• Newsletter Vol 1 Issue 3

    webarchive 2nd Dec 2002ISOC-England: ISOC-E Digest Friday 17 May 2002 Volume 1: Issue 03

    “The Internet is for Everyone”

    The Internet Society of England freely distributable monthly Newsletter

    Editor: Olivier MJ Crepin-Leblond <editor@england.isoc.org>

    Producer: Richard Francis

    Please distribute widely !

    Instructions for subscribing/unsubscribing are included at the end of this message

    ***** See last item for further information, disclaimers, caveats, etc. *****

    This issue is archived at <http://www.england.isoc.org/newsletter/index.rhtm>

    Contents:

    Welcome to issue number 3

    News

    Feature: Governance of the Internet at the Crossroads

    ICANN 2 ? (Richard Francis)

    Feature: Crying Klez: Maybe the sky *is* falling (Robert M. Slade)

    Working Groups

    Events Diary

    In the next issue of the ISOC England Newsletter

    Abridged info on ISOC England

    ———————————————————————-

    Date: Mon, 0 May 2002 00:00:00 -0000

    From: Olivier MJ Crepin-Leblond <ocl@gih.com>

    Subject: Welcome to issue number 3

    Welcome to the third issue of the ISOC England Newsletter.

    HACKING INCIDENT

    This month, the computer that runs the mailing list itself

    was hacked maliciously, and all data pertaining to the

    ISOC England Newsletter mailing list membership was erased.

    Thankfully, we have kept back-ups of the original list

    membership, but if you had subscribed to the distribution

    list yourself, and this issue reaches you by way of

    someone else forwarding it to you, then you may not be in

    the distribution anymore. Make sure you don’t miss out on

    future issues by sending a command to:

    majordomo@gih.com

    with the command:

    subscribe isoc-e-newsletter

    in the body of the message

    CALL FOR ARTICLES

    Hacking is a plague to the Internet, and we are planning

    on discussing the problem in one of our future issues.

    If you wish to contribute an article on the subject, please

    email me.

    FEATURES

    This month’s first feature article, “Governance of the

    Internet at the Crossroads”, penned by Richard Francis, is

    the first of a series on ICANN reform. He looks at reform

    from the perspective of National Internet Top Level Domain

    Registries (ccTLDs).

    ICANN, the global Internet governing body, may sound like

    an acronym we do not really relate to, but ultimately,

    actions taken by ICANN will affect all of us! They are

    responsible for the stable operation of the international

    root server system.

    Wiped disk… E-mails to all of your address book…

    Have you ever been hit by a computer virus?

    The second feature article included in this newsletter is

    written by Rob Slade, a worldwide authority on computer

    viruses for way more than a decade. According to Silicon.com,

    KLEZ is a virus that is top of the “”virus league tables”. Just

    like previous similar critters, it spreads by using loopholes

    in MS Outlook – and is very successful at that. Computer

    viruses are here to stay – but steps can be taken against

    them to minimise their spread. In today’s world of information

    overload, Rob’s article provides the facts.

    We would really like to receive feedback from everybody,

    so if you have suggestions, comments, or would like to

    contribute an article to the ISOC-E newsletter, then please

    write to: editor@england.isoc.org

    Happy Reading!

    ——————————

    ISOC NEWS

    IMPORTANT: ISOC ENGLAND MEMBER DISCUSSION LIST

    The ISOC England member’s discussion list has moved home!

    The list has also been modified from being “opt-out”

    to being “opt-in”.

    This means that in the past, all ISOC England members

    used to be automatically subscribed to the ISOC England

    Discussion list. Today, members need to specifically

    subscribe to the discussion list.

    All members are joined automatically to the announce list.

    This list is for announcements only and is for the use of

    the board or authorised administrators of the chapter.

    The members list is an open discussion list and is optional.

    All members who wish to take part in chapter discussions

    need to visit the website at www.england.isoc.org and log

    in using their username and password.

    You then need to select “Change personal details” and your

    membership details will be displayed.

    If you do not remember your password/username, a password

    recovery function is provided. Once into your member area,

    click on “Change my Subscriptions” and select the mailing

    lists you would like to be subscribed to at the bottom of

    the “update” page.

    Emails will be sent to the email address you give in the

    member record.

    2002 ISOC BOARD OF TRUSTEES ELECTIONS

    In accordance with the new ISOC Governance model, those are

    coming up soon. An announcement was made by Christian de

    Larrinaga, explaining the current position of the Board,

    and the search for solutions to ensure that every voice

    within ISOC England is heard:

    http://www.england.isoc.org/isoc-newgov-info.rhtm

    The initial process has now taken place, and Veni Markovski

    has been chosen as the ISOC European Chapters representative.

    The election date is Tue May 28.

     

    Announce Election done

    Stop accepting nominations done

    Announce initial slate Fri done

    End accepting petitions Fri done

    Final slate to Elections Comm done

    Mail ballots Sun done

    Election day Tue 28-May-02

    Announce results Fri 31-May-02

    End receiving challenges Mon 10-Jun-02

    Reply to challenges Mon 17-Jun-02

    Annual General Meeting Mon 17-Jun-02

    For full information on the election process, please consult:

    http://www.england.isoc.org/bot-election-chapter.rhtm

    VOTING TAKING PLACE ON TWO MOTIONS FOR ICANN REFORM

    The DNSO (Domain Name Supporting Oganization of ICANN) is

    conducting a vote on the reform of ICANN. The two motions

    to be voted on are:

    * Motion 1. “Request that US DoC hold open competition for services now

    offered by ICANN”

    * Motion 2. “Basic principles for the ICANN Reform Process”

    To have your voice heard, you need to register in the Voting

    Registry. A form to that effect is found on:

    http://www.dnso.org/dnso/notes/2000.GA-voting-registry.html

    Basic outline of the voting on Two motions about ICANN Reform

    * Basic outline http://www.dnso.org/dnso/notes/2002.GA-b12-outline.html

    Electorate and Voting Registry

    * Electorate. Voting roster

    http://www.dnso.org/secretariat/b12.rosterindex.html, as of 15 May

    2002, at the time the ballot was prepared.

    Voting Rules used by the DNSO General Assembly

    * Voting rules http://www.dnso.org/dnso/notes/2000.GA-voting-rules.html

    Time for the vote

    * Begins: Wednesday 15 May 2002, 13:00 UTC

    (06:00 LA, 09:00 New York, 15:00 Paris, 22:00 Tokyo)

    * Ends: Wednesday 22 May 2002, 13:00 UTC

    (06:00 LA, 09:00 New York, 15:00 Paris, 22:00 Tokyo)

    Results published on 24 May 2002, 16:00 UTC

    ——————————

    APRIL/MAY NEWS DIGEST

    In the fast-changing world of Technology and the Internet, News are

    a daily event. Here is a selection from April and May’s newsreel.

    I welcome comments about the selection!

    Please e-mail your feedback to editor@england.isoc.org

    PRIVACY

    ‘NET IS DESTROYING CIVIL LIBERTIES,’ BLAIR WARNED

    (silicon.com – 20 March 2002)

    “If the government doesn’t explicitly defend personal liberties

    then these may be swept away by the growth of new technologies.”

    http://www.silicon.com/ess52159

    REGULATORY

    IBM DROPS INTERNET PATENT BOMBSHELL (ZDnet – 18 April 2002)

    A recent IBM patent claim could threaten royalty-free access to a

    key Internet standard protocol backed by the United Nations.

    http://cgi.zdnet.com/slink?177220

    NEW LAW WOULD CRIMINALIZE FALSE WHOIS INFO (newsbytes – 3 May 2002)

    A.N. Other would not be able to register domain names in US

    http://www.newsbytes.com/news/02/176371.html

    NON EU ONLINE BUSINESS PROVIDERS TO PAY VAT

    (silicon.com – 7 May 2002)

    Businesses delivering goods digitally to European customers

    will have to pay VAT even if they are based outside the

    European Union

    http://www.silicon.com/ess53161

    INTERNET GOVERNANCE & E-GOVERNMENT

    DOT-EU DOMAINS GIVEN THE GREEN LIGHT (silicon.com – 26 March 2002)

    The European Union looks set to have its own .COM equivalent

    http://www.silicon.com/a52283

    DOT EU REGULATION DOCUMENT PUBLISHED

    http://europa.eu.int/eur-lex/en/dat/2002/l_113/l_11320020430en00010005.pdf

    CONSUMER GROUPS DECRY DOT-US POLICIES (Bizreport – 29 April 2002)

    A good lesson in what mistakes to avoid with DOT-EU

    http://www.bizreport.com/article.php?art_id=3362&width=1024

    ACM ASKS ICANN TO SCALE BACK MISSION (BizReport – 3 April 2002)

    The Association of Computing Machinery gets involved in the debate

    http://www.bizreport.com/article.php?art_id=3230&width=1024

    ICANN SEEKS NEW DOT-ORG OPERATOR (22 April 2002)

    Do you fancy like bidding for running a major Top Level Domain?

    http://www.icann.org/announcements/announcement-22apr02.htm

    E-ENVOY TOLD: ‘MORE ACTION, LESS CHAT’ (silicon.com – 25 April 2002)

    National Audit Office criticizes the E-envoy mission

    http://www.silicon.com/ess52923

    Report at: http://www.nao.gov.uk/pn/01-02/0102764.htm

    ACCESSIBILITY

    BBC LAUNCHES EURO-CENTRIC SEARCH ENGINE

    Dissatisfied with US-centric search engines?

    http://www.bbc.co.uk

    OECD PUBLISHES REPORT ON INTERNET TRAFFIC EXCHANGE

    (13 March 2002)

    http://webnet1.oecd.org/pdf/M00027000/M00027258.pdf

    TECHNICAL

    BT TRIALS ‘NEXT GENERATION’ BROADBAND (silicon.com – 26 March 2002)

    Forget ADSL – even higher transfer rates are coming soon!

    http://www.silicon.com/a52281

    HALF A MILLION HAVE BROADBAND IN UK – OFTEL (NUA Internet

    Surveys – 3 May 2002)

    http://www.nua.ie/surveys/index.cgi?f=VS&art_id=905357918&rel=true

    BT’S ‘NO FRILLS’ DSL IS AN ISP KILLER (silicon.com – 24 April 2002)

    No frills ISP will hit the market in Autumn

    http://www.silicon.com/a52900

    BT ANNOUNCES PLANS FOR UK’S FIRST PUBLIC ACCESS WIRELESS LAN NETWORK

    (10 April 2002) Full details in June

    http://www.groupbt.com/Mediacentre/Agencynewsreleases/2002/an34.htm

    HACKING WITH A PRINGLES TUBE (BBC News – 8 March 2002)

    Make sure that wireless LAN is secure, or you could get hacked

    http://news.bbc.co.uk/hi/english/sci/tech/newsid_1860000/1860241.stm

    OECD’S CAUTIONARY TALE OF PORN AND CYBERSPACE (IHT – 3 April 2002)

    Domain name renewals gone wrong

    http://www.iht.com/articles/53353.html

    KLEZ TOP OF THE VIRUS LEAGUE (silicon.com – 1 May 2002)

    Klez – extremely irritating – extremely contagious

    http://www.silicon.com/a53058

    ECONOMY

    HOW TO SURVIVE AS AN IT CONTRACTOR (silicon.com – 19 March 2002)

    Tips for IT contractors and sub-contractors

    http://www.silicon.com/ess52133

    IT SPENDING ON THE RISE (silicon.com – 18 March 2002)

    Is the worst over ?

    http://www.silicon.com/ess52089

    NTL: ‘WE MAY RUN OUT OF CASH’ (silicon.com – 27 March 2002)

    BT competitors facing hardship

    http://www.silicon.com/p52314

    ITV DIGITAL COLLAPSE COULD HARM INTERNET TAKE-UP (ZDnet – 2 May 2002)

    The UK government’s target of achieving universal Internet

    access by 2005 could be wrecked by the collapse of ITV Digital,

    MPs warned on Wednesday.

    http://cgi.zdnet.com/slink?178249

    THE POLITICS OF PEERING (ISP Planet – 29 April 2002)

    Inter-ISP Peering agreements will shape tomorrow’s Internet

    http://www.isp-planet.com/business/2002/equinix.html

    TONGUE IN CHEEK

    “I’LL BE BACK,” DISGRUNTLED CYBORG TELLS AIRPORT SECURITY

    (silicon.com – 15 March 2002)

    What could happen when you take Internet access too seriously.

    http://www.silicon.com/ess52068

    YAHOO SUED BY SIGNATURE YODELER (USA Today – 19 April 2002)

    What is the market price for a Yodel?

    http://www.usatoday.com/life/cyber/2002/04/19/yahoo-yodel.htm

    @rE Y0U l1v1ng 1n @ C0mpUtEr S1mUl@t10n?

    Dr. Nick Bostrom, Dept. of Philosophy @ Yale University

    put his point across that you are…

    http://www.simulation-argument.com/

    ——————————

    GOVERNANCE OF THE INTERNET AT THE CROSSROADS – ICANN 2 ?

    by Richard Francis

    rfrancis@igovernance-consultants.com

    Internet historians who look back to 2002 in the future may have some

    sympathies with the Miami Law Professor, Michael Froomkin who has

    recently written:

    ‘Who cares what ICANN was supposed to be for half an eternity ago in

    Internet time. (Maybe we’ve learned a thing or two since then)…the

    critical element for ICANN is technical coordination…the public

    interest is served by delegating resources, not hoarding them, and by

    presiding over an orderly de-centralization of policymaking, away

    from current single point of near-total failure’(1).

    In February 2002, Dr Stuart Lynn, CEO of ICANN, published a proposal

    for fundamental reform of ICANN. The premise of the proposal is that

    ICANN, in its current form cannot fulfil the goals for which it was

    set up.(2) Many commentators consider the ICANN system is

    ‘broken’(3).

    Dr Lynn’s premise has led to the most comprehensive global discussion

    of ICANN, and mass of written material generated by that discussion

    since its foundation in the 1990s.

    The history of the establishment of the Internet Corporation for

    Assigned Names and Numbers (ICANN) will be familiar to many members

    of the local Internet community in the UK. For those who have not

    followed the ICANN experiment in global co-regulation of the

    Internet, ICANN is a Californian not for profit corporation, created

    following President Clinton’s challenge to US Commerce Department’s

    National Telecommunication and Information Administration to

    ‘support efforts to make the governance of the domain name system

    private and competitive, and to create a contractually based

    self-regulatory regime that deals with potential conflicts between

    domain name usage and trademark laws on a global basis’ [and as it

    has turned out, a raft of additional policy matters].(4)

    At Harvard, faculties who are participants in the Kennedy School of

    Government’s broad research programme, ‘Visions of Governance in the

    21st Century’ describe ICANN as a rare ‘experiment’ in governance.(5)

    ICANN is responsible for coordinating the Internet’s naming, address

    allocation, and protocol parameter assignment systems. These systems

    enable globally unique and universally interoperable identifiers for

    the benefit of the Internet and its users. As overall coordinator of

    the Internet’s systems of unique identifiers, ICANN’s role according

    to its March 2002 mission statement, while defined and limited,

    includes both operational and policymaking functions (6).

     

    A few country code country code top level domain (ccTLD) managers,

    such as Nominet UK, were involved in the international consultation

    which led to the establishment of ICANN; most were not. At the time

    there was a clear distinction between ICANN’s technical co-ordination

    role and its role in relation to generic top level domain (gTLD)

    policy matters. ICANN has added 7 new gTLDs to the .com, .org and

    .net open gTLD registries. The clear distinction has been lost,

    notwithstanding a separate agreement between the US Government and

    ICANN relating to the organisation and management of the ‘IANA

    function’.(7)

    The ccTLD Registry managers are internationally one of the most

    ‘organised’ group of actors on the ICANN stage. At the end of the

    ICANN meeting in Accra they issued a communiqué, commenting on the

    Lynn reforms (8). Now that many governments and the ccTLD managers

    in their countries have a far deeper understanding of the

    Domain Name System (DNS) the opportunity must not be lost to grapple

    with one of the most difficult issues that ICANN have to deal with:

    documenting the fact that the root of the ccTLD registry managers’

    authority, within the DNS, is the consent of their local Internet

    community, including national Governments as key members of those

    communities. They do not get their authority from the IANA function

    of ICANN.

    Two basic technical functions are critical for ccTLD registry

    managers:

    * Stable and secure operation of the Primary Root Server (currently

    operated by Verisign under the direction of the US Government) and

    the 12 Secondary Root Servers (currently operated by volunteers, two

    of which are located in Europe)

    * Maintenance of a database of ccTLD Managers and name server

    addresses.

    There is a growing consensus among ccTLD managers that matters of

    interoperability, stability, security are matters of responsibility

    for the ccTLD itself, which is accountable for this to their local

    Internet community. As a TLD registry is not considered to be

    responsible for the technical use of each second level domain (SLD)

    delegated to Internet users, or for the technical functionality of

    the SLD, the administrator of the database comprising the

    authoritative database for ccTLD managers (currently the IANA)

    should not attempt to assume such a responsibility for ccTLDs, and

    domain names registered under them.

    When the ICANN Board come together at their next meeting in Bucharest

    in June and begin the process of responding to the calls for reform,

    it is inconceivable that they will recommend to the US Department of

    Commerce to discontinue the experiment in governance. Nevertheless

    there is a general view that the need for major reform is so marked

    that the organisation that emerges will be so significantly different

    for Internet historians to mark the launch of ICANN 2 in 2002-2003.

    The organisation that emerges might be a UN Commission on the

    Internet Naming and Numbering. My guess it will be ICANN 2.

    A full response to the needs of ccTLD Registry managers must be built

    into the reformed organisation.

    FOOTNOTES

    1. See Prof Michael Froomkin Johnson & Crawford: ‘The Conflicting

    Myths of ICANN’ – ICANN watch 22.04.2002

    http://www.icannwatch.org/article.php?sid=687&mode+thread&order+0

    2. The full text of the Lynn proposal can be found at

    http://www.icann.org/announcements/announcement-24feb02.htm

    3. eg Paul Hoffman in ‘Reforming the Administration of the DNS

    Root’, 25 April 2002

    http://www.proper.com/ICANN-notes/dns-root-admin-reform.html

    4. For a summary of the report go to

    http://www.gao.gov/audit.htm

    5. See ‘ICANN and the Migration of Governence, JS Nye Jr and

    JD Donahue in ‘Who controls the Internet?’ Bertelsmann Foundation 2001

    6. The ICANN staff mission statement is at

    http://www.icann.org/general/toward-mission-statement-07mar02.htm

    7. see http://www.iana.org

    8. see http://www.wwtld.org/communique/ccTLDGhana_communique_13Mar2002.html

    Richard Francis is a founding director of Internet Governance

    Consultants. He chairs ISOC’s Legal and Regulatory International SIG.

    (Full Bio available in ISOC England Newsletter V1.01, archived

    at: http://www.england.isoc.org/newsletter/index.rhtm )

    ——————————

    CRYING KLEZ: MAYBE THE SKY *IS* FALLING

    by Robert M. Slade

    rslade@sprint.ca

    (This article was first published in Risks Digest 22.06 – 8 May 2002)

    Maybe it’s because the name is unassuming, without the flash of a

    “Melissa” or “Loveletter” or “Chernobyl.” Maybe it’s because various

    reports have called it Klaz, Kletz, W32/Klez.[a-k]@mm, or I-Worm.Klez.

    Maybe it’s because the public’s attention has been exhausted by media

    viruses like Code Red. Maybe it’s because there have been a number of

    versions, and only the latest one has made an impact. Maybe it’s

    because the beast is bewilderingly complicated.

    Whatever the reason, a virus called Klez (or, more specifically,

    Klez.H) seems to be happily spreading far and wide, without much

    attention from anyone except antiviral vendors. Warnings have been

    issued about it, but these are often limited and unhelpful. The

    general media does not appear to have paid any attention to the

    problem at all. One of the most widespread and dangerous viruses of

    recent times, Klez is hard to identify, is difficult to track, is

    generating serious numbers, and carries a number of payloads. Also,

    it probably isn’t the last of it’s kind.

    Klez is actually a family of viruses. The limited information

    available seems to indicate that the same author or a small group,

    probably resident in China, is likely responsible for all of the Klez

    variants. Eight have been identified so far, seemingly released

    between the fall of 2001 and spring of 2002. Each variant has added

    new features and payloads. In little over half a year the Klez family

    has gone from being a minor nuisance to a major threat.

    The first version was so buggy that flaws in programming seemed to be

    the major concern. However, even then the virus was notable for its

    ambition and complexity. In addition to spreading itself, Klez

    dropped a virus called ElKern. (There have been reports of a new

    version of a new version of the CIH virus traveling with Klez, but

    this may be due to infection of the Klez program file itself.) The

    subject line, sender address, and filename attachment were all

    variable, avoiding the major means of e-mail virus detection. (Various

    Klez variant subject lines have promised games, humour, pornography,

    vague but important messages, and, interestingly, antiviral

    protection.) Klez also used a vulnerability in Microsoft’s Outlook

    mailer (actually resident in Internet Explorer programming) that would

    automatically unpack and invoke the message attachment, in some cases

    before the message was even read by the user.

    (This mailer loophole, sometimes known as the IFRAME vulnerability,

    had actually been addressed and patched by Microsoft in March of 2001.

    Users who had regularly upgraded installed patches would not have been

    at risk of this specific function. The bug is addressed in

    www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp

    and http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.

    However, the more widely known Microsoft security bulletin,

    http://www.microsoft.com/technet/security/bulletin/MS01-027.asp, deals

    with a composite patch, and talks about browser certificates, rather

    than the mail problem. It is also interesting to note that, in order

    to use this function, Klez forms messages with a non-standard MIME

    [Multimedia Internet Mail Extensions] format. Non-Microsoft mailers,

    such as Pegasus and Netscape Communicator, may not even allow users to

    see the attachment, and thus, inadvertently, offer users additional

    protection.)

    The file attachment, as of version H, will have an extension of .EXE,

    .BAT, .PIF, or .SCR. The MIME file type will not match the extension

    (although that is not a reliable indicator of a virus infection).

    E-mail addresses used to create new infected messages are harvested

    from the infected machine. Recent versions of the virus also have

    code to use ICQ as a source of e-mail addresses.

    Klez.E (version 2.0, according to internal text), released in January

    of 2002, added file infection capabilities, so that the virus could

    spread using e-mail, direct copying to network shares, and infection of

    program files. (Windows system files were often corrupted by the

    infection attempts. Other files might be infected by a companion type

    method: the original file was renamed and hidden and a copy of Klez

    written with the original filename.) The virus carried its own SMTP

    (Simple Mail Transfer Protocol) program so that it did not need to use

    local mail clients. The “From” line was also faked such that if Alice

    received an infected message from Bob, it might not come from Bob but

    from Charles, who had addresses for both Alice and Bob on his infected

    machine. This function not only prevented tracking of the infected

    machine, but caused many people to try and track infections in the

    wrong place. In addition, the virus had a payload to overwrite text,

    Microsoft Word, MP3, HTML and other files with random data, thus

    destroying the contents.

    Early versions of the virus had a hidden message (in the body of the

    infected message) seemingly indicating that the author was trying to

    gain a reputation in order to get a better job. Later versions tried

    to kill processes of the Code Red family of worms, including Nimda,

    and included hidden messages suggesting that Klez was an antivirus

    virus. Klez.E, in addition to adding to the list of virus processes

    that would be stopped, also killed processes for a number of the most

    popular and effective antiviral programs. It would remove Windows

    Registry keys for antiviral software, and also corrupted checksums or

    deleted files for antiviral systems. (Text strings seemed to indicate

    that this was because the world had not offered the author a well-

    paying computer job.)

    The latest version (as of this writing), Klez.H, often sends itself in

    a message offering a tool to remove and immunize against Klez.E. (It

    purports to come from one of a number of well-known antiviral

    companies.) Klez.H also added a new function: it would frequently

    pick up a file from the infected computer and add it as an attachment

    to the infected message sent out. There is already one known case

    where a confidential negotiating document was transmitted to a mailing

    list of several thousand people in this manner. Fortunately, the file

    overwriting payload seems to have been removed.

    Any available virus tends to spawn variants. It is also not unusual

    for a virus author to improve on his (or her) own work, and release

    new versions. However, variants seldom involve additions of functions

    and features to the extent seen in Klez. The original version alone

    demonstrated effective social engineering and polymorphic techniques,

    as well as complex features that would be dangerous in conjunction

    with other forms of malware. In less than six months, the author (and

    the greatest probability is that there is a single author) has added

    features manipulating processes in memory, attacking antiviral and

    security software, increasing the means of reproduction and spread,

    and attacking data availability and confidentiality. It is unlikely

    that this is the last version of Klez that will be seen, and a number

    of common viruses could give the author new ideas for new payloads to

    add and new technologies to employ.

    In a sense, though, there is absolutely nothing new about Klez.

    Microsoft software is well-known to be full of bugs and security

    loopholes: Internet Explorer is much more dangerous to use as a

    browser than is Netscape Navigator. There are dangerous technologies

    in common programs that should be disabled or patched. There is a

    definite trend towards convergence in malware, with different types of

    programs supporting and distributing each other. Polymorphism has

    long been known in file infecting viruses: the use of variant subject

    lines in Klez is tame compared to the (literally) myriad forms of

    files generated by Tremor.

    Most importantly, however, your mother’s old adage still holds true.

    “DON’T RUN THAT PROGRAM ON YOUR COMPUTER! YOU DON’T KNOW WHERE IT’S

    BEEN!”

    Rob Slade is a data communications and security specialist from North

    Vancouver, British Columbia, Canada; A worldwide authority on computer

    viruses and anti-viral software. Over the past 15 years, he has

    reviewed countless versions of anti-viral software and analysed an

    even larger number of computer viruses. His latest book, “Viruses

    Revealed” (http://victoria.tc.ca/int-grps/books/techrev/bkvr.rvw)

    shows where computer viruses come from, how they spread, and how you

    can protect the computers you are responsible for.

    Full Bio on: http://victoria.tc.ca/int-grps/books/techrev/rms.htm

    ——————————

    WORKING GROUPS

    These are still in the process of being formed. More information soon.

    ——————————

    EVENTS DIARY

    ISOC ENGLAND PARTNER INTERNET WORLD AND NEXT TECH CONFERENCE

    The new event for the next generation of IT covering storage,

    webservices, outsourcing and networking. It’s a dedicated event

    with a strategic free conference, worth £795 and free exhibition

    - 11-13th June 2002, Earls Court, London.

    Register now for FREE on http://www.nextecheurope.com

    INET 2002, WASHINGTON DC, USA

    18 – 21 June 2002

    “Internet Crossroads: Where Technology and Policy Intersect”

    Book NOW to attend the Internet’s yearly Global conference

    whose main themes this year are about:

    Technology, Uses of Internet, Governance, Legislation & Regulation

    http://www.inet2002.org/

    ICANN MEETINGS IN BUCHAREST, ROMANIA – 24-28 JUNE 2002

    http://www.icann.org/announcements/announcement-13may02.htm

    THIRD WIRELESS WORLD CONFERENCE

    The Digital World Research Centre is pleased to announce its

    third annual conference on the social shaping of mobile futures,

    called the Third Wireless World Conference, on 17-18 July 2002.

    This year’s theme is “Location.”

    http://www.surrey.ac.uk/dwrc/wireless3.html

    OXFORD INTERNET INSTITUTE (OII) – (CASTING A WIDER NET)

    (Integrating Research and Policy on the Social Impacts of the Internet)

    27 September 2002

    Location: University of Oxford

    One of the 4 breakout sessions at this inaugural session at the OII

    is on Internet Governance and ICANN evolution or reform.

    Full details found on: http://www.oxfordevent.com

    For a full schedule of future meetings and events, please consult:

    http://www.england.isoc.org/event/index.rhtm

    ——————————

    IN THE NEXT ISSUE OF THE ISOC ENGLAND NEWSLETTER

    Don’t miss the next issue of the ISOC England Newsletter, where

    we will be reporting on the ISOC Election results, as well as looking

    at ICANN in more detail, and from other perspectives.

    ——————————

    Date: 01 Jan 2002 (LAST-MODIFIED)

    From: editor@england.isoc.org

    Subject: Abridged info on ISOC England

    ISOC England is a full chapter of the Internet Society in the UK.

    ISOC England is a voice of the future, creates awareness and

    promotes the Internet in the UK as a centre for business, government

    and cultural activities by working in partnership with many of the

    leading institutions, in government, academia, society and business.

    Our mission statement is:

    To assure the beneficial, open evolution of the global Internet and its

    related internetworking technologies and applications through leadership

    in standards, issues and education in England.

    For more information about ISOC England, turn to:

    http://www.england.isoc.org/about.rhtm

    CONTRIBUTIONS: letters to the editors, suggestions etc. should be

    sent to editor@england.isoc.org with a clear subject line. We reserve

    the right to amend and publish any letter sent to this address.

    ISOC England does not necessarily endorse the views contained in this

    newsletter which are the responsibility of their original poster. All

    contributions are considered as personal comments.

    Usual disclaimers apply.

    SUBSCRIBING to the monthly Newsletter (for free!):

    Send message to majordomo@gih.com with command:

    subscribe isoc-e-newsletter

    in the body of the message

    UNSUBSCRIBING

    Send message to majordomo@gih.com with command:

    unsubscribe isoc-e-newsletter

    in the body of the message

    NEWSLETTER ARCHIVES are held at:

    http://www.england.isoc.org/newsletter/index.rhtm

    Copyright (C) 2002 The Internet Society of England

    The ISOC England Newsletter is a free newsletter distributed to members

    of ISOC England. Permission to re-distribute this newsletter for FREE is

    granted to anybody, provided this copyright notice is included.

    ——————————

    End of ISOC-E Digest 1.03

    ************************