark today down on the calendar! I don't really have anything to say this week. It's one thing when I've honestly got something on my mind and I blurt it out here in these pages, but I don't... I never have... just created some situation or whatever just to have something to fill up these pages. Hell, if I did that, you'd see right through it and I'd become a laughing stock. And there are enough indignities visited upon us as it is without having to bring them down upon ourselves, right? It's odd, but something usually comes along to give me something to talk about, and I normally find a way to make it make a little bit of sense, but it's not working out that way today. I guess that sometimes we just need to sit there and not be witty (I sit here and not be witty quite a lot), and to take stock of what's going on around us. I try to do that a lot too, but it's getting harder and harder to find... well, to FIND the time to TAKE the time. Know what I mean? Of course you do. Unless you're independently wealthy or institutionalized, you're being swept up by the same things that are sweeping the rest of us along. Well, all I can tell you is that you're not alone and that none of us seem to have a good answer. It's kind of like yelling at the weather for ruining your plans. It can make you feel better... until you realize that no one's listening to you... then you just feel foolish. Well, that can be therapeutic too. And let's face it, we can ALL use a little therapy now and then. Well, let's get on with the news, hints, tips, and info from the UseNet. From the comp.sys.atari.st NewsGroup ==================================== Peter Kienle asks about one of the few programs that I could never get to to work the way I wanted it to: "Although I am a longtime Mac user I still own three STs and use them occassionally to print out Postscript files. This is done by Ghostscript and so far has worked nicely with files created on the Mac. Now I switched to InDesign 2 and the PS files created won't render on the ST in Ghostscript. Is there a website for Ghostscript ST? Ghostscript is even used to print under Max OS X. Anyway, it's a silly question but this has been the only justification to leave my MegaSTe set up on my desk." Martin Tarenskeen tells Peter: "The GemGS 1.3 version, based on Aladdin Ghostscript 6.01, is not actively supported or updated by Christian Felsch anymore, but everything (binaries, sources, fonts, docs) is still available here: http://www.tu-harburg.de/~alumnifc/amua/download/atari/gemgs/ For the SpareMiNT version go to http://sparemint.atariforge.net I use Ghostscript a lot to print out music scores, made with my Atari port of abcm2ps. Looking great. It would be nice to have an update of both GemGS and SpareMiNT Ghostscript though." Derryck Croker adds: "There's no web site for the Atari version of GhostScript, and I believe that it's safe to say that it won't be updated any more. It might be worth your while investigating Porthos though, this is still being updated and a demo version can be downloaded via the Calamus web site (link is via the Newsticker page)." Martin tells Derryck: "Porthos doesn't handle PS files. It also will not handle PS files in future (I asked the author). But for PDF files it is great and getting even better. The demo only displays one page. I recommend to pay those few Euro to get a full licence." Christian Felsch has updated his website, including a download section for his 1.3 version of GemGS. See my previous message of the URL. Not updated anymore? I wouldn't be sure about that. On a FreeMiNT system it shouldn't be such a problem to compile a newer version. On a fast Aranym machine or using a cross-compiler on a fast Linux PC it doesn't take many hours anymore. The sources for the special GEM version - that doesn't need MiNT - are also available, and someone may pick them up and integrate them with a new Ghostscript version. After some more studying, I may even consider trying it myself." Piergiorgio d' Errico asks about sources of free TOS implementations: "I have heard of one or two free, open-source implementation of the ST TOS, one seem to me called FreeTos or something like, and another whose I can't recall the name. Hope that there are something kind enough to give me the links to their sites." Matthias Arndt tells Piergiorgio: "EmuTOS is what you seek: http://emutos.sourceforge.net/ " Joseph Place asks about broadband options: "Anyone using the DaynaPort SCSI/Link T to connect to an ISP with cable or DSL modem? I'd like to pursue this if possible, but I've never used anything but dialup, so I'm not sure what's involved." David Wade tells Joseph: "I use the solution from http://hardware.atari.org/ to connect my STE to the net using DSL. You can find details of my setup at http://www.dwade.freeserve.co.uk/atari/main.html You should be able to do the same things with the DynaPort card, but may need to modify some of the entries. Basically the main challenge is that you can't use DHCP to automatically configure an Atari adaptor, you have to set it up manually. However once this is done there should be no problems." Joseph replies: "I have been able to connect with an analogue modem using my MAC as a gateway (IPNetRouter software). I can browse the web (much faster than with the 28,800 modem attached to my Falcon), but Newsie and Mymail lock up (CAB did occasionally too). AFTP works, but it choked in 256 colors. Two colors worked fine. At least it is working, but I'm not sure if I feel confident about trying a cable or DSL modem." Lonny Pursell adds his thoughts: "If you have MiNT I recommend this: http://hardware.atari.org/ether/index.htm I have this and it works great on my TT, setup time under MiNT, only a few minutes. Otherwise you need the STing inet stack and of course a broadband inet connection. If you have some other platform at home that you can connect to via ethernet, I would suggest getting the DaynaPort and doing some testing before you jump into broadband. I found the DaynaPort to be unstable and STing far to complex to setup correctly in a LAN. I dinked around with the route.tab file for some hours and never got outside my LAN onto the internet. It should not be that hard. Anyway, you might need a router, Atari's don't deal with dynamic IP's so well, and a router can solve this. A static IP is preferable and a lot easier to setup." Kenneth Medin adds: "I actually tried to help a guy to setup STinG with a DaynaPort on his Falcon yesterday at the Nordic Atari Show but did not make it work. The STinG kernel reported that the .STX could not find the DaynaPort. Unfortunately this guy showed up when we were about to close so I did not have time investigate any further." Lonny tells Kenneth: "Glad you mentioned that, anyone thinking of getting a DaynaPort should be aware that it requires bus arbitration or the system doesn't see it." Rob Mahlert adds his experiences: "DSL would be out unless you have a router, to my knowledge no internet stack on the platform supports the pppoe protocol. Cable might be tough also without a router. I have a linux box running as a router on my lan using the Dayna scsi ethernet adaptor on my TT030. I've tried the Sting Dayna drivers, like LP I was never able to get out of my LAN.. until I installed a Proxy server on my linux box. It was very stable, but I was only able to surf the web. I wasn't able to use AtarIRC or AtarICQ. I've also been lucky enough to test the Stik 2 version of the drivers, the Stik version allowed me to surf the web without a proxy. AtariICQ and HighWire worked great with the Stik version also! BUT.. the only problem is the drivers still unstable. The system would freeze. You might want to try the etherNEC LP mentioned, but you will still need a router in my opinion." Ulf Andersson asks for help with an STE with a bad floppy drive: "After 8 years without a Atari I just bought a 520 STe. When I (in a hurry) came home with my new machine the floppy was not booting. If I leave a disk on boot up it fails to boot and says error with disk. If I boot and try to read disk it says error with disk or no disk in drive. If I try to format a disk it seems to go through the format process little bar moves all the way across the screen but on verifying format it gives error with disk or no disk in drive. I tried replacing the drive with a pc high density one (modified like sony_144.zip). This didn't work either. Same errors received. I need some help figure out what is wrong or at least some tips on where to go now." Alexander Beuscher tells Ulf: "I'm not sure if I understood you correctly: Your "new" 520STe has problems with the floppy. Clear. So you switch your STe on with a floppy disc in the floppy? You switch your STe on without a disc in the floppy (which takes longer than with floppy btw.) and when the STe has booted up, then you enter a disc into your floppy - which is not recognized properly? Did you check the connectors and cables? They might be faulty. Maybe your floppy disc controller IC is damaged - best way to check this is to replace it with a "borrowed" one from another ST, but this becomes difficult if it has no socket. There is a faint chance that your DMA controller is damaged, but I'd check the floppy controller first. (It's the WD1772)" Clint Thompson asks about TOS versions on the Falcon: "Here's a few questions I'm hoping to get answered here. First, What's the main differences between TOS 4.02 vs. 4.04 vs 4.92/5.00 (beta) and does anyone here use or know of someone who uses the 4.95/5.00 (beta) and is it stable, etc. etc. Second, Is there some place I can buy a replacement (atari falcon030) inline sticker? Just curious?! Mine isn't perfect I know there's more questions I have but just can't think of them, I'll be back!" Greg Goodwin tells Clint: "4.04 fixes a serious bug -- 4.02 can write past the end of a partition into the directory of the next partition! If you have 4.02, never fill a partition 100%. 4.92 is a minor upgrade of 4.04, but is buggy from most accounts. Best Electronics would be your most likely source for the Falcon030 sticker." Well folks, that's it for this time around. Tune in again next week, same time, same station, and be ready to listen to what they are saying when... PEOPLE ARE TALKING =~=~=~= ->In This Week's Gaming Section - Violent Games Sale Law Blocked! """"""""""""""""""""""""""""" What's In A Video-Gamer? =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" U.S. Court Blocks Washington Video Games Sales Law A federal judge on Thursday issued an order postponing enforcement of a Washington state law designed to restrict the sale of violent video games to minors. U.S. District Judge Robert Lasnik issued an injunction blocking enforcement of the law, which was set to take effect from July 27 and would have imposed a $500 fine on anyone who sold a video game depicting violence against "law enforcement officers" to minors under age 17. "Plaintiffs have raised serious questions regarding the constitutionality of House Bill 1009 and the balance of hardships tips in their favor," Lasnik wrote in his order from the court in Seattle. A spokeswoman for the Interactive Digital Software Association, the game industry trade group that was one of the main plaintiffs, had not seen the judge's ruling and had no immediate comment. Washington state Rep. Mary Lou Dickerson, the Democrat who wrote the law, had said recently that any injunction would only be preliminary and that she expected the case to go to trial. Study Challenges Video-Gamer Stereotype Roughly two-thirds of college students play video games, but the image of a nerdy guy who spends all day in a dimly lit room blowing up computer-generated bad guys is off base, according to a new study. College gamers are not necessarily male - or anti-social hermits. And while about a third of those surveyed admitted playing computer games during class, the games generally don't conflict with their studies, says the researcher who conducted the survey for the Pew Internet & American Life Project. "It's not taking the place of studying; nor is it taking away from other activities," says researcher Steve Jones, chairman of communications department at the University of Illinois at Chicago. "What they seem to have done is incorporated gaming into a very multitask-oriented lifestyle." In addition to the survey data, Jones drew his conclusion from observations he and fellow researchers made while watching students in college computer labs - many of them writing papers, then taking short breaks to play computer games and send online messages to friends. Often, he says, groups of students stop to watch the game. "What we found is that it's a very social activity," Jones says. The survey, released Sunday, was compiled from questionnaires completed last year by 1,162 college students on 27 campuses nationwide. Its results have a margin of error of 3 percentage points. Among other things, surveyors found that 65 percent of those who responded were regular or occasional game players. Most said they played in their rooms or parents' homes. Nearly half said gaming keeps them from studying "some" or "a lot" - though their study habits matched closely with those reported by college students in general, Jones said. "There's this stereotype of game slackers wasting time, goofing off, that really isn't valid," says Marcia Grabowecky, a Northwestern University psychologist who has studied visual perception in humans, including those who play computer and video games. Playing games is so common for this age group, it's almost second nature, Jones says. "It's common maybe in a way Monopoly was years ago," he says. Nearly 70 percent of those questioned said they were in elementary school when they first played video games. By junior high and high school, about half said they had tried computer games - software-driven games from cards to shoot-'em-up adventures such as Doom - and 43 percent said they had tried online games over the Internet. David McNulty, a 19-year-old computer science major at the University of Maine, started playing video games, such as Nintendo's wildly popular Mario Brothers, at age 5. He now hosts game-playing parties and joins online games with people who live across the world. McNulty says he stopped playing during his first semester because he was worried it would hurt his grades, but he found that his social life suffered. He started playing again and says it hasn't affected his studies. "It takes less time to play a few games than to go downtown or see a movie with your friends. It's easier to meet them online and shoot at them," McNulty says, chuckling. The survey also found that, while gaming has a reputation as a male-dominated pastime, women are avid game players, too. Of those surveyed, 60 percent of women said they played online and computer software-based games, compared with 40 percent of men. About the same number of men and women said they played video games on PlayStation, Xbox and other systems. That news pleased Sarah Fenton, who is finishing up a degree in game art and design at the Art Institute of Phoenix. She hopes to become a character designer for a video game company and is convinced that even more women would play video games if there were more characters geared toward them. "I hope that we can bring a little equality to what's out there," she says. =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson Massachusetts Probing Microsoft Settlement Gripes Massachusetts, the state appealing Microsoft's landmark antitrust settlement, has told a federal judge it is probing potential breaches of the pact. The consent decree approved by U.S. District Judge Colleen Kollar-Kotelly in November includes provisions aimed at giving computer makers more freedom to feature non-Microsoft software on the machines they sell. But Massachusetts told Kollar-Kotelly, in a filing posted on the court's Web site on Monday, that it was looking at whether the world's largest software maker had retaliated against a computer maker for promoting Linux, an alternative to Microsoft's Windows operating system. Among other complaints being examined by Massachusetts was whether Microsoft had violated portions of the settlement prohibiting pacts requiring exclusive support of Microsoft software. Massachusetts was also examining whether the company had properly offered communications protocols allowing non-Microsoft software to work well with Windows. "The Commonwealth has not at this point determined that any complaints lack merit for decree enforcement purposes," wrote Massachusetts Attorney General Thomas Reilly. He offered no details of the investigations. A Microsoft spokesman was not immediately available to comment on the Massachusetts filing. Microsoft has said it has complied with the settlement but is open to additional feedback from government and industry. The U.S. Justice Department and a group of states who have accepted the settlement said on Thursday they were concerned about the charges and conditions Microsoft was proposing to let competitors view the inner workings of Windows. The department and states told Kollar-Kotelly they had watched Microsoft's dealings with computer makers to ensure that the company did not retaliate against this group. Kollar-Kotelly had requested status reports on the settlement, agreed by Microsoft and Justice Department in Nov. 2001 and endorsed by the judge a year later. The Justice Department entered the settlement saying the business restrictions it contained would restore competition to the software business and prevent Microsoft from engaging in anti-competitive tactics. But Massachusetts, one of 20 states which helped launch the case in 1998, insists the settlement is inadequate and has appealed to the U.S. Court of Appeals for the District of Columbia - the same court that ruled in June 2001 that Microsoft had illegally maintained its Windows monopoly. Hacker Challenge Fizzles A weekend competition to test the skills of malicious hackers fell apart after poor planning by contest organizers and infighting among different hacker groups crippled the Web site responsible for keeping score in the competition. Contest organizers invited hackers to tamper with up to 6000 Web sites. Points were awarded to hackers who could successfully compromise an organization's Web server and deface its Web pages, according to Internet Security Systems. The international contest, known as the Defacers Challenge, was scheduled to begin Sunday. However, the Web site designated by contest organizers to keep score of the defacements, www.zone-h.org, was quickly overwhelmed with traffic Sunday morning, according to a statement released by Zone-h. The Tallinn, Estonia-based security portal, which is the most prominent site that tracks defacements, had no connection to the Defacers Challenge and site organizers were dismayed to learn that Zone-h was designated as scorekeeper for the challenge, according to Roberto Preatoni, also knowns as "SyS64738," founder of Zone-h.org. "Declaring Zone-h referee was the most stupid thing someone could think of," he said. One of Zone-h's 50 operators personally confirms each recorded defacement. Had the contest produced the volume of defacements that were promised, Zone-h could not have verified the flood of 20,000 or 30,000 defacements within the six hour window specified by the contest organizers, Preatoni said. Compounding Zone-h's woes, the site also fell victim to a massive distributed denial of service attack on Sunday morning beginning at 10:00 a.m. local time and lasting until 5:00 p.m., Zone-h said. The attack downed Zone-h's Web site with 900 megabits per second of sustained traffic and came from a group of Brazilian hackers unhappy about the contest, Preatoni said. "They told me that defacing is an art and that silly challenges must be boycotted," he said. The hackers said that taking down the Zone-h Web site was the only way to thwart the contest organizers, Preatoni said. The strategy worked. Defaced Web sites submitted to Zone-h for much of Sunday were not received by Zone-h operators and could not be verified, Preatoni said. Despite the feuding and confusion, Zone-h received around 500 recorded defacements. An additional 400 or 500 were received Monday, but had not yet been verified, Preatoni said. As predicted by Preatoni and others, the list of compromised sites included few household names, but plenty of small Web sites in both the U.S. and abroad, such as www.thebuffrestaurant.com in Boulder, Colorado and www.ddwautomotive.com in Mishakawa, Indiana. The absence of larger sites was greeted with praise by some security companies. "I think it's evidence that information sharing and awareness about an issue that was coming worked," said Pete Allor, manager of X-Force Threat Intelligence Services at Internet Security Systems Inc., which issued a warning about the contest on Wednesday. However, others expressed skepticism about any connection between prior warnings of the contest and the lack of major defacements, saying that security vendors and the media hyped a low-level threat. "We didn't think there was much to it, and it turned out we were right," said Al Huger, senior director of engineering at Symantec. The level of weekend defacements reported by Zone-h was consistent with the level of activity Symantec noted on its DeepSight alert network, Huger said. That level was in line with the ordinary "background" level of defacement activity and didn't warrant the alarms, he said. "In this case, there was no fire where there was smoke," Huger said. Like the story of the "boy who cried wolf," false alarms from security companies about events such as the Defacers Challenge could cause organizations to doubt future warnings, creating the possibility of bigger problems when a real crisis hits, Huger said. Web Site Defacement Winner Announced A well-known Brazilian crew won this past weekend's Web site defacement contest, amassing more than twice as many points as the second-place team. Crackers from the Perfect.br team racked up 152 points in winning the contest, which put them 90 points ahead of the runners-up, the Hackbsd Crew. For their efforts, the Brazilians won a Web hosting package. The contest challenged crackers to deface as many Web sites as possible within a given amount of time. Points were awarded based on the operating system of the box that was hosting the defaced site. The less common the OS, the more points the defacement was worth. For example, sites running on Windows machines were worth just one point, while sites on Macintosh systems were awarded five points. The contest, which had been widely publicized in the days leading up to the Sunday kick off, drew more than 60 entrants, according to the organizer's Web site. Only about a quarter of the entrants were able to score 10 points or more, with many apparently defacing just one or two sites. In addition to all of the media coverage-or perhaps because of it-the contest also attracted its share of weirdness. Zone-H.org, an independent security site that the contest's organizer designated as the official defacement archive for the competition, was the target of a denial-of-service attack Sunday that knocked the site offline for most of the day. The group that attacked Zone-H explained its motives thusly in a note posted on SecurityNewsPortal.com: "We think the competition is a waste of time, therefore we will not participate. The competition was to be judged on the statistics collected by Zone-H, since it is a popular defacement mirror site. We planned and executed a DDoS attack directed at Zone-H so that they were unable to take mirrors of the defacements on the 6th of July, as a type of online protest. After the attack started Zone-H was intermittently offline for 15 minutes. After 30 minutes we increased the number of computer involved, which resulted in the site being completely unreachable." Oddly, one of the people listed as being a member of the group responsible for the DoS attack is Gui, a member of the Perfect.br crew. Perfect.br is widely known in the underground and its members are responsible for a large number of previous Web site defacements. Judge Rules Kazaa Can't Pursue Lawsuit The distributor of the Kazaa software for sharing songs, movies and other files online cannot pursue an antitrust lawsuit against major recording labels and movie studios, a federal judge ruled. Sharman Networks made the antitrust claims in January as part of its defense of a copyright infringement suit filed by the entertainment firms. Sharman argued that music labels and studios conspired to keep authorized and copy-protected versions of their songs and movies off Kazaa. It essentially blamed piracy on the entertainment companies, saying they failed to work with Sharman to create a legal alternative. U.S. District Judge Stephen V. Wilson dismissed Sharman's claims, which many copyright lawyers had considered a stretch. In Thursday's ruling, Wilson said that even if the allegations were true, Sharman would not be entitled to damages because it distributes file-sharing software and not online entertainment. "Sharman Networks was grasping at straws to distract the court from their own improper behavior," said Matthew Oppenheim of the Recording Industry Association of America. "We are pleased that the court recognized what we have said all along - that these claims lacked any merit." The copyright claims against Sharman remain pending. Wilson previously ruled that two other file-sharing companies, StreamCast Networks and Grokster, are not to blame for any illegal copying conducted by the services' users. Newest Lindows Runs From A CD Lindows.com is shipping a version of its Linux (news - web sites)-based operating system that can be run directly from a CD-ROM drive without needing to be installed on a hard drive, simplifying its use. The product, called LindowsCD, has many of the features of LindowsOS 4.0, according to representatives of Lindows.com. LindowsCD supports as hardware detection, plug and play, and various multimedia formats and technologies, the company says. LindowsCD can handle MP3, Real Audio, Real Video, and Flash files. It is available now, bundled with LindowsOS 4.0, sold direct by Lindows.com. It can also be purased separately priced at $29.95 through Lindows.com outlets. Users can run LindowsCD by simply inserting it into a PC's CD-ROM drive and restarting the machine. It makes no changes to the PC's hard drive. To revert back to the PC's original configuration, all a user needs to do is remove LindowsCD from the CD-ROM drive and restart the machine, according to Lindows.com. In addition to the operating system, the CD also contains applications. Among those are programs that enable users to open under Linux programs files that were created with Microsoft applications like Word, PowerPoint, and Excel, according to Lindows.com. Lindows.com hopes the ease of running the operating system, without requiring configuration changes or taking other risks, will prompt people to try out Linux. "There's enormous interest in Linux, but computer users don't always have a spare computer to try it out. Now with LindowsCD any user can insert the disc, restart their computer and they're running Linux," Michael Robertson, Lindows.com's chief executive officer, said in a statement. The company has faced fierce competition from Microsoft in court as well as in the market. Send Spammers to Jail, U.S. Lawmakers Say E-mail "spammers" who flood Internet inboxes with millions of unwanted, deceptive commercial pitches should face jail time as well as financial penalties, U.S. lawmakers and law enforcers said on Tuesday. But some said a proposed anti-spam bill, which has won the backing of top lawmakers, would do little to stop the flood of unwanted commercial pitches, as companies would still be free to send offers to anybody with an e-mail address. Get-rich-quick schemes, pornography and other dubious pitches now account for between 40 percent and 80 percent of all e-mail, filtering companies and Internet providers say, and Congress is widely expected to pass an anti-spam bill this year. The leading bill in the House of Representatives would require Internet marketers to disclose their online and offline addresses, and honor customer requests to be taken off their mailing lists, an approach backed by business groups that want to differentiate "legitimate" marketing from the two-thirds of spam that contains fraudulent information of some kind. The bill also won praise from law-enforcement officials, who said spammers who now shrug off civil penalties as a cost of doing business may think twice when faced with a jail sentence of up to two years. "We believe criminal sanctions will make a big difference in Virginia," Virginia Attorney General Jerry Kilgore told the House subcommittee on crime. William Moschella, an assistant attorney general at the Department of Justice, said he supported the bill as well. Others said the bill would not give consumers enough power over their inboxes because companies would still be free to send them e-mail pitches until they were told to stop. This "opt-out" approach could prove counterproductive as spammers commonly use opt-out requests to confirm that an e-mail address is valid, leading to more spam, said Chris Murray, legislative counsel at Consumers Union. A better approach would be to model the spam bill on a "junk fax" law that allows consumers to sue companies that send them unsolicited faxes, he said. Murray's suggestion drew a vehement response from bill co-sponsor Rep. Bob Goodlatte, who said it would invite a tide of frivolous lawsuits against honest businesses that provide easy targets, rather than fly-by-night spammers who cover their tracks. "Legitimate businesses will suffer, consumers will receive less information... and the people we really have a problem with are going to continue on their merry way," said Goodlatte, a Virginia Republican. The House Energy and Commerce Committee has scheduled a hearing on the bill for Wednesday. In the Senate, another anti-spam bill cleared the Commerce Committee last month. House Panel Takes Up Anti-Spam Bills Microsoft's filters block more than 2.4 billion junk e-mails a day, but even the world's largest software company cannot keep up with the ever-growing volume of spam, officials told Congress Wednesday. "Technology needs help," Ira Rubinstein, associate general counsel for Microsoft, said in endorsing congressional efforts to crack down on spam. Because filters do not have detailed information about those who send spam, they may misclassify legitimate e-mail or fail to block spammers, Rubinstein said. "Microsoft supports strong federal anti-spam legislation because the current legal and regulatory regime is simply not up to the task," he said. Microsoft was one of several high-tech companies that testified Wednesday in support of two House bills aimed at blocking spam, which now accounts for more than 40 percent of all e-mails sent, up from 7 percent in 2001. America Online, EarthLink and Amazon also spoke in favor of the legislation being considered by a House Energy and Commerce subcommittee. The bills are among a half-dozen anti-spam proposals pending in Congress, including a measure that has been approved by the Senate Commerce Committee. With new studies showing that e-mailed spam costs American businesses up to $10 billion a year in lost time and productivity, federal action is needed "to avert deep erosion of public confidence that could hinder or even destroy e-mail as a tool for communication and online commerce," said Howard Beales, director of the Federal Trade Commission's Bureau of Consumer Protection. Beales called for a balanced approach that combines technology, law enforcement and education. Commerce Committee Chairman Billy Tauzin, R-La., said he favors a bill that would let consumers opt out of receiving spam and provide criminal and civil penalties to fight fraudulent spam. The bill, introduced by Rep. Richard Burr (news, bio, voting record), R-N.C., also is supported by Rep. James Sensenbrenner, R-Wis., chairman of the House Judiciary Committee. Some lawmakers said the bill was too lenient, noting that it targets only e-mail whose "primary purpose" is to promote a product. Committee Democrats back a measure introduced by Reps. Heather Wilson, R-N.M., and Gene Green, D-Texas, that would allow consumers to opt out of all unwanted commercial e-mail. The bill also would impose tough criminal and civil penalties on spammers. Tauzin called the two bills "remarkably similar" and said he was confident lawmakers would come together to find a solution. Congress in the past has been reluctant to crack down on spam, in part because of lobbying from retailers, marketing firms and other who use e-mail for their businesses. But with the problem worsening, "we're likely to get some real action this year," Tauzin said. ___ The bill numbers are H.R. 2214 and H.R. 2515. Spam Gets Dangerous A major anti-spam vendor is warning companies to take precautions against an emerging form of spam designed to take advantage of unsuspecting users. SurfControl plc execs say "brand spoofing," in which a spammer disguises E-mail to make it appear as if it's from a trusted company in order to extract personal information such as account details and Social Security numbers, is a growing and dangerous form of spam. Among the companies that have been brand spoofed in recent months are Best Buy, UPS, Bank of America, PayPal and First Union Bank, according to SurfControl. Sony Electronics last week warned that it had become aware of a deceptive mass E-mailing that was sent to consumers with the subject "Sonystyle user and email address." The message, which claimed to come from "SonyStyle Customer Service," requested personal information, including user names and passwords. Michael Osterman, principal analyst with messaging research firm Osterman Research, says brand spoofing is a newer form of E-mail spoofing, in which spammers disguise E-mails to look like they come from familiar addresses, such as those of co-workers. Osterman thinks brand spoofing is most threatening to consumers who don't get a lot of E-mail and thus might be easily fooled, but he also expects it could endanger small businesses where the recipient is more likely to be a decision-maker. SurfControl advises companies to take a few precautionary steps to protect their IT systems, employees, and customers: - Notify customers and employees that E-mails seeking personal information are suspicious and should be reported immediately. There's no legitimate reason for any Web site to ask for E-mail verification or an update of confidential information via E-mail. - Urge customers and employees not to open suspicious E-mails or even visit Web sites mentioned, as they pose a risk, such as the possible automatic download of a Trojan horse program, to anyone logging on to the site. - Monitor Internet and spam security information resources. Consumers Union Says Federal Anti-Spam Bill Doesn't Go Far Enough None of the anti-spam legislation Congress is considering goes far enough in tackling the problem, The Consumers Union, the company behind the popular Consumer Reports publications, told a House subcommittee Tuesday. So far, all the ideas floated in the Senate and the House take an 'opt-out' approach, where e-mail users would be required to add their names and addresses to a 'do not spam' list. But that's not enough, said Chris Murray, the legislative counsel for Consumers Union, in testimony before the House Judiciary's Subcommittee on Crime, Terrorism, and Homeland Security. The hearing focused on H.R. 2214, the Rid Spam Act introduced by Rep. Billy Tauzin (R-La.) in May. "Thus far, the bills proposed, including H.R. 2214, have an 'opt-out' as part of their core solution," Murray said. "In other words, an ISP must first pass on the spam to consumers, consumers must then read the spam, and then they can exercise their right to stop receiving messages from that particular sender. "H.R. 2214 needs to be improved because it lacks an 'opt-in' provision and private right of action for consumers. This puts too much burden on consumers to block spam and makes it too difficult to hold spammers legally accountable for their inappropriate interference with consumers' email." He used the analogy of a consumer putting a 'do not solicit' sign on her door, only to be forced to let any company in the world ring the doorbell once before she had the option to tell the salesman to beat it. "This is an absurd burden," Murray said. Instead, Murray called for an 'opt-in' solution, where messages would be sent only to those users who had explicitly agreed to receive them, and urged Congress to give consumers the right to sue companies or individuals who violated such agreements. "An opt-in regime appears to be the best choice," he said. Until then, he recommended that users do nothing. "Do not respond to spam, do not view spam, and most especially, do not opt-out of spam because this will tell spammers that your email address is a functioning one." If Congress does take the opt out-style 'do not spam' road, the concept faces some significant technological challenges, noted Vincent Schiavone, the CEO of the ePrivacy Group, a firm that frequently consults with government agencies and enterprises on spam and other security and trust-related issues. While much has been made lately about the FTC's debut of its 'do not call' list that allows consumers to block telemarketing phone calls, a similar 'do not spam' list - which is what many of the bills before Congress propose, is a very different beast, according to Schiavone. "E-mail is very different than the telephone," he said. "The other end of the phone is traceable and accountable, but we don't have that traceability and accountability in e-mail." Over 20 million consumers have registered phone numbers with the FTC's DoNotCall.gov Web site since it opened less than two weeks ago. And in a poll shortly after its release, an overwhelming majority of Americans wanted to see the concept extended to e-mail to stem spam. Although Schiavone said that a federal 'do not spam' list was a distinct possibility given the interest in Congress, the idea has some hurdles to jump before it becomes a reality and really does some good. "E-mail is a very crude protocol," he said. "There's no common language to differentiate spam from commercial e-mail, say a customer service notice or a newsletter." For an 'opt-out' approach to really work, e-mail will have to be recrafted, Schiavone said, so that messages contain information about its content, the relationship between the sender and recipient - so that legitimate messages aren't blocked, and definitive proof of the identity of the sender. "We can do this now with existing protocols," he claimed. "It's not rocket science." Among the ideas he's proposed to the FTC, he said, are lightweight digital signatures and an open standard for embedding information in the header of all e-mail messages. In other spam news, America Online on Wednesday revised its service agreement to extend its definition of spam to include instant messages and the back-and-forth in chat rooms. Under the new terms AOL will cancel memberships or prosecute subscribers who use IM or chat to send spam. PayPal Spoof Site Asks for Users' Account Info A new Web site spoofs the PayPal online payment site and attempts to trick PayPal customers into divulging sensitive account and billing information. The fake Web site is the latest example in what security experts say is a rising trend of "brand spoofing" scams. PayPal customers are directed to the site, www.paypal-billingnetwork.net, by an e-mail message that appears to come from the Mountain View, California, company. The message claims that due to a "recent system flush," the customer's billing and personal information is "temporaly unavailable" (sic). Customers need to verify their identity by visiting the site or risk having their account canceled, according to the message, which is signed by "Jhon Krepp" from the "PayPal Billing Department." The actual site is almost identical to PayPal's real site, with the same graphics, layout and wording. In fact, many of the links on the site point back to the actual PayPal Web site. PayPal could not be reached for comment about the scam site. Adding to the ruse, visitors to the paypal-billingnetwork.net site are greeted with an authentic-sounding pop-up message. "We've worked hard to help make PayPal even better! However, we have to ask you to re-enter your Billing Information," the message reads, in part. Visitors are asked to have their last PayPal billing statement and credit cards handy before entering the site. PayPal members who do not enter their billing information will have their PayPal accounts canceled, according to the message. After acknowledging this message, users are presented with a form that asks for a wide range of personal and financial information including Social Security number, driver's license number, date of birth, and credit card information. Unlike much of the rest of the site, however, the form does not reside on PayPal's Web site, but on a server at a different IP address. Paypal-billingnetwork.net is registered through Vancouver, Washington-based Web hosting company Dotster. Dotster did not immediately respond to requests for comment. The PayPal scam is just the latest example of brand spoofing, which security experts say is a growing problem. On Tuesday, e-mail filtering company SurfControl PLC of Scotts Valley, California, issued a warning about brand spoofing, saying it has noticed a jump since March in unsolicited e-mail messages tied to fraudulent brand-spoofing scams. Like the most recent PayPal scam, the fraudulent e-mail messages pretend to be from customer service or security officials at well-known companies and direct the spam recipient to phony Web sites that harvest their confidential information, SurfControl said. Because of its role as an online payments clearinghouse with a large user base, PayPal has long been the target of online criminals. Recently, however, other high-profile companies have been the targets of brand spoofing, including Best Buy and Discover Financial Services' DiscoverCard. Sony Electronics, United Parcel Services, and Bank of America have also been the targets of brand spoofing in the last few months, SurfControl said. SurfControl did not receive any brand spoofing e-mail before March, but has received more than five new examples of brand spoofing spam each month since then, the company said. The proliferation of open proxy servers is largely responsible for the problem, SurfControl said. Lists of the loosely managed or insecure proxy servers are freely available online, as are tools for locating open proxies, according to Susan Larson, vice president of global product content at SurfControl. Spammers use the servers to forward large volumes of e-mail messages to recipients. An open proxy server will not only forward the e-mail messages, but also insert its own Internet address in place of the original source information, effectively covering the spammer's tracks, Larson said. Working from lists of harvested e-mail addresses, spammers target high-profile companies, counting on the fact that a certain percentage of recipients will have a relationship with those companies, Larson said. Because of the low cost of sending spam and the huge sums that can be reaped by stealing someone's identity, only a small number of recipients need to fall for the ruse in order for the spammers to turn a profit, she said. Consumers' growing comfort with online retail is also partially to blame for the increase in brand spoofing scams, according to Larson. "So many more people are trusting the Internet to do financial business. We're not as skeptical as we used to be about going out on the Internet and giving passwords or credit card numbers or bank account numbers," she said. The U.S. Federal Trade Commission recently warned Internet users about the problem on its Web site. The FTC recommends checking for "sloppy copy" such as spelling mistakes or grammatical errors in the solicitation. Consumers should also check with the company in question before providing any personal information on a Web site, the FTC said. Spammers' Top 10 Deceptive Subject Lines Anti-spam vendor FrontBridge Technologies Inc. has identified the top 10 deceptive e-mail subject lines used by spammers to lure recipients into opening their messages. FrontBridge's list was culled from 1,200 enterprise e-mail domains the company filters and analyzes regularly, and the vendor expects more e-mail containing such deceptive subject lines to appear in in-boxes. The company reports that deceptive spam tactics grew more than 50% in the first six months of the year. The list reads: * RE: Information you asked for * hey * Check this out! * Is this your email? * Please resend the email * RE: Your order * Past due account * Please verify your information * Version update * RE: 4th of July =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.