In brief: 3Com moves east

Plus: Cisco warns of vulnerabilities in VPN gear; EarthLink wins case against spammer, SCO Group attacked with DoS, FTC goes after deceptive online ads; hacker no longer works for Siemens.

3Com’s top executives are moving from Silicon Valley to Massachusetts, the company announced last week. CEO Bruce Claflin and several top executives will relocate to the company’s Marlborough, Mass., facility, where its enterprise network operations are based. The move is aimed at consolidating the company’s management team around its core business, 3Com said. Making the trek from 3Com’s Santa Clara offices are Claflin, CFO Mark Slaven, Executive Vice President of Operations Dennis Connors and a yet-to-be-named executive vice president of sales.

Executives in charge of 3Com’s business development, corporate services and legal operations will stay in Santa Clara.

Cisco last week warned customers of vulnerabilities in its VPN 3000 Series concentrators and VPN 3002 Hardware Client that could let attackers see private data or carry out a denial-of-service attack. There are workarounds to mitigate the effects of these vulnerabilities, and users can protect against them by upgrading to the latest version of code for the devices, according to a Cisco advisory. The Cisco 3005, 3015, 3030, 3060 and 3080 VPN Concentrators and the Cisco VPN 3002 Hardware Client all might be affected by the vulnerabilities. The Cisco advisory.

A district court in Atlanta last week awarded EarthLink $16 million in damages against a New York man who allegedly sent more than 825 million spam messages through the ISP’s network. The court also banned the defendant from spamming and from a host of other activities related to it, such as distributing mass e-mail software and selling e-mail addresses, according to Pete Wellborn, legal counsel for EarthLink.

The ISP said that a ring, led by Buffalo resident Howard Carmack, obtained Internet accounts using stolen credit cards, identity theft and bank fraud, and then used those accounts to send out reams of spam. “The court’s permanent injunction protects Internet users everywhere and the $16 million damages award sends a message to everyone out there that if you keep spamming, there will be a financial death penalty,” Wellborn said. Carmack could not be reached for comment.

The SCO Group last week said it suffered a massive distributed denial-of-service attack that consumed about 90% of the available bandwidth of SCO’s service provider for the Lindon, Utah, backbone network. SCO said the FBI and the U.S. Attorney’s Office are investigating.

There is suspicion that the attack might have been in response to SCO’s Linux-related lawsuit against IBM alleging intellectual property infringement because it came within 48 hours of IBM’s response to that suit. “Given this close proximity in time, we are carefully examining whether a link exists between SCO’s legal action and some of the Linux community who are hostile toward SCO for asserting its legal rights,” a SCO spokesperson said.

The Federal Trade Commission has asked a federal judge to stop two Web sites from making deceptive claims that they can register people for the national do-not-call list that is set to debut July. The sites – Free-Do-Not-Call-List.org and National-Do-Not-Call-List.us – had attempted to turn a buck off the wildly popular antitelemarketing measure. “These scam artists are seizing on the public’s interest in the do-not-call registry,” Howard Beales, director of the FTC’s Bureau of Consumer Protection, told the Associated Press. “The law doesn’t allow third-party profiteers to be in the do-not-call business.”

A man reputed to be the leader of an international hacking ring worked in the U.K. offices of Siemens Communications, according to the company. U.K. Metropolitan Police arrested Lynn Htun on April 29 when they recognized him on a stand at the InfoSec computer security show in London after he failed to appear in court on forgery charges. Siemens said that although Htun was arrested on a charge unrelated to computer hacking, the U.K. authorities told the company they are conducting “further investigations into the activities of Mr. Htun.”

The Fluffi Bunni hacking group is credited with a series of attacks against the Web sites of U.S. computer security organizations between 2000 and 2002. Those organizations included www.attrition.org and the Web site for the SANS Institute.