Releasing this Webkit hack is a good thing mostly. Sure malicious folks 'Might' use it for their purposes. My question is why hasn't Google provided a patch fix for versions prior to 2.2 and/or are they working on one avaliable for download?

Depending on whose maps as original source documents for Google maps was, that Google at least played a significant part in this international incident. I would kindly suggest that Google do an in depth review of their Google Maps App and in the doing of same, insure that they are using accurate original source data. In the mean time, Google would better serve the world if for a time they took down Google maps so as not to be a cause of potential cause of future incidents such as this one lest someone get injured of killed as a result unnecessarily.

Seems that the 'Pirates' web sites that were earlier DDos attacked by MPAA members web sites were in turn counter attacked. Shades of "sew the wind, reap the whirlwind"? From my perspective this battle is heating up in exactly the wrong direction and may spread beyond what both factions may have expected of desire. The whole tit-for-tat attitude is not going to solve the precieved problems of either... It also seems relatively evident that if the MPAA and it's members websites had taken proper and available security precautions to protect their Intellectual property in the first place the "Pirates" would have been thwarted long ago now...

agreed that this is absolutely ridiciolous. What this article/story doesn't tell you is that often times via certain sorts of malicious cookies and javascripts malicious "Uploads" to your computer/PC as hidden graphic files can and are often sent to you. Livewire is famous for this sort of activity.

As someone that once maintained the NWP-16 ( Nucular publication #16 ) which
amongst other things, documented the detination frequencies and fail
safe codes of all nucular weapons the united states had and has today,
their is a possibility that even with revolving random frequency
transmission via MUX gear a hacker could pre-detinate or emergency
distruct one of more existing warheads not currently deployed. Other
than that the remainder of this report is of very little actual value
or accurately demonstrates any threat from cyberterrorists.

Regards,
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@ix.netcom.com
My Phone: 214-244-4827

Well isn't this just peachy! How utterly ludicrous in the extreme. Next thing you know is that the RIAA as plaintiffs will be asking for a summery judgment without the objection of the defense or the judges further consideration. It's simply not believable that the RIAA or any judge that deserves to be sitting on the benchm Judge Bybee being one that might be an exception for the moment, could possible allow such nonsense. I am surprised that this judge did not hold the RIAA lawyers in contempt for such a motion. Jeffrey A. Williams J.D Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

Two possible if no likely soon to be recognized problems with this plan. First Verisign, once owned by Networksolutions will be the signing authority for the root servers it currently manages under contract for the USG, and second NIST's recently released standard for signing of these certs for DNSSEC are well known to be weak amongst security professionals like myself. Jeffrey A. Williams CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

Again we see how inane the RIAA has become, and how "Often Wrong" their assertions in objection often are. Seems to me that the Federal court system has properly gotten clued on the lack of good juris prudence the RIAA often seems to practice. I have to wonder when ICANN's vaunted IPC Constituency will be disbanded of which the RIAA is a prominant member. Frankly the RIAA is making the IPC look bad if not preditory. In the future, we all should be hopful that the DOJ doesn't follow suit especially sense 6 of the new Intelectual Property Divisions were hired away from law firms that represented landmark legal cases for the RIAA, of which several were badly lost. As such this does not engender to me a very good win/loss track record, nor demonstrating the best interests of the public as a whole. FWIW it would be a very good idea for the RIAA to rethink it's legal stratagy as it would for the DOJ's new IP divisions additions, and for ICANN's IPC to rethink it's membership. Regards, CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

Well here comes the $$ factor... Nearly 50% profit! Gee seems a bit greedy to me, and that's without the service access fees. I wonder, does this come with fries, or maybe a few free book choices at least? >:) Yes we can! >:) Maybe their pricing guru's were hired from recently laid off Wall Street traders/execs explains this whopping rip off... Or maybe the price reflects the Amazon executive bonus program? Whichever no sale here. I am not that big of a sucker...

Good hacker/crackers that sometimes supply spam bots will not likely share their code for free. They want real bucks for that stuff. They know that it will cost huge sums to eventually circumvent their code or methods and they also have a pride consideration as well. Black hat hackers and dedicated spammers can at any time sooner rather than later, build new code to address stronger security. CAPTCHA is too easy to circumvent or route around. Good strong encryption is the best solution, and requiring encrypted sign on's as well as passwords that are changed frequently will serve far better than CAPTCHA has or ever will. CAPTCHA only thwarts the rookies. Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

First of all I personally believe that this case was justly decided, nor decided strictly on the facts. But obviously the swedish court disagreed with my personal belief. I don't see Google being largely effected by this case, unless ACTA will contain new global copywrite provisions and is ratified by congress and signed by the president, that would uphold copywrite violations of any sort however remote upon any countries peoples or corporations in any other country by statute, OR Google's service is not adaquately legally protected as to how it's users access and download copywritten material. Ergo they could potentially, but unlikely be partly liable as aiding and abeting such piracy of copywritten material by any of it's users and did not take specific precautions to prevent such occureances on their managed systems accordingly, even if hacked or hijacked temporarly. Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

As a CSO myself I see that there is both wisdom and dragons in this decision by Barack. The wisdom in a nutshell is that he is not technically bias, which says allot of innovation and capitalizing on that. The Dragons are many and varried. He could be snowed into believing in smoke and mirrors technology that is dangerous to users of government systems and new proposes systems such as EMR Electronic medical records for medicare/medicade and the Vetrans administration, that may not fully protect members of the public appropriately or fully. Another dragon is that he will be pulled in several directions by big players such a Google and Microsoft of which Google is a known favorite of Vivek Kundra, CIO for the administration. As we all know Google is not now nor has it ever been particularly interested in users privacy or data security of PII data as their TOS'es clearly indicate numorous court cases have documented, and have demonstrated, with too early releases of Chrome, ect., as a glaring examples and MS has done with Vista. Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

Several problems with CIPAV that are not well known. 1.) is that some spyware dectors can detect and remove CIPAV immediately upon detecting. 2.) CIPAV doesn't work well with pooled or shared IP addresses, 3.) CIPAV doesn't works at all with IPv6, IPv8, or the Chinese IPv9, and 4.) Any evidance CIPAV collects does not assume that the IP it is tracking could have been hijacked to begin with and inserting web page addresses, MAC addresses, ect., ect. But of course the FBI will never tell anyone this nor will they easily admit same if challanged. Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

First, thank you Richard for highlighting this bug
and the overall problems with Google support for
Apps., ect.
Second, some time ago ( I don't recall exactly when )
one of my engineers that does security pro-active
testing of SAAS apps., and many others, found this
very problem and reported it to Google accordingly,
and got the first response Richard got repeatedly
after repeatedly reporting this bug. This seems to
be very concerning as some of you may know that
Veveck Kundra is very pro Google and will be looking
towards Google to help the USG's many interactive Apps.
as a solution, as he has done in the past. So when
Google takes 3 weeks to finally address an already
previously reported bug, and than finnaly addresses
it, such becomes very worrysome and not boad well
for applying Google based Apps. solutions to USG's
needs, even if the price is right.

    To me, as a security professional ( CTO ) this
concerns me and other security pros like myself
rather significantly.

Regards,

Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
      Abraham Lincoln
"YES WE CAN!" Barack ( Berry ) Obama

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]

Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@ix.netcom.com
My Phone: 214-244-4827