may the force be with you

Comment Back in 1972, by some accounts (http://www.livinginternet.com/e/ei.htm), a new form of communication known as email was born. It was a practical implementation of electronic messaging that was first seen on local timeshare computers in the 1960s. I can only imagine how much fun and revolutionary it must have been to use email in those early years, to have been at the bleeding edge of the curve.

Almost ten years later, in November 1981, Jonathan Postel published RFC 788 (http://rfc.sunsite.dk/rfc/rfc788.html) (later deprecated by RFC 821 (http://www.ietf.org/rfc/rfc0821.txt), also by Postel, and RFC 822 (http://www.ietf.org/rfc/rfc0822.txt) by David Crocker), thereby inventing the foundations of the Simple Mail Transport Protocol (SMTP) - a proposal that would revolutionize email again. Since that time, email has become as important an invention to the world as the telegraph and the telephone, and it has long been synonymous with the internet itself.

Twenty five years later, we still use essentially the same protocol. And email is a terrible mess. It's dangerous, insecure, unreliable, mostly unwanted, and out-of-control. It's the starting point for a myriad of criminal activity, banking scams, virus outbreaks, identity theft, extortion, stock promotion scams, and of course, the giant iceberg of spam (http://www.msnbc.msn.com/id/12480457/).

The problem is, email is now integral to the lives of perhaps a billion people, businesses, and critical applications around the world. It's a victim of its own success. It's a giant ship on a dangerous collision course. All sorts of brilliant, talented people today put far more work into fixing SMTP in various ways (with anti-virus, anti-phishing technologies, anti-spam, anti-spoofing cumbersome encryption technologies, and much more) than could have ever been foreseen in 1981. But it's all for naught.

A sinking ship

All the work spent fixing email is like rearranging the deck chairs on the Titanic. Email is a sinking ship and it should be abandoned just as other insecure technologies like telnet, ftp and the beloved Usenet nntp were "abandoned" years ago. All these old technologies actually live on and in some cases thrive (and in the case of the Usenet, still consume (http://en.wikipedia.org/wiki/Usenet) enormous amounts (http://www.google.com/search?hl=en&lr=&rls=en&q=Usenet+binary&btnG=Search) of bandwidth and offer very useful (http://groups.google.com/) information) but have been mostly superceded by newer protocols. Email should be abandoned in much the same way. The problem is, more people depend on email than ever before.

The main reason we will never win the email war against the spammers-phishers-scammers-botnets and their assorted ilk is we're bound by legal standards that limit the ways we can combat email abuse – unlike in the early days of the internet. The perpetrators are not bound by the law (http://www.securityfocus.com/news/11392). Therefore the good guys can't win. The only solution is to change the rules. We need to abandon our email infrastructure and concede that the spamming-phishing-virus-writing scumbags have won; moving on is only inevitable.

The problem is, we lack "something better" to abandon email for.

Starting from scratch

Email in its current form will never, ever, ever be spam-free. It will never be virus-phishing-scam free. It will cost companies and individuals billions of dollars (http://www.internetnews.com/ec-news/article.php/3350891) in theft, criminal activity, and the reality of spam will grow from the 50-70 per cent it is today to 90 per cent of all traffic. Email will continue to harm millions of people through banking scams, identity theft, viruses, and more. Email will never be secure, because it was never designed to be secure.

The only solution is to start from scratch. Develop a new email system and make it secure. Use existing, proven technologies and a few new and novel ideas – starting with the latest encoding mechanisms, a reliable hashing algorithm, fast compression, strong encryption and signatures. Build an electronic identity. Encode, hash, encrypt, compress, sign, and provide a novel way to share keys when needed, for example. I don't know how this will all turn out, but perhaps yEnc, MD5, AES, H.264, and GPG are some potential technologies that could be used together. A new transport protocol would need to be flexible enough that any of these technologies could be replaced, transparently to the user, as better and stronger options become available. It would need to be seamless for the client – no more messy GPG or other stop-gap solutions that few people actually use. Secure email should be a mandatory "secure bundle" of email that is safe for sending a credit card number to a business or someone I know.

I don't want to think about any of this when I send secure e-mail, however. I just want to type my email and press Send. If I need my secure identity plugged in, say, from a USB key, fine.

The basics of communication

One of the great joys of computers is that newer, better technologies supercede the older insecure ones, yet both the old and new generations still live happily together. There are so many examples of this, I won't even bother listing them here. A completely new, secure email system would be the internet's next big critical application. If it required IPv6 addressing, maybe secure email would also kill those ridiculous "tiered internet (http://news.bbc.co.uk/1/hi/technology/4552138.stm)" ideas with one stone. But I'm just thinking aloud.

---

I'm a messaging junkie. Today's store-and-forward email is fundamentally broken, but I still like the concept very much. Instant messaging is too instant, and peer-to-peer networking is, ironically, too anonymous. Video conferencing is fantastic – if it's someone you know, and they're online (and you've combed your hair). Written communication is never going away. We're tied into an antiquated email system that needs to be abandoned and replaced.

I would love to see a secure email system that did all the hard-crunching on the client and perhaps generated a unique private-public key for each piece of mail, without user interaction. However it is done, let's make it rather mathematically difficult to send email, and even more difficult to send email to many recipients – while the process remains very simple to the end user. Make it a requirement that one mail sent to a thousand recipients securely would require a very fast client doing unique encoding, hashing, compression, and encryption on each piece of mail just to send it. I enjoy the thought of a spammer needing a giant Bewolf cluster ranked rather high up in the Top 500 (http://www.top500.org/) list of supercomputers to send one piece of spam to ten million people. At that point, the source of spam and the spammer himself would be a little bit easier to track down.

Simply complex

Before you skip to the end of this column and submit your comment, telling me that I'm crazy or uninformed, understand that I realize the problem with email is very complex. It would be nice if the solution "appeared" to be rather simple. I've spent the past 18 years with an email address of some sort, dating back to 1988, and I get more email than most. But like most people, I'm just an end-user of email and it's very clear that email is a sinking ship. And millions of people were online in the 1980s before me.

Getting email clients to work with a new infrastructure will be a major hurdle, and the plumbing itself will take some time. Getting major ISPs and Yahoo Mail, Gmail and Hotmail to adapt an open solution will be even harder. Fine. There are many technical hurdles. But time and again, truly innovative technology will catch on. With the rise of the web, HTTPS and SSL, Napster, SSH, BitTorrent, and so much more, superior technologies have created many new storms.

With all the security problems stemming from 1981's nuclear explosion of SMTP, it seems only fitting that the bright minds in the security community should develop the internet's next killer app.

A gateway

Far too much effort is spent preserving today's name@somewhere.com format, to the exclusion of everything else. The @ symbol was a novel hack, so let's find a similar new one.

Maybe I'm dreaming, but a gateway from e-mail to a new secure e-mail infrastructure, electronic identity or e-num system might be the first place to start. Perhaps using one of the reserved symbols first outlined way back in RFC 821 or 822, whether it's a bangpath secure!name@somewhere.com, or secure?name@somewhere.com or name=secure@somewhere.com might work – but it would have to degrade nicely with current email systems. However it's done, a very simple, elegant solution would be a fantastic way to start.

I'm confident that there is no solution using today's massive email infrastructure problems, because so many bright people have been working on it for such a long time. Maybe I am indeed dreaming that we can "abandon" today's email SMTP much like the Usenet's NNTP was "abandoned" years ago for something better – because that "something better" for email still doesn't even exist.

Copyright © 2006, SecurityFocus (http://www.securityfocus.com/)

Kelly Martin has been working with networks and security since 1986, and he's editor for SecurityFocus, Symantec's online magazine.

source:http://www.theregister.co.uk/2006/06/01/ditch_email/print.html

NEW YORK (Reuters)—Microsoft Corp. said it expected Adobe Systems Inc. to file an antitrust suit in Europe after talks to use Adobe's technology broke down this week, according to the Wall Street Journal.

The two companies have been in discussions over the use of Adobe's Portable Document Format, or PDF, within Microsoft's Office suite of applications, the Journal reported, quoting Microsoft General Counsel Brad Smith.

Adobe wants Microsoft to remove the feature and offer Adobe's technology separately for a fee. Microsoft has agreed to remove the feature, but is unwilling to charge for it, the Journal reported.

Representatives of Microsoft and Adobe were not immediately reachable for comment.

In February, Adobe Chief Executive Bruce Chizen told Reuters he considered Microsoft to be the company's biggest concern. "The competitor I worry about most is Microsoft," Chizen said at the time.

Adobe's PDF technology lets producers create and distribute documents digitally that retain designs, pictures and formatting.

source:http://www.eweek.com/article2/0,1895,1970866,00.asp

The Eleventh Circuit in the case of Snow v. DirecTV held that a webmaster may not exclude certain persons from his site merely by telling them their access is unauthorized.

In this case, Michael Snow was the webmaster of Stop Corporate Extortion, a "private support group website for "individuals who have been, are being, or will be sued by any Corporate entity." In order to access Snow's site, a user was required to register a username and password, and to agree to a statement affirming that the user was not associated with DirecTV, inc. He claimed that several agents of DirecTV ignored this warning and accessed his site. According to Snow, such unauthorized access violated the Stored Communications Act (SCA), which forbids accessing an electronic communication "without authorization."

The Eleventh Circuit rejected this claim. According to the court, the SCA does not apply to communications which are "readily accessible to the general public." On Snow's site, any member of the general public could access the site by merely registering with a username and password and clicking on the words "I Agree to these terms." Such an easily surmountable barrier to access is, according to the court, insufficient to make a site not "readily acessible to the general public."

While the court did not explain just what sort of security measures would invoke the SCA, it did hint that a webmaster who "screens the registrants before granting access" would have a stronger claim than one who merely asks his registrants to "self screen[ ]."

source:http://www.acsblog.org/ip-and-tech-law-2883-11th-circuit-to-webmasters-telling-someone-to-go-away-doesnt-make-them.html

1. St. Francis Dam, 1928
Self-taught engineer William Mulholland built this LA dam on a defective foundation and ignored the geology of the surrounding canyon. He also dismissed cracks that formed as soon as the reservoir behind it was filled. Five days later, it ruptured, killing 450 people and destroying entire towns (along with Mulholland’s career).

2. Kansas City Hyatt walkways, 1981
Walkways crisscrossing the hotel’s multistory atrium collapsed, domino-style, raining debris and hundreds of people onto the packed dance contest below. The cause: grossly negligent design and use of beams that could support only 30 percent of the load.

3. Vasa, 1628
Three hundred years before the Titanic, the Vasa was the biggest sailing vessel of its day. The overloaded ship ruled the seas for all of a mile before she took on water through her too-low gun ports and promptly capsized.

4. Northeastern US power grid, 1965
A single protective relay tripped in Ontario, overloading nearby circuits and causing a cascade of outages that left 30 million homes without power for up to 13 hours. A fragile, redundancy-free design ensured that it would happen eventually. After decades of repairs and upgrades, it happened again in 2003.

5. McDonnell Douglas DC-10, 1970s
Nearly a thousand people around the world lost their lives while the kinks were being ironed out of this 290-ton competitor to Boeing’s 747. Blown-out cargo doors, shredded hydraulic lines, and engines dropped midflight were just a few of the behemoth’s early problems.

6. Firestone 500 tires, 1970s
These steel-belted radials allowed water to seep under the tread, which caused the belting to rust and the tread to separate, typically at high speeds. Dozens of deaths later, Firestone blamed consumers, then recalled 10 million tires.

7. Purity Distilling Company tank, 1919
You gotta keep your molasses somewhere – how about a rickety tank 50 feet tall and 90 feet in diameter in the middle of Boston? The structure was painted brown to hide the leaks. Eventually it burst (possibly exploding from fermentation), sending waves of molasses up to 15 feet high into the city and killing 21.

8. Skylab, 1973
America’s first space station was hopelessly damaged at launch because designers failed to account for the aerodynamics of the meteoroid shield and solar panels. When crews weren’t busy making repairs, they complained of the extreme heat on board.

9. Citigroup Center, 1978
Last-minute changes to structural braces of this Manhattan tower left it vulnerable to collapse in high winds. With a hurricane bearing down on the city, builders rushed to strengthen it by welding 2-inch steel plates over 200 weakly bolted joints.

10. R101 airship, 1930
Seven years before the Hindenburg disaster, the British thought 5.5 million cubic feet of hydrogen in a bubble of fabric would make for a fun way to get around. On her maiden flight, the airship’s cover was blown open by wind, and from there it was oh-the-humanity city.

source:http://www.wired.com/wired/archive/14.06/start.html?pg=9

It began with an impassioned, 5,000-word letter on one of China's most popular Internet bulletin boards, from a husband denouncing a student he suspected of carrying on an affair with his wife. Immediately, hundreds joined in the attack. "Let's use our keyboard and mouse in our hands as weapons," as one person wrote, "to chop out the heads of these adulterers, to pay for the sacrifice of the husband." Within days, the hundreds had grown to thousands, and then tens of thousands, with total strangers forming teams to hunt down the student's identity and address, hounding him out of his university and causing his family to barricade themselves inside their home. It was the latest example of a growing phenomenon the Chinese call Internet hunting, in which morality lessons are administered by online throngs and where anonymous Web users come together to investigate others and mete out punishment for offenses real and imagined. In recent cases, people have scrutinized husbands suspected of cheating on their wives, fraud on Internet auction sites, the secret lives of celebrities and unsolved crimes. One case that drew a huge following involved the poisoning of a Tsinghua University student - an event that dates to 1994, but was revived by curious strangers after word spread on the Internet that the only suspect in the case had been questioned and released. Even a recent scandal involving a top Chinese computer scientist dismissed for copying an American processor design came to light in part because of Internet hunting, with scores of online commentators raising questions about the project and putting pressure on the scientist's sponsors to look into allegations about intellectual property theft. While Internet wars can crop up anywhere, these cases have set off alarms in China, where this sort of crowd behavior has led to violence in the past. Many here draw disturbing parallels to the Cultural Revolution, whose 40th anniversary was in May. During that episode of Chinese history, mobs of students taunted and beat their professors and mass denunciations and show trials became common for a decade. In recent years, the Chinese government has gradually tightened controls, requiring, for example, that customers at Internet cafés provide identification. It also introduced an Internet policing system whose cartoon figure mascots show up on people's screens to remind them they are being monitored, and recently blocked access to the most popular blog search engine, the American company Technorati. There has been recurrent talk by the government of registering all Internet users, and many here worry that a wave of online threats and vigilantism could serve as a pretext to impose new limits on users. The affair of the cuckolded husband first came to public attention in mid- April, after the man, who goes by the Web name Freezing Blade, said he discovered online correspondence between his wife, Quiet Moon, and a college student, Bronze Mustache. Following an initial conversation, in which he forgave his wife, the man said he found messages on his wife's unattended computer that confirmed to him that the extramarital liaison was continuing. He then posted the letter denouncing Bronze Mustache by his real name, opening the floodgates. The case exploded on April 20, when a bulletin board manifesto against Bronze Mustache was published by someone under the name Spring Azalea. "We call on every company, every establishment, every office, school, hospital, shopping mall and public street to reject him," it said. "Don't accept him, don't admit him, don't identify with him until he makes a satisfying and convincing repentance." Impassioned people teamed up to uncover the student's address and telephone number, both of which were then posted online. Soon, people eager to denounce him showed up at his university and at his parents' house, forcing him to drop out of school and barricade himself with his family in their home. Others denounced the university for not expelling him, with one poster saying it should be "bombed by Iranian missiles." Many others, meanwhile, said the student should be beaten or beheaded, or that he and the married woman should be put in a "pig cage" and drowned. "Right from the beginning, every day there have been people calling and coming to our house, and we have all been very upset," said the student's father, who was interviewed by telephone but declined to provide his name. "This is an awful thing, and the Internet companies should stop these attacks, but we haven't spoken with them. I wouldn't know whom to speak to." In hopes of quieting the criticism, Bronze Mustache issued a six-minute online video denying any affair with Quiet Moon, whom he is said to have met at a gathering of enthusiasts of the online game "World of Warcraft." At the same time, Freezing Blade has twice asked people to call off the attacks, even joining in the denials of an affair - all to no avail. At its height, the Bronze Mustache case accounted for huge traffic increases on China's Internet bulletin boards, including a nearly 10 percent increase in daily traffic on Tianya, the bulletin board with the most users. In many countries, electronic bulletin boards hark back to the earliest days of the Internet, before Web browsers were common, and when text messages were posted in static fashion in stark black and white. In today's China, however, bulletin boards have been colorfully updated and remain at the heart of the country's Internet culture. "Our Web site is a platform, not a court," said Zeng Lu, a Web master for Tianya, which boasts 40 million page visits daily and says it is the world's largest bulletin board. "We cannot judge who is a good or bad person by some moral standard, but we have our own bottom line. If it's a personal attack on someone, we delete it, but it is very difficult, given that we have 10 million users." Although concerned about online threats, advocates of free speech say that is no reason for the Chinese authorities to place further limits on the Internet. "The Internet should be free, and I have always opposed the idea of registering users, because this is perhaps the only channel we have for free discussion," said Zhu Dake, a sociologist and cultural critic at Tongji University in Shanghai. "On the other hand, the Internet is being distorted. This creates a very difficult dilemma for us." Zhan Jiang, a professor of journalism, also defended open discussion on the Internet. "As freedom of expression is not well protected here, we have to choose the lighter of two evils," said Zhan, who teaches at China Youth University of Political Science, in Beijing. "The minority who are hurting other people in such cases should be prevented, but this behavior should not disturb the majority's freedom of expression." But there are drawbacks to unfettered discussion, as the Bronze Mustache case illustrates. "What we Internet users are doing is fulfilling our social obligations," said one man who posted a lengthy attack on the college student and his alleged affair. "We cannot let our society fall into such a low state." Asked how he would react if people began publishing online allegations about his private life, he answered, "I believe strongly in the traditional saying that if you've done nothing wrong, you don't fear the knock on your door at midnight."

source:http://www.iht.com/articles/2006/05/31/business/chinet.php

To recover files, victims are asked to buy drugs online

Do not panic if your data is hidden by virus writers demanding a ransom.

Poor programming has allowed anti-virus companies to discover the password to retrieve the hijacked data inside a virus that has claimed at least one UK victim.

The Archiveus virus caught out British nurse Helen Barrow and swapped her data with a password-protected file.

The virus is the latest example of so-called "ransomware" that tries to extort cash from victims.

Code breaker

Analysis of Archiveus has revealed that the password to unlock the file containing all the hijacked files is contained within the code of the virus itself.

When I realised what had happened, I just felt sick to the core Helen Barrow

This virus swaps files found in the "My Documents" folder on Windows with a single file protected by a 30-digit password. Victims are only told the password if they buy drugs from one of three online pharmacies.

The 30-digit password locking the files is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw". Using the password should restore all the hijacked files.

"Now the password has been uncovered, there should be no reason for anyone hit by this ransomware attack to have to make any payments to the criminals behind it," said Graham Cluley, senior technology consultant for security firm Sophos.

Archiveus was discovered on 6 May but it took the rest of the month for the first victim, Rochdale nurse Helen Barrow, to emerge.

Ms Barrow is thought to have fallen victim when she responded to an on-screen message warning her that her computer had contracted another unnamed virus. The virus asks those it infects to buy drugs on one of three websites to get their files back.

"When I realised what had happened, I just felt sick to the core," said Ms Barrow about the incident.

The Archiveus virus is only the latest in a series of malicious programs used by extortionists to extract cash from victims. Archiveus seems to use some parts of another ransoming virus called Cryzip that was circulating in March 2006.

source:http://news.bbc.co.uk/1/hi/technology/5038330.stm

"Computerworld's Scot Finnie details 20 things you won't like in Windows Vista, with a visual tour to prove it. He says that MS has favored security over end-user productivity, making the user feel like a rat caught in a maze with all the protect-you-from-yourself password-entry and 'Continue' boxes required by the User Account Controls feature." From the article: "In its supreme state of being, Microsoft knows precisely what's best for you. It knows that because its well-implemented new Sleep mode uses very little electricity and also takes only two or three seconds to either shut down or restart, you want to use this mode to 'turn off' your computer, whether you realize it or not. It wants to teach you about what's best. It wants to make it harder for you to make a mistake."

source:http://slashdot.org/article.pl?sid=06/06/01/1638216

E-mails released in court suggest chipmakers including Micron and Hynix fixed prices as part of a coordinated effort to hurt Rambus

Chip technology designer Rambus may have just gotten a big leg up in a legal battle against chipmakers it has accused of fixing prices in the memory chip market. A cache of newly released e-mail messages shows those companies shared information on pricing and suggests their actions were motivated by a desire to shove a Rambus-backed technology out of the market.

The e-mails are contained in documents that have previously been sealed under a protective order. Rambus prevailed in convincing the judge to unseal the documents, and the protective order expired May 31. Rambus provided copies of the documents to BusinessWeek Online.

DISPUTES REMAIN. Micron Technology (MU) Samsung, and Hynix Semiconductor have already admitted to conspiracy to fix prices on computer memory chips during a period starting in 1999 and ending in 2002. The admission followed a a four-year investigation by the Justice Dept. that resulted in more than $700 million in fines, and jail terms for several executives of those companies.

But in 2004, Rambus (RMBS) filed its own antitrust lawsuit in a California state court in San Francisco. The suit alleges that Micron, Hynix, Samsung, and Infineon Technologies (IFX) colluded to fix prices on computer memory chips from 1999 to 2002 in such a way as to drive a type of chip on which Rambus held many patents out of the market. Rambus has since settled all outstanding legal disputes with Infineon, but the fight with the other three is pending.

The companies worked together to improve prices on a competing type of memory chip in order to discourage computer makers like Dell (DELL), Hewlett-Packard (HPQ), Gateway (GTW), and others from adopting a type of memory known as Direct Rambus Dynamic Random Access Memory (RDRAM) in their computers, and instead favor a competing type of memory chip known as Double Data Rate DRAM (DDR-DRAM).

E-MAIL TRAIL. One e-mail, dated June 5, 2001, from Micron Vice-President Linda Turner to other Micron employees was in response to worries about prices on DDR-DRAM that had been falling. "No problem!," Turner wrote. "We want DDR to explode in the marketplace so have actually been requesting Infineon, Samsung, and Hynix to lower their DDR pricing to help it become a standard (and drive Rambus away completely)."

An earlier e-mail, dated Feb. 16, 2000, from Micron sales representative Tom Addie to a Micron sales manager identified as "mgrant," suggests that Micron was worried about PC makers showing strong interest in the Rambus-designed RDRAM memory chips, which were being manufactured by Samsung.

Addie wrote in the e-mail that someone at Samsung had told him that Compaq was "pressing hard for Rambus support" based on "success that Dell was having" using the chips in its products. A later email to Addie, dated May 22, from a Micron account manager named Bill Lauer asks if Addie can "check in with your Sammy contacts," referring to Samsung.

STRONG COUNTEROFFENSIVE. Yet another e-mail dated July 3, 2001, this one between employees of Hynix, discusses setting up a meeting with Micron Vice-President Mike Sadler "to discuss with us measures to stabilize the market price."

The chip companies have repeatedly sought to portray the price-fixing to which they admitted in the Justice Dept. antitrust investigation as being unrelated to the matters in the Rambus case. Micron released a written statement portraying the Rambus technology as having failed in the marketplace on its own technical and other merits relative to other chip technologies available at the time.

"The Rambus lawsuit relates to the failure of RDRAM in the marketplace, which is unrelated to the Department of Justice's price-fixing investigation,” Micron says. "Rambus has attempted to bootstrap the DOJ price-fixing investigation into a supposed boycott of Rambus DRAM. Rambus DRAM was a failure in the marketplace because it was too costly and any performance differentials were not sufficient to justify the inherit cost differences." Messages left for attorneys representing Hynix were not immediately returned.

ROYALTY-RESISTANT. At the heart of the cases are efforts by Rambus and other companies to persuade computer makers of the merits of competing memory chip technologies. Rambus, with help from Intel (INTC), had sought to nudge the computer industry to adopt RDRAM as the new standard for personal computers and servers. RDRAM chips were supposedly much faster than memory chips used at the time. The trick was convincing the memory chip companies to go along with it.

That wasn't easy. Chipmakers -- Micron especially -- hated RDRAM for one reason: It required paying stiff royalties and licensing fees to Rambus. Their DDR-DRAM wasn't as fast, but didn’t have expensive Rambus patents tied to it.

What followed was nothing short of World War III in the memory chip world, and in fact, the battle isn't over yet. When RDRAM failed to succeed in the market, Rambus asserted fundamental patents on DDR-DRAM. The result was a mind-bendingly complex series of lawsuits filed in venues as disparate as Virginia and Italy, in which Rambus has sought to enforce patents on DDR-DRAM, while the chip companies sought to have those patents invalidated.

RECORD FINES. In the investigation launched in June, 2002, the Justice Dept. has already levied $731 million in fines against other memory chip manufacturers, including Infineon, South Korea’s Samsung, and Hynix Semiconductor, and also against Japan’s Elpida. The collective fines are the largest ever handed down by the U.S. government in an antitrust case.

The investigation has also resulted in jail time for executives from all four companies, the most recent being four Hynix executives who agreed to terms ranging from five to eight months in jail, and one Micron executive who pled guilty to tampering with evidence.

In its statement, Micron reiterated a commitment to cooperate with the Justice Dept.'s ongoing investigation, in which it is participating under a corporate leniency program. Micron has said it doesn't expect any prosecution, fines, or penalties related to the Justice Dept.'s case. The exact provisions of that agreement have not been disclosed, nor has the full scope of Micron's role in the conspiracy been revealed.

source:http://www.businessweek.com/technology/content/jun2006/tc20060601_714385.htm