Domainz has had a rough year: a vote of no confidence in the board saw them all step down; the CEO was called names and sued (the judgement in the defamation case is still pending). The CEO then resigned and left the country after overseeing the development of a domain name registry system (DRS) to replace an ageing University of Waikato platform. The cost of the system was budgeted at $400,000. The contract went to Glazier Systems, which was bought by Advantage Group, but has since been split off and sold back to members of the original management team. Meantime, the actual system cost well over $700,000. Now Domainz says it will scrap it and build a whole new one next year.
Finally, though, Domainz can see light at the end of the tunnel. It has another new CEO, a new board and direction from its owner, InternetNZ (formerly the Internet Society) which will see it lose its monopoly on access to the registry and which should see it become easier and cheaper for New Zealanders to register domain names.
Domainz has dealt with record levels of registration this year, along with a 49% rise in revenue to $4.5 million. And with the defamation case behind it - almost - it can now look forward to "more fruitful endeavours", in the words of its annual report.
Domainz system to be scrapped - IDGNet
Domainz makes $4.5m out of .nz - IDGNet
New CEO appointed for Domainz - IDGNet
Changes proposed for Crimes Bill
The recent conviction of Aucklander Andrew Garrett on charges relating to the theft of passwords to internet user accounts has highlighted the lack of legislation in the area of hacking. The judge and jury in the Manukau District court trial heard about "magnetic particles" and whether or not they could be stolen. The law in question is based on one written hundreds of years ago and obviously intangible things like electricity, data and Microsoft weren't part of the original draft.
Paul Swain's Crimes Amendment Bill (number six) sets out to change that. It introduces a raft of e-crimes, makes it clear that things like passwords and data can actually be stolen and tidies up some loose ends that allow people to steal money legally so long as it's transferred to their accounts electronically.
This was pretty much universally heralded as "about bloody time" and has received support from the police, law society, judges and IT sector. However, Swain also introduced an amendment to the amendment in the form of Supplementary Order Paper number 85. This allows the police, SIS and GCSB to be excluded from the bill's crimes and allows them to hack into systems, monitor email and the like, all in the name of the common good.
The bill has just passed through the parliamentary select committee stage and the committee has made its recommendations after hearing public submissions. The committee made some changes, introduced the crime of "denial of service attacks" and ended its commentary with the jaunty note: "We consider that overall the bill and the SOP will strengthen privacy protection and does not significantly increase the powers of the State to intrude on individual privacy".
The bill has the support of both major parties and is expected to have a relatively smooth ride through the rest of its transition to law.
Changes proposed for Crimes Amendment Bill - IDGNet
Clearance for e-mail snoops - NZ Herald
Dialogue: Privacy? Our MPs can't tell a secret - NZ Herald
Virus load tails off finally
IT immune systems are running hot around the country this week following a bit of a battering from two major viruses.
The first started out quite quietly: the "Sircam" virus came with what's called polymorphic text; that is, it changed its subject line and the content of its email message to better disguise itself. Symantec had it listed at 3 on its severity scale (which goes up to 5) but had to upgrade it to a 4, probably because users insisted on opening the damned thing's attachment. Part of its payload was to send a randomly selected document out from the user's hard drive to the user's email list (assuming you were using Microsoft Outlook, of course), which could prove embarrassing to say the least.
The second virus was amusing to watch from a safe distance: the Code Red worm worked on a security hole in Microsoft's Internet Information Server (IIS) systems. Rather than attacking a network via its end users, this nasty went looking for IIS. Once it was in it had a number of payloads, one of which was to join in on a massive distributed denial of service attack on the White House's website (www.whitehouse.gov) in the US. Estimates put the total number of infected servers at over 250,000 worldwide.
Microsoft played its trump card: administrators were warned about the hole last month and should have applied the security patch Microsoft posted to its site. Sadly, someone should have told the webmaster at Microsoft's own Update site which, it is alleged, fell victim to the worm.
The moral of the story, if there is one: don't open any unsolicited attachments at all, even if they're from people you know. Or perhaps the moral is don't use Microsoft's products until such time as they're sold with the hatches already battened down.
New worm attacks MS IIS systems - IDGNet
Attack on White House website has NZ echoes - NZ Herald
Pentagon cuts website access to protect against virus - NZ Herald
New variant of Code Red worm found - IDGNet
Hey Sircam, Where'd You Go? - Wired