Press Releases - watch your press releases and better understand your companies PR.
A new twist on the old Web Bug Story..
Check it out..
Default Vulnerability Discovered in W2K SMTP Service
Microsoft Corp. Thursday night issued a fix to patch a new vulnerability that could give an attacker user-level privileges on Windows 2000 systems running its Simple Mail Transfer Protocol (SMTP) service.
SMTP is installed by default along with IIS 5.0 on Windows 2000 Server systems.
SMTP can be installed on Windows 2000 Professional systems, as well.
Here
Will Big Brother Track You By Cell Phone?
The FCC requires cell phone companies to track you, in order to find you when you call 911--but what about your privacy?
Your next cell phone may be able to tell your mobile carrier--and possibly others--exactly
where you are and where you've been.
Starting in October, new cell phones will contain Global Positioning System units for use
with location services offering emergency help, traffic and shopping aids, and more.
PC World
Should a Web Site's Privacy Policy be Set by Law?
Tech leaders say they want the flexibility to write their own, but Congress leans otherwise.
WASHINGTON, D.C. -- Respecting customers' privacy doesn't have to be the law, it's simply good business, some dot-com executives say. But a Congressional subcommittee is concerned about the less-conscientious companies.
PC World
Windows XP Is Nosy, Privacy Groups Complain
Advocacy groups urge FTC to force Microsoft to change Windows XP, possibly delaying launch.
As they threatened, a handful of consumer advocacy and privacy organizations have asked the Federal Trade Commission to force changes in Microsoft Windows XP that could delay the product's release.
The groups are concerned that Microsoft's Passport authentication system has "the
potential to track, profile and monitor users of the Internet ... [with] far-reaching and
profound implications for privacy," according to the formal
complaint,
filed Thursday.
PC World
Nation's Cybercops Criticized
Just days after the Code Red Worm crawls toward the White House, a Senate committee complains.
WASHINGTON -- As the Code Red worm lies dormant awaiting its next attack, the federal
agency that is supposed to protect the nation against cyberterrorism took heat for not
doing its job.
PC World
FBI Required to Report on E-Mail Wiretaps
Use of the controversial monitoring system formerly known as Carnivore must be detailed, Congress says.
The U.S. House of Representatives passed a measure on Monday that would require the
Federal Bureau of Investigation to report how it uses the controversial e-mail wiretap
system formerly known as Carnivore.
Although the bill places no restrictions on how the FBI could use its monitoring system,
now known as DCS1000, it would require the federal law-enforcement agency to provide
a detailed report every year on how it was used.
PC World
Russian Adobe Hacker Busted
LAS VEGAS -- FBI agents have arrested a Russian programmer for giving away software that removes the restrictions on encrypted Adobe Acrobat files.
Dmitry Sklyarov, a lead programmer for Russian software company ElcomSoft, was visiting the United States for the annual Defcon hacker convention, where he gave a talk on the often-flawed security of e-books.
This would be the second known prosecution under the criminal sections of the
controversial Digital Millennium Copyright Act, (DMCA) which took effect last year and
makes it a crime to "manufacture" products that circumvent copy protection safeguards.
Wired News
Rallies planned for arrested hacker
LOS ANGELES, California (Reuters) -- The arrest this week of a 26-year-old Russian software programmer accused of violating U.S. copyright law has sparked protests and pledges of support from a wide range of free speech advocates, defense lawyers and consumer groups.
Dmitry Sklyarov, who was arrested on Monday in Las Vegas after a major hacker convention there, is the first person to be prosecuted under the controversial 1998 Digital Millennium Copyright Act, federal law enforcement officials said.
Hacker supporters ask Adobe to aid in defense
SAN FRANCISCO, California (Reuters) -- Supporters of a jailed Russian software programmer called for Adobe Systems Inc. Wednesday to contribute to a legal defense fund. "Adobe made the mess so they should help clean it up," said Don Marti, an organizer for the Coalition to Free Dmitry. "I think it would be an opportunity for Adobe to put their money where their mouth is," said Robin Gross, an attorney at the Electronic Frontier Foundation.
CNN
Protest Prompts Adobe to Drop Charges
Programmer's release likely, so next target is reviled copyright law.
Adobe has dropped charges against a Russian programmer arrested for copyright infringement of its products, but the incident has nevertheless reinvigorated opposition to a digital-rights law that affects all PC users.
PC World
Double Trouble: Code Red and Sircam Plagues Continue
Computer users face high-profile threats from multiple sources
Computer users continue to face attacks on two fronts as the impersonal Code Red worm persists in infecting Web servers and the extremely personal Sircam virus keeps replicating in e-mail in-boxes worldwide.
Code Red doesn't directly attack PCs, but it has the potential to impact online access and Web site performance, according to security experts who have seen more than 200,000 additional Web servers hit by the latest round of Code Red infestation.
During the first wave, which began in mid-July, the worm infected about 250,000 servers running Microsoft's Internet Information Service software. Code Red's wild card is what will happen when it is due to switch to attack mode on August 20.
PC World
Consumers Are Key to Privacy Protection
Government and industry officials still disagree over regulation of online privacy, but agree that users need knowledge. WASHINGTON, D.C. -- When it comes to regulating online privacy protection, there seems to be only one thing that everyone here on Capitol Hill can agree on: Consumers need to be better informed.
PC World
Win2K becomes a spam relay
A flaw in the Win-2K SMTP (Simple Mail Transfer Protocol) authentication scheme allows unauthorized users to access the system using bogus credentials and bounce spam and death threats off unwitting users' machines with impunity.
The Register
Read your firewall logs!
Installing a firewall, configuring its rule-set, and letting it pass or deny traffic is not good enough. You also need to continuously monitor your firewall's log files. By reviewing your firewall logs, you can determine whether new IP addresses are trying to probe your network, and whether you want to write new and stronger firewall rules to block them, or trace the probes and take some sort of management action.
ZDnet
Privacy: Win XP activation 'innocuous'
A German copy-protection company has published details of Microsoft's technology for preventing casual copying of Windows XP but concluded the technology allows for reasonable upgrades and doesn't threaten customers' privacy.
"We contribute technical facts to a discussion that is currently characterized by uncertainty and speculation about XP," Thomas Lopatic, chief technology officer for the company and an active member of the security community, said in a statement.
Microsoft's product-activation technology--included in the new Office XP software package and slated to appear in the new Windows XP operating system--requires people to activate their PC online or by telephone to continue using the software. It has attracted criticism from both privacy advocates and customers.
ZDnet
Can Privacy Rights Survive?
When it comes to privacy, ever more intrusive collection technologies are being rolled out, such as online tracking mechanisms, spyware, face recognition systems, location tracking devices and even thermal imaging, a Senate Commerce Committee panel was told today.
And, Jason Catlett, president of Junkbusters.com and a visiting fellow at the Kennedy School of Government at Harvard, said in a written statement that "advances in 'cloaking' technologies are always outstripped by advances in collection technologies, both in capabilities and degree of adoption."
Also today, the American Civil Liberties Union and House Majority Leader Dick Armey, R-TX, issued a joint statement calling on all state and local governments to stop using cameras and the Internet to intrude on citizens before privacy in America "is so diminished that it becomes nothing more than a fond memory."
Internet News
U.S. government wants a few good hackers
LAS VEGAS--We're from the government and we want you to help us.
That was the message from a seven-member "Meet the Fed" panel, where government officials answered the questions of a roomful of hackers at the Def Con conference here Saturday.
Including members of law enforcement, a congressman and security experts, the panel illuminated the problems the government has in securing systems and appealed to hackers not to make it any harder--both to help the government and to help themselves.
Cnet
Half of U.S. Broadband Users Unprotected
Are you practically begging hackers and Internet thieves to attack?
Up to half of U.S. broadband users are leaving themselves wide open to attack by Internet thieves and hackers. Why? Because subscribers to "always on" Net connections aren't using any protection--like a firewall or antivirus software--to keep the black hats from gaining access to their PCs.
PC World
Cable internet security blown wide open
Millions of people accessing the internet through broadband cable connections risk having their computers taken over by malicious hackers, vnunet.com can exclusively reveal.
Israeli Security Company Checkpoint revealed today that the devastating security vulnerability is caused by the shared architecture of the data channel that carries internet traffic within cable companies' fibre networks. This means groups of subscribers share a single cable connecting them to the local neighbourhood node. Each subscriber's signal is multiplexed on to this single cable by frequency division multiplexing (FDM).
VNUnet Technology News
"Jam Echelon Day" doomed to failure, say experts
Activists are planning an international day of protest. Their aim? To jam Echelon. But privacy experts warn that "trigger words" will not outsmart the global surveillance system.
A group of Internet activists are hoping to bring attention to the US-led communications spy network, on 21 October, with a "Jam Echelon Day", but privacy experts are certain that the protests will have a minimal effect on the sophisticated surveillance system.
ZDnet
SECURITY BULLETINS
W32-Leaves.worm Exploits Compromised PCs
The W32-Leaves.worm apparently seeks out PCs compromised with the
SubSeven trojan, plants additional code onto the machines and
synchronizes their internal clocks with the US Naval Observatory
clock, leading experts to surmise crackers are preparing the machines
to launch a distributed denial-of-service attack.
Cnet
NIPC
Sprint Denial-of-Service Attack
Sprint officials confirmed that the company's network was hit with a
"low-impact" denial of service attack. Engineers contacted the
Internet service providers (ISPs) where the attacking addresses
originated, and the ISPs blocked those addresses.
Computer World
Microsoft Windows Function Affects Norton Anti-Virus
Changing the value of the registry key NAV 2001 disables Norton Anti-
Virus, according to Peter Kruse of Scandinavian telco Telia. Symantec
maintains that the problem affects only the on-demand scanner and not
AutoProtect, but plans to change the way its anti-virus product uses
PC registries.
Note: This widely reported story is completely specious. Being able to change a Registry key in Windows systems to disable some function or executable is commonplace. If anything, it represents a weakness in Windows systems, not a weakness in any program. This is not Symantec's problem at all. [Sometime you should ask me about the Norton's Utilities
problems created by the (Mijenix/OnTrack) Fix-It program..]
Vendor Group to Coordinate Vulnerability Reporting
A coalition of security and other software vendors plans to form an
industry group that will establish standards for reporting
vulnerabilities. The group would disclose vulnerability and exploit
information to members first, then to the public, and only after fixes
are available. The proposed procedure raises the debate over
vulnerability disclosure: some maintain it's best not to publicize
security holes before a fix is available, while others contend
immediate disclosure keeps vendors honest.
ZDnet
"Serious" Vulnerability In Check Point Firewalls
A hole has been discovered that allows outsiders to snoop inside
networks that are protected by Check Point Firewalls. The
vulnerability exploits the fact that RDP packets traverse Check Point
firewall gateways. Representatives of CERT/CC called the problem
serious.
Computer World
Advisory
Patch
NSA's Windows 2000 Security Guides Have Moved
Everyone who tried (and failed) to download NSA's Windows 2000
security guides will be happy to know the guides are now more fully
available. There are five valuable inf files and sixteen guides
(including the first update to the "Secure Configuration and
Administration of IIS" guide)
Here
Security Vendors' Revenue Slows
Financial results reported by ISS, Check Point, Symantec, Certicom,
Watchguard and Baltimore disappointed analysts and caused stock prices
to fall.
Computer World
Eli Lilly Exposes Customer E-Mail Addresses
Eli Lilly and Co. mistakenly sent messages containing more than 600
e-mail addresses to customers of a reminder service. Many of the
customers are taking medication for depression, bulimia, or obsessive-
compulsive disorder.
Washington Post
Shopping Cart Software Flaw Still Prevalent
Although a flaw in PDG shopping cart software has been public
knowledge since April, some e-commerce sites still have not repaired
the hole, leaving customer credit card data and merchant
identification numbers available to crackers. Lists of vulnerable
sites have been appearing in chat rooms.
MSNBC
Canada Aims for Secure E-Government
The Canadian government hopes to have its on line network running by
2004. They hope to allow Canadian citizens to pay their taxes, apply
for benefits and conduct other government business on line with
assured privacy and security.
Here
The Serious Underbelly of Cyber Attacks
High profile cyber crimes like defacements and denial-of-service
attacks distract from the greater threats of backdoors and
cryptoviruses, say information warfare specialists.
Wired
Crackers May Have Tested Distributed Spamming
Crackers have apparently used a worm-generating tool to create a
program that turns infected PCs into zombie spammers.
ZDnet
Note: This represents an extremely serious threat in that virtually everyone who downloads e-mail could potentially (and unwittingly) be turned into a spammer.
This reinforces the need for virus walls at network gateways as well as other measures.
Firewall Appliances Outsold Software Firewalls In 2000
IDC reports that, for the first time, more money was spent on pre-
configured hardware firewalls than on software firewalls in 2000. Lack
of trained staff to monitor and configure the software firewalls has
led to the switch, according to IDC.
Visa Announces Authentication Specs
Visa International, Inc. has announced technical specifications for
payment authentication services. The 3-D Secure 1.0 specifications
will allow e-merchants to use their own processing systems while
establishing a connection between customers, card issuers, and
themselves to authenticate transactions.
Computer World
Breaking News:
New "Code Red" worm is spreading rapidly through systems running Microsoft IIS.
Both ISS 4.0 and 5.0 are affected.
CRN
Sans.org Defaced
The Sans.org web site was defaced on Friday morning. The site was
taken off line immediately. It was brought back up Sunday evening.
Forensic analysis is ongoing.
MSNBC
Note: This has been a startling reminder of just how devastating an
Internet attack can be. Every single program and setting has to be
reviewed and in many cases, redesigned so that they can safely
operate, not just in today's attacks, but also in the face of the
threat level we will experience two years down the road. Some services
may not be available for days.
SANS Note: Though we would have greatly preferred not to have been attacked,
the subsequent analysis is reaping far more fruit than we expected or hoped.
We will provide a complete report of the lessons learned. We are gratified
and humbled by the outpouring of active, unsolicited assistance being
provided by many of the most experienced people in security. It helps a lot!
Leave Worm Variant Disguised as Microsoft Security Bulletin
A variant of the W32-Leave worm is wending its way about the Internet pretending to be a Microsoft security bulletin. The worm, which affects only machines previously infected
with the SubSeven Trojan, downloads components from web sites and could potentially be used to plant denial-of-service software on infected machines. Computers with current antivirus
software and firewall protection should be safe from infection.
Computer World
Honeynet Expansion Planned
The founders of the Honeynet project (that uses fake web sites to track and fingerprint attackers) are proposing mechanisms that will greatly expand the number of honeypots,
making them more difficult for the attackers to recognize.
Cnet
Note: A few years ago you could track nearly all the sting sites but it's getting ever more difficult.
New Mailing List To Improve Speed and Accuracy Of Security Bug Reports
Three well-known vulnerability researchers, Rain Forest Puppy, Weld Pond, and Steve Manzuik, have formed a new vulnerability mailing list for reporting new vulnerabilities and threats. The new site, at www.vulnwatch.org is designed to improve both the timeliness and quality of bug reports over what has been provided by Bugtraq and NTBugtraq. News Byte
Outlook E-Mail Vulnerability
Georgi Guninski has reported an ActiveX control flaw in Outlook 98, 2000, and 2002 e-mail software that could allow an attacker to alter calendar information, delete e-mail, or run malicious code on the affected computer. Users can be exposed to the vulnerability either
by viewing a specially crafted web page or by opening specially crafted HTML e-mail. Microsoft Corp. has issued a security bulletin, and a company security manager indicates that they would have preferred having had time to prepare a fix before the vulnerability
became public knowledge.
Computer World
MSNBC
Microsoft
Microsoft Speaks Out On Raw Sockets
Microsoft's Security Program Manager, Scott Culp, tells why he believes raw socket support is useful for effective security in Windows XP and why taking raw sockets out would not stop DDOS attacks. The interview was presented by the Register as a rebuttal to claims
made by Windows guru Steve Gibson.
The Register
Note: Gibson does not "say necessary and sufficient," and as Culp suggests.
He merely says useful, that it will so lower the cost that it will result in a dramatic increase.
I-Worm.Mari
The I-Worm.Mari spreads, as many do, via Outlook address books when uses click on e-mail attachments. The worm does no harm to computers, but spreads a short polemic in favor of legalizing marijuana, and sets Internet Explorer's start page to marijuana.com.
Though the site asserts it has nothing to do with the worm, angry victims have launched denial of service attacks in retaliation.
Wired
Easing the Security Headache for Users
Because security measures are generally tacked on after computer systems are designed, users often find them cumbersome and develop methods for bypassing permissions, virus filters,
digital certificates and the like. Unfortunately, passwords on post-its and disabled filters undermine security.
Computer World
S1 Corp. Computer Intrusion
Intruders who broke into a computer at web-based banking services company S1 Corp.
may have been able to access sensitive customer data, according to one source.
Federal law enforcement authorities are investigating. MSNBC
Stopping Distributed Denial of Service Attack's
Shawn McCarthy offers a brief tutorial on types of DDOS attacks and how your ISPs
can help you counter them.
GCN
Bureaucrats Urge Legislators to Strengthen Cyber Security Oversight
A panel of bureaucrats told the Joint Economic Committee that all the attention paid to defacements, hacking and other minor cyber threats distracts from the larger risk of cyber warfare launched by foreign governments. The panel urged the legislators to strengthen federal security oversight.
GCN
Research Report: How Americans Use The Internet
The Pew Foundation Internet and American Life Foundation just released a study of the amount of time spent and the activities performed on the Internet. Also compares veteran Internet users with newcomers.
Report
If you or anyone you know has an IIS server, please get it patched,
now! The patch is posted at:
Yes this is a real Microsoft site
YOUR INFORMATION SECURITY POLICIES ARE ALREADY WRITTEN!
INFORMATION SECURITY POLICIES MADE EASY V8 is a practical, easy-to-use reference tool offering 1100+ already-written security polices. Quickly customize these definitive, up-to-date security policies covering the latest threats and technologies -- saving thousands of hours and dollars. This is the most comprehensive collective of security policies available anywhere. Recently updated to help with HIPAA and GLBA regulations.
Download a FREE E-MAIL SECURITY POLICY
Note: In order to obtain a Sample Policy you are required to provide your Full Name,
Full Address, Telephone Number and Email Address.
Read the Privacy Policy and decide
for yourself.. If you just want to borrow mine,
contact me.
White House Averts Code Red Denial of Service Attack
Thwarting the attempts of the Code Red worm to launch a denial of service attack against www.whitehouse.gov, system administrators moved the site to an alternate IP address. Code
Red takes advantage of a known Microsoft IIS buffer overflow vulnerability and evades antivirus scanners because it runs entirely in memory.
Computer World
Cnet
GCN
CERT
Note: This was the single most successful worm in a decade, and it used only professionally managed systems. In a week, it starts over again. Anyone want to assert that we have destroyed all of more than 200K copies? Anyone want to assert that it has exhausted the address space and that are simply no more systems for it to attack? How about that we have responded to the attack and finally gotten around to patching all the vulnerable systems?
SirCam Worm
The SirCam worm propagates via Outlook when users open infected attachments. The accompanying e-mail address will have a randomly chosen subject line and will add a document from the infected computer to the attachment, possibly exposing personal or proprietary information. The worm also plays a sort of roulette, which may result in all unused space on an infected machine's hard drive being filled with random text. It also may delete all files on an infected computer.
NWFusion
ZDnet
Wired
CIS Consensus Benchmark For Minimum Security Settings
By developing a consensus minimum security benchmark and offering free testing tools, the Center for Internet Security (CIS) hopes to pressure vendors into releasing products that are securely configured. Gartner analyst John Pescatore observes that the CIS benchmark will be extremely valuable and an easy way to get an increase in security, versus just reading about threats. CIS is a consortium of 160 large businesses, government agencies and academic institutions in 17 countries.
Internet Week
Reuters
Phony Microsoft Security Bulletins
Two spurious Microsoft security bulletins trick people into infecting
their machines with viruses; their attendant web sites have been shut
down.
ZDnet
Note: I think I mentioned my definition of having the user do-it-to-himself as Social Engineering.. An old trick was "[email protected] or yahoo.com and then post it around the NGs and see who came caling..
IDSes Require Fine-Tuning
Federal security managers speaking at a conference about intrusion detection systems (IDSes) say there's a lot more to the systems than simply installing the boxes. You must know your network traffic patterns well enough to determine what is out of the ordinary and be careful not to set the threshold too low or you will flood your own system. Additionally, monitoring the IDS results can consume a lot of resources.
GCN
Note: "Setting the threshold too low" refers to a capability to adjust IDSs to either have more false alarms with the gain of fewer misses (detection failures) or have fewer false alarms with the gain of more misses. (Multiple*) Firewalls also require tuning and you have to know your security policy to install them effectively. The fact that any security system requires knowledge, skills, hard work, and tuning should not be a surprise. Sadly, federal
agencies are asking people with little or no training to take responsibility for securing major systems. *Crash Crash and Burn Here Some Days!!
FBI's Missing Laptops
The FBI began tracking its laptops only last year. In the last 11 years, 184 of 13,000 laptops have disappeared; at least 13 were stolen and three contained sensitive or classified data. Legislators are unhappy, and Attorney General John Ashcroft
has requested an inventory of Bureau laptops and other items.
FCW
Security Firm's Action Irresponsible, Say Critics eEye Digital security, the company that apparently discovered the Code Red worm, has been criticized by security experts for publishing exploit information that could potentially be used by crackers.
Computer World
CERT/CC Advisory for Home Users
CERT/CC has issued a security alert urging home users to protect their computers with antivirus software, firewalls, and good practices.
CERT
Note: The CERT/CC bulletin is long overdue, but still useful. It is questionable, however, whether this bulletin will get to the people who need it most.
Feds Meet with Hackers
A panel of government officials spoke with hackers and voiced hopes that they will put their talents to good and ethical uses.
ZDnet
A Very Real and Present Threat to the Internet: July 31 Deadline For Action
Summary: The Code Red Worm and mutations of the worm pose a continued
and serious threat to Internet users. Immediate action is required to
combat this threat. Users who have deployed software that is
vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must
install, if they have not done so already, a vital security patch.
How Big Is The Problem? On July 19, the Code Red worm infected more
than 250,000 systems in just 9 hours. The worm scans the Internet,
identifies vulnerable systems, and infects these systems by installing
itself. Each newly installed worm joins all the others causing the
rate of scanning to grow rapidly. This uncontrolled growth in scanning
directly decreases the speed of the Internet and can cause sporadic
but widespread outages among all types of systems. Code Red is likely
to start spreading again on July 31st, 2001 8:00 PM EDT and has
mutated so that it may be even more dangerous. This spread has the
potential to disrupt business and personal use of the Internet for
applications such as electronic commerce, email and entertainment.
Who Must Act? Every organization or person who has Windows NT or
Windows 2000 systems AND the IIS web server software may be
vulnerable. IIS is installed automatically for many applications. If
you are not certain, follow the instructions attached to determine
whether you are running IIS 4.0 or 5.0. If you are using Windows 95,
Windows 98, or Windows Me, there is no action that you need to take in
response to this alert.
What To Do If You Are Vulnerable?
a. To rid your machine of the current worm, reboot your computer.
b. To protect your system from re-infection: Install Microsoft's patch
for the Code Red vulnerability problem:
Windows NT version 4.0
Windows 2000 Professional, Server and Advanced Server
Step-by-step instructions for these actions are posted at
www.digitalisland.net/codered
Microsoft's description of the patch and its installation, and the vulnerability it addresses is posted at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-03.asp (cut and paste if required)
Because of the importance of this threat, this alert is being made jointly by:
Microsoft
The National Infrastructure Protection Center
Federal Computer Incident Response Center (FedCIRC)
Information Technology Association of America (ITAA)
CERT Coordination Center
SANS Institute
Internet Security Systems
Internet Security Alliance
