Tag - You're Hit
3/7/2001; 5:31:28 PM
'An estimated one-third of all shopping cart applications at Internet retailing sites have software holes that make them vulnerable to the price switching scam, said Peggy Weigle, chief executive of Sanctum, a security software company in Santa Clara, Calif....
'Here's how it works: After choosing a product and receiving pricing information, a hacker can use a standard browser's "edit page" feature to show the hidden HTML code on the page. The thief then saves the page to his computer, alters the price information and then hits the "publish" key on the browser. In many cases, that page is then accepted by the shopping cart software - and that $999 watch becomes a $3 special.'
Speaking as a web professional who has designed and implemented some secure programs tracking millions of dollars worth of stuff... this kind of security hole is not hard to plug. In fact, with proper design, it should never be an issue. You can never trust a client any farther then you can throw them! Always check data for validity, not lack of invalidity (which is theorectically the same thing but in practice totally different).
On that topic... there are many systems vulnerable to this, not just e-commerce systems. I once tried to submit a -100000 rating on a "Are you hot or not?" site... the site seemed OK with it, didn't fire an error, but it didn't accept it either, fortunately. You can have a lot of fun with this, if you care to (which I usually don't, but the thought of giving someone a massively negative rating on one of those silly Am I Hot Or Not? sites was just too amusing to pass up).
Napster Judge Issues Injunction
Music & MP3
3/6/2001; 2:22:12 PM 'Napster has a three-day window to remove copyrighted music from its file-sharing system every time it is notified that a copyrighted song appears on its network, if it accepts the terms of an injunction issued by a federal court judge late Monday night.
'According to District Judge Marilyn Patel's injunction, Napster now has five days to outline its plans to begin policing its network. Somewhat surprisingly, the injunction also calls for splitting the responsibilities of monitoring the system between Napster and the Recording Industry Association of America.'
Not really that surprising... this is probably to forstall the objections on the part of Napster that the RIAA has not proven a single case of infringement. While one can make vague claims that Napster has infringing material and be confident (statistical sense of "confident") in it enough to issue an injunction, when one gets down to the tricky business of deciding which recordings are actually illegal, RIAA is going to have to help. Remember, some bands allow fans to record concerts and trade them, so in some cases there will be multiple versions of some songs, some legal, some not. It's trickier then it looks to prove a particular file infringing.
Napster Fallout: Privacy Loses?
Privacy from Companies
3/6/2001; 2:10:49 PM
'If Napster is ultimately ruled to be liable for copyright infringement, the frontlines of the intellectual property battle could shift to ISPs and end users. Experts say that could be bad news for online privacy....
'The Digital Millennium Copyright Act (DMCA) already exempts ISPs from any obligation to monitor their networks for copyright violations, and absolves them of liability for transient files.
'Nevertheless, privacy and legal experts predict that the Napster decision will place increased pressure on ISPs to play a role in stopping illegal file sharing. At the least, they may face a new deluge of requests to identify users accused of copyright violation.'
Random House Sues for Rights
General IP Issues
3/6/2001; 2:03:47 PM
'Did authors sign away rights to electronic books before e-books were even invented? Random House believes so, which is why it's suing e-book publisher RosettaBooks over ownership of digital rights for eight previously published works.'
Interesting discussion, but I would anticipate Random House will win. While one cannot sign a contract without being aware of what the contract says, since the authors signed away "all rights" in all likelihood, its a bummer for the authors, but it's pretty clear what that means. (Now if they didn't sign "all rights" away, then maybe there's cause to argue, but this is really a contract case, not an electronic/Internet issue.
The Internet's public enema No. 1
3/5/2001; 10:47:57 PM
'Rotten.com's sole purpose is to "present the viewer with a truly unpleasant experience," and its proprietor is doing a dandy job of that.... It's horrible. And yet, the Net is fascinated. About 200,000 visitors come to Rotten.com every day. We are voyeurs at heart, drawn to the macabre and horrific like rubberneckers at a car crash, and even though we can't bear to look we are compelled to click on that headline: "A gallery of severed hands and whatnot." Yuck.
'Rotten dot-com serves as a beacon to demonstrate that censorship of the Internet is impractical, unethical and wrong," Soylent writes in his manifesto, adding that nothing he posts there can't be found elsewhere. "To censor this site, it is necessary to censor medical texts, history texts, evidence rooms, courtrooms, art museums, libraries, and other sources of information vital to functioning of free society."'
The article brings up the touchy question of international speech laws, amoung others. Note: I haven't visited this site, nor do I intend to. The link in the news item title is to an article in Salon, it's safe to click.
|<- Future Posts||Past Posts ->|