News Pages - Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 |

Index

About

Future

Macrovision/C-Dilla

Links page

Contact Us!


Privacy & Security News March 2001


So what is PATCHWORK ?? (from Steve's newsletter)
Last Thursday (March 8th) the United States Federal Bureau of Investigation -- the FBI -- announced that the Windows NT and Windows 2000 Internet web servers belonging to at least 40 prominent eCommerce companies have been systematically broken into by Eastern European hackers. After having their private customer credit card data stolen, the companies were financially extorted under the threat of public disclosure of their customers' data. More than one million credit card purchasing records have been stolen. You can read the full FBI press release here:
http://grc.com/pw/FBIannouncement.htm

Shortly before the FBI's public announcement, I (Steve) was contacted by people in Washington and asked if I could produce a utility to instantly determine whether a Windows NT or 2000 Internet server was vulnerable to these attacks, and to search the server for any evidence of previous penetration. The FBI provided all of the specific details required, so I quickly created my latest freeware: "PatchWork" (just 30k bytes).

PatchWork is ONLY useful for users running Windows NT or 2000 -- so I know that it will not be of interest to everyone -- but I wanted you to know that it exists. If you, or anyone you know, ARE using any version of Windows NT or 2000, you really should check out PatchWork! It is opening MANY people's eyes ...
http://grc.com/pw/patchwork.htm

Privacy advocates warn of the steady rise of surveillance technology
Suppose your cable TV converter box could report to marketers the movies, sports and steamy adult shows you like to watch.
Imagine a portable device could measure how far you've run or walked can phone a Web site about your fitness level, and perhaps suggest exercise products for purchase?
Or picture a scenario where any time you visit an airport or attend a sporting event, you must walk past video cameras that can analyze your face and instantly identify you to authorities.
http://www.nandotimes.com/technology/story/0,1643,500462022-500704453-503850327-0,00.html

Flaw Uncovered in TCP
A security hole in one of the Internet's most basic protocols -- discovered by security consulting firm Guardent Inc. -- leaves the door open for potentially devastating network attacks that would be difficult to defend against, detect or trace. http://www.internetnews.com/wd-news/article/0,,10_710891,00.html

Putting the Web in a Bind
By Charles Babcock, Interactive Week
Late last month, a hacker calling himself fluffy bunny attacked a domain Name System server belonging to McDonald's fast food restaurants in England and redirected traffic to a dummy site in the U.S.
http://www.zdnet.com/intweek/stories/news/0,4164,2694909,00.html

Fraudulent Digital Certificates Issued in Microsoft's Name
Microsoft warned users of its software platforms that VeriSign had mistakenly issued digital certificates for signing code to a person posing as a Microsoft employee.
http://www.internetnews.com/wd-news/article/1,2171,10_721571,00.html

ZoneLog Analyser reads and displays the log file generated by ZoneLabs' ZoneAlarm (V2.1.10 and later) personal firewall, entries in the log are generated whenever an unauthorised connection is attempted to or from your PC during connection to the 'net. ZoneLog Analyser will attempt to unravel the information that is provided in the ZoneAlarm log file by giving information about the ports used and the ability to 'look up' the intruder's address details. ZoneLog Analyser

SpyChecker
Not sure if the free software you are about to download is in fact a so called Spyware, or adware or otherwise advertising enhanced product that installs additional third party components on your system?
http://www.spychecker.com/

Exec's Electronic Messages Surface on Net, Raising Privacy Concerns
Web: Thousands of ICQ notes to or from EFront CEO are posted. Experts say instant messaging is not designed for secure use.
Facing the ultimate digital nightmare, a Costa Mesa dot-com had thousands of confidential messages posted on the Internet, renewing concerns about electronic privacy and sharing the company's woes with the world. http://www.latimes.com/business/20010317/t000023221.html

What is LANguard Network Scanner?
LANguard network scanner is a freeware security scanner to audit your network security. It scans entire networks and provides NETBIOS information for each computer such as hostname, shares, logged on user name. It does OS detection, password strength testing, detects registry issues and more. Reports are outputted in HTML.
LANguard Download

EARTHLINK CHAMPIONS PRIVACY
Privacy is heavy on the minds of Web users. And EarthLink -- with 4.7 million paying subscribers -- has taken note.
http://www.internetnews.com/IAR/article/0,,12_599251,00.html

White House: U.S. still far from cybersecurity.
Thirty-three months after a presidential order mandated that government agencies work to protect the United States' critical infrastructure, most have merely taken a few baby steps toward securing the country's computers and networks, according to a White House report.
http://technews.netscape.com/news/0-1003-201-4994624-0.html?pt.nc.txtdisp.hl.ne

Password Cracker Exposes Net.Commerce Sites
Tool enables attackers to take control of hundreds of online shops.
IBM's Net.Commerce software was under renewed attack Wednesday, with the release by a hacking group in Denmark of a tool that can crack encrypted administrator passwords on some versions of the popular online storefront package.
http://internetnews.com/wd-news/article/1,2171,10_707381,00.html

Domain News - New Weapon Against Reverse Domain Name Hijacking
Savvy domain holders know who to call when WIPO comes knocking.
http://www.internetnews.com/isp-news/article/1,2171,8_708821,00.html

Congress fears European privacy standards
WASHINGTON--Members of Congress on Thursday sharply criticized European privacy laws, saying they will have global effects and will likely harm U.S. companies seeking to do business online.
http://two.digital.cnet.com/cgi-bin2/flo?y=eBZn0QasH0Bh0arVq

EarthLink promises "anonymous" Web surfing
EarthLink is mining privacy paranoia in a bid to sign up new subscribers, adding heat to marketing battles in the bitterly competitive Internet access business.
http://two.digital.cnet.com/cgi-bin2/flo?y=eBZn0QasH0Bh0arXs

SPYING ON SPYS
Web advertisers have come under attack for using "Web bugs."
A handful of companies are arming Web surfers with tools for finding and repelling so-called Web bugs--invisible pieces of code that can be used for everything from secretly tracking people's Web travels to pilfering computer files.

"People don't understand the potential risks associated with Web bugs. With a Web bug, your computer can be fully exposed to malicious sites that can take any files or information from programs on your hard drive," said Tommy Wang of security start-up Intelytics. "People need to get educated on this stuff."

Perhaps the most nefarious bugs are "script-based executable bugs that can go out and take any document from your computer" without notice, said Wang, who warned of programs that can track live, private recordings through Webcams or voice recorders hooked up to computers.
(Commonly known as "rats" by hackers)
http://news.cnet.com/news/0-1005-200-5008849.html

Happy birthday? Security flaw found in Outlook's VCards
http://two.digital.cnet.com/cgi-bin2/flo?y=eBXT0QasH0Bh0aetf

Privacy News (ZeroKnowledge)
Can John Doe stay anonymous?
Rural/Metro, an ambulance and fire service company in Scottsdale, Arizona, sued four individuals who had posted messages on the company's Yahoo finance message board that contained what it alleged to be confidential and libelous material. What kind of lawsuit do you have when the plaintiff is happy to drop the charges and the defense attorneys wish they could have gone to trial? Wired News
http://www.wired.com/news/privacy/0,1848,41714,00.html

Email Wiretapping.
The Privacy Foundation has recently learned of an exploit that allows the sender of an email message to see what has been written when the message is forwarded with comments to other recipients.
Privacy Foundation Advisory, 5 February 2001
http://www.privacyfoundation.org/advisories/advemailwiretap.html

Hackers poised to land at wireless AirPort.
A group of respected security researchers has found vulnerabilities in one of the most popular data-networking technologies that could expose corporate computer networks to eavesdropping and unauthorized access. ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2681947,00.html

Zero-Knowledge in the News
Private Eyes.
Zero-Knowledge launches Privacy Eye, a daily source of privacy commentary and information about how consumers can protect their privacy online. Internet.com, 21 February 2001 http://canada.internet.com/can-news/print/0,,141_595021,00.html

Privacy rebel looks to new chief executive.
Montreal Internet privacy company Zero-Knowledge Systems Inc. announced a new chief executive yesterday in a move aimed at expanding market opportunities for the business. National Post, 14 February 2001
http://www.nationalpost.com/search/story.html?f=/stories/20010214/473556.html

Chief Privacy Officers Forge Evolving Corporate Roles.
The New York Times, 12 February 2001 *Requires Registration*
http://www.nytimes.com/2001/02/12/technology/12PRIV.html?printpage=yes

Privacy Advocates Not Suite On Nortel (Interactive Week)
Analysts saluted, but privacy advocates squawked when Nortel Networks introduced a suite of smart switches last week designed to tap into users' Web surfing habits and learn things such as what banner ads would most likely seduce them.
http://www.zdnet.com/intweek/stories/news/0,4164,2681351,00.html

E-mail wiretapping exposes forwarded messages
Privacy experts discover a security glitch that allows an e-mail author to read private comments attached to the original message as it gets forwarded to new recipients.
http://two.digital.cnet.com/cgi-bin2/flo?y=eBUG0QasH0Bh0aNBC

Gossip-seeking robots roam Net
WHETHER IT’S A speculator starting a rumor to move share prices or a pedophile supplying illegal images, RumorBot software will trawl through search engines and databases to find the source.
“The idea is to track and analyze, in real times, online newsgroups, chatrooms and lists,” Stephane Perino of Agence Virtuelle told New Scientist magazine.
http://www.msnbc.com/news/525138.asp?cp1=1

HTML E-mail Clients Susceptible to "Wire-Tapping"
A two-and-a-half-year-old JavaScript exploit which utilizes the HTML e-mail features of Microsoft Outlook, Outlook Express and Netscape 6.0 Mail to "wire-tap" e-mail communications began raising the hackles of privacy advocates Monday.
http://www.internetnews.com/wd-news/article/0,,10_579871,00.html

Sites Still Vulnerable to Bug in IBM software
The vulnerability in IBM's Net.Commerce software could enable an attacker to gain administrative access to an online store. Such ability would allow an outsider to upload and download files, issue operating system commands, and extract any information from the site's database, including customer records and credit cards. http://www.internetnews.com/wd-news/article/0,,10_582521,00.html

Advocates take both sides of Net filtering law
Regulators accept final public comments on a new law requiring libraries and schools that accept federal funds to install computer filters aimed at blocking access to adult material online.
http://two.digital.cnet.com/cgi-bin2/flo?y=eBWw0QasH0Bh0abzI

New worm infesting Linux machines
A dangerous worm that can steal passwords from Linux computers is rapidly spreading across the Internet and infecting other machines, researchers say.
http://two.digital.cnet.com/cgi-bin2/flo?y=eBcT0QasH0Bh0a51v

DoubleClick Admits Servers Were Hacked
Ad-serving giant moves to close holes and reassure advertising customers.
http://www.internetnews.com/wd-news/article/1,2171,10_723761,00.html

IE security hole launches e-mail attachments
A hole in Internet Explorer can cause the browser to automatically open HTML e-mail attachments that could be used by an attacker to execute malicious code.
http://two.digital.cnet.com/cgi-bin2/flo?y=eBe60QasH0Bh0bMl0Ak

PacketStorm Security Site

Index  About  Future  C-Dilla  Links page  Contact Us! 
News Pages -  1 2 3 4 5 6 7 8 9

Copyright © 1996-2004 by PrivacyandSpying Com