XBiz News: 07-10-03

Stephen Yagielowicz

This week’s XBiz News looks at the outcome of recent international hacking efforts, fake domain name renewal offers, and a court ruling that clears the way for search engine’s to generate and link to thumbnail images...

Anti-Porn Website Hit by Hackers
According to founder and owner Fang Xingdong, the Chinese website, which has been highly critical of online porn services, has fallen victim to organized hackers who staged a 40-plus hour long hack assault, between July 4th and 6th, and remains unavailable for access, with users not being able to log in.

A well known Web critic with a comprehensive knowledge of China's online scene, Fang’s site had recently begun a campaign against online porn services, especially the growing number of SMS providers, and even Chinese search engines - which serve as popular directories to porn sites.

While not identifying possible culprits, Fang suspects that these attacks might actually be ‘acts of revenge’ by adult webmasters due to his anti-porn articles, and hopes that the "illegal" attacks will end soon.

Impact of the "Defacer's Challenge"
While a well-publicized ‘hacker contest’ held over the July 4th weekend was responsible for defacing or shutting down hundreds of sites around the world, experts are divided over the actual impact of the "Defacer's Challenge" noting that most major e-commerce and government sites withstood the attacks.

Zone-H, which monitors hacking attempts, and is based in Estonia, issued a statement saying "…July 6th has to be remembered as the messiest day in the whole Internet history…" They also credited the high profile media attention with attracting more hackers to the contest. "Nothing would have happened, if only the media didn't pay so much attention turning a non-case into something useful to fill the empty summer newspapers…" Zone-H also releases an incomplete list of the sites that were successfully shut down or defaced. A global attack, the ‘victims’ were found in countries such as the US, Germany, France, Brazil and the Netherlands.

TruSecure, a US-based security firm, believes that the so-called contest could have been the work of a single individual who preyed upon a few poorly secured sites, stating that "This contest was invisible in the underground…" adding that several security experts "…seized upon this marginal, fringe effort and [have] given it far more publicity than it deserves."

Internet Security Systems’ Peter Allor, the X-Force threat analysis center manager, claimed that Zone-H’s count of affected sites (after removing duplicates) numbered around 500-600 sites, adding that such attacks are often not reported, since site owners do not want to draw attention to security vulnerabilities. According to Allor, "A lot of folks who may not have been aware of security issues before certainly became aware of them this past week…"

The "Defacer's Challenge" was promoted by malicious "black hat" hackers, and while their site had been closed by their web host, it returned, announcing that the contest had ended and that prizes would soon be awarded. A statement on the hacker’s site claimed "I have a good news about the awardings, two guys offer to me more two webhosting packages, so now will have awardings, for first, second and third winners… The points will be counted and published here day 8th july."

SE's Can Link Thumbnails
The 9th U.S. Circuit Court of Appeals has ruled that a search engines' display of miniature images is fair use under copyright law, however they did not decide upon the displaying of full-size images.

Arriba Soft (formerly known as sees the decision as a partial win in its case against Leslie Kelly, a photographer who sued Arriba Soft for copyright infringement after the company's software recorded both thumbnail and full-size images of Kelly's digital photos, making them accessible through their search engine.

Ruling that while the use of thumbnail images by search engines is legal, the court overturned a previous ruling on the display of full-size images, finding such a provision to be beyond the scope of fair use. This holds Arriba Soft liable for copyright infringement, since they used in-line linking or framing to open a new window displaying the full-size images - a technique also used by Google, Lycos and AltaVista.

According to the opinion, "As to the first action (on thumbnails), the district court correctly found that Arriba's use was fair. However, as to the second action, we conclude that (the U.S. Central District Court of California) should not have reached the issue, because neither party moved for summary judgment as to the full-size images…"

The plaintiff's attorney, Steve Krongold, commented "We do not agree that displaying full-size images, which were taken from another person's Web site and used to sell products and services at Arriba Soft, is a fair use of that image…"

Filing a brief asking the court to allow links to copyrighted images, the Electronic Frontier Foundation viewed this decision as a victory. EFF Senior Staff Attorney Fred von Lohmann said "Web site owners can rest a bit easier about linking to copyrighted materials online… By revising its ruling, the court removed a copyright iceberg from the main shipping lanes of the World Wide Web." This case has been ordered to go to trial.

Fake Domain Name Renewal Spam
Online businesses are being cautioned about a recent upsurge in spammers sending domain name holders bogus .biz and .info renewal notices, warning them that their domain name is set to expire, then asking for payment of ongoing registration fees.

One such company under investigation in this case is known as "Dot Biz Domain Renewal," which is accused of trying to take advantage of the first round of .biz and .info domain renewals, which are scheduled to begin in October, allegedly attempting to profit from consumer’s uncertainty about the renewal process.

According to domain name reseller ‘Internetters’ director, Ken Sorrie, "This kind of foul play is bringing the industry into disrepute. Because some companies are unable to get business through respected methods, they resort to spamming. There is now enormous pressure for ICANN to introduce a code of practice and enforce registrar contracts." Sorrie also warned "… that some registrants are not aware that if they want to move away from their registration company they need to obtain their authorization code from that company to pass onto to the new registration company. Many unscrupulous resellers are either not giving the authorization codes to their customers, or are imposing ‘release fees’ to move away."

Stay tuned for more news next week! ~ Stephen