The Cheapskate's Guide to IT Tools
source: Network Computing Mobile
You don't always need the most expensive software to find happiness. There are dozens of cheap or free utilities and programs that our tech editors and readers can't live without. Here are our picks.

Regular Network Computing readers know that some of the software we test requires purchase orders in excess of the GNP of a small country. But you don't always need the most expensive software to find happiness: There are dozens of cheap or free utilities and programs that our tech editors and readers couldn't live without. We use these offerings every day in the course of our testing, but never give them the coverage they so richly deserve. So in the spirit of the holidays, we decided to give props to our favorite free, open-source, shareware and sub-$1,000 tools, aka cheapware.

We've listed our picks in seven categories: Remote Access & Emulation, Utilities, Ad Blockers, Network Management, Bits & Bytes and Web Developers.

Remote Access & Emulation
Virtual Network Computing (VNC)

Developed at AT&T, VNC is a remote-control tool, like Symantec's pcAnywhere and Microsoft Terminal Services. The big differences: VNC is free and, though primarily used for Linux and Unix systems, is platform-independent, with versions available for Windows and Macintosh. With VNC, the remote computer is called the "server," and you control it from a system loaded with a VNC "viewer." The viewer is a very small program that can fit on a low-density floppy disk. The VNC server also contains a small Web server. If you connect to this Web server from a Java-enabled browser, you'll download the Java applet VNC viewer. VNC sessions are stateless on the client end. This means that if your VNC viewer crashes or you switch to a different computer, you can resume the VNC session right where you left off. Security is a bit lacking in the default install, however. You can require a password for a viewer to connect to the server, but though this password is encrypted, the rest of the session, including the graphical data and VNC protocol, is not. It is possible to tunnel VNC through SSH (Secure Shell), which would result in an encrypted session (see www.uk.research.att.com/archive/vnc/sshvnc.html). Windows users should note that it's a violation of Microsoft's EULA to use VNC on Windows servers. Sorry. Suggested by Lori MacVittie, Steven J. Schuchart. Platform: Windows, Linux, Mac OS X, others. Price: Freeware, open source (GPL). www.realvnc.org

SolarWinds.net TFTP Server

TFTP (Trivial FTP) is a simple, small, unsecure file-transfer protocol. It is mostly used for transferring configs or firmware to and from routers, switches and other pieces of infrastructure. We like how SolarWinds' server can handle simultaneous transfers, set access control by IP address and work in receive-only mode. Suggested by Ron Anderson. Platform: Windows. Price: Freeware. www.solarwinds.net/Tools/Free_tools/TFTP_Server/

Cerulean Studios Trillian

Trillian is a mega-instant-messaging product. It supports AIM, ICQ, MSN, Yahoo, Jabber and IRC. So, instead of loading six different IM clients, you can use a single Trillian client. It supports encrypted communications, Yahoo Webcams, customized skins and global away messages that set your status on all connected networks. It also allows for meta contacts, which group multiple network IDs to a single visible contact. Suggested by Steven J. Schuchart. Platform: Windows. Price: Freeware (basic), $25 (pro). www.ceruleanstudios.com/products

VMWare Workstation 4

Running both Linux and Windows on the same computer used to mean having to dual boot: You'd run Windows, then reboot into Linux and reboot back into Windows. VMWare eliminates this by slicing up your computer into multiple virtual machines. Each VM has its own environment, containing its own virtual processor, memory, network access and disk space. This way you can run Windows and simultaneously boot a Red Hat machine, another Windows machine and a SuSE box. Such a setup is handy for system testing, developer work and doing demos that need multiple computers. And, unlike dual booting, you don't need to repartition your disks or muck with the boot loader. Each VM is separate, so there is no chance of one VM deleting or damaging another. VMWare 4 can take snapshots or a point-in-time copy of a running VM and revert back to it later. That gives you the freedom to experiment and break a system, then go back to a pre-existing state. Suggested by Bruce Boardman, Mike Fratto. Platform: Intel. Price: $299 (electronic distribution), $329 (packaged). www.vmware.com.

Putty

Anyone who has used the built-in Windows 98/NT telnet client can tell you how bad it is. Windows 2000 brought some improvements, but it doesn't have a built-in SSH client. Putty is a free telnet, SSH and Secure FTP client for Windows. It supports colored text, session logging and X-11 forwarding, and is Socks-proxy compatible. Some people, including Mike Fratto, prefer TeraTerm Pro, though it hasn't been updated since 1999. We've also heard people describe SimpTerm as the least-bad Windows terminal emulator, but it doesn't support SSH. Suggested by Lori MacVittie. Platform: Windows. Price: Freeware, open source (MIT license). www.chiark.greenend.org.uk/~sgtatham/putty/

UTILITIES

OpenOffice.org

Microsoft Office is the 800-pound gorilla of office suites, but it has two major problems: It doesn't run on Linux or Solaris, and it's expensive. OpenOffice.org (OOo) is a multiplatform, free and open-source alternative. The suite includes a word processor, spreadsheet, presentation software, drawing program, math-formula editor and HTML Editor (in the Windows version). The interface looks similar to Microsoft Office, and OOo can open, save or translate Office documents, though there are some limitations to this capability. For example, you can't use Office macros or open password-protected files. Despite its smaller feature set, OOo does a pretty good job. Some of our tech editors use it exclusively, not touching Office for months at a time and yet avoiding the wrath of their Office-using editors. And remember that OOo, though often associated with Linux, does work well on Windows. Suggested by Greg Nicolas, Network Computing reader. Platform: Windows, Linux, Mac OS X, others. Price: Freeware, open source (LGPL). www.openoffice.org

Cygnus Productions Password Corral

How many passwords do you have? Given that different systems and Web sites have varying rules--some require special characters or accept only alphanumerics, others won't let you use a previous password--some people, even those who should know better, have taken to writing down their passwords in a plain-text file just to keep track of them. Password Corral lets you do the same, but a bit more securely. You enter your passwords, and all the information is encrypted against a single password of your choice. You can even use the product to store voicemail or PDA passwords. Suggested by Steven J. Schuchart. Platform: Windows. Price: Freeware. www.cygnusproductions.com/freeware/pc.asp

AD BLOCKERS

Lavasoft Ad-aware

Ad-aware is the leading tool for removing spyware (applications that report usage habits without the user's knowledge) and adware (which randomly displays advertisements on your computer). These programs are often installed via system vulnerabilities or bundled by unethical shareware vendors. Many times, users have no knowledge of the spyware on their systems. Ad-aware detects and removes these undesirables. Suggested by Ron Anderson; Steven J. Schuchart; Brent Nichols, Network Computing reader. Platform:

Windows. Price: Freeware, $26.95 (plus), $39.95, (professional). www.lavasoftusa.com/software/adaware/

High-Density Software PopNot

You know those pop-up and pop-under ads, first made famous by X10 Corp. and then later by illicit sites (use your imagination). Annoying, aren't they? Granted, many valuable sites make their money from advertising. But the pop-unders have gone too far: We hate closing a Web page to find three or four ads behind it, not knowing where they came from. And if you've ever mistyped a domain, you may have entered the hellish world of the never-ending pop-under ad, where trying to close one opens two more. Although the Mozilla, Opera and Safari users among us can block these infuriating ads automatically, Internet Explorer users cannot. Fortunately, the cheap utility PopNot will let IE 5.01 or later block all unsolicited pop-ups. It does allow solicited pop-ups, such as those requested by clicking on a link or pressing a button. Or you can customize it to permit pop-ups on a site-by-site basis. Suggested by Ron Anderson. Platform: Windows Internet Explorer. Price: $19.95. www.hdsoft.com/?0.1sa

NETWORK MANAGEMENT

Ipswitch WhatsUp Gold

We gave WhatsUp Gold a Best Value award earlier this year. It's a budget-priced network-management suite, but that doesn't mean it has a budget-size feature set. WUG performs device discovery, produces network maps, monitors select services (such as HTTP), sends alerts and generates reports for network infrastructure and servers. The program also includes a Web server and Web interface for basic network management. This makes it easy for an administrator to use the software remotely or from a user's PC--many other suites require a Win32 console agent installed. WUG can monitor and access IP, IPX, NetBIOS or SNMP devices. Bruce Boardman has been known to show WUG to his college students as an introduction to network-management tools. Suggested by Bruce Boardman. Platform: Windows. Price: $795, service agreement and training extra. www.ipswitch.com/Products/WhatsUp/index.html

NTop

NTop is a monitoring tool that tracks the type, timing and quantity of network traffic. You can use a built-in network sniffer for capturing data or turn to a flow protocol, such NetFlow or sFlow. Traffic is analyzed and displayed graphically via HTML. This software can help you determine what protocols are going over the network or expensive WAN links. For instance, you may find that unnecessary traffic, such as Kazaa, is chewing up a large amount of bandwidth, thus slowing down mission-critical protocols. Tracking can be done by UDP or TCP ports, ICMP, VLANs, IP addresses, top users and over time. Suggested by Jonathan Feldman. Platform: Windows, Linux, others. Price: Freeware, open source (GPL). www.ntop.org

MG-Soft Corp. MIB Browser

MIB Browser is a graphical SNMP browser for Windows and Linux that lets you monitor and manage any SNMP-compatible device. The pro version supports SNMPv1 and 2, while more advanced versions support SNMPv3 and DOCSIS agents. MIB explorer can monitor several devices simultaneously, log query results, present graphical performance charts and display both raw hex and human-readable SNMP messages. The SNMPv3 version also supports encrypted messages. Suggested by Bruce Boardman. Platform: Windows, Linux. Price: $219 (pro), $425 (SNMPv3 edition). www.mg-soft.si/mgMibBrowserPE.html

BITS & BYTES

Nmap

Nmap is the king of port scanners. Billed as a network-exploration and security-auditing tool, it scans entire networks or a single host. Nmap reveals what hosts are available on the network and what services (via open ports) are being offered, detects operating systems and attempts to detect firewalls. The software is very flexible, allowing for all sorts of scan combinations. For example, you could do full TCP connect scans, half connect (TCP SYN only), ACK-only scans and UDP scans. You can also scale back the scan speed from 0.3 seconds between probes to 5 minutes per probe. This lets you avoid overloading a machine, while also sneaking by some IDS systems. Nmap will help you detect unauthorized or unknown services (for example, if someone who shouldn't need to is running IIS) or discover what can get through your firewalls. Nmap got its 15 minutes of fame when it was featured in The Matrix: Reloaded. Suggested by Michael J. DeMaria, Mike Fratto. Platform: Windows, Linux, Mac OS X, others. Price: Freeware, open source (GPL). www.insecure.org/nmap/

Sam Spade

If you have an IP or DNS address and want to find out as much information as possible about it, SamSpade is the first place to go. Pop over to the Web site and see traceroutes, whois, IP whois (find out who owns an IP address), netblock owners and so forth. This is especially useful for tracking down obfuscated URLs, spammers, attackers and trolls. The site is very easy to use and works with almost any browser. Suggested by Ron Anderson, Michael J. DeMaria, Mike Fratto. Platform: Web site, Windows. Price: Freeware. samspade.org

Netcat

Netcat is a versatile utility that reads and writes data over network connections. It's very useful for debugging and incorporating into scripts. You make Netcat "talk" with network servers and clients simply by typing in the protocol commands or redirecting commands from another source. It works similar to telnet, but also can run in server mode, over UDP or TCP, and can transmit binary data. If you've ever encountered a network problem and wondered what was happening with the client or the server, this tool provides an easy way to see what they're saying. Suggested by Mike Lee. Platform: Linux. Price: Freeware, open source (GPL). netcat.sourceforge.net

WEB DEVELOPERS

UserLand Software RSS Validator, W3C HTML Validator, W3C CSS Validator

Web browsers are great at honoring violations of Web specifications. When a browser is given invalid or out-of-spec HTML, it will attempt to draw the page as best it can. But different browsers, and even different versions of a single browser, can render a malformed page with unpredictable results. In the worst case, the page doesn't even load or crashes the browser. These validators will help you write Web pages to spec. UserLand has created an RSS 2.0 validator; the W3C, which creates and publishes Web standards, offers multiple validators. These cover HTML, XHTML, CSS, P3P and a whole host of other standards you've never even heard of. Suggested by Brad Shimmin. Platform: Web site. Price: Freeware. www.aggregator.userland.com/validator;validator.w3.org; www.w3.org/QA/Tools/#validators

MKS Software MKS Toolkit for Developers Or Cygwin Tools (free)

Take a long-time Unix developer or sysadmin and put him or her on a Windows box. You won't have a happy camper, especially when typing ls yields nothing. MKS Toolkit and Cygwin Tools bridges Windows and Unix environments. The MKS suite has more than 400 Unix tools for Windows, from "at" to "yacc." You can also replace the Windows Command Shell with the Korn, SH, Bash or TCSH shells. These shells are fully scriptable, and several utilities, such as awk, sed and perl, also are included. The toolkit has two main uses--one for developers and one for system administrators. Developers can use their familiar Unix user interfaces and build scripts on Windows. MKS Toolkit for Enterprise Developers, an advanced version of the suite, adds 2,700 Unix APIs for running Unix apps natively on Windows.

If you're looking for an open-source implementation, look no further than Cygwin, which has features similar to MKS Toolkit. Cygwin includes tools for compiling Unix software on Windows, shells, common commands and scripting. Sysadmins can use the scripting capabilities to manage and automate Windows tasks, such as adding new users, changing file permissions and creating TAR (tape archive) files. Former Unix admins will like being able to use perl scripts on Windows. Suggested by Sean Doherty. Platform: Windows. Price: $479 or freeware, open source (various licenses). www.mkssoftware.com/products/tk/ds_tkdev.asp. cygwin.com

Infinite Support Finito
The End of Free Support

Dec. 19— Patches? We ain't got no patches. We don't need no patches! I don't have to give you any stinking patches!! — foreboding quote from the movie, The Treasure of the Sierra Madre, 1948.

Lurking deep in the back of the entire concept of licensing software is the issue of support. This was brought to the fore when Microsoft announced it would cease supporting Windows 98 and Office 2000. Even auto makers support their cars with supplies of parts that last minimally seven years. And they will always fix even older cars with third-party parts.

I've been thinking about this maneuver and why Microsoft made it. I'm certain it's about control and is part of a longer-term strategy.

Interesting Commentary By John C. Dvorak can be found at http://abcnews.go.com/sections/scitech/ZDM/microsoft_support_pcmag_031219.html

Fry's Ads for LA

Fry's Page 1
Fry's Page 2
Fry's Page 3

MasterCard checks out 'contactless' payments
Refuse this at all costs. This is a huge big brother issue.

From CNET news.com
MasterCard International is planning to introduce a new payment technology across the United States next year that could simplify debit and credit card transactions for consumers.

The company's PayPass system is designed to let holders of credit and debit cards tap or wave their cards before a PayPass reader to make a payment, rather than swipe the cards and sign their name.

The company hopes the speedier process, which MasterCard has been testing with a number of Orlando, Fla., retailers over the past year, will replace cash transactions at quick-service businesses such as movie theaters, gas stations and fast-food restaurants.

One analyst predicted that MasterCard's move to expand adoption of the technology, and similar efforts at American Express, will push so-called contactless payments--more common in Europe--into the American mainstream within the next year or two.

"2004 is going to be an inflection-point year in terms of consumer awareness and availability," said Ed Kountz, an analyst at the Tower Group. "MasterCard bolsters that."

The PayPass cards contain a special microchip that transmits account details wirelessly, using radio frequency identification (RFID), the same technology Wal-Mart Stores and the U.S. Department of Defense are exploring to keep better track of inventory and supplies.

American Express has developed a similar payment system, called ExpressPay, which uses a keychain fob instead of a card.

Executives at MasterCard are vague about the national launch of PayPass, and they refuse to discuss which retailers and card issuers will participate, in addition to which cities, beyond Orlando, the company will initially target. For the Orlando trial, the company teamed with Citibank, Chase Bank and MBNA to issue more than 16,000 PayPass credit cards.

Merchants in the trial include Chevron, Eckerd drug stores, McDonald's and Loews Universal Cineplex, each of which purchased special PayPass readers costing a few hundred dollars each.

The goal of the national launch is to build a critical mass of both PayPass cardholders and retailers, said MasterCard Vice President Murdo Munro.

But if the Orlando trial is any indication, MasterCard faces a classic chicken-and-egg dilemma: Consumers are unlikely to take an interest in PayPass unless enough retailers support the system, and retailers are reluctant to invest in PayPass equipment until enough customers use the cards.

Several McDonald's and Eckerd store managers that participated in the Orlando trial expressed disappointment in the technology because so few customers had used it.

Chung Tran, a manager of one Orlando-area McDonald's, said he'd seen PayPass used only about three times over the past year. "People are always asking what the heck it is," Tran said of the PayPass reader.

But Munro insists that the trial was a success, showing that PayPass cardholders used their cards more often and spent more than they had with their ordinary MasterCard credit cards, Munro said. Merchants also reported that PayPass saved time at the checkout stand, he said "In general, people really liked using the cards," he said.

A meesage from Bob Todd at ARC.com
Sara 5.0

We have not posted any of our updates on SARA for over two years (except a rebuttal today) so I would like to share what we have done with SARA.

1. We are the only current open source implementation of SATAN

2. Yes, current with updates monthly.

3. We run on most Unix and MAC OS/x installations

4. We scan Unix and Windows targets with current probes

5. We are not looking for $'s or support or donations (impartial)

6. We are providing www.cisecurity.org with their free SANS Top 20 scanner

If interested in SARA, pls go to http://www-arc.com/sara for details.

Bob Todd
Advanced Research Corporation
http://www-arc.com
http://www.jule-iii.com

Microsoft releases XP Service Pack 2 for testing
Changes make computers running XP less susceptible to viruses and worms.

If you believe that this is the end of your Bad Windows OS, you are probably wrong.

InfoWorld: Microsoft releases XP Service Pack 2 for testing: December 18, 2003

Microsoft targets Sarbanes-Oxley
Microsoft announced further details Wednesday regarding an add-on for its Office software aimed at helping companies comply with new Sarbanes-Oxley accounting rules. The Office Solution Accelerator for Sarbanes-Oxley, set for release in March, is part of a family of specialty software and services packages Microsoft plans to introduce based on its new Office 2003 productivity software.

The Sarbanes-Oxley package works with Microsoft's SharePoint Services collaboration software and InfoPath electronic forms product to govern retention and dissemination of corporate financial data. Microsoft said it is working with several major accounting firms to tailor the package to suit business needs.

Oh sure, just as I got rid of my Microsoft software just to become Sarbanes-Oxley compliant.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Not sure about that URL?
Every knows of the URL spoffing thing that went on last week. Well here is one way of seeing what domain is giving you the results. Try entering at the address bar:

javascript:alert("Actual URL: " + location.protocol + "//" + location.hostname + "/")

That will pop up a dialog box showing you the domain.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Bush signs anti spam law
Thank you for screwing up state law jerk
WASHINGTON (Reuters) - President Bush signed the first national anti-spam bill into law on Tuesday, outlawing some of the most annoying forms of junk e-mail and setting jail time and multimillion dollar fines for violators.

The law also lays the groundwork for a "Do Not Spam" registry similar to the "Do Not Call" anti-telemarketing list that went into effect earlier this year.

Bush's signing marks the final legislative step in a six-year struggle to curb the unsolicited commercial offers that threaten to overwhelm the e-mail system.

But the law is unlikely to provide much of a Christmas present, at least this year.

Experts say it will not immediately stop the torrent of unwelcome e-mails touting unbelievably low mortgage rates, get-rich-quick-schemes and sexual enhancement offers that now account for more than half of all e-mail traffic.

Skeptics say it will only encourage businesses to send out more unwanted e-mail, as the new law allows marketers to send messages to anyone with an e-mail address as long as they identify themselves clearly and honor consumer requests to leave them alone.

Supporters say the bill sets a helpful framework for acceptable e-mail practices, but acknowledge it will need to be enforced aggressively to have any impact.

"This will help address the problems associated with the rapid growth and abuse of spam by establishing a framework of technological, administrative, civil and criminal tools and by providing consumers with the options to reduce unwanted e-mail," said White House spokesman Scott McClellan.

The new law requires pornographic e-mail to be clearly labeled, and commercial "text messages" to cell phones will be prohibited unless users expressly permitted them.

It will override some tougher state laws, such as one in California that would prevent all unsolicited commercial e-mail, and will prohibit consumer lawsuits, as some states currently allow.

Found on BugTraq: Changes to Functionality in Microsoft Windows XP Service Pack 2

http://www.microsoft.com/downloads/details.aspx?familyid=7bd948d7-b791-40b6-
8364-685b84158c78&displaylang=en
(http://tinyurl.com/z0rv)

In Microsoft Windows XP Service Pack 2, Microsoft is introducing a set of
security technologies that will help to improve the ability of Windows
XP-based computers to withstand malicious attacks from viruses and worms.
The technologies include network protection, memory protection, safer e-mail
handling, more secure browsing, and improved computer maintenance.

Together, these security technologies will help to make it more difficult to
attack Windows XP, even if the latest updates are not applied. These
security technologies together are particularly useful in mitigation against
worms and viruses.

This document specifically focuses on the changes between earlier versions
of Windows XP and Windows XP Service Pack 2 and reflects Microsoft's early
thinking about Service Pack 2 and its implications for developers. Examples
and details are provided for several of the technologies that are
experiencing the biggest changes. Future versions of this document will
cover all new and changed technologies.

http://download.microsoft.com/download/8/7/9/879a7b46-5ddb-4a82-b64d-64e791b
3c9ae/WinXPSP2_Documentation.doc
(http://tinyurl.com/z2zv)

. Safer e-mail handling. Security technologies help to stop viruses
(such as SoBig.F) that spread through e-mail and instant messaging. These
technologies include default settings that are more secure, improved
attachment control for Outlook Express and Windows Messenger, and increased
Outlook Express security and reliability. As a result, potentially unsafe
attachments that are sent through e-mail and instant messages are isolated
so that they cannot affect other parts of the system.

. More secure browsing. Security technologies that are delivered in
Microsoft Internet Explorer provide improved protection against malicious
content on the Web. One enhancement includes locking down the Local Machine
zone to prevent against the running of malicious scripts and fortifying
against harmful Web downloads. Additionally, better user controls and user
interfaces are provided that help prevent malicious ActiveXR controls and
spyware from running on customers' systems without their knowledge and
consent.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Phone Service Over Internet Revives Talk of Regulation
source: NY Times
Politicians have worked hard to keep access to Internet connections and many forms of Internet communication free from regulation and taxation. But the debate over how government treats the Internet is likely to reach a new level of intensity now that Internet technology is colliding with one of the nation's most lucrative businesses, telephone service.

Last week AT&T and Time Warner Cable announced that they intended to make Internet-based phone service available to millions of consumers next year, allowing those consumers to bypass traditional phone companies. Those moves signaled the start of a technological shift that could change one of the biggest and most important industries in the American economy. Central to that shift is whether and how Internet phone service should be regulated, a question that the Federal Communications Commission started to explore in hearings two weeks ago.

In an interview on Thursday, Michael K. Powell, the chairman of the F.C.C., said he had not made up his mind on that question. But he was not at all shy about stating his preliminary view - that Internet-based calls are fundamentally different from traditional phone calls and ought to be regulated cautiously, if at all.

"There is no functional or technical difference between an Internet phone call and other data - be it bits, or e-mail or Web pages," Mr. Powell said, during a visit to San Francisco. Up to now, Internet traffic has been essentially unregulated and untaxed because many politicians and regulators have argued that the technology and online commerce would grow more quickly if the Internet were left alone.

Mr. Powell noted that while Internet-based calls might serve the same function as calls over conventional phone lines, the underlying technology was different enough that it would not make sense to subject them to "100 years of judgments" and regulations. "Let's get this thing right and define it as truer to its real nature," he said, referring to the new technology.

His views are far from universally supported, given the many complex political and financial interests at stake.

What is clear is that the existing telephone infrastructure is heavily regulated, on both the state and federal levels, with intricate rules intended to keep phone access universally accessible and affordable.

Gene Kimmelman, the senior director for public policy at Consumers Union, said those regulations existed to satisfy important public policy concerns. He contended that goals like universal access would be gravely threatened if the world went to Internet-based services that were unregulated.

Mr. Kimmelman said that Mr. Powell's views, which seem to argue for far less regulation, would undo "social policy that has made phone service affordable and accessible." He added that one possible result was that basic connections which, under the regulatory structure were essentially subsidized by consumers and the industry, could cost significantly more than they did now.

Besides, he argued, function, rather than technology, should guide the regulatory decision. "It looks, smells, feels like plain old telephone service," he said of Internet service, and therefore it should be treated similarly.

This debate - the latest front in a 20-year-old regulatory battle that started with the breakup of the Bell system - will define the grounds on which various players in telecommunications compete. The question of how to regulate Internet-based calling will be "the communications regulatory issue over the next few years," said Eric Rabe, a spokesman for Verizon, with audible emphasis on the word "the."

For starters, regulators will have to address some central technical questions. Telephone calls are traditionally carried to and from homes on copper lines, with routing of the traffic using circuit switch technology. Internet phone service digitizes voice signals and sends them as Internet data.

Mr. Kimmelman argues that even with Internet-based service, the voice signals are still sent over existing communications networks, whether copper wires, coaxial cable or fiber optic lines. And he maintains that there is nothing sacrosanct about the mere fact that the signals are sent as Internet traffic.

"It's just a different way of assembling ones and zeroes so they can be more efficiently transmitted," Mr. Kimmelman said, noting that Internet calls would still have to travel through traditional phone wires through part of their journey.

Mr. Powell, however, maintains that what is important is not the wires but the technology involved. And, he pointed out, consumers who want to use Internet phones would still have to pay phone and cable companies to get Internet access through those networks, and in doing so, would still be supporting the basic telecommunications infrastructure.

"You pay Verizon $39.95" for high-speed access to the Internet, Mr. Powell said. He argued that once consumers have paid for that access, the providers should not necessarily be paid more for the use of that access to send particular communications, whether in the form of e-mail messages or phone calls.

Telephone and cable companies are staking out different positions, and other members of the F.C.C. may not share Mr. Powell's views.

The phone companies naturally are not eager to compete against Internet-based competitors who can avoid the huge costs of regulation. But some, like Verizon, also say that the solution is not to regulate Internet calling, but to deregulate the phone industry.

SBC, another major telephone provider, said it thinks it could compete against unregulated Internet-based services. The reason, said Dorothy Attwood, senior vice president for federal regulatory strategy at SBC, is that phone companies have a head start on features important to consumers like 911 service and the ability to make calls even when the power fails.

The cable companies have their own perspective on regulation. Atlanta-based Cox Communications, for instance, contends that regulation should be based, not on the technology used, but on the market share of a company, with larger companies subject to more regulations.

Cox, which already offers phone service based on circuit switch technology to nearly one million customers, will start Internet-based phone service in Roanoke, Va., today. But it does not expect the regulatory questions to be answered soon.

"It will be four to five years,'' said Carrington Phillip, vice president for regulatory affairs at Cox Communications, "before we have a good sense of how regulation is going to evolve."
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cox Communications dives into VoIP
Right on. First Time Warner, then ATT, now Cox. Way to get the FCC to regulate the services jerks. Another big business fucking up the fun.

The cable provider launches its first Net-based phone service, part of a focus on smaller markets, where it wouldn't be cost effective for Cox to offer its more traditional phone setup.

Cable provider Cox Communications launched on Monday its first VoIP-based telephone service, part of an effort focused on smaller markets, where it wouldn't be cost effective for the company to offer its more traditional phone service.
source: Cnet News.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Iraqi Official Says Saddam Hussein May Face Death Penalty
Former Iraqi dictator Saddam Hussein, captured near his hometown of Tikrit over the weekend more than eight months after he was forced from power, may be put on trial in Iraq in the next few weeks, and could face the death penalty, according to a member of the Iraqi Governing Council.

oh sure, and you don't think that this a total setup? I have seen 24 on Fox.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cisco Security Advisory: Cisco PIX Vulnerabilities

Revision 1.0

For Public Release 2003 December 15 at 1600 UTC (GMT)

----------------------------------------------------------------------

Contents

Summary
Affected Products
Details
Impact
Software Versions and Fixes
Obtaining Fixed Software
Workarounds
Exploitation and Public Announcements
Status of This Notice: Final
Distribution
Revision History
Cisco Security Procedures
----------------------------------------------------------------------
Summary

This advisory documents two vulnerabilities for the Cisco PIX firewall.
These vulnerabilities are documented as CSCeb20276 (SNMPv3) and
CSCec20244/CSCea28896 (VPNC)

There are workarounds available to mitigate the effects of CSCeb20276
(SNMPv3). No workaround is available for CSCec20244/CSCea28896 (VPNC).

This advisory will be posted at
http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml.

Affected Products

All Cisco PIX firewall devices running the affected Cisco PIX firewall
software, as documented below, are affected by these vulnerabilities.

* CSCeb20276 (SNMPv3)

6.3.1, 6.2.2 and earlier, 6.1.4 and earlier. 5.x.x and earlier.

* CSCec20244/CSCea28896 (VPNC)

6.2.3 and earlier.

6.1.x and 5.x.x are not affected; they do not implement the VPNC
feature.

The Firewall Service Module (FWSM) is also vulnerable to the SNMPv3 issue
and is documented as
http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml. No
other Cisco products are currently known to be affected by these
vulnerabilities.

To determine your software revision, type show version at the command line
prompt.

Details

* CSCeb20276 (SNMPv3)

The Cisco PIX firewall crashes and reloads while processing a received
SNMPv3 message when snmp-server host is configured on the
Cisco PIX firewall. This happens even though the Cisco PIX firewall
does not support SNMPv3.

* CSCec20244/CSCea28896 (VPNC)

Under certain conditions an established VPNC IPSec tunnel connection
is dropped if another IPSec client attempts to initiate an IKE Phase I
negotiation to the outside interface of the VPN Client configured
Cisco PIX firewall.

Only a Cisco PIX firewall configured as a VPN Client is vulnerable to
this vulnerability.

A VPNC, also referred to as Easy VPN or ezVPN, connection is created
when the Cisco PIX firewall is used as a VPN client to connect to a
VPN server. An IKE Phase I negotiation is a step in the establishment
of an IPSec session.

CSCea28896 resolved this issue for the 6.3.x software releases and
CSCec20244 resolved this issue for the 6.2(3.100) and later software
releases.

The Internetworking Terms and Cisco Systems Acronyms online guides can be
found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/.

These vulnerabilities are documented in the Cisco Bug Toolkit as Bug ID
CSCeb20276 (SNMPv3) and CSCec20244/CSCea28896 (VPNC). To access this tool,
you must be a registered user and you must be logged in.

Impact

* CSCeb20276 (SNMPv3)

This vulnerability can be exploited to initiate a Denial of Service
attack on the Cisco PIX firewall.

* CSCec20244/CSCea28896 (VPNC)

This vulnerability can be exploited to initiate a Denial of Service
attack on sessions established between a Cisco PIX configured as a VPN
Client and a VPN server.

Software Versions and Fixes

* CSCeb20276 (SNMPv3)

6.3.2 and later, 6.2.3 and later, 6.1.5 and later.

* CSCec20244/CSCea28896 (VPNC)

6.3.1 and later, 6.2(3.100) and later.

The procedure to upgrade to the fixed software version is detailed at
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/index.htm.

Obtaining Fixed Software

Cisco is offering free software upgrades to address these vulnerabilities
for all affected customers.

Customers may only install and expect support for the feature sets they
have purchased. By installing, downloading, accessing or otherwise using
such software upgrades, Customers agree to be bound by the terms of
Cisco's software license terms found at
http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set
forth at the Cisco Connection Online Software Center at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.

Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained through the Software Center on Cisco's worldwide
website at http://www.cisco.com/tacpage/sw-center/ciscosecure/pix.shtml.
To access the software download URL, you must be a registered user and you
must be logged in.

Customers whose Cisco products are provided or maintained through prior or
existing agreement with third-party support organizations such as Cisco
Partners, authorized resellers, or service providers should contact that
support organization for assistance with obtaining the software
upgrade(s).

Customers who purchase direct from Cisco but who do not hold a Cisco
service contract and customers who purchase through third-party vendors
but are unsuccessful at obtaining fixed software through their point of
sale should get their upgrades by contacting the Cisco Technical
Assistance Center (TAC) using the contact information listed below. In
these cases, customers are entitled to obtain an upgrade to a later
version of the same release or as indicated by the applicable corrected
software version in the Software Versions and Fixes section (noted above).

Cisco TAC contacts are as follows.

* +1 800 553 2447 (toll free from within North America)

* +1 408 526 7209 (toll call from anywhere in the world)

* e-mail: tac@cisco.com

See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for
additional TAC contact information, including special localized telephone
numbers and instructions and e-mail addresses for use in various
languages.

Please have your product serial number available and give the URL of this
notice as evidence of your entitlement to a upgrade. Upgrades for
non-contract customers must be requested through the TAC.

Please do not contact either "psirt@cisco.com" or
"security-alert@cisco.com" for software upgrades.

Workarounds

* CSCeb20276 (SNMPv3)

There are two workarounds available.

* Restrict access to only allow trusted hosts on specific
interfaces to poll the SNMP server on the Cisco PIX firewall.

snmp-server host poll

* Disable the SNMP server on the Cisco PIX firewall as follows:

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

Note: The Cisco PIX firewall does not allow one to remove the
community string altogether. It will always be either public or a
user configured string. show snmp will still show snmp-server
community public, but this does not mean SNMP is enabled.

More details at
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/s.htm#1026423.

* CSCec20244/CSCea28896 (VPNC)

No workaround. Please upgrade.

The Cisco PSIRT recommends that affected users upgrade to a fixed software
version of code.

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any public announcements or malicious use
of the vulnerabilities described in this advisory.

CSCeb20276 (SNMPv3) was reported to the PSIRT by Rasto Rickardt.

Status of This Notice: Final

This is a final advisory. Although Cisco cannot guarantee the accuracy of
all statements in this advisory, all of the facts have been checked to the
best of our ability. Cisco does not anticipate issuing updated versions of
this advisory unless there is some material change in the facts. Should
there be a significant change in the facts, Cisco may update this
advisory.

A stand-alone copy or paraphrase of the text of this security advisory
that omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain factual
errors.

Distribution

This advisory will be posted on Cisco's worldwide website at
http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml.

In addition to worldwide web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207
0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590, and is posted to the following
e-mail and Usenet news recipients.

* cust-security-announce@cisco.com

* first-teams@first.org (includes CERT/CC)

* bugtraq@securityfocus.com

* vulnwatch@vulnwatch.org

* cisco@spot.colorado.edu

* cisco-nsp@puck.nether.net

* full-disclosure@lists.netsys.com

* comp.dcom.sys.cisco@newsgate.cisco.com

* Various internal Cisco mailing lists

Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged to
check the above URL for any updates.

Revision History

+------------------------------------------+
| | |Initial |
|Revision 1.0|2003-December-15|public |
| | |release. |
+------------------------------------------+

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and registering to
receive security information from Cisco, is available on Cisco's worldwide
website at
http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This
includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.

This advisory is copyright 2003 by Cisco Systems, Inc. This advisory may
be redistributed freely after the release date given at the top of the
text, provided that redistributed copies are complete and unmodified,
including all date and version information.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

posted by tommEE  # 12/15/2003 10:08:18 AM

What a cool company...
Google delivers parcel search

A new feature on the search site lets people type in their package tracking numbers to turn up shipping information directly from FedEx or UPS Web pages.

Source: Cnet News.com

Saddam Captured.
The soldiers found Saddam hiding in what they called a "spider hole," six-to-eight feet deep, equipped with a rudimentary ventilation system and covered with bricks and dirt. Spider hole is the U.S.. a military term for such a camouflaged tunnel or hole in which an enemy can hide.

...

U.S. forces found weapons and about $750,000 in U.S. $100 bills with the former dictator, Sanchez said, along with two AK-47s, a pistol and a white and orange taxi.

...

What? Saddam is a drug dealer, homeless, cab driver. This sounds like Comedy Central. I am wondering when Howie Mandel is going to make an appearence in a hole.
CNN.com - Baghdad celebrates Saddam's capture - Dec. 14, 2003