News Pages - Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 |

Index

About

Future

Macrovision/C-Dilla

Links page

Contact Us!


Privacy & Security News May 2001


Internet Security Systems Moves to Parry Drive-by Hackers
Atlanta-based Internet Security Systems Inc. (ISS) has long had this concern about drive by hackers. That's right -- drive-by hackers.
http://www.internetnews.com/wd-news/article/0,,10_752201,00.html

Consumer Groups Rally to Decry Spam Before Senate Meeting
Several consumer groups who have written Congress to ask the body to quash spam will air an audio conference before the Senate meets Thursday to discuss bills addressing the unsolicited e-mail dilemma.
A letter written by JunkBusters.com President Chief Executive Officer Jason Catlett outlined the concerns of the groups and provided some interesting scenarios of how they would like to see bills currently before the Senate Commerce Committee's Communications Subcommittee, dubbed S. 630 and H.R. 718, altered to create an opt-in policy and a private right of action.
http://www.internetnews.com/IAR/article/0,,2_753191,00.html

Microsoft Sued Over Digital Rights Patent
Long a proponent and activist in the digital rights management and antipiracy movement, Microsoft finds itself sued by a newcomer to the field.
http://www.winplanet.com/winplanet/newss/3282/1

Microsoft Gives A Virus to its Support Customers
Despite the best possible security precautions, Microsoft was hit by a virus that contaminated one of its Web servers.
http://winplanet.com/winplanet/newss/3285/1

Microsoft Says IIS 5.0 Web Servers Vulnerable to Attack
The software giant revealed that a serious security flaw exists within Windows 2000 Server which makes machines running the software vulnerable to remote attackers.
http://www.internetnews.com/wd-news/article/0,2171,10_756411,00.html

Government Warns of Possible Chinese Hacker Attacks
The National Infrastructure Protection Center warned that Chinese hackers may escalate defacement and denial-of-service attacks between April 30 and May 7.
http://www.internetnews.com/wd-news/article/0,2171,10_754261,00.html

Zone Labs Upgrades Security Software
Those who have come to rely on Windows need to rely on security for the ubiquitous OS as well; Zone Labs hopes to provide it with revamped applications.
http://www.internetnews.com/wd-news/article/0,2171,10_757721,00.html

Pop-up Internet Ads: More Eyeballs -- and More Frowns
New How People Use™ study sheds light on do's, don'ts of Web marketing
PRESS RELEASE
Westfield, New Jersey, May 3, 2001: How People Use ™ the Internet 2001 -- a new report from Statistical Research, Inc. (SRI) -- shows that pop-up Internet advertisements are 50% more likely to be noticed than banner ads, but also that they are 100% more likely to be considered intrusive.
Nearly half (49%) of active Internet users "agreed strongly" that pop-up ads get noticed (versus 33% for banner ads); but 62% felt strongly that pop-ups interfere with their reading or use of a Web page (compared to 31% for banners).
http://www.statisticalresearch.com/press/pr050301.htm

Worm Turns Sun Against Microsoft
Sun and Microsoft may compete bitterly in the Internet server marketplace, but to eradicate a new and rapidly spreading malicious worm, Sun Solaris and Microsoft IIS administrators will have to cooperate closely, security experts said Tuesday.
http://www.internetnews.com/wd-news/article/0,,10_761061,00.html

Hackers Deface Web Sites; FBI Issues DDoS Warning
Web page defacement attacks by hackers have escalated dramatically in the last 24 hours, with technology news site CNET, Webex and game developer Blizzard.com among those hit this morning.
http://www.internetnews.com/wd-news/article/0,,10_760451,00.html

Security Expert's Site Knocked Offline By Attack
Victims of distributed denial-of-service attacks are usually reluctant to admit they've been hit, let alone provide specific technical details about the attacks. But Gibson Research Corporation president Steve Gibson said Monday that he intends to turn some weekend lemons into lemonade.
http://www.internetnews.com/wd-news/article/0,,10_760441,00.html

Home Page Virus
Another e-mail virus is taking the industry by storm. This one, called Homepage, is patterned after the Kournikova worm that hit a few months ago. The e-mail spreading the worm says that it has a link to a website guaranteed to become the next Internet craze. The subject line is "Homepage" and the message is "Hi! You've got to see this page. It's really cool ;o)."
http://www.geek.com/news/geeknews/2001may/gee20010509005794.htm

Password Glitch Exposes DSL Subscribers
Cayman Systems confirmed Wednesday that a potentially serious security vulnerability exists in the DSL equipment it supplies to many leading providers, including SBC Communication's numerous subsidiaries such as Pacific Bell and Southwestern Bell, as well as to Verizon and Nortel Networks.
http://www.internetnews.com/wd-news/article/0,,10_767581,00.html

NIPC Gets Failing Grade in Warning of Hacker Attacks
Congress' investigative arm, the General Accounting Office (GAO), has given the Federal Bureau of Investigation's National Infrastructure Protection Center (NIPC) a failing grade when it comes to issuing warnings about electronic attacks.
http://www.internetnews.com/wd-news/article/0,,10_770951,00.html

Researchers Say DoS Attacks Average 4,000 a Week
[Johannesburg, SOUTH AFRICA] Research conducted by the University of California at San Diego has revealed that more than 4,000 denial-of-service attacks are launched every week. By 'listening' to a large segment of the Internet -- known as an A-class network, UCSD researchers were able to discern traces of "scattered responses," typical indicators of DoS attacks. During three weeks of observation the team discerned an average of 4,000 attacks per week -- half of which lasted less than 10 minutes.
Denial-of-service attacks are attempts to overload or crash computers connected to the Internet by targeting them with so much data that they can no longer process legitimate requests. According to UCSD, most DoS attacks go unreported whilst only a small percentage make the media.
http://www.internetnews.com/intl-news/article/0,,6_773341,00.html

24 May 2001 Max Butler Jail Sentence
Max Butler - hacker and former FBI informant - has been sentenced to 18 months in prison for unleashing a worm in military and defense computer networks three years ago. The worm had a benevolent intent - it was designed to fix a vulnerability another worm was exploiting - but it also left a backdoor in infected systems. Other hackers and crackers have expressed concern that the government's treatment of Mr. Butler might discourage others from aiding security efforts.
http://www.wired.com/news/politics/0,1283,44007,00.html

23 & 24 May 2001 CERT/CC Hit by DDoS Attack
The Computer Emergency Response Team Coordination Center (CERT/CC) web site was the victim of a distributed denial of service (DDoS) attack. The cyber assault lasted about 30 hours, and no data were compromised. CERT/CC said it would still be able to issue security alerts if necessary. One computer expert pointed out that the attack highlights the risks inherent in centralizing computer alert teams.
http://news.cnet.com/news/0-1003-200-6016900.html?tag=prntfr
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60799,00.html
http://www.cnn.com/2001/TECH/internet/05/24/computerattack.ap/index.html

25 May 2001 Shopping Cart Software Flaw Exposes Health Site Customer Information
A flaw in PDG shopping cart software exposed the names, addresses, e- mail addresses and phone numbers of people who obtained free drug and alcohol addiction pamphlets from Health.org. Although NIPC issued a warning about the software problem in early April and the software company has attempted to contact all of its customers, the technical department director at the company that maintains the site for the Department of Health and Human Services said he never received a notice. http://www.msnbc.com/news/578476.asp?0nm=T219
(Note: Hopefully, consumers are beginning to realize that even if they have end-to-end encryption of their data, it is not sufficient if the ends are not secure. ]

25 May 2001 Cyber Disaster Drills
Computer disaster drills are on the rise due to the increase in cyber attacks and viruses, the threat of power outages, and the fact that more and more data are being stored on networks that can be reached from the Internet. The drills help workers identify security holes, recognize security problems, and maintain their data recovery skills.
http://www.usatoday.com/life/cyber/tech/2001-05-24-cyberattacks-disaster-drills.htm

25 May 2001 Media Player Patch
Microsoft has issued a fix for two vulnerabilities in Media Player 6.4 and 7. A buffer overrun could allow a cracker to run hostile code on someone else's machine. Another flaw that saves Internet shortcuts to a temporary files folder could be exploited, with the help of HTML code, to allow crackers to read files on the affected machine. Media Player 6.4 users need to install the patch, while Media Player 7 users should install Media Player 7.1 to fix the problems.
http://www.zdnet.com/zdnn/stories/news/0,4586,2765352,00.html

25 May 2001 Worm Aims to Combat Child Pornography
The Noped worm searches infected computers for certain image files names and alerts government agencies if any are found. Noped uses keyword and phrase identification rather than content analysis, which could result in a large number of false alerts.
http://www.wired.com/news/technology/0,1282,44112,00.html
(Note: The ends do not justify the means. At the least it is rude, a privacy issue, and may be criminal to attempt to run your code on another's machine without their knowledge and consent. There is no motive so noble as to justify this behavior. And if were allowed where (at what criminal behavior) would it end? Software piracy, tax evasion ...)

24 May 2001 Trojans are Stealthy, Damaging and Tenacious
Trojan horse programs can be used by malicious hackers to spy on and stalk people, manipulate data and computers, steal money from bank accounts, and launch denial of service attacks. Trojans often slip into a computer while hidden in screensavers, games, e-mail messages or web pages, and they can be hard to detect and remove. The best methods may be reverting to a clean back-up or re-installing clean copies of software.
http://www.wired.com/news/technology/0,1282,43981,00.html
(Note: This is not news. It is included because it offers useful security awareness education material.)

23 May 2001 Social Security Numbers and Identity Theft
Social security numbers can be purchased on line and used to steal people's identities and fraudulently obtain credit. Legislation has been introduced which, if passed, would restrict requests for social security numbers as identifiers and would ban their sale and display on public documents. One legislator wants the government to issue all citizens new social security numbers that will be kept secret.
http://www.usatoday.com/life/cyber/tech/2001-05-23-id-theft-solutions.htm

22 & 23 May 2001 GAO Report on NIPC
A General Accounting Office (GAO) report says that the National Infrastructure Protection Center (NIPC) lacks sufficient staffing and fails to alert the public to virus threats in a timely manner. The National Security Council wrote a letter to the GAO suggesting that NIPC's responsibilities be distributed among several agencies. The report does say that NIPC has helped cyber crime investigations.
http://www.fcw.com/fcw/articles/2001/0521/web-nipc-05-23-01.asp http://www.zdnet.com/zdnn/stories/news/0,4586,2763767,00.html
http://www.wired.com/news/politics/0,1283,44019,00.html

22 & 23 May 2001 NSF Information Security Scholarships
The National Science Foundation's (NSF) Scholarship for Service program will provide two years of tuition assistance and a paid summer internship to students who agree to work for the government for two years in information security and assurance positions. The NSF plans to announce additional grants for faculty instruction development in these areas.
http://news.cnet.com/news/0-1003-200-6008345.html?tag=prntfr
http://www.wired.com/news/technology/0,1282,44021,00.html
http://www.fcw.com/fcw/articles/2001/0521/web-nsf-05-23-01.asp

21 May 2001 The Security Manager's Journal: Testing Intrusionb Detection Systems
Security manager describes how he tested his network-based intrusion detection system (IDS). Using a variety of attacks in a closed, controlled environment, he gradually increased network traffic to find out at what level the system began dropping packets.
http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO60687,00.html

21 May 2001 Invicta Takes New Approach to Security
A former CIA director and a former KGB agent have released Invicta, a new security system that continuously changes network IP addresses, thereby creating "moving targets" for crackers. One insurance company is so convinced of Invicta's effectiveness that it plans to offer 10% discounts to companies that use the product.
http://www.msnbc.com/news/576522.asp?0nm=T25B

15 May 2001 Las Vegas Phone Crackers
Some purveyors of adult entertainment and bail bonds in Las Vegas are convinced their phones are being hacked and their calls diverted to competing businesses. Testing showed no irregularities, but a convicted computer criminal says the Las Vegas network has security holes that could allow such a scheme to work.
http://www.theregister.co.uk/content/6/18950.html

16, 17, & 18 May 2001 Cheese Worm Tries to Repair Lion Damage
The Cheese worm attempts to repair damage caused by the Lion worm. While the Cheese worm may have good intentions, it nonetheless is an intrusion, and could easily be tweaked to become malicious.
http://www.theregister.co.uk/content/6/19029.html
http://www.idg.net/go.cgi?id=477634
http://www.zdnet.com/zdnn/stories/news/0,4586,5083014,00.html
http://www.cert.org/incident_notes/IN-2001-05.html

17 May 2001 Site Never Got Shopping Cart Software Flaw Notice
When a serious security vulnerability was found in PDG shopping cart software last month, the company e-mailed all its customers informing them of the problem and also issued a fix. A company that bought the software from a reseller never received the warning, and many of its customers have experienced the fraudulent charges made to their credit cards.
http://www.msnbc.com/news/574294.asp?0nm=T21B
(Note: This story raises a fundamental issue that may ultimately lead to legislation. To what extent must software vendors be held liable for verifiable notice and correction of critical security vulnerabilities. Is a software package that puts patients at risk in a hospital so different from a crib that puts children at risk in their bedrooms? Why is the software industry allowed to deliver provably unsafe systems when automobile manufacturers are not allowed to deliver cars that are unsafe?)

14 May 2001 Testing Security
Sm@rt Partner Technology editor David Raikow maintains that conscientious testing is the best way to strengthen application and operating system security. While so-called "hacker challenges" may provide helpful ancillary tests, they are often little more than publicity stunts.
http://www.zdnet.com/zdnn/stories/comment/0,5859,2760262,00.html

15 & 16 May 2001 Microsoft Will Sign Safe Harbor Agreement
Microsoft has announced it will sign the US/EU safe harbor agreement that requires adherence to strict data privacy standards. This is especially significant because a large number of other US companies have not signed the agreement.
http://www.wired.com/news/politics/0,1283,43800,00.html
http://news.cnet.com/news/0-1005-200-5930589.html?tag=prntfr

22 May 2001 National Infrastructure Protection Center Criticized
Citing understaffing and lack of support, The US General Accounting Office told Congress that the NIPC often fails to give timely warning of attacks. Despite the problems, the GAO said some alerts had been issued in time to avert damage.
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO60773,00.html.html
http://washingtonpost.com/wp-dyn/business/A61449-2001May22.html

18 May 2001 e-Commerce Security Problems
While the absence of privacy or security policies* should give online shoppers pause, even sites that do post security policies can have weaknesses. While data may be encrypted during transfer, sites may not always store the data as securely. Additionally, third-party contractors may be vulnerable to data theft. (*Me)
http://www.pcworld.com/features/article/0,aid,49929,00.asp

17 May 2001 Mawanella Worm
The Mawanella worm, which arrives as a .vbs attachment, displays a political message after propagating itself via Outlook but does not carry a destructive payload. The message will appear on infected Windows 9X, NT, and 2000 machines even if they are not running Outlook.
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60640,00.html
http://www.zdnet.com/zdnn/stories/news/0,4586,5083078,00.html

16 & 17 May 2001 Love Bug Variant Tries to Attract Echelon's Attention
The comments in the code of VBS/LoveLet-CL, a variant of the Love Bug worm, are comprised of a string of terms apparently designed to alert and overwhelm electronic communication monitoring software systems. The journalist at The Register points out that the random conglomeration of words probably would not trigger Echelon's surveillance methods. The worm also overwrites certain files and can replicate via Internet Relay Chat (IRC).
http://www.theregister.co.uk/content/6/19004.html
http://www.zdnet.com/zdnn/stories/news/0,4586,5083050,00.html
http://www.infoworld.com/articles/hn/xml/01/05/17/010517hnsophos.xml

16 May 2001 Cracker Path Traced Through German University Computer
The crackers who stole US Navy satellite control software apparently took control of a German University computer to commit the theft, according to law enforcement and university officials.
http://63.108.181.201/2001/05/16/eca/0186-0609-Germany-Crime..html

16 May 2001 UK Conservative Party Web Vulnerabilities Exposed
A cracker's scan of the UK Conservative Party web site turned up a number of vulnerabilities that revealed security patches had not been applied for more than a year. The information was posted to a Usenet forum and on the cracker's home page.
http://www.theregister.co.uk/content/6/19000.html
(Note: Bill Arbaugh's informative paper documents how most security incidents resulted from exploiting known and un-patched security vulnerabilities. http://www.cs.umd.edu/~waa/vulnerability.html)

15 May 2001 Worm Poses as Virus Warning
The VBS.Hard.A@mm worm arrives in the guise of a virus alert from Symantec. The worm, launched when users open a .vbs attachment, changes the default web page to a phony virus information page, propagates via Outlook, alters registry files, and displays a message on November 24.
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60596,00.html
http://news.cnet.com/news/0-1003-200-5933461.html?tag=prntfr

14 & 15 May 2001 Windows XP Build Downloaded
Due to a leaked tester logon, a small number of people were able to download an interim build of Windows XP. Microsoft said the site controls limit the number of downloads from one logon, and the software can be used only for two weeks before it needs to be renewed through Microsoft.
http://www.zdnet.com/zdnn/stories/news/0,4586,2760606,00.html?chkpt=zdhpnews01
http://news.cnet.com/news/0-1003-200-5924431.html?tag=prntfr

13 May 2001 Suspension for Hacking Has Tragic Results
A New Jersey teenager, suspended for hacking into his school district's computer system, committed suicide, apparently believing he would have gone to jail as punishment for his actions.
http://www.nj.com/news/times/index.ssf?/news/times/05-13-CCQR1VHB.html

11 May 2001 Teen Charged with Hacking Emergency Radio System
A teenager who allegedly hacked into the Denver police emergency radio system, concocted false emergencies, and interfered with real calls has been charged with wire tapping, eavesdropping, and telecommunications fraud.
http://www.rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_455095,00.html

10 May 2001 Gateway Customer Information Exposed
A routine request on Gateway's UK site yielded an Excel spreadsheet containing detailed information about the accounts of 449 customers. Gateway has evidently disabled the search function that exposed the data.
http://www.theregister.co.uk/content/8/18867.html

11 May 2001 New Types of DDOoS Attacks Uncovered
Three new types of denial of service attacks are described by analysts who monitored the Internet2 network for six months.
http://www.wired.com/news/technology/0,1282,43697,00.html

8 May 2001 DDoS Attacks Target Real and Phony White House Sites
www.Whitehouse.org, a presidential parody site, was the target of a presumably misguided distributed denial of service (DDoS) attack. The real site, www.Whitehouse.gov, was taken off line for a while after suffering a similar attack. The FBI's National Infrastructure Protection Center (NIPC) said several sites were attacked using fragmented large UDP packets (see story below).
http://www.theregister.co.uk/content/8/18808.html

9 May 2001 NIPC DDoS Warning
The FBI's National Infrastructure Protection Center (NIPC) has issued a warning that attackers are conducting distributed denial of service (DDoS) attacks by sending large, fragmented User Datagram Protocol (UDP) packets to port 80. Administrators are advised to check for such packets at port 80; outbound packets directed at port 80 could indicate that a machine has been infected with DDoS tools.
http://www.PlanetIT.com/docs/PIT20010509S0002
http://www.nipc.gov/warnings/advisories/2001/01-012.htm

14 May 2001 FBI Security Review
In the wake of the Hanssen spy case, the FBI is conducting a review of its computer security practices, policies, and procedures.
http://www.fcw.com/fcw/articles/2001/0514/web-secure-05-14-01.asp

14 May 2001 2600's Domain Name Taken
A problem at the domain name registrar Network Solutions left 2600.com's domain registration bill unpaid, allowing the domain name to be grabbed by someone else.(Note: They used a forged email)
http://it.mycareer.com.au/breaking/2001/05/14/FFXNHJ44PMC.html
http://www.2600.com/news/display.shtml?id=413

11 May 2001 BGP Vulnerability
Cisco has issued a security advisory warning that a security weakness in the Border Gateway Protocol (BGP) could be exploited to crash routers. The vulnerability can be exploited only "in configurations that include both BGP and inbound route filtering on affected software." http://www.theregister.co.uk/content/8/18885.html
http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml

11 May 2001 Truce in China-US Hacking
A group of Chinese hackers responsible for a plethora of web site attacks has released a statement claiming its goal of 1,000 attacked sites has been met and has declared a truce. Hackers on both sides of the cyber conflict have defaced numerous sites. There is concern that the Lion worm, written by the founder of the Chinese hacking group, has infiltrated systems and could be used to launch attacks at a later date.
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60477,00.html

11 May 2001 Visa Security Measures to Include Passwords
Visa U.S.A Inc. plans to implement "payer authentication applications" which will require people shopping on-line with Visa cards to provide passwords. Retailers will install the authentication service on their servers, and the banks that issue the Visa cards will have to install a database application for user passwords.
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60508,00.html

7 & 10 May 2001 Cyber Attacks on Pentagon: Still No Leads
Cyber intruders have infiltrated pentagon computer systems for more than three years, leaving backdoors and rerouting traffic through Russia, writes James Adams, National Security Agency (NSA) advisory board member, in Foreign Affairs magazine. Despite evidence that the attacks appear to originate from Russian addresses, Adams claims the Russian government has been less than accommodating in the investigation. http://dailynews.yahoo.com/h/nf/20010507/tc/9546_1.html
http://www.washingtonpost.com/wp-dyn/articles/A51965-2001May6.html
http://www.cnn.com/2001/TECH/internet/05/10/3.year.cyberattack.idg/index.html

7 May 2001 Exodus Security Site Breached
Exodus Communications, which hosts the likes of Yahoo.com and eBay.com, acknowledged that attackers were able to view firewall logs. The intruders also gained control of two employee computers and posted several Exodus usernames and passwords in an Internet Relay Chat (IRC) room.
http://www.msnbc.com/news/569965.asp?0nm=T23E

7 May 2001 Interview With Virus Writer Expert
In an interview, an expert on virus writers discusses their motivations and ethics. She says that the best way to deter virus writers is not through legislation, but by making it "uncool" to write viruses.
http://www.usatoday.com/life/cyber/tech/2001-05-07-virus-tracker.htm

1 May 2001 Internet Information Server (IIS) 5.0 Buffer Overflow Vulnerability
Microsoft warned of a security hole in machines running Windows 2000 with IIS 5.0. By sending the servers carefully crafted strings, attackers could cause a buffer overflow that would allow them system administrator level control of the machines. System administrators can protect their systems by turning off the Internet printing component. Microsoft has released a patch for the vulnerability, and is delaying the release of Service Pack 2 until the patch is incorporated.
http://www.msnbc.com/news/567192.asp
http://news.cnet.com/news/0-1003-200-5784437.html?tag=prntfr
http://www.cert.org/advisories/CA-2001-10.html
Microsoft security advisory and patch information

1 May 2001 FBI Data Gathering Methodology in Cracker Case Raises Concerns
Some cyber law experts have expressed concern that the FBI's method used in gathering incriminating evidence in the case of two Russian cyber criminals may invite indiscriminate international hacking. The FBI, unable to gain Russian authorities' cooperation in gathering data from the servers the crackers used, took it upon themselves to gather, compress, and download 1.3 GB of data to agency computers without a search warrant. They obtained a warrant before examining the files.
http://news.cnet.com/news/0-1003-200-5785729.html?tag=prntfr

4 May 2001 White House Site DDoSed
Whitehouse.gov was the victim of a distributed denial-of-service attack that lasted just over two hours. An Albuquerque-based Internet service provider (ISP) discovered six of its servers had been planted with DDoS tools and were sending data to Whitehouse.gov. The attack was similar to one directed at the CIA earlier in the week.

1 & 2 May 2001 US Government Web Sites Attacked
A number of US government web sites came under attack last week, possibly by crackers acting on threats to escalate cyber attacks during the first week of May. Affected sites include the Department of Transportation's Surface Transportation Board, the US Geological Survey and the Federal Emergency Management Agency's (FEMA's) Hurricane Liaison team. Security experts have focused on the fact that many systems are unsecured.
http://www.usatoday.com/life/cyber/tech/2001-05-02-china-hack-usat.htm
http://www.usatoday.com/life/cyber/tech/2001-05-01-dot-hack.htm
http://www.msnbc.com/news/567402.asp?0nm=T24F

4 May 2001 FBI Documents Detail Carnivore Use
FBI documents obtained under the Freedom of Information Act (FOIA) show that the agency used Carnivore and a similar, commercially available network monitoring device called Etherpeek 24 times between October 1999 and August 2000. The tools were used in cases involving hacking, extortion, intellectual property, and national security.
http://www.wired.com/news/business/0,1367,43570,00.html

30 April and 3 & 4 May 2001 Chinese Hacking Threat Loses Steam
Despite threats of massive attacks on US computer networks, the purported cyberwar between China and the US has largely deteriorated into a rash of site defacements. Some experts have speculated that the cyber attacks were largely fueled by the media.
http://news.cnet.com/news/0-1003-200-5773288.html?tag=prntfr
http://www.thestandard.com/article/0,1902,24202,00.html
http://www.wired.com/news/politics/0,1283,43520,00.html

3 May 2001 CERT Warns of ISN Vulnerability
The Computer Emergency Response Team (CERT/CC) has issued an advisory regarding a vulnerability in the way initial sequence numbers (ISNs) are generated for TCP use. TCP was built for reliability, not security, and the predictability of ISNs could allow an attacker who has deduced the correct ISN to access a victim's computer. A CERT/CC Internet security analyst pointed out that exploiting the vulnerability would require statistical analysis tools.
http://news.cnet.com/news/0-1003-200-5815298.html?tag=prntfr
This is one more reason to move to IPv6.

2 May 2001 "Hacktivists" are Not Activists
The author of this opinion piece deplores the use of the word "hacktivism," claiming the activity it describes is usually neither hacking nor activism. While the perpetrators may not be activists in the true sense of the word, they do serve to point out the lamentable condition of Internet security; the author would like to see systems administrators and software companies taken to task for poor security practices.
http://www.msnbc.com/news/568036.asp?0nm=T23D

1 May 2001 Uncovering a Cracker's Footsteps
A systems administrator describes the process of figuring out how a cracker broke into a Linux box and what the cracker did there. The author also offers some advice on securing servers: keep current with patches, turn off unnecessary services, download and install portsentry, and familiarize yourself with security resources.
http://www2.linuxjournal.com/articles/culture/0022.html

1 May 2001 W32/Hello Worm Spreads Via MSN Messenger
The Hello worm arrives as an executable file via MSN Messenger; if activated, it sends itself on to the infected machine's MSN e-mail contact list. The worm is unlikely to cause significant damage because users must deliberately download and execute the file to become infected. While Hello appears to be largely a proof of concept worm, future variants could prove more harmful.
http://www.zdnet.com/zdnn/stories/news/0,4586,5082130,00.html
Advice for securing instant messaging services. (25 April 2001)
http://www.zdnet.com/zdnn/stories/news/0,4586,2711950,00.html

30 April 2001 Group to Release Filter-Foiling Tool
A hacker group plans to introduce a peer-to-peer censorship-thwarting tool at this year's Defcon in July. "Peekabooty" will be distributed between systems, and will allow people in countries that restrict Internet content to receive controversial web pages in a compacted, encrypted form that will not be filtered out.
http://www.zdnet.co.uk/news/2001/17/ns-22536.html

30 April 2001 Biometrics and Privacy
The Pentagon is considering using biometric technology for physical facility and information network security. Some employees are concerned that the stored biometric templates (constructed from the initial scan of the person's fingerprint, iris, or face) could invade their privacy. The director of the Pentagon's Biometrics Management Office, suggested that the templates may be protected under section 6 of the Freedom of Information Act (FOIA) which prohibits agencies from disclosing personal information that could be deemed an invasion of privacy.
http://www.fcw.com/fcw/articles/2001/0430/pol-bio-04-30-01.asp
An explanation of how biometrics works

26 & 27 April 2001 NIPC Warns of Potential for Increased Cyber Attacks
The National Infrastructure Protection Center (NIPC) warned US businesses to prepare to defend against increased cyber attacks from China during the first week of May which encompasses May Day, Youth Day, and the anniversary of the accidental NATO bombing of the Chinese embassy in Belgrade.
http://www.zdnet.com/zdnn/stories/news/0,4586,2712904,00.html
http://www.cnn.com/2001/TECH/internet/04/26/hacker.warning/index.html
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60022,00.html

27 April 2001 Cyber Vigilantism May be on the Rise
A panel of security experts at the Infosecurity show warned that companies' reluctance to call in law enforcement to deal with cybercrime could lead to cyber vigilantism. One survey suggests that 70% of companies that have been victims of cyber attacks would employ counter measures. The debate emphasized the need for firms to get their security infrastructure robust enough to frustrate attackers in the first place. Businesses that "take matters into their own hands" run the risk of breaking laws and of striking back at the wrong target.
http://www.theregister.co.uk/content/8/18553.html

27 April 2001 Wireless (In)Security
Many wireless networks are apparently running no security, allowing anyone with relatively inexpensive equipment to drive by and check out network activity. Malicious eavesdroppers could steal passwords, access servers, commandeer web sites or shut down networks altogether. Virtual Private Network (VPN) software can secure wireless networks.
http://www.msnbc.com/news/565275.asp?0nm=T18L

26 April 2001 SDMI Researchers Won't Present Paper
Bowing to legal threats from the Recording Industry Association of America (RIAA) and two other groups, the team of researchers who cracked a watermarking content protection system will not present a paper detailing their methods.
http://www.wired.com/news/politics/0,1283,43353,00.html

27 April 2001 IBM Plans Intelligent Computer
IBM plans to build a computer that will never go down; Project eLiza aims to create a computer that can correct system failures without the help of technicians. The new system may also be able to help automatically fend off hackers.
http://www.cnn.com/2001/TECH/ptech/04/30/project.eliza.idg/index.html

24 & 27 April 2001 Software Guards Against Mass E-Mailing Viruses
The Defence Evaluation and Research Agency (DERA), an agency of the UK's Ministry of Defence (MoD), has developed behavior blocker software called "::Mail" that alerts users when a virus is trying to send out mass e-mailings and requires authorization before it completes the task. Experts note that turning off Visual Basic Scripting (VBS) would prevent many viruses from spreading. Critics say that the software won't stop the newest batch of viruses, and that users find the technique, which has been used before, to be a nuisance.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1294000/1294473.stm
http://www.zdnet.com/zdnn/stories/news/0,4586,2711638,00.html
http://www.theregister.co.uk/content/8/18580.html
Note: You can get much more convenient protection from the "Just be friends" tool http://www.cigital.com/jbf/ (Win2000/NT only)

24 & 25 April 2001 Global Internet Fraud Web Site
Thirteen countries, including the United States, the UK, Canada, Mexico, and Sweden have consolidated their on-line consumer fraud efforts in econsumer.gov. The web site will provide information about consumer protection as well as a means for consumers to file complaints to appropriate government officials in the country where the offending business is located. The Federal Trade Commission will maintain and control the site.
http://news.cnet.com/news/0-1007-200-5715293.html?tag=prntfr
http://www.infoworld.com/articles/hn/xml/01/04/25/010425hnborder.xml

23 April 2001 NIST Security Grants
The National Institute of Standards and Technology (NIST) has $5 million to offer in grants to companies doing research and development in areas of security that will help protect the nation's critical infrastructure information systems. Proposals are due to NIST by June 15, 2001.
http://www.fcw.com/fcw/articles/2001/0423/news-nist-04-23-01.asp
http://csrc.nist.gov/grants/

23 April 2001 GAO Report Suggests Citizens' Privacy is at Risk from Data Sharing
A General Accounting Office (GAO) report says that information sharing between agencies could threaten citizens' privacy as linking data sets creates dossiers of information about private citizens, which could easily be abused. The GAO offered several solutions, including getting signed consent forms before joining citizens' data.
http://www.computeruser.com/news/01/04/23/news3.html

20 April 2001 BT Web Site Security Glitch
The British Telecommunications plc (BT) web site was taken down for about two hours after the company became aware of a security problem that allowed customers to see others' bills. One security analyst said that anyone who had registered for the bill-viewing feature could access others' bills if the appropriate customer reference numbers were available, and that BT's system does not include proper authentication.
http://www.theregister.co.uk/content/8/18418.html

19 April 2001 Cyber Sabotage Verdict Set Aside
The government is fighting to have a guilty verdict reinstated against a man prosecuted for computer sabotage. Tim Lloyd was found guilty of planting a malicious software program in a file server at the company where he worked; the program wreaked havoc, causing millions of dollars in loses and many layoffs. The judge set aside the decision after a juror said a TV news story might have affected her decision. Mr. Lloyd maintains his innocence.
http://www.nwfusion.com/news/2001/0419sabotage.html

PacketStorm Security Site

Index  About  Future  C-Dilla  Links page  Contact Us! 
News Pages -  1 2 3 4 5 6 7 8 9

Copyright © 1996-2004 by PrivacyandSpying Com