|
|
|
archives If you want an RSS feed try this
Saturday, April 05, 2003Virgin boss accused
 Virgin Radio CEO John Pearson was accused of lying in th High Court in London last week by QC Christopher Pymont counsel for Chris Evans during the hearing into the recent dismissal of the radio presenter by SMG. Again we see the reference to e-mail as evidence in the highest courts in England and not just in the USA as some might have thought given the most recent stories published here.
Related links
VIRGIN CHIEF DENIES LYING IN COURT Daily Record
Chris Evans weeps in witness box over his lost staff By Sally Pook The Daily Telegraph
I worked hung over most days, Chris Evans tells judge By Ciar Byrne The Guardian
posted by Robert Campbell 7:36 PM Deutsche Bank left out in the cold
 The settlement of the of the Wall Street research conflict of interest case will probably exclude Deutsche Bank, others too if news reports are to be believed. The interesting issue with the Deutsche Bank is they will be positively excluded from the final deal because they have failed to hand over e-mails requested by the regulators. Andre Pineda, California Department of Corporations' deputy commissioner is quoted as believing that only around 20% of all e-mails had been surrendered so far. The bank has apparently acknowledged their failure in this regard, one wonders if that is an admission of incompetence or something more sinister?
There are 12 banks included in the settlement, with total penalties to be paid in excess of $1.5 billion US, Deutsche have already agreed to pay in principle sums of $160m US.
Related links
Deutsche Bank may miss Wall Street settlement By Gary Silverman Financial Times.
Lost e-mail costs Big Money Firms $8,000,000+
CNN Money report
No charges for Morgan Stanley analyst Meeker-WSJ Reuters
Merrill, CSFB may be accused of fraud By Luisa Beltran, CBS.MarketWatch.com
posted by Robert Campbell 4:36 PM Thursday, April 03, 2003Hacking in Real Quick Time
 Vulnerabilities in both of the most popular Multimedia Players could expose your systems to attack. RealNetwork's RealPlayer and Apple's QuickTime seem to have buffer overflow style errors which could cause arbitary code to be executed by an attacker. RealNetworks has issued an advisory warning of a specific potential of 'heap corruption' if the system is sent a malformed .png file. Data compression libraries are to blame apparently.
iDefense has discovered a buffer overflow vulnerability in Apple's QuickTime Player. I couldn't find any reference to it on Apple's own web site, was this anything to do with the fact that it affects computers with Microsoft's Windows but not those with Apple's Macintosh OS ?
posted by Robert Campbell 9:37 PM Meeker gets off
 Morgan Stanley's analyst Mary Meeker escapes sanctions by SEC while her employer agrees to pay $125M. If anyone wanted more examples of the increasing importance of using e-mail as evidence they need look no further than the emerging story of Meeker and others. While Meeker and MS will not be cited for actual securities-fraud violations they will be criticised. The regulators failed to find enough evidence in e-mails to implicate her directly unlike Jack Grubman, ex telecoms analyst at Citigroup's Solomon Smith Barney and Henry Blodget previously of Merrill Lynch & Co.
Grubman and Blodget have denied the allegations but the e-mail evidence seems to have satisfied the Securities and Exchange Commission.
Related Links
Lost e-mail costs Big Money Firms $8,000,000+
CNN Money report
No charges for Morgan Stanley analyst Meeker-WSJ Reuters
posted by Robert Campbell 8:31 PM County security chief faces 'possible termination'
 A story from The Mercury News.com by Karen de Sa
The paper carries a story about Santa Clara County's top information security officer, one Peter Ekenem deliberately misusing office resources inlcuding sending email containing sensitive internal documents to an ex-employee outside of the US. It wasn't the abuse of email that was so shocking to us here at ecommnet but the fact that a County Official said that ...'A separate administrative review also is concluding, which may result in Ekanem's termination...'. Now that's what we call a Draconian email policy.
Related links
e-mail as evidenceposted by Robert Campbell 7:48 PM Wednesday, April 02, 2003Is Your Website Breaking The Law?The Disability Rights Commission (DRC) is testing one thousand websites for compliance with basic accessibility standards. Sites that fail could be illegally dicriminating against disabled people. Organisations offering goods or services on the web now have a legal obligation to make their sites accessible. The DRC is to conduct a formal investigation into 1,000 sites to see how well they comply with basic accessibility standards, and whether the sites are usable to people with a variety of disabilities. Legal experts say it is only a matter of time before the website accessibility requirements of the Disability and Discrimination Act (Section III) are tested in the UK courts. Until that happens, our best advice is that organisations should try to comply with at least Level 1 (or preferably, Level 2) of the W3C's Website Accessibility Initiative. Doing nothing about an inaccessible website is not a sensible option. ecommnet will shortly be launching its own accessibility website and we are redeveloping our exisiting site to comply with accessibility standards. If you would like to learn more about accessibility, the law, and what you should do to make your website accessibile, contact our accessibility and usability team at: accessibility@ecommnet.co.uk David Jones posted by Robert Campbell 8:06 AM Monday, March 31, 2003Bullying by email
 Tim Richardson's article on email bullying published on The Register, makes for interesting, if somewhat disturbing reading. One wonders if this is yet another reason for extending the powers of the employer to monitor and control what employees do with the web and email at work. There have been various rants amongst the commentators about the intrusive nature of employers, in particular John Leyden from The Register in his article Spyware found on one in three corporate networks only grudgingly accepts the needs of employers to exhibit some control.
We here at ecommnet believe that there is a clear business and legal imperative to provide control and monitoring throughout the workplace as the use of email, the internet and IT services in general exposes employers and employees alike to real risks.
Related links
UK workers succumb to email paranoia The Register
Birmingham City to gag staff
Robert Campbell and Stephpen Mason's article on e-mail as evidence
Websense wants to ban online gaming
Spyware found on one in three corporate networksposted by Robert Campbell 12:23 PM Silicon Graphics targets the Middle East
 There's no real story here the article is just a blatant advertorial piece published on the AMEInfo web site, but it makes for a great sub-edit headline! Editor's note: We have avoided jumping on the band-wagon of the war in the Middle East and the various cyber-terrorism stories swamping the news wires in the belief that there is enough news of real importance coming out of that regionposted by Robert Campbell 11:58 AM Sendmail overflowing with vulnerabilities again
 Sendmail, arguably the Internet's most critical piece of software as it reportedly handles 3/4 of all mail sent, is overflowing with vulnerabilities ....again! The latest flaw in the MTA discovered by Michal Zalewski, could allow an attacker to compromise the system by sending a malformed message, in particular one with a malformed address. Crucially this attack could in theory pass through a boundary email server which wasn't vulnerable and on into the internal network infecting servers on the trusted side of the firewall. The latest CERT advisory suggests that all versions of Sendmail are affected, and it's not the same flaw that was reported earlier this month. On a political note Sendmail haven't named Michal in their statement, referring to him as ' sendmail user who has contributed many patches to sendmail.org in the past several years', I wonder why that is then?
CERT have another recent alert refering to Multiple vulnerabilities in Lotus Notes and Domino V5 and 6 and although these don't speciifically refer to Notes in the email context it does go to show putting standard software 'out front' is a dangerous thing to do. An email firewall would take a strict approach to malformed messages and that includes the address part so that this attack method could not work.
Related links
CERT
Sendmail Org the open source version
Sendmail the commercial version
BorderWare MXtremeposted by Robert Campbell 11:02 AM Spam - Last orders please
 The UK's Department of Trade and Industry - Communications and Information Industries Directorate has launched a public consultation process on how best to implement the THE DIRECTIVE ON PRIVACY AND ELECTRONIC COMMUNICATIONS (2002/58/EC). This directive covers in particular extends the controls on the use of any form of electronic communications for use in unsolicited direct marketing, i.e. SPAM and the use of cookies and similar tracking devices on web sites. The consultation process lasts 12 weeks, closing date 9th June 2003. The regulations are due to be implemented in October this year, Oct 31st being the deadline for the actual Directive coming into force.
Will this have any effect on the SPAM deluge ? probably not, as Tim Richardson of The Register points out the SPAMers all operate from outside the EU and not the kind of people who are likely to be bothered about the legislation anyway.
Related links
DTI's CII home page
European Commission's web site on the communications framework regulations
Tim Richardson's article from The Register
Whitepaper on BorderWare MXtreme email firewall and anti SPAM posted by Robert Campbell 9:51 AM
|
