Security Bullet In

PC makers will no longer have to pre-install Green Dam censorware on PCs in China, the government has announced.

The official Xinhua news agency reported on Thursday that Li Yizhong, China's minister of industry and information technology, had announced that consumers would not have to install the software. Schools and internet cafes will still be compelled to install Green Dam, Li added.

"Installation is intended to block violent and pornographic content on the Internet to protect children," said Li.

Green Dam was initially to have been rolled out from the beginning of July. However, the Chinese government delayed its rollout following revelations of serious security flaws in the software, which could have allowed hackers to build a huge botnet. The software also could have allowed updates from criminals or government agencies, leading to accusations of its being spyware. In addition, US firm CyberSitter claimed that huge swathes of the blacklisting code used in Green Dam were in fact CyberSitter proprietary code.

Both the US and the EU asked the Chinese to rethink Green Dam, while PC manufacturers also lobbied the government.

Popular micro-blogging site Twitter has suffered a denial of service attack.

The site was inaccessible from approximately 3pm BST for over an hour. The site is now back up and running, but according to a Twitter status page it is still under attack.

"We are defending against a denial-of-service attack, and will update status again shortly," said the status page.

"Update: the site is back up, but we are continuing to defend against and recover from this attack," the page continued.

Programmer Barrett Lyon wrote in a blog post that site congestion was indicative of a denial of service attack. He said that Twitter appeared to only use one network provider (NTT), which he said was "rather insane these days", as it makes it easier to attack.

Lyon used the traceroute tool to chart the "hops" information packets take as they move through the internet. The programmer said that traffic got congested at hop six, indicating "something [was] very wrong".

Twitter was also trying Ddos mitigation techniques, said Lyon, including http redirect -- the hope being that bots wouldn't follow the redirect.

Meanwhile, Twitter's newly instituted malware filter was said to have shortcomings by researcher Dancho Danchev on Tuesday.

The Electronic Frontier Foundation has said the legality of US law enforcement wiretapping foreign internet telephony providers is unclear.

US wiretapping law, called the Communications Assistance for Law Enforcement Act (CALEA), does not make clear how legal it is for US law enforcement to intercept VoIP information packets from overseas VoIP providers, EFF told ZDNet UK on Friday.

"In context, it's difficult to say [how legal it would be]," said EFF senior staff attorney Lee Tien. "CALEA wiretapping is based on the idea that you get lawful authorization, for example a interception order or warrant. But you typically need to identify the target of a wiretap, and that could be problematic for a foreign VoIP provider. Second, the foreign VoIP carrier might be outside the US, which poses problems for the warrant procedure. "

Tien was fairly sure that Title III of the act, which deals with a standardised format that ISPs must use to present wiretap data, is not effective outside the US.

"The physical wire is in the US, so you could lawfully sniff the wire if you knew where and how, but often law enforcement needs assistance from the provider, not just access to the wire," Tien added. "If the foreign VoIP carrier had an office in the US, that would be different."

Tien was responding to a ZDNet UK request for comment prompted by the leak of a US VoIP wiretap document to whistleblower site Wikileaks.

The document, which was purportedly produced by Minnesota Joint Analysis Center, says that wiretapping foreign VoIP providers is probably not legal for US police.

"CALEA requires that VoIP carriers provide law enforcement agencies the means, with the proper warrants, to tap into and record voice
conversations and to trace the source and destination of calls made through the carrier’s networks," said the document. "However, due to the international nature of the Internet, it may be impossible to legally wiretap conversations that are supported by foreign VoIP offering companies."

Technology developed by HP to enable secure communications networks to be set up via a web-browser should not be used by dissidents, HP has said.

One of the co-developers of HP's browser-based darknet told ZDNet UK on Thursday that the encrypted file-sharing technology should not be used by protesters to mask communications in places such as Iran or China.

"The situation in Iran and China we don't want to touch," said HP security researcher Matt Wood. "There are dissidents whose lives are at stake. We don't want to advocate the uses of any tool, or advocate our darknet, or any darknet - TOR can be abused."

However, Wood said that he could envisage the darknet being used as a whistle-blower tool akin to Wikileaks.

"Reporters upload documents to Wikileaks, but the reality of the situation is if the UK or US government got a subpoena for a Wikileaks server they could look at the logs," said Wood. "One of the benefits of a darknet is computers are distributed [and encrypted]."

Wood accepted that criminals could also use the technology to communicate securely, but said that was not a reason to discount the idea of a browser-based darknet.

"Everything is a double-edged sword," said Wood. "I could take my shoe and hit someone, but we won't outlaw shoes."

Wood and fellow HP researcher Billy Hoffman will demonstrate their darknet, called 'Veiled', at the Black Hat security conference in Las Vegas on Friday.

Labour MP Andrew MacKinlay will not run at the next election after becoming disillusioned with the government over the extradition of Nasa hacker Gary McKinnon.

The Times reported on Friday that MacKinlay would step down after a vote to review the UK/US extradition treaty was supported by only ten MPs. Seventy-four MPs had previously expressed support for McKinnon's fight.

MacKinlay, who himself voted for a review of the law, blamed the influence of government whips on the poor turnout for the vote.

"In instances like the McKinnon case, which relate to people's rights and liberties as well as common sense, you should just spurn the diktats and the whips," MacKinlay told the Times.

Mr MacKinlay was not available for comment on Monday - parliament went into an extra-long summer recess on Friday. However, one of his consituency workers told ZDNet UK on Monday that MacKinley would be stepping down.

"He's going to retire," said the worker. "[The McKinnon case] is part of it, but at sixty years of age he's beginning to feel the job a bit."

Gary McKinnon stands accused of hacking into US Army, Navy, Air Force, Department of Defence, Pentagon, and Nasa computers in 2001. McKinnon, who says he was looking for evidence of UFOs when he accessed the systems, was diagnosed with Asperger's syndrome last August.

The UK/US extradition treaty was put up as a possible subject for parliamentary review, as from the ratification of the Extradition Act 2003 US prosecutors have not had to provide prima facie evidence of wrongdoing to secure the extradition of a UK citizen. The treaty is not reciprocal.