So what is PATCHWORK ?? (from Steve's newsletter)
Last Thursday (March 8th) the United States Federal Bureau of
Investigation -- the FBI -- announced that the Windows NT and
Windows 2000 Internet web servers belonging to at least 40
prominent eCommerce companies have been systematically broken
into by Eastern European hackers. After having their private
customer credit card data stolen, the companies were financially
extorted under the threat of public disclosure of their customers'
data. More than one million credit card purchasing records have been
stolen. You can read the full FBI press release here:
Shortly before the FBI's public announcement, I (Steve) was contacted by
people in Washington and asked if I could produce a utility to
instantly determine whether a Windows NT or 2000 Internet server
was vulnerable to these attacks, and to search the server for any
evidence of previous penetration. The FBI provided all of the
specific details required, so I quickly created my latest freeware:
"PatchWork" (just 30k bytes).
PatchWork is ONLY useful for users running Windows NT or 2000
-- so I know that it will not be of interest to everyone -- but I
wanted you to know that it exists. If you, or anyone you know, ARE
using any version of Windows NT or 2000, you really should check out
PatchWork! It is opening MANY people's eyes ...
Privacy advocates warn of the steady rise of surveillance technology
Suppose your cable TV converter box could report to marketers the movies, sports
and steamy adult shows you like to watch.
Imagine a portable device could measure how far you've run or walked can phone
a Web site about your fitness level, and perhaps suggest exercise products for
Or picture a scenario where any time you visit an airport or attend a sporting
event, you must walk past video cameras that can analyze your face and instantly
identify you to authorities.
Flaw Uncovered in TCP
A security hole in one of the Internet's most basic protocols -- discovered by
security consulting firm Guardent Inc. -- leaves the door open for potentially
devastating network attacks that would be difficult to defend against,
detect or trace.
Putting the Web in a Bind
By Charles Babcock, Interactive Week
Late last month, a hacker calling himself fluffy bunny attacked a domain Name System server belonging to McDonald's fast food restaurants in England and redirected traffic to a dummy site in the U.S.
Fraudulent Digital Certificates Issued in Microsoft's Name
Microsoft warned users of its software platforms that VeriSign had
mistakenly issued digital certificates for signing code to a person
posing as a Microsoft employee.
ZoneLog Analyser reads and displays the log file generated by
ZoneAlarm (V2.1.10 and later) personal firewall, entries in the log are
generated whenever an unauthorised connection is attempted to or from your
PC during connection to the 'net. ZoneLog Analyser will attempt to unravel
the information that is provided in the ZoneAlarm log file by giving information
about the ports used and the ability to 'look up' the intruder's address details.
Not sure if the free software you are about to download is in fact a so called
Spyware, or adware or otherwise advertising enhanced product that installs
additional third party components on your system?
Exec's Electronic Messages Surface on Net, Raising Privacy Concerns
Web: Thousands of ICQ notes to or from EFront CEO are posted. Experts say instant messaging is not designed for secure use.
Facing the ultimate digital nightmare, a Costa Mesa dot-com had thousands of confidential messages posted on the Internet, renewing concerns about electronic privacy and sharing the
company's woes with the world.
What is LANguard Network Scanner?
LANguard network scanner is a freeware security scanner to audit your network security.
It scans entire networks and provides NETBIOS information for each computer such as hostname, shares, logged on user name. It does OS detection, password strength testing, detects registry issues and more. Reports are outputted in HTML.
EARTHLINK CHAMPIONS PRIVACY
Privacy is heavy on the minds of Web users. And EarthLink -- with 4.7
million paying subscribers -- has taken note.
White House: U.S. still far from cybersecurity.
Thirty-three months after a presidential order mandated that government agencies
work to protect the United States' critical infrastructure, most have merely taken
a few baby steps toward securing the country's computers and networks,
according to a White House report.
Password Cracker Exposes Net.Commerce Sites
Tool enables attackers to take control of hundreds of online shops.
IBM's Net.Commerce software was under renewed attack Wednesday, with the release
by a hacking group in Denmark of a tool that can crack encrypted administrator
passwords on some versions of the popular online storefront package.
Domain News - New Weapon Against Reverse Domain Name Hijacking
Savvy domain holders know who to call when WIPO comes knocking.
Congress fears European privacy standards
WASHINGTON--Members of Congress on Thursday sharply criticized European privacy
laws, saying they will have global effects and will likely harm U.S. companies
seeking to do business online.
EarthLink promises "anonymous" Web surfing
EarthLink is mining privacy paranoia in a bid to sign up new subscribers,
adding heat to marketing battles in the bitterly competitive Internet access
SPYING ON SPYS
Web advertisers have come under attack for using "Web bugs."
A handful of companies are arming Web surfers with tools for finding and repelling
so-called Web bugs--invisible pieces of code that can be used for everything from
secretly tracking people's Web travels to pilfering computer files.
"People don't understand the potential risks associated with Web bugs. With a Web
bug, your computer can be fully exposed to malicious sites that can take any files
or information from programs on your hard drive," said Tommy Wang of security
start-up Intelytics. "People need to get educated on this stuff."
Perhaps the most nefarious bugs are "script-based executable bugs that can go out
and take any document from your computer" without notice, said Wang, who warned
of programs that can track live, private recordings through Webcams or voice
recorders hooked up to computers.
(Commonly known as "rats" by hackers)
Happy birthday? Security flaw found in Outlook's VCards
Privacy News (ZeroKnowledge)
Can John Doe stay anonymous?
Rural/Metro, an ambulance and fire service company in Scottsdale,
Arizona, sued four individuals who had posted messages on the company's Yahoo
finance message board that contained what it alleged to be confidential and
libelous material. What kind of lawsuit do you have when the plaintiff is happy
to drop the charges and the defense attorneys wish they could have gone
to trial? Wired News
The Privacy Foundation has recently learned of an exploit that allows
the sender of an email message to see what has been written when the
message is forwarded with comments to other recipients.
Privacy Foundation Advisory, 5 February 2001
Hackers poised to land at wireless AirPort.
A group of respected security researchers has found vulnerabilities in
one of the most popular data-networking technologies that could expose
corporate computer networks to eavesdropping and unauthorized access.
Zero-Knowledge in the News
Zero-Knowledge launches Privacy Eye, a daily source of privacy
commentary and information about how consumers can protect their privacy online.
Internet.com, 21 February 2001
Privacy rebel looks to new chief executive.
Montreal Internet privacy company Zero-Knowledge Systems Inc. announced a new
chief executive yesterday in a move aimed at expanding market opportunities
for the business. National Post, 14 February 2001
Chief Privacy Officers Forge Evolving Corporate Roles.
The New York Times, 12 February 2001 *Requires Registration*
Privacy Advocates Not Suite On Nortel (Interactive Week)
Analysts saluted, but privacy advocates squawked when Nortel Networks introduced
a suite of smart switches last week designed to tap into users' Web surfing habits
and learn things such as what banner ads would most likely seduce them.
E-mail wiretapping exposes forwarded messages
Privacy experts discover a security glitch that allows an e-mail
author to read private comments attached to the original message as it
gets forwarded to new recipients.
Gossip-seeking robots roam Net
WHETHER IT’S A speculator starting a rumor to move share prices or a pedophile
supplying illegal images, RumorBot software will trawl through search engines
and databases to find the source.
“The idea is to track and analyze, in real times, online newsgroups, chatrooms
and lists,” Stephane Perino of Agence Virtuelle told New Scientist magazine.
HTML E-mail Clients Susceptible to "Wire-Tapping"
features of Microsoft Outlook, Outlook Express and Netscape 6.0 Mail to "wire-tap"
e-mail communications began raising the hackles of privacy advocates Monday.
Sites Still Vulnerable to Bug in IBM software
The vulnerability in IBM's Net.Commerce software could enable an attacker to gain
administrative access to an online store. Such ability would allow an outsider to
upload and download files, issue operating system commands, and extract any
information from the site's database, including customer records and credit cards.
Advocates take both sides of Net filtering law
Regulators accept final public comments on a new law requiring
libraries and schools that accept federal funds to install computer
filters aimed at blocking access to adult material online.
New worm infesting Linux machines
A dangerous worm that can steal passwords from Linux computers is
rapidly spreading across the Internet and infecting other machines,
DoubleClick Admits Servers Were Hacked
Ad-serving giant moves to close holes and reassure advertising
IE security hole launches e-mail attachments
A hole in Internet Explorer can cause the browser to automatically
open HTML e-mail attachments that could be used by an attacker to
execute malicious code.