Web Hosts Might Be Forced To Snoop Customers’ Activities

April 30, 2006

US goverment would go after the EU by implementing a policy that force Internet service providers to retain records of their customers activities. The idea of snooping the internet surfers activity gained traction in the U.S. Congress, last week when Attorney General Alberto Gonzales (R), gave a speech saying that data retention by Internet service providers is an “issue that must be addressed.”

CNet’s web site News.com reported Gonzales warned child pornography investigations have been “hampered” because data might be routinely deleted. Democratic party members propose similiar actions and preparing to introduce an amendment that would make such data deletion illegal. Congressmen from both parties said any Internet service that “enables users to access content” must permanently retain records that would permit police to identify users.

The records could not be discarded until at least one year after the customer’s account was closed. It’s not clear at this time whether that requirement would be limited to e-mail providers and ISP’s only or it would make web hosting companies to keep data about e-mail correspondence sent and received from their servers.

An expansive reading of Colorado Republican Diana DeGette’s proposal would require every website owner to retain those records. Any details related to new bill’s enforcement would be left to the Federal Communications Commission.

Mambo Hosts, Be Aware of Hackers

March 16, 2006

Netcrat warned that hackers are actively seeking out unpatched versions of the Mambo content management system (CSM), which recently repaired a serious security hole. The latest exploit attempts target a different vulnerability than the Mare.D worm, which grabbed headlines last month but apparently did limited damage to Mambo sites. Sites running on Mambo should upgrade to the latest version as soon as possible.

Threee weeks ago a company called GulfTech Security Research announced vulnerabilities in Mambo that could allow a server compromise by a remote attacker, including several methods of an SQL injection attack. The company has also found a way for attackers to use Mambo’s file inclusion features to breach system security. Last July Bercegay discovered a weakness in XML-RPC libraries used by numerous PHP-based blogging and content management apps.

More on Netrcraft’s web site, thanks to Rich Miller.

« Previous Page