Volume 6, Issue 38 Atari Online News, Etc. September 17, 2004 Published and Copyright (c) 1999 - 2004 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: Pierre Tonthat To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm http://www.icwhen.com/aone/ http://a1mag.atari.org Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #0638 09/17/04 ~ Surfing With A Nouse? ~ People Are Talking! ~ Troll Is Updated! ~ Hackers On Fed Payroll ~ Bounty For Spammers?! ~ Fighting Cybercrime ~ Mozilla After Explorer ~ Brits Lie About E-Mail ~ Burnout 3: Takedown ~ Net Virus Turf War! ~ Spam Stopper Detection ~ Terminator 3 Ships! -* Symantec Goes Anti-Phishing! *- -* McAfee's Managed E-Mail Protection! *- -* AOL Won't Use Microsoft's SenderID Format! *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" It didn't take long after returning to work from a two-week vacation, and I was exhausted! My desk is still buried under piles of paperwork. It will probably take me at least another week just to get back into the swing of things. Bottom line - it was still all worth it! Great vacation, great weather to enjoy it in. Too bad our friends down south can't say the same thing! Boy, talk about a season of getting hammered with bad weather. I don't have much to say this week, so we'll get right to this week's issue and hope that next week something piques my interest and gets my blood boiling enough to comment. Until next time... =~=~=~= Troll 1.0B Bonjour :) Reminder: Troll is an next generation usenet client for Ataris and GEM environment. StiK2 or compatible layer needed. Download on my homepage or directly in the folder http://rajah.atari.org/files/ -> troll10b_uk.zip (124KB) News for this 1.0B - Bug fixes for: - crash at start with XaAES (shel_write). - bad URLs detections (infinite loop in some cases). - minor case for filenames under MiNT. - line return in the internal text editor. - possible crash when downloading new headlines when the headlines list is empty. Thanks to Jean-Luc & ProToS. + ST Guide English documentation + Newsgroup preferences that can: > force the sequential headlines display. > declare an identity for replies or new subjects. + Identities management (careful, the old one is lost). + New newsgroups subscribing formula: > newsgroups list sort. > big enhancement for the direct search on the server. > download or update of the entire newsgroups list of the server (careful: slow and needs a lot of RAM). > search in the downloaded newsgroups list. + GDOS/NVDI post printing (set it in the misc options) Bye bye :) -- Pierre TONTHAT - Rajah Lone / Renaissance http://rajah.atari.org =~=~=~= PEOPLE ARE TALKING compiled by Joe Mirando joe@atarinews.org Hidi ho friends and neighbors. If you happen to live in the southeastern United States, I hope you weathered the hurricane/storm (no pun intended). It's somewhat odd to have two such massive storms take so close to the same route one after another, but the tracks were different enough so that they weren't right on top of one another. No doubt there will be a lot of cleaning up and rebuilding, but hopefully most people were smart enough to clear out well before things became dangerous. I've been reading about different plans to "diffuse" these monster storms, both in the Atlantic and in the Pacific (where they're known as Typhoons), and the hubris of mankind never ceases to amaze me. These storms are inconvenient, and often dangerous to we humans, but dropping tens of thousands of tons of dessicates from above these storms to drain them of moisture, or using some insanely large fan to "blow the storm back out to sea", or dropping a thermonuclear device into the storm to "blow it out".... can you imagine the insanity involved in even thinking about detonating a nuke in a 165 mile an hour storm that covers such a large area and encompasses so much raw natural power?.... all of this just strikes me as so insane. I mean, did anyone ever stop to think that these storms just might be one of nature's safety valves? Did they wonder just where that enormous amount of energy would go if it wasn't pent up in one of these "mutha storms"? I, for one, shudder at the thought of Mother Nature adding the energy of five or six hurricanes to a continent-sized dope-smack. Well, enough of all this. Let's get to the news, hints, tips and info from the UseNet. From the comp.sys.atari.st NewsGroup ==================================== "Exxos" asks for someone to refresh his memory about getting an EtherNEC network card to work: "I did have it working but can't for the life of me remember how I did it now. I have a FTP program on my falcon to file access, I think I had to run STICK as well ? also I think I had to alter my PC's address to 168...... something...... Can any help ?? I really need to get this link working!" Kenneth Medin tells Exxos: "Sounds like you have made changes in the AUTO folder. STiK will not work with EtherNEC as far as I know. Check if you have STING.PRX in your AUTO folder. If you are lucky all you have to do is rename it to STING.PRG. If not you have to install STING and configure it to use EtherNEC." Exxos replies: "Ah sorry, I meant to say STING! I've used it before but its just stopped working, I've not changed anything on the falcon, so its like its a PC problem...... I'm using Atari FTP 1.09, I've used that before with no problems, but it just records in the log that user XXXX was logged out, and on the PC I get access denied... they are connected but Atari FTP won't let me logon, i've tried everything, its such a simple setup as well." Kenneth goes by the numbers: "1. Launch the STinG Dialer and try to ping 127.0.0.1 to check if STinG is running OK. If not, reconfigure STinG. 2. On the pc Ping a known working IP address. If OK then 3. Try to ping the Atari IP address from the pc. If OK then 4. Try to ping the the pc IP address from the STinG Dialer. If step 4 fails there might be a firewall running on the pc that blocks ping. Even if ping gets through ftp access may well be blocked by a pc firewall. If you use an ftp client on the Atari side you could try to run a ftp server instead. But "1.09" sounds like you already are? A pc firewall would not block outbound ftp transfers. If step 3 fail check the lights on the EtherNEC etc..." Greg Goodwin asks Exxos: "What version of STing are you using? On bootup, does the ETHERNET module show up? Can you connect to anything using your Falcon? More information, please." Exxos tells Greg: "I think its STING 1.26, everything pings ok, the PC does attempt to logon, but FTP kicks it off, its like the FTP program isn't setup right, i'm sure it should show the "welcome" text as soon as it connects but it don't, FTP reports the attempted logon so they are connected. I installed ENEC which shows up on boot, STING does error with DNS lookup failed or something like that. I've used the FTP prog before with no problems, but it looks like its not reading the config files, and the user lists! Got any ideas for another FTP server to try ?" Greg tells Exxos (aka Chris): "Hmmm. That DNS lookup failed message occurs when you have deleted one specific file or when that file is corrupted. (I wish I could remember which file. :-( ) However, that isn't your problem. How did you set up your Atari as an FTP server?" Chris replies: "I've redownloaded STING and replaced the folder a few times, also wiped the lot off and started again, also setup a bootable floppy to play around with. I use the FTP server from http://users.otenet.gr/~papval/ , I have used it before and it worked first time, I've E-mail the guy who wrote it but he hasn't responded :( this FTP server does show in the logs than user xxxxxxx is trying to logon so the link is working to some degree." Greg tells Chris: "Hmmm, I fear I'm out of ideas. Does STing work for web browsing or email applications? Hopefully someone who uses FTP regularly will go over configurations with you." Brian Roland jumps in and tells chris that he's....: "Jumping in late here so if I missed something....sorry. I'm understanding that at this point pings to and from all your machines work as they should. Some things to check: Find out the MTU of your ISP. Set everything on your lan to the same MTU. MSS should be your MTU minus 40. RWIN (on the Atari) should be 2 or 3 multiplied by the MTU. More modern ethernet cards on your PC/Mac hardware might can take much higher RWIN values (4 to 8 * MTU). Example: MTU = 1442 MSS = 1002 RWIN = 3326 (MTU*3 ... if the NEC card's buffer seems to overflow, try MTU*2) Having this set up properly will make things faster (less packet splitting-reassembly). DHCP (a protocol to automatically assign dynamic IP address to devices plugged into your LAN) stuff isn't full and complete when using STing with an ethernet LAN....so: Some routers/switchers are pretty smart and dummdumm proof, while others need more user interaction to get them to work well. So! You might want to go ahead and disable all the DHCP stuff, and give everything static IP addresses on your LAN. If you're networking with a DOS or Windows PC, try entering the following command (using your IP and Mac addresses) at a DOS prompt (or in autoexec.bat). c:\windows\arp.exe -s 192.168.1.8 00-00-1c-1c-32-a7 | | | Static IP switch__| | Mac Address for eNEC card. | Atari's IP Address (You set this in STing) Some unix like setups that might be on your LAN need some manual arp tweaking as well....depending on which set up, and how old. If your eNEC is connected directly to a PC (ethernet card to ethernet card): Check you've the correct type cable. Some ethernet cards need a twisted cable when you're not using a 'router or switcher', some have a switch, while others will automatically detect your cable type and it doesn't matter. You'll definitely need the arp setting as above if you're not using a router/switcher! If you use an ethernet switcher or router, check to see if there is a way to register your eNEC adaptor via Mac Address on a fixed ip address. It's usually a telnetted command similar to that above for windows, or sometimes is set via web browser query to the default gateway on port 80, or 8080. If you use an ethernet switcher or router, check that you've not done some sort of NAT redirect for the standard ports (I.E. redirect all calls to port 23 to the Windows machine). In general, this doesn't matter from inside your LAN, but it's worth checking out! If you use an ethernet switcher or router...ALL attempts to connect to any of your machines from the internet will require NAT port redirection. If you use such a device....learn all about it." Chris replies: "thanks for the info, some things to try there. my falcon is linked direct to my pc, nothing else, i'm not using internet, just a LAN and thats it, simple file transfers.... i'm using a ftp server on my falcon, so i can logon with a ftp client on my pc, the atari side reports the username i am trying to logon with (from pc) but it wont let me logon, seems like a password error, but thats all fine, I have had it working in the past and its got me stumped." Ronald Hall asks for info on MultiSync monitors: "Can anyone tell me what (if any) new multisynch monitors, that synch down to 15khz are available? I've tried googling for this information, but I only come up with older models (and pointing to ebay/half.com for purchase)." T.W. Brown tells Ronald: "Well I googled the display range (15khz) and found one reply that made new ones, I think most monitors that sync down to 15khz are used in Medical equipment/Industrial uses so I didn't ask how much they ran :) Microvetic was the manufacturer..used will be cheapest route I believe, maybe you can get an older amiga monitor (I found a NEC II multi sync for a decent price) but I'm spoiled by my 21 in monitor I use now. hard to go back to 14 or 15 in monitors." Ronald replies: "I understand, but I own a Falcon, and I'm wondering how to get all those ultra cool/snazzy RGB demos to run on a S/VGA monitor? Most don't synch down below 30khz, so what's a person to do? Years ago, with my very first Falcon, I had a VGA monitor that would synch down to 15khz, and I hooked the Falcon up via the Multisynch Gizmo, so there was no switching. I could run in VGA mode, and just click any RGB software (such as demos) and off it would go. I'd really like to have a setup like that again." Coda adds: "Other than buying a used VGA monitor I think there are three options available to you: 1. Buy a used Philips CM8833 RGB or Atari 1435/Amiga 1084S monitor, and use a switchbox. 2. Use a TV (?) 3. Buy a scan convertor. Have a look at www.lik-sang.com, they have devices that you can send an RGB signal to and it will upscan it to SVGA (like an Xbox -> SVGA adapter)." Derryck Croker adds: "I have a gizmo that accepts SVHS or composite video and outputs a scan-rate doubled signal for a "normal" SVGA monitor. Google for Console Adaptor or similar, mine seems to be made by Venom? Expect some flickering." Bill Bennet asks Ronald: "Did you try www.monitorworld.com?" Ronald tells Bill: "Actually, after googling around a bit - I did find that site. Quite a large list of monitors there. Unfortunately, every time I found a multisynch that would work (Ideks, just for an example), they would turn out to be no longer manufactured. Its a big website though, and I've not had a chance to go through every listing so I'll keep my hopes up..." Well folks, that's about it for this week. Just as I was putting the finishing touches on this column, I heard that Hurricane Jeanne was on her way toward Florida. Batten down the hatches, folks. Looks like Mother Nature is finally getting back at the state for that voting stupidness four years ago. Be sure to tune in again next week, same time, same station, and be ready to listen to what they are saying when... PEOPLE ARE TALKING =~=~=~= ->In This Week's Gaming Section - Atari Ships 'Terminator 3'! """"""""""""""""""""""""""""" Gungrave: Overdose - Can't Lose! Burnout 3: Takedown Ships! =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" Atari Ships "Terminator 3: The Redemption" Atari, Inc. announced that "Terminator3: The Redemption" has shipped to retail outlets nationwide. "Terminator 3: The Redemption" takes players for a thrill ride into a post-apocalyptic universe as they become the series signature icon, Arnold Schwarzenegger as the Terminator. The game also features an exciting, surprise ending, which hints at a possible future for the T-850 Terminator model played by Schwarzenegger. "'Terminator 3: The Redemption' gives gamers an opportunity to experience the world of Terminator like never before - they can go places and do things that have only been hinted at in the films," said Jim Galis, executive producer, Atari's Paradigm Entertainment studio. "The Terminator movies are known for their incredible chase scenes and total destruction - 'Terminator 3: The Redemption' recreates that moment-by-moment intensity with incredible action-driving only the Terminator license can provide." Developed by Atari's internal studio, Paradigm Entertainment, "Terminator 3: The Redemption" allows players to assume the role of one of Hollywood's most popular and iconic characters, the Terminator. Featuring Arnold Schwarzenegger and many of his famous catch-phrases, "Terminator 3: The Redemption" continues along the "Terminator 3: Rise of the Machines" movie storyline, but then branches in new directions, including an ominous alternate future scenario inhabited only by SkyNet forces. Players can explore three distinct timelines in "Terminator 3: The Redemption," including present day Los Angeles, the desolate, post-apocalyptic world and an eerie, alternate future where no humans exist. Players can fight toe-to-toe with other Terminator models in melee combat or take over vehicles in all three timelines to race, chase, and blast their way through 14 levels of intense arcade action. "Terminator 3: The Redemption" is available now for the PlayStation2 computer entertainment system, the Xbox videogame system from Microsoft and the Nintendo GameCube for an estimated retail price of $39.95 and is rated "T" for Teen. More information about "Terminator 3: The Redemption" can be found online at www.atari.com/terminator. Gungrave: Overdose Ships to Retail Mastiff Offers PlayStation 2 Owners an Unprecedented "Can't Lose" Deal Video Game publisher Mastiff today announced that Gungrave: Overdose for the PlayStation2 computer entertainment system has shipped to retail stores throughout North America. The game will carry a special low suggested retail price of $14.99, along with other exceptional bonuses only available for a limited time. "Bursting at the seams, (Gungrave: Overdose) has been jacked up eight ways from Sunday with more characters, more levels, and more movies and all that adds up to plenty more heavy metal-infused action," says Ed Lewis, Associate Editor of IGN.com. "It's goofy and insane and it's a hell of a lot of fun." "Gungrave: Overdose looks and plays great. The anime style cinematics reek with personality," enthuses Dave Halverson, Editor in Chief of Play Magazine. Anyone who purchases a copy of Gungrave: Overdose between September 2004 and March 2005 will receive a three-issue trial subscription to Play Magazine (an $18.00 value). Add a limited edition Gungrave art card, featuring images from Geneon Entertainment's Gungrave: Beyond The Grave anime DVD packed into every box, and you have one of the most incredible deals ever offered to gamers. "Gungrave: Overdose kicks a**. Just to make sure everyone knows it we've dropped the price to an absolutely insane $14.99 and put twenty bucks worth of free stuff in every package. You just can't lose," says Bill Swartz, Head Woof at Mastiff. Gungrave: Overdose features more of everything that made its predecessor great: more adrenaline, more over-the-top action, more cell-shaded coolness, more outrageous story, more pumped-up volume, and more non-stop gameplay. The game features the character design of noted anime artists Yasuhiro Nightow (Trigun) and Kosuke Fujishima (Sakura Wars) and a soundtrack composed by Tsuneo Imahori (Trigun, Hajime No Ippo). Beyond-The-Grave, our favorite undead-Mafioso-turned-almost-good-guy, is back to kick a** against the Corsione family and prevent them from using the Seed to gain control of the world. Joining Grave are two new unlockable characters: Juji Kabane, a blind, foul-mouthed, and perpetually angry swordsman who wears a shabby overcoat and carries a pair of gunblades, and Rocketbilly Redcadillac, a rock star who wears a red riding jacket and sports a slick ducktail. Joining the Gungrave: Overdose game on retail shelves will be a series of DVDs and soundtracks from the anime TV series published by Geneon Entertainment. Please see http://www.GungraveDVD.com for more information. Burnout 3: Takedown Ships for the PlayStation 2 and Xbox Electronic Arts announced that Burnout 3: Takedown, the latest title in the critically acclaimed Burnout series, has begun to ship to retail outlets for the PlayStation 2 computer entertainment system and Xbox video game system from Microsoft. Named "Best Racing Game of E3 2004" by the Game Critics Awards, Burnout 3: Takedown features a unique aggressive racing concept and a one-of-a-kind special effects engine that delivers spectacular visuals. With more than 40 different tracks spanning three continents, players can battle in over 70 cars and takedown opponents across a broad range of conditions and environments, as well as experiencing 100 unique crash junctions. Burnout 3: Takedown features highly sophisticated crash technology that recreates high speed crashes with extreme detail and allows the player to use their car as a weapon and takeout rivals, controlling the car even after crashing. Players can race online in seven different modes, featuring up to 6 participants, battling through full oncoming traffic. (PlayStation 2 online play requires Internet Connection, Network Adaptor and Memory Card for the PlayStation 2. Xbox online play requires Xbox Live!) Delivering an authentic radio experience complete with commentary from DJ Stryker from alternative radio station KROQ-FM in Los Angeles, the in-game soundtrack features more than 40 songs from bands including Jimmy Eat World and Yellowcard. Developed by UK-based Criterion Games, Burnout 3: Takedown for the PlayStation 2 and Xbox is rated "T" (Teen) by the ESRB and has an MSRP of $49.99. More information can be found on the game's web site at http://www.burnout3.ea.com. =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson Symantec Goes Anti-Phishing Symantec is fishing for dollars with a new service designed to help companies combat the ongoing epidemic of online identity theft, or "phishing," scams. The antivirus software giant will announce this week a brand protection service that will use the company's global network of researchers and its desktop software to help companies identify and thwart online scams that use their names to trick unsuspecting customers. Phishing scams are online crimes that use spam to direct Internet users to Web sites that are controlled by thieves but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, Social Security number, bank account information, or credit card number, often under the guise of updating account information. The Online Fraud Management Solution is a package of services that Symantec, of Cupertino, California, will market to financial services companies. As part of the service, Symantec will use a global network of probes and decoy e-mail accounts to collect, analyze, and identify new phishing scams targeted at Online Fraud Management customers. When new scams are identified by Symantec researchers, they will create filters that block the fraudulent messages associated with those scams. Those filters will be automatically deployed to consumers who use Symantec applications such as Norton AntiSpam and Norton Internet Security, Symantec says. The company will also notify the Online Fraud Management customer named in the scam e-mails so it can work with law enforcement to get the phishing Web site shut down, Symantec says. Symantec is also providing Online Fraud Management customers with access to a "user-friendly resource center" with content that will help them educate their customers about Internet security threats and with links to products and information to help them assess their computer's security exposure and protect it from attack, Symantec says. Consulting services to provide assessments and help with implementation are also included in the program, Symantec says. Online fraud and identity theft scams are a growing problem. The Anti-Phishing Working Group, an industry association made up of representatives from the high-technology industry and law enforcement, identified more than 1400 unique phishing attacks in June, the most recent month for which statistics are available. Incidents of such attacks are growing at an average monthly rate of more than 50 percent, the group found. The scams have also attracted attention from the U.S. government. In August, U.S. Attorney General John Ashcroft announced 103 arrests in Operation Web Snare, a huge U.S. Department of Justice action against online fraud and other Internet-related crimes. The operation included 160 investigations across the U.S. for a variety of Internet-related crimes, including phishing attacks. Group Seeks Ways to Prosecute Cybercrime Governments and private sector officials from around the world sought ways Thursday to jointly combat cybercrime, whose growth mirrors the phenomenal rise of the Internet's popularity. At a conference organized by the Council of Europe, delegates from Europe, the United States, Australia and China digested new data pointing to an increasing problem of global proportions: How can national law stop those who commit fraud, spread racism, steal credit card numbers or sell child pornography worldwide, nonstop and just about anonymously? On top of that, while fraud and copyright infringements remain the lion's share of cybercrime, there is rising concern about terrorists going online to spread more than just propaganda. "My main concern would be a terrorist attack" on computer systems that run power grids, transportation networks, airports and financial institutions, said Ulrich Sieber, head of the Max Planck Institute for Foreign and International Criminal Law in Freiburg, Germany. His message at the three-day conference, which ends Friday, is that governments must do more to deal with Internet criminals. The 45-nation Council of Europe agrees that governments are dragging their heels. Its 2001 Cybercrime Convention - the first international treaty of its kind - has been signed by 30 countries, including Canada, Japan, South Africa and the United States, but is law in only eight. Albania, Croatia, Estonia, Hungary, Lithuania, Romania, Slovenia and Macedonia are the only nations that have ratified the treaty, which names four types of cybercrime: confidentiality offenses, notably breaking into computers; fraud and forgery; content violations, such as child pornography and racism; and copyright offenses. The treaty aims to speed up international cooperation in investigations and extraditions and is open to countries outside of Europe. A general report prepared for the conference highlighted that while exact data is not always at hand, cybercrime is a fast-growing industry in which organized crime and private operators flourish side by side. There were an estimated 600 million Internet users in 2002, double the 1999 number. "Even if 99.9 percent of the 600 million Internet surfers were to use (the Web) for legitimate reasons, this would still leave 600,000 potential offenders," said the report. That statistic underscored a key conference theme: the vulnerability of Internet users at a time when more and more people rely on the Web. In the United States, e-commerce activities reached some $243.1 billion in 2004, and Europeans are catching up. In Germany, according to the report, Internet crimes account for 1.3 percent of all recorded crimes "but for 57 percent - or $8.3 billion - of the material damage caused by crime." A 2004 survey of 494 U.S. corporations found 20 percent had been subject to "attempts of computer sabotage and extortion, among others through denial of service attacks." Sites promoting racism, hatred and violence have risen by 300 percent since 2000, and Internet child pornography is an industry worth some $20 billion this year. "Surveys in 2003 suggest that child pornography accounts for 24 percent of image searches in peer-to-peer applications," said the report. Organized crime is well established in cyberspace, using the Internet for human trafficking and commit economic crimes. Sieber said prosecuting cybercrime is unfeasible without more cross-border cooperation. "The Internet is fast, whereas criminal law systems are slow and formal. The Internet offers anonymity, whereas criminal law systems require identification of perpetrators ... The Internet is global, whereas criminal law systems are generally limited to a specific territory. Effective prosecution with national remedies is all but impossible in a global space." FTC Report Recommends Bounty for Spammers What would it take to get someone to turn in one of those spammers who send millions of unwanted e-mails? At least $100,000, the Federal Trade Commission figures. Six-figure incentives are the only way to persuade people to disclose the identity of co-workers, friends and others they know are responsible for flooding online mailboxes with unsolicited pitches for prescription drugs, weight loss plans and other products, according to an agency report Thursday. The commission said a government-funded reward system could work if the payoff was between $100,000 and $250,000 ? higher than rewards in most high-profile criminal and terrorism cases. For example, the FBI pays $50,000 for tips leading to the arrests of most of its top 10 fugitives. The FTC, in a report requested by Congress, did not take a position on whether such a system was a good idea. The report said any reward should come from taxpayer funds because collection of civil penalties from spammers will not be enough to finance the system, according to Allen Hile, assistant director in the agency's division of marketing practices. "All of our cases end in a court order, but substantially fewer end up in assessment and payment of civil penalties," Hile said. The agency said potential informants probably would be people who work with the spammers or are close enough to have knowledge of their illegal activities. Congress asked the FTC to study the feasibility of a bounty system as part of the "can spam" legislation that went into effect in January. The law prohibits senders of spam from disguising their identity by using a false return address or misleading subject line, and it bars senders from collecting addresses from Web sites. "Americans are being inundated with spam, and we need to keep trying different approaches until we solve the problem," said Sen. Jon Corzine, D-N.J., among those who has pressed for rewards as a way to eliminate spam. "Monetary rewards can provide a real incentive for private citizens to come forward and identify spammers." But the idea may be premature, according to the Direct Marketing Association, the largest trade group for direct and interactive marketers. The group believes it would be wise to give the law and law enforcement efforts more time to work before "rushing into a system like this," spokesman Louis Mastria said. The Justice Department recently announced an Internet crime crackdown that resulted in dozens of arrests and convictions on charges including the use of spam e-mail to steal credit card numbers. The industry also has been aggressive. In March, Microsoft, America Online and others sued hundreds of people suspected of sending spam. On Fed Payroll, Hackers Seek to Save America Jason Larsen types in a few lines of computer code to hack into the controls of a nearby chemical plant. Then he finds an online video camera inside and confirms that he has pumped up a pressure value. "It's the challenge. It's you finding the flaws," he said when asked about his motivation. "It's you against the defenders. It comes from a deep-seeded need to find out how things work." Larsen, 31, who wears his hair long and has braces on his teeth, is a computer hacker with a twist. His goal is not to wreak havoc, but to boost security for America's pipelines, railroads, utilities and other infrastructure, part of a project backed by the Idaho National Engineering and Environmental Laboratory. Sponsored by the U.S. Department of Energy, the Idaho lab last month launched a new cyber security center where expert hackers such as Larsen test computing vulnerabilities. Spread across 890 square miles in a remote area of eastern Idaho, INEEL gives experts access to an entire isolated infrastructure such as the one Larsen hacked into. "I don't think people have an understanding of what could be the impact of cyber attacks," Paul Kearns, director of INEEL, told Reuters. "They don't understand the threat." In recent months, U.S. security officials have warned that the nation is not prepared against cyber terrorism. "I am confident that there is no system connected to the Internet, either by modem or fixed connection, that can't be hacked into," said Laurin Dodd, who oversees INEEL's national security programs. He added that only a computing system totally isolated from the outside, such as that used by the Central Intelligence Agency, would be immune to hacking. Another problem is that many once-isolated systems used to run railroads, pipelines and utilities are now also accessible via the Internet and thus susceptible to sabotage. "More and more of these things are being connected to the Internet, so they can be monitored at corporate headquarters," said Dodd, INEEL's associate lab director. "It is generally accepted that the August blackout last year could have been caused by that kind of activity." "Most people think risk in this area is not going to result in thousands of deaths," he continued. "If somebody could wreak havoc in the financial system by getting into computers and as a result people lost confidence in the financial system, that could be pretty consequential." Added lab director Kearns: "That's what al Qaeda is all about." Steve Schaeffer in INEEL's cyber security lab was recently asked to decode a General Electric designed system. "My test was to subvert that guy's system in some manner," he said. "It only took about two months before we had enough information to affect the protocol to affect operations." "If they can dial into the system, guess what, so can I." Lab officials emphasize that such hacking occurs within INEEL's own facilities rather than at real-life entities outside. The Swiss engineering group ABB recently signed an agreement to become INEEL's first cybersecurity customer to test their actual vulnerabilities. INEEL officials tell of a recent visit by an Idaho utility executive who declared his system had no problems. By the end of their demonstration, the shaken executive was asking for a comprehensive review of his firm. In another incident, INEEL's Larsen entered a U.S. agency in Washington D.C. and hacked into its computer system with a simple hand-held computing device, much to the surprise of officials there, a lab official said. Larsen declined to discuss the episode. When it comes to Larsen's background, there is a fair amount that he and his superiors prefer not to discuss. To gain the skills he has, one must have experience in the nebulous world of hacking. "This is one of the few places where it is legal to give people those kind of challenges," said Robert Hoffman, head of INEEL cyber security who hired Larsen. He said he was impressed that Larsen had written his first computer code at age 13. "I learned my hacking back when it was a cool thing," said Larsen as he spoke of computing in the pre-Internet days. He wore a black T shirt with the inscription "Stop laughing, computers are cool now." INEEL officials say the lab would not hire anyone who had committed criminal acts and added they must obtain security clearances. "How do you know that your wife is not going to clean our your bank account?" Schaeffer said. "You just trust people and you do background checks." The Idaho cyber security effort is part of the Department of Homeland Security's efforts to boost defenses against possible attacks of all kinds. INEEL seeks a delicate balance between encouraging key parts of the U.S. economy to boost their cyber security without inspiring any nefarious acts. "What you don't want to do is increase the threat by advertising what you can do. I think dirty bombs is one example," INEEL's national security head Dodd said. Mozilla Hot on Explorer's Tail It has been a long time since any software challenged Microsoft's Internet Explorer in the Web-browser realm. That was the whole point asserted by the Department of Justice about Microsoft's strategy of including the browser with its ubiquitous Windows operating system, right? But a challenge is exactly what seems to be happening now, a decade after the first viable browsers aimed at consumers were introduced. Downloads of open-source competitor applications developed by the Mozilla Foundation are up, and reports say that use of Explorer is down. According to Web-metrics company WebSideStory, the users of top-ranked e-commerce sites are using Explorer less and Mozilla more. In June, 95.6 percent of users used Explorer. This month, 93.7 percent do. By contrast, the percentage of visitors using Mozilla grew from 3.5 percent to 5.2 percent in the same period. Of course, such statistics do not measure very precisely who is using what browser to perform what tasks, but they certainly do point in an interesting direction. And yesterday's release of a preview version of the Mozilla Foundation's new browser, Firefox, was accompanied by much grass-roots hype. Firefox has its own site dedicated to a consumer-based marketing effort aimed at achieving 1 million downloads over the next 10 days, according to the Mozilla Foundation. In addition, the foundation has announced the first awards in its Security Bug Bounty Program, which pays US500 to developers and security experts who identify critical flaws in the Mozilla source code that could expose users to security breaches. McAfee Adds Managed E-Mail Protection McAfee says that a new managed e-mail service will help small businesses handle the deluge of spam and viruses pounding their networks. The Santa Clara, California, company plans to launch McAfee Managed Mail Protection, an integrated antispam, antivirus, and content filtering service for inbound and outbound e-mail, McAfee says in a statement. The new service is targeted at companies with between one and 1000 employees that lack the internal expertise or resources to manage antivirus and antispam products, says Lillian Wai, product marketing manager for McAfee Managed Services. The new service will be akin to other managed e-mail services offered by companies such as Postini and MessageLabs. Customers who sign on to McAfee Managed Mail Protection will be asked to modify their mail exchange record, redirecting incoming and outgoing mail to servers hosted at McAfee's network operations center in California, where the content scanning and filtering is performed. The redirection adds a delay of less than two seconds to deliver an e-mail, but the service is only available to customers in the U.S. and only works with e-mail content written in English, Wai says. McAfee is looking into the possibility of partnering with Internet service providers in the European Union, Asia, and Latin America to open other mail-processing centers in those areas, she says. Unlike other managed e-mail services that license antivirus and antispam technology from third-party companies, McAfee Managed Mail Protection uses only McAfee technology for virus and spam detection, and is designed to build upon McAfee's established name in the antivirus and network security arenas, she says. Administrators can log on to a Web-based interface and view reports on mail, virus, and spam traffic, or review messages left in a quarantine queue. Administrators can also create their own content filters for inbound mail, though they cannot filter the contents of outbound messages, Wai says. The new service will replace an existing McAfee service called VirusScreen ASAP, which screened e-mail for viruses only. In re-branding that service, McAfee has also added antispam and content to the virus screening service, she says. The new antispam features came just in time for Steve Horne, manager of information systems at Perfect Equipment, a small manufacturing company in Lavergne, Tennessee. Perfect Equipment's e-mail server was being overrun by a recent surge in spam e-mail, which quickly changed from affecting a few mail accounts to many of the company's employees, Horne says. The company already used the VirusScreen ASAP service and the SpamKiller desktop software, which kept in-boxes clean, but didn't alleviate the strain on the company's mail server, he says. After signing on to the Managed Mail Protection service as a beta customer, Perfect Equipment no longer has much spam hitting its e-mail server and has seen a vast improvement in the performance of that server, he says. Horne says Perfect is using some of the standard content filters that come with the service and some custom white- and blacklists for specific e-mail addresses. However, he hasn't used the product's reporting features and couldn't comment on those. McAfee Managed Mail Protection is available now through McAfee and its partner companies, McAfee says. AOL Won't Use Microsoft Anti-Spam Standard America Online Inc. on Thursday shunned a Microsoft Corp. proposal to help weed out unwanted "spam" e-mail because Internet engineers are reluctant to adopt technology owned by the dominant software company. AOL, a division of Time Warner Inc., said it would not adopt Microsoft's SenderID protocol because it has failed to win over experts leery of Microsoft's business practices. "AOL will now not be moving forward with full deployment of the SenderID protocol," AOL spokesman Nicholas Graham said in a statement. The decision is the latest fallout from a dispute between Microsoft and advocates of free, "open source" software commonly used across the Internet. Rather than agreeing on one common standard to weed out fake e-mail addresses used by spammers, e-mail providers will be forced to use two slightly differing standards that until recently had been combined as one. A Microsoft spokesman said the two standards will be identical in nine out of 10 cases. "It's still going to be one standard, there's just going to be two flavors," Microsoft spokesman Sean Sundwall said. Spammers often appropriate the e-mail addresses of others in order to slip through content filters, a tactic known as "spoofing." Several proposals by Microsoft and others would allow Internet providers to check that a message from joe@example.com actually comes from example.com's server computers. Messages that do not match up could be safely rejected as spam. The technology would be invisible to everyday users. Microsoft Chairman Bill Gates in January said the technique could help eliminate spam by 2006. Spam currently accounts for up to 83 percent of all e-mail traffic. Microsoft in May combined its proposal with another developed by entrepreneur Meng Wong and submitted them to the standards-setting Internet Engineering Task Force for approval. But several key players have said they won't use the standard because Microsoft holds patents on the underlying technology, even though Microsoft has said it won't charge royalties for SenderID. The Apache Software Foundation, which develops open source software, told the IETF on Sept. 2 that it could not use SenderID under Microsoft's terms. "We believe the current license is ... contrary to the practice of open Internet standards," the group said in an open letter. AOL said it will continue to use Wong's Sender Policy Framework proposal to check incoming e-mail, and will test other methods as well, such as one proposed by Yahoo Inc. that would use encrypted digital signatures to authenticate e-mail. AOL will use both standards to send outgoing mail, Graham said. Microsoft will use SenderID on its Hotmail service starting Oct. 1, Sundwall said. Spam Stopper Detects Sender Patterns Enterprises using IBM's Lotus Notes and Domino for their corporate e-mail systems will be able to take advantage of Commtouch Software Ltd.'s sending pattern technologies for stopping spam. Version 4.0 of the Commtouch Enterprise Gateway anti-spam software, due next week, adds support for Lotus Notes and will be able to work with virtually any SMTP-based e-mail system. The product previously supported only Microsoft Corp. Exchange environments. Commtouch Enterprise Gateway is a server that sits at a network gateway and detects spam using a patent-pending technology called Recurrent Pattern Detection. This technology identifies spam based on e-mail server sending patterns rather than content filtering. Version 4.0, which officials at the Netanya, Israel, company said makes the software more suitable for larger enterprises, supports quarantining of suspect messages away from the e-mail server and gives users more control over quarantined messages. IT departments get better management capabilities as well in Commtouch Enterprise Gateway 4.0, which separates administrative functions from configuration functions. The upgrade gives administrators enhanced management of e-mail accounts by user and user groups and improved rules configuration and multilevel access management. Cohesive Teamware Inc. is using Commtouch Enterprise Gateway in combination with the Exchange e-mail service the company provides to customers. Cohesive Teamware CEO Bill Griep said Version 4.0 is particularly useful to the company's business model as it allows different clients to be assigned to specific LDAP groups from the same Exchange server. Griep also said the upgrade allows him to roll out Commtouch Enterprise Gateway's anti-spam capabilities to end users on Macintosh desktops. "With the new HTML Web interface, they've opened it up to more than just Outlook clients," said Griep, in Apex, N.C. Net Virus Turf War Resumes After Rival's Arrest A new virus outbreak emerged on Thursday that packs a baffling message: a photograph of accused German virus author Sven Jaschan that security officials believe to be a geeky taunt from a rival gang of computer programmers. Last week, German authorities charged 18-year-old Jaschan with sabotage for allegedly creating the destructive Sasser computer worm and Netsky computer viruses, some of the most potent digital outbreaks to ever hit the Internet. Following his arrest in May, the teenage computer wizard admitted to police he wrote the code for Sasser and more than two dozen Netsky viruses that wreaked havoc across the Internet during the first few months of 2004. Now, it appears, rival programmers are exulting in his downfall and using their favorite calling card - a tenacious computer virus dubbed MyDoom - to mock their vanquished foe. "I think the MyDoom group wants to rub it in that they won, Jaschan lost," said Mikko Hypponen, manager of anti-virus research at Finnish security firm F-Secure. In the past week, a volley of new MyDoom viruses have hit the Internet, including the most recent MyDoom.Y, which carries a file attachment with a mugshot of Jaschan. The viruses are relatively benign and have done little more than communicate to the world that their authors are still free to program new outbreaks. "The really bad guys are still out there," Hypponen said. The rivalry between Jaschan and the MyDoom gang became clear to anti-virus experts earlier in the year when Jaschan's Netsky virus was unleashed on the Net designed to hunt out and destroy MyDoom and another pesky virus, Bagel. Bagel and MyDoom contagions had been programmed to take control of vulnerable PCs and turn them into spam machines that spit out streams of junk e-mail. Netsky, at least in its earliest forms, was designed to defuse them. The real damage to computer users began when a programming war of sorts erupted with both sides devising new strains to eliminate the others' handiwork. Such rivalries between programming groups is nothing new. Security officials point to disputes between Indian and Pakistani hacking groups in 2002 and 2003. At one stage, a group calling themselves Indian Snakes unleashed a worm called Yaha that sought to knock out a series of Pakistani government Web sites. Oddly, the tussle between Jaschan and the MyDoom group may have its roots in a noble cause: the eradication of outbreaks capable of turning PCs into spam engines. "Jaschan probably thought of himself as a modern-day Robin Hood," Hypponen said. Other anti-virus experts are less sympathetic, pointing to Jaschan's final creation - the Sasser worm - that is blamed for knocking out an estimated 1 million computer systems of home users and companies around the world. Sasser victims range from the British Coastguard to the European Commission, Goldman Sachs and Australia's Westpac Bank. Some security firms called it the most destructive worm ever. "Writing a virus to disable another virus is like fighting a war to win the peace. There's always going to be casualties," said Paul Wood, information security analyst with Britain's MessageLabs. Inventor Develops Nose-Steered Web Surfing System Has the era of hands-free Web surfing arrived? Dmitry Gorodnichy, an inventor from the Institute of Information Technology in Ottawa, has developed a computer navigation system that relies on the movements of a user's nose to direct a cursor, New Scientist reported on Wednesday. For good measure, a simple blink of the right or left eye corresponds to the right or left click of a mouse button, the magazine said. The inventor expects the nose-steered mouse, or "nouse," will make using a computer easier for people with disabilities or for video game enthusiasts who would like to slay bad guys with the bob of the head and blink of an eye. The magazine said the technology works in conjunction with a single Webcam plugged into a computer's USB port. From the onset of a session, the nouse's Webcam takes a snapshot of the user's face, focusing in on the tip of the nose as the guide point. Gorodnichy chose the nose because it is easier to track than other facial features, the magazine said. The technology matches the cursor's movements to the path of the nose as the head moves side to side. Motion detection software, meanwhile, is used to pinpoint the blink of a user's eye. A double blink switches the nouse on. Industry observers are mixed on the practical implications of the invention. While some see it as a feature to be used in conjunction with a keyboard and mouse, others are not so sure. "I cannot ignore the high silliness factor of nouse," said Joe Laszlo, a technology analyst at Jupiter Research in New York. "People balk at doing things that require them to look silly and there is ample room for looking silly here." Britons the Worst at Lying About E-Mail? Europeans repeatedly offend people with their poor e-mail etiquette and many endanger their businesses but when it comes to openly lying about having received e-mails, the British are the worst. A survey for phone developers palmOne found Britons were twice as likely as other surveyed European countries to deny receiving e-mails. Of the 750 office workers surveyed across Britain, France, Germany, Spain and Italy, 11 percent of Britons said they often denied receiving e-mails, compared to just four percent of Spaniards. Of the other e-mail sins, sloppy grammar, tactless comments and waffling all caused annoyance and humor was often misconstrued. Blitzing, the practice of sending the same e-mail to lots of people, was compared to being "spammed by your colleagues." Dr Peter Collett, formerly of the department of experimental psychology at Oxford University, said people were obsessed with e-mail. Of those surveyed, 62 percent felt the need to see the e-mail as soon as it arrived but many did not realize that their response could affect business performance. =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.