1st > February > 2002 Archive

MS fixes Win2K with 17MB security patch

Microsoft's new-found and recently publicized interest in security has yielded fruit in the form of a security rollup patch for Win2K which clears up a number of niggling hassles with the usual slew of unchecked buffers and some authentication issues and transfer protocols. The 17MB whopper is the first comprehensive offering since SP2 back in May, and addresses most of the bugs and glitches the company has been warned of since that time. We have to wonder if MS itself discovered any of the issues the mega-patch addresses. They rarely do, but this is one of the innovations Chairman Gates has implicitly called for. We've heard the rhetoric, so we know MS has just become a security-conscious software maker. It's just that they've never been quite that kind of security-conscious software maker, and it should be most interesting to watch that change, if it can. ®
Thomas C Greene, 01 Feb 2002

Accused Ebay hacker on electronic leash

Until he goes to trial in March, the only sophisticated electronics in accused eBay hacker Jerome Heckenkamp's life will be the monitoring bracelet bolted to his ankle, under a court order issued Tuesday clearing the way for his release. In a hearing in federal court in San Jose, Calif., U.S. magistrate Patricia Trumble reestablished bail for the imprisoned computer whiz at $50,000, but imposed a new set of restrictions on his release. Heckenkamp will remain prohibited from using cell phones and the Internet, and is now also banned from accessing or owning a computer, even without an Internet connection. Trumble carved out exceptions for ATMs, point of sale terminals, and some other computerized conveniences, while explicitly banning others, including video games and fax machines. In handing down the order, Trumble said Heckencamp's recent court appearances gave her pause. Heckencamp, 22, had been free on bail until January 18th, when he unexpectedly fired attorney Jennifer Granick, and in an impromptu hour-long hearing persuaded the reluctant Trumble to rescind his $50,000 bail, so that the money could be returned to the friend who posted it on his behalf. Heckenkamp was immediately taken into custody at his own request. He later rehired Granick. "I'm concerned about these events," said Trumble, at Tuesday's hearing. "I have no idea what's going on in this young man's head." In an interview at the Santa Clara County Jail last week, Heckenkamp told SecurityFocus that his actions were aimed at relieving his friend from the financial burden of the bond, and were also prompted by growing frustration over the slow pace of his criminal case, and the ongoing restrictions that conditioned his release. "As long as I was out on bond, I didn't feel free anyway," said Heckenkamp. "And I can't work on my case properly with the computer restrictions." Electronic Monitoring Last week, Heckenkamp's pre-trial supervisor claimed that an FBI search of Heckenkamp's computer hard drive following his detention turned up evidence of Internet use. Heckenkamp's father, Thomas Heckenkamp, flew in from Wisconsin to testify at Tuesday's hearing that it was him, and not his son, who went online, but the matter was dropped when prosecutor Ross Nadel told the court that he didn't oppose Heckencamp's re-release under the tighter restrictions. The senior Heckencamp said he would post the bail through a bail bondsman. If Heckencamp found his pre-trial restrictions onerous two weeks ago, they've only gotten worse. In addition to the new computer restrictions, Heckencamp will be permitted to leave his San Jose home only in accordance with a schedule established by his pre-trial release supervisor, with his comings and goings tracked by an electronic monitoring system. The monitoring system used by the federal judiciary works something like a cordless phone. It consists of a tamper-resistant radio transmitter that's clamped over the defendant's ankle, with a stationary receiver plugged into his home telephone line (which must not have call forwarding). The receiver keeps a log of every occasion the transmitter moves into or out of its 150 foot range. The log is polled automatically by a central monitoring company under contract with the U.S. courts, and the results made available to the defendant's pre-trial release supervisor. A former network engineer at Los Alamos National Labs in New Mexico, Heckenkamp lost his job in January, 2001, when prosecutors charged him with defacing eBay under the hacker handle MagicFX in 1999, while a graduate student at the University of Wisconsin. He's also charged with penetrating computers belonging to Lycos, Exodus Communications, Juniper Networks, E-Trade Group and Cygnus Support Solutions. Heckenkamp says he's innocent on all counts. His trial is set for 19 March. © 2001 SecurityFocus.com, all rights reserved. Related Stories Ebay hacking case gets weird Accused eBay hacker volunteered for jail Nuke plant worker faces hacking charges
Kevin Poulsen, 01 Feb 2002

MS' new security czar is old govt prosecutor

After finally unloading washed-out security czar Howard Schmidt on the US government, Microsoft has turned around and got itself a government re-tread to replace him. Former DoJ cybercrime prosecutor Scott Charney, a man who once said, inanely, of home computing that "we're giving weapons of war to five-year-olds," will replace him at the helm of the world's largest software maker. Charney's most recent posting has been to the risk management and forensics department of consulting behemoth PricewaterhouseCoopers, a company much distinguished by its behemoth name. Schmidt, meanwhile, will descend into the bowels of government intelligence to share his expertise with the White House on matters of network and infrastructure security, after having distinguished himself at Microsoft, which until recent months had its most popular e-mail client primed to launch executables automatically. It's an interesting dynamic. The government accepts failed re-treads from Microsoft who clearly havn't a clue about security; and MS turns around and willingly accepts candidates from an operation that's willing to take its rejects. You'd expect a company that's just made security its primary concern to reject candidates from an outfit where a Howard Schmidt can make the grade, but you'd be wrong. It would all be extremely funny, if only your online bank wasn't running IIS. ®
Thomas C Greene, 01 Feb 2002

Register.com to buy Virtual Internet for £12m

Register.com – the domain name registration and Internet services outfit – is set to buy the UK domain registrar, Virtual Internet plc, in a cash deal worth £12 million. The bid has the full backing of Virtual's board of directors but still needs shareholder approval. The offer of 46.8p a share represents a premium of around 36 per cent on Virtual's closing price yesterday. By mid morning shares in Virtual were up 10p (29 per cent) at 44.5p. If the deal goes ahead it would give Register.com a platform for growth in the UK and Europe, particularly in the corporate domain name services market, the company said. Separately, Virtual Internet also announced today its preliminary results for the year ended 31 October 2001. Turnover for the year topped £9.3 million – up from £6.3 million the year before. Pre-tax losses increased from £8 million in 2000 to £19.7 million last year. ®
Tim Richardson, 01 Feb 2002

Who needs Linux standards?

Standards have always been the Unix world's Achilles heel. Not that there has ever been a scarcity of them. Much like French smoking laws, the problem has been getting anyone to pay attention. They're even more of an anathema to the typical Linux hacker, who can his squirrel his executables away in /etc/spaz/yewl_never_find_me_here if he so wishes. And probably will. So it's a considerable achievement by the Free Standards Group not only to gather an impressive buy-in from all the commercial distros and the big iron vendors, but to provide standards that are both no-brainers to comply with and that have obvious interoperability benefits. The Group published 1.1 of LSB - the Linux Standards Base spec and the first version of the internationalization layer, Li18nux. Dell, HP, IBM Sun and Compaq were on hand to bless the new spec, and Linus Torvalds and Alan Cox gave it a virtual blessing. "By the end of the year, all distributions will be conformant or compliant," Scot McNeil, executive director of the Free Standards Group told us. LSB covers file system layout - what goes where - binary formats including executables and shared libraries, system commands, and scripts. A look at the libc interfaces refers you back to the ANSI C standard, the System V interface book and the POSIX definition, amongst others, but it usefully refers you to which glibc version is considered as current. There's quite a bit of collaboration between POSIX and LSB, with Andrew Josey chair of the Austin Group that decides extensions to POSIX also lending time and oversight to LSB. Documentation, test tools and conformance tests are all free. A 'compliance' kitemark, available later in the year, will cost money, but McNeill, told us that the Group was a non-profit Californian corporation, and he saw it as a "market opener not a revenue generator". Turbo will be the first distro to pass the Li18nux support we 're told, according to Unicode veteran Hideki Hiura. The internationalization effort should see Linux go some way to fixing its poor character support, compared to the commercial Unices. Even my phone's Unicode now, so there's no excuse. ® Related Link Free Standards Group home page
Andrew Orlowski, 01 Feb 2002

Will the MS judge OK the DoJ deal? Aha…

The judge in the Microsoft case might just be inclined to reject the settlement being proposed by Microsoft and the Department of Justice. Or not. The late Judge Thomas Penfield Jackson's opinions became abundantly clear as his tenure of the trial clanked along, but Judge 2.0, Colleen Kollar-Kotelly, is in the happy position of not having had to express an opinion of any sort so far. Trial watchers are therefore reduced to puzzling over the scant entrails of her comments. She has asked the parties for a status report late next week, but has also asked them to include a summation of the "tone" of public comment (the comment period ended on Monday), and if they are proposing to make changes in the settlement in light of the comment. A hint, or not? It's thin stuff, but until CK-K speaks it's about all we have to go on. Some years back, you may recall, there was a judge in a similar situation, presented with an MS-DoJ deal for signing. Judge Stanley Sporkin however went ballistic, declined to sign it off, but the deal was finally shoved through by the unholy alliance anyway. This time around the Microsoft camp has been busily whipping up support, while the other side has been equally busily denouncing the settlement. It is not yet clear how many, if any, normal members of the public commented off their own bat, without the aid of incentivisation, cajolling or form letters. Probably not very many. Meanwhile, the refusenik states who declined to join in the DoJ deal are scheduled for a remedies hearing before Judge CK-K on 11th March. There was some controversy earlier this week over whether or not the press would be allowed to attend the taking of the depositions, but the conclusion (sort of yes and no) doesn't actually change much in terms of what will and will not be made public during the trial. ®
John Lettice, 01 Feb 2002

Tiny HQ to shut in May

Tiny Computer's HQ in Surrey is to shut in May with the loss of up to 320 jobs. Staff were told of the closure late yesterday afternoon. A spokesman for Time confirmed that the office would shut but said that at this stage it was too early to say exactly how many jobs would be lost. No redundancies have been announced as yet and the company is currently engaged in a consultation process. However, Time's acquisition of Tiny earlier this week will lead to the creation of some new jobs and that these positions would be made available to those willing to relocate to Time's HQ in Burnley, according to the Time spokesman. But staff at Tiny have told The Register that they hold out little hope for the future. One insider said: "Yesterday an entire department walked out in disgust, and many other individual employees are too upset for words, packing their things into cardboard boxes and walking out of the building in tears." ® Related Stories Tiny Computers = big losses Time rescues Tiny
Tim Richardson, 01 Feb 2002

DoS risks against Cisco storage routers routed

Cisco is advising users to upgrade software on its line of storage routers after the discovery of multiple security vulnerabilities involving the technology. Three vulnerabilities have been discovered in Cisco SN 5420 Storage Router software releases up to and including 1.1(5). Two of the vulnerabilities (involving sending a HTTP request with a huge header or sending a fragmented packet over the Gigabit interface) can crash storage routers, and might be used in Denial-of-Service attack, Cisco advises. The third flaw allows an access to the SN 5420 configuration if it has been previously saved on the router. Crackers are yet to exploit the software flaws, Cisco reports. All three vulnerabilities are fixed in release 1.1(7) of software for the SN 5420 Storage Router, which Cisco has made available through partners and its Web site. Cisco is offering free software upgrades to eliminate this vulnerability to all affected customers. Last week, analysts Yankee Group advised that storage security would become an "imperative" this year as the adoption of Internet technologies undermines the comforting notion that storage networks are safe from hacker attacks. ® External links Cisco Security Advisory: Multiple Vulnerabilities in Cisco SN 5420 Storage Routers Related stories Myth of storage security savaged Cisco enters storage market Crackers exploit Cisco LAN switch flaw
John Leyden, 01 Feb 2002

Trust me, I'm a spam message!

Fear of fraud has a big effect on response levels to commercial mail, known to most of us as spam. So what the world needs is a "trusted sender" program to assure customers that they won't get ripped off when they respond to email offers. Step forward TRUSTe, best known for its Web site privacy scheme, which has launched an "email certification and seal program". Microsoft and Doubleclick will beta test the program, a digitally signed stamp which certifies the email is genuine. Customers can easily opt-out of the spam and/or complain to TRUSTe about privacy concerns, according to the scheme's backers. The program will also provide ISPs with a means to control "irresponsible" email flooding their servers, the backers of the scheme claim. We think theyre wrong: the prevalence of open spam relays due to lax security at ISPs is well documented and will continue to allow the unscrupulous to send spam messages without the hassle of dealing with bounced messages. If they can't get that right how can ISPs be expected to correctly implement a filter that throws out commercial email without a seal? If the scheme is a success, spammers will find a way to disguise their messages so that they appear genuine. We'll all get just as much spam as before, but some of it will be digitally signed. ® External links TRUSTe and ePrivacy Group Launch Seal Program to Bring Trust to email
John Leyden, 01 Feb 2002

Keep-up pressure on Kodak, say campaigners

Dom Watts is an unlikely consumer champion. Yet, the dad of three from Croydon took on the power and might of Kodak – and won. His Kodakcamera protest Web site became the focus for a month-long campaign by consumers in search of fair play. Yesterday, Kodak caved in to pressure and agreed to honour a deal for a cut-price digital camera – even though it maintained that the price tag of £100 was a mistake. For Dom, Kodak's capitulation proved to be the start of a busy round of newspaper and TV interviews for the IT contractor. The win for ordinary consumers has been described as a "victory for people power" and his site has come to epitomise how the Internet can be used for common good. However, it didn't start like that. Dom admits that when he bought the domain, Kodakcamera.co.uk, for just £6.79, he did it for "a bit of a laugh". "Although it started as a joke," he explained, it quickly spiralled into something altogether more serious. And as one of the 5,000 people to buy the camera, Dom admits: "This Kodak thing enraged me." Just as news of the original knockdown camera offer swept through the Net, so too did word of the protest site. In the last month thousands of people have visited the site – including people from Kodak checking up on the growing protest. However, while people celebrate, Dom is keen to see that pressure is maintained on Kodak concerning compensation. Some people took Kodak at it word and bought digital cameras elsewhere when the company insisted it would not honour the £100 deal. And there are others who have pursued legal challenges against Kodak. There's a feeling among campaigners that these people deserve compensation. A spokeswoman for Kodak told The Register this morning that people should contact Kodak and that enquiries will be looked at on a case-by-case basis. Dom welcomes Kodak's willingness to talk. He just hopes they’ll listen. ® Related Stories Kodak U-turn victory for consumers Kodak surrenders! Kodak sued in camera fiasco Kodak discount camera fiasco
Tim Richardson, 01 Feb 2002

Chinese New Year is no damp squib for DRAM

Chinese New Year is coming up soon, and that means a huge swathe of the computer industry in East Asia (not Japan, of course) shuts down for a week or so from Feb 10. Usually, this means spot market DRAM prices fall, as brokers clear stock in advance of the holiday. But not this year. According to the channel checkers at Fechtor Detwiler, the Boston investment bank, brokers "do not feel the pressure to sell... as they have done in the past". The market expects Hynix to do a deal either with Infineon or Samsung, if takeover talks with Micron fail. Any which way, this will make 'price co-ordination and control of supply even tighter than before," Fechtor Detwiler says in a research note. "So these brokers will keep defensive inventory and expect to sell at even higher prices after they come back from holiday." Hynix this week announced that it was placing DDR DRAM memory on allocation - in other words, big customers have to queue for supply. This means that there's no surplus for the spot market. ®
Drew Cullen, 01 Feb 2002

Gnome to be based on .NET – de Icaza

InterviewInterview How much do you love Microsoft's .NET? Enough to trust your Gnome applications to its APIs in the future? That's what Gnome leader Miguel de Icaza, believes should happen. Miguel calls .NET the "natural upgrade" for the Gnome platform, and enthused about the technology in an interview with us at LinuxWorld this week. Basing Gnome on the .NET APIs will cut development time significantly, He also had praise for the new Microsoft security model, dismissed the notion that Redmond was employing embrace and extend to its web services protocols, and put the message that the community should get over its beef with The Beast. "I'd like to see Gnome applications written in .NET in version 4.0 - no, version 3.0. But Gnome 4.0 should be based on .NET," he told us. "A lot of people just see .NET as a fantastic upgrade for the development platform from Microsoft. Had anyone, we wondered, told Sun? Sun has decided to adopt Gnome as the replacement to the aging and unloved CDE Desktop for Solaris, and you could see demos of the latest work this week at the large Sun booth. Miguel of course is leading development on Mono, the project to create an open source version of Microsoft's .NET framework - the C# compiler, run-time and class libraries. Which he says is a lot of fun. It's sponsored by Ximian, the company he founded, but most of the hundreds of contributors are not Ximian employees. Mono motives We wondered if the goal of Mono was really technical, as he'd said at the launch of the project, or political? Why not help clone Java? "I've never worked with the Java community. I was interested in Java the beginning, but the problem with Java is you do have to switch your platform. If you have code in C or C++ you have to jump to full Java: use Java compilers, full virtual machine, full class libraries and rewrite everything in Java. But there's JPython, we countered? "Well most of what you have is C C++ and Fortran code, so dropping all that code and rewriting it in J is not an option. Perl and Python are useful on the Open Source universe but it's a really limited universe compared to the existing C or C++ codebase" "So what is really neat about .Net is that you can run all of those apps ath the same time. But isn't there a danger of legitimizing the Microsoft platform - with Microsoft being an enemy of free software,? "Well Microsoft really does develop some really interesting technology. Not to go too far, but Microsoft is probably used by most people out there. Some scientists use TeX or LatEX but for most people Word is the thing that writers use these days. It might not be the best, but they do a pretty good job." "When it comes to .NET they've done a really outstanding job." "I'm trying to find out more about the history of .NET and how they came to make these decisions. It's a very large investment in terms of time moving the whole company to this. But .NET is a really nice platform to build on." "In the GNOME project we tried to keep the platform language independent. And it's hard to maintain those language bindings. The MS people had the same problem: with a new API. it would take a year and a half before the Visual Basic people could use it; it would have to go through a new release of the OS, a new release of the libraries, a new release of the run-time, and by the time its used by the user it had taken 18 months. We found this - it takes a long time. "With .NET once an API is published it's available to all programming languages at the same time. "It's strategic for us - lots of people will develop applications in .NET Really? We'd always figured it was a defensive move. The technology is really RPC under a new name, and Microsoft's been doing that for ten years… It's not about attracting new developers, is it? "I don't think they're going to lose developers to Java and I think they're going to keep the ones they had," countered Miguel. "Let's say it remains constant - it's still a very large amount of people developing .NET applications". "Now you know about .NET Smart Clients - Smart Clients are traditional applications extended to web services, with the addition that it's really easy to deploy. You can upgrade the app on the server and the users never know. The idea behind Smart Clients is you have a custom UI - good a example is IM tools - integrated with a remote server . "So one of the interesting side-effects it that you'll be able to run smart clients on ßour platform as well, because we're compatible with the binary file format. "Right now we compiling on Windows and popping the executable and running it on Linux. That's the way we debug the JIT compiler. We develop on Windows and copy and run on Linux. Miguel also had praise for the .NET versioning architecture, - "an outstanding job" - similar to the versioning Unix has had for years. Chasing taillights We wondered if they could keep up with Microsoft? "It's a little early to say. Right now we have 900 classes out of 3500 classes so we're not keeping up at this point. As Alan Cox likes to say, free software is always late! "When Microsoft ships 1.0 we're not going to be shipping Mono1.0 for at least a year. So we're late. If they make changes to the API we'll try and track it down. But aren't there large chunks of .NET you can only do on Windows. like authorization….? "Oh that is a very interesting question! The I/O model is based on the Win32 model - we have to emulate the behaviour - and it turns out that behaviour is extremely nice. We went and implemented that. "They have a beautiful security system and we're emulating the whole security infrastructure. It's actually easier to use than the Windows counterpart. We're basically wrapping the Unix functionality inside the Windows functionality. "What's important to keep in mind is that you do not actually use the Windows API in .NET - you use the .NET API - the clasese they have defined. There's final area, he added, with Mono emulting the Windows forms, which will be based on Gtk for .NET. Now about keeping pace. Only a small portion of .NET classes have been submitted to ECMA. "Tiny, tiny yes. But we can do APIs too - if people like the APIs we do, we'll submit them to ECMA." Miguel cited Lloyd Dupont's OpenGL classes as an example. So would he go as far as recommend .NET as a way to write web services? "My main focus is the client. In the web services area there is not a big-buy-in to the Windows platform, because this is the first time they have brought it to Windows. "Well in the Windows world they use SOAP… they do not talk about proprietary protocols. "We're doing Mono because we care about upgrading the development platform, we care about language independence; and it's very nice two work on. "I really don't hear too much about the debate whether you should use J2EE or .NET. If you prefer to use J2EE that's fine. I don't particularly care. "Another interesting thing is you can make Java targets with Microsoft .NET. You you’re your existing precompiled app, run the JUMP tools and it's a .NET app. It proves .NET can be used as a generic platform for running applications from many different languages. But not everyone agrees with that. "A lot of people just see .NET as a fantastic upgrade for the development platform from Microsoft. Security through obscurity We were surprised to hear that Microsoft had a great security model, could he explain? "OK there are two security modeks in place - one is the Windows NTN security model; which is actually a pretty [pauses] … You've seen security holes in Microsoft products - buffer overflows - they're not problems in the security architecture - that happens with Unix too. They happen to be really bad at managing their bugs, and not providing fixes on time, but that's another issue. That's the NT security system. "But .NET has another security system on top. It's designed to have same sort of security as Java. Instead of the application being the unit of security - you trust the whole app or you don't trust any of it - each portion of the program can be running on a separate trust domain. "So you can have Gnumeric running and you import a file from 1-2-3. Gnumeric asks the network or service do you have a plug-in for 123 - but the problem is you cannot trust this code, right? So you give it limited permissions. You're not going to let them write to the file, just read, populate the spreadsheet. If they try anything else the plug-in is killed, it throws an exception. It's a sandbox? "Exactly - it's a sandbox at any point, and you can define what, which I find really interesting. The bottom line "It's critical to upgrade our development platform to a lower cost, with Mono we can develop in a quarter of time. Microsoft is not advertising that - they're talking about web services; How so, what parts make for faster development? "The libraries, the GUI tools, the compiler system - serialization, database access, directory services and management." Quite a bit then. "Yes, you shouldn't lock yourself out of .NET. Mono has already slayed one of the holy cows of the Gnome project - the insistence that all code be released under the GPL. The decision to change to an MIT X11 license for some libraries passed off without too much protest this week, and Miguel said it was to avoid fragmentation, as it allowed the project to use Intel's optimizing run time:- "We were able to take everything they developed and incorporate it in Mono, but they were not able to take anythng in Mono and integrate it into their platform. It's still open source - but other people can use it." So a very enthusiastic endorsement of .NET, which will gladden the hearts of its authors, no doubt. Microsoft has made much of .NET's language independence and Miguel affirmed it as strongly as anyone could. The Mono FAQ points out that GNU started out as a project to take the best operating system of the time, and clone it. That's what he's doing with Mono, and .NET. Well that's not quite the perspective we have on GNU, which we've always thought was RMS' response to the increasingly restrictive licensing around UNIX™ and other software. (Gosling's EMACS, source code from Digital, being other examples). But it's sure to fuel some interesting discussion. If the free-est of free software projects is abandoning the GPL, and adopting APIs written in Redmond, are we facing a Windows future without the gougeware licenses? Or has the community, as Miguel tacitly suggests, simply failed to do the come up with long-term technical architectures that it needs, leaving developers little choice except to clone .NET? ® Related Links The Mono Project A nice Mono primer at Dr Dobbs Related Stories And then there were two open source .NET clones… BETRAYAL! .NET clones and GNOME in the firing line Why it p ays to embrace and extend .NET - de Icaza Mono to open source .NET by mid 2002 Call my bluff - how smart is reverse engineering .NET?
Andrew Orlowski, 01 Feb 2002

KaZaA.com ‘evaluates’ Dutch court ban

KaZaA.com continues to operate its Napster-style software downloads despite a ruling against its former owners in a Dutch court. An Amsterdam district court yesterday ruled KaZaA, the Dutch software and products firm that founded KaZaA.com, provided software that encouraged copyright infringement. It ordered KaZaA to stop the worldwide distribution of its popular P2P software. The court ruled the software "justifies on its own a ban on the use of the Web site", the Press Association reports. Earlier this month KaZaA.com was sold along with a license for its P2P stack by developers Fast Track to Australian firm, Sharman Networks Limited. So it's unclear if the decision of the Dutch Court is enforceable. The KaZaA.com Web site is still in the Netherlands according to the Whois database, but it's up in in the air whether or not this leaves Sharman liable to any enforcement action. Sharman's US PR agency told us the company is evaluating the ruling. Meanwhile KaZaA.com remains online and operational, albeit with support for Linux users mysteriously curtailed since the resumption of the service by Sharman Networks, after a brief suspension of the service by KaZaA days before its sale. A notice on the Web site, which has a counter documenting a steady rate of continuing downloads, states: "KaZaA does not condone activities and actions that breach the copyright of artists and copyright owners - as a KaZaA user you are bound by the KaZaA Terms of Use and laws governing copyright in each country." In October, the Recording Industry Association of America (RIAA) filed a lawsuit against KaZaA, as well as peer-to-peer MP3 file sharing services MusicCity and Grokster, which use FastTrack's code. A lawsuit was lodged in the Netherlands by a music copyright protection agency, Buma/Stemra. In November, a Dutch judge gave KaZaA two weeks to cease infringing recording artists' copyrights or risk a penalty of 100,000 guilders ($40,317) a day. KaZaA, which claims its software has been downloaded more than 30 million times, filed an appeal against this decision by saying it could not comply with the judge's order as it has no way of identifying those who use its software. Unlike Napster, KaZaA uses the true peer-to-peer principle enshrined in the Gnutella protocol, so it operates without a central server or distribution point. The courts have rejected KaZaA argument. But will this become a hollow victory? Although the music industry has successfully won its court case, it faces a greater challenge in shutting down the service. ® Related Stories Ala-KaZaA-m! KaZaA ordered to cease infringing copyright KaZaA claims it can't stop users sharing music RIAA targets post-Napster MP3 sharers Napster to ask court to reaffirm Appeal Court ruling Popular file-share utilities contain Trojans
John Leyden, 01 Feb 2002