[iwar] News
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Mon, 4 Sep 2000 00:29:25 -0700 (PDT)
fc Mon Sep 4 00:30:14 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Mon, 04 Sep 2000 00:30:14 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Mon Sep 4 07:30:07 2000)
X-From_: sentto-279987-518-968052567-fc=all.net@returns.onelist.com Mon Sep 4 02:29:53 2000
Received: from hm.egroups.com (hm.egroups.com [208.50.99.198]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id CAA15479 for ; Mon, 4 Sep 2000 02:29:53 -0500
X-eGroups-Return: sentto-279987-518-968052567-fc=all.net@returns.onelist.com
Received: from [10.1.10.36] by hm.egroups.com with NNFMP; 04 Sep 2000 07:29:26 -0000
Received: (qmail 16830 invoked from network); 4 Sep 2000 07:29:27 -0000
Received: from unknown (10.1.10.26) by m2.onelist.org with QMQP; 4 Sep 2000 07:29:27 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta1 with SMTP; 4 Sep 2000 07:29:26 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id AAA09340 for iwar@onelist.com; Mon, 4 Sep 2000 00:29:25 -0700
Message-Id: <200009040729.AAA09340@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Mon, 4 Sep 2000 00:29:25 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] News
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
-------------------------- eGroups Sponsor -------------------------~-~>
GET A NEXTCARD VISA, in 30 seconds! Get rates
of 2.9% Intro or 9.9% Ongoing APR* and no annual fee!
Apply NOW!
http://click.egroups.com/1/7872/14/_/595019/_/968052568/
---------------------------------------------------------------------_->
Emulex hoax suspect bond set at $100,000
A federal judge has set a bond of $100,000 for Mark Simeon Jakob,
the suspect apprehended yesterday by federal law enforcement authorities
for allegedly releasing a fake news announcement that sent shares of
technology company Emulex reeling more than 50 percent last Friday.
The U.S. attorneys' office had requested that Jakob be detained, but
the judge disagreed and set the bond, with a psychiatric evaluation as
a condition of release. Matthew McLaughlin, a spokesman for the FBI in
Los Angeles, said the suspect has not been released, pending the
psychiatric evaluation. Unconfirmed reports this morning indicated that
Jakob had been released on bail.
http://news.cnet.com/news/0-1004-200-2667995.html
Emulex takes steps to avoid a repeat
Executives at Emulex Corp. fought back quickly last week against
the hoax that caused stock in the Southern California company to
crash. ``I didn't have time for anger. I didn't have time for any
emotion. I only had time to react (and) move immediately for damage
control,'' said Chief Executive Paul Folino. Nevertheless, Folino
said the Costa Mesa-based company is taking additional steps to
protect itself and its investors in the future. And he encouraged
public companies, especially those on the West Coast that are three
hours behind the marketplace in New York, to have crisis-management
procedures in place ``so that when you do need to go to guns,
everybody's able to play their role.''
http://www.mercurycenter.com/premium/business/docs/emulexside01.htm
Police seek St George's website hacker
POLICE are investigating what could be the first Australian case
of internet hacking, designed to jam popular ecommerce sites,
after thousands of St George Bank customers were denied access
to its online banking service. The bank brought in a team of
technical experts to try to fix the problem that emerged this
week when users found difficulty accessing the service. St George
spokesman Adam Cooke said the bank started notifying its 120,000
online customers of the problem yesterday after attempts to fix
the problem failed.
Police Get X-Ray Vision Courtesy of the Internet
According to the FBI, Los Angeles is the bank robbery capitol
of the world. In its effort to keep up with the bad guys, one
of the smaller police stations in the area, Seal Beach, is
trying a new technology called A-TIP: alarm-triggered Internet
protocol. Dean Hoagland, the security director at Rockwell
Federal Credit Union, remembers September 9, 1999 well. That's
when armed bandits robbed his bank. While the action was caught
on the eight security cameras located inside the bank, the
images were poor, and the video tape could only be used as
evidence after the crime was committed. But what if law
enforcement could see into the bank during the crime?
Using A-TIP, they now can.
http://www.zdtv.com/zdtv/cybercrime/privacy/story/0,9955,9486,00.html
Old Internet Explorer Plus New Hotmail Equals Big Vulnerability
Haven't upgraded Internet Explorer yet? Maybe this will convince
you. BugNet has validated a security vulnerability that could
allow a malicious user to gain access to your Hotmail account.
By enticing a Hotmail customer running Internet Explorer 4.x or
5.0 into clicking on a carefully constructed link, the unwary
victim would be tricked into abdicating crucial cookie information
that would allow the hacker to gain access to the Hotmail account.
This is not a new bug, but a new exploit of an old bug originally
reported on May 17, 2000. Even though newer versions of Internet
Explorer are readily available, there are still a lot of people
using the version that came with Windows 98. For some, they don't
want to touch something that seems to be working fine. For others,
the sheer size of the download makes the prospect of upgrading
over a dial-up connection seem like an insurmountable task. This
latest security alert should serve as a wake up call that maybe
it is time to bite the bullet and upgrade.
http://www.zdnet.com/zdhelp/stories/main/0,5594,2623070,00.html
Viruses threaten to evolve beyond PCs
A nasty bug on the Internet this week threatened to wipe out the
contents of Palm handheld computers. This time, it was a false
alarm. Still, this minor infestation could belie havoc to come.
Experts warn that in two to four years, mobile phones, handheld
computers, video game consoles, cars and other devices could
become infected by software code with the destructive power of
the ``ILOVEYOU'' worm that ravaged computer networks in May.
``It's an example of what's possible. All these things are just
little computers with weird interfaces,'' said Bruce Schneier,
founder and chief technical officer at Counterpane Internet
Security. ``You can write a worm in 1,000 lines of code.''
As more computing devices become networked, it opens up the
potential for viruses and worms to spread, disguised not just
in e-mail attachments, but also in voice messages, MP3 files,
video games, interactive maps and other seemingly harmless
communications.
http://www.mercurycenter.com/svtech/news/top/docs/palm090100.htm
Financial site tightens security after warning
A startup US accounting website has tightened its security
measures after a bug expert uncovered several vulnerabilities
which could leave customer details exposed. According to bug
hunter Jeffrey Baker, the website of Intacct.com, which provides
web hosted accounting services to midsized organisations, could
be compromised by a malicious intruder who could build a database
of customer details. Baker took the rare step of singling out
Intacct on the Bugtraq moderated industry mailing list last
weekend for failing to live up to claims over the tightness of
its security. He said he felt compelled to post the advisory
because Intacct failed to respond to his initial emails.
http://www.vnunet.com/News/1110065
ISPs debate offshore email to evade RIPA
Several British ISPs are considering providing offshore email
services in an effort to evade the government's controversial
Regulation of Investigatory Powers Act which gives the authorities
unprecedented surveillance powers. Sources say ISPs are debating
how to offer customers email accounts outside British jurisdiction
with privacy groups and security experts. The move is partly to
express frustration with the surveillance law, but also to
acknowledge users' need for privacy.
http://www.zdnet.co.uk/news/2000/34/ns-17626.html
Microsoft won't fix new Windows security flaw
Microsoft says it won't be issuing a patch for a newly discovered
security vulnerability in Windows that PGP's COVERT lab classifies
as 'high-risk'. The COVERT Lab issued an advisory earlier this week
detailing how a local Windows networking configuration can be
corrupted by redirecting the user to an arbitrary IP address of the
hacker's choosing. In itself, say researchers, the vulnerability
isn't destructive. For malicious crackers it's more likely to be a
means to an end. But the simplicity and stealth with which the attack
can be carried out means that it merits a high risk rating, says PGP.
"All it takes is a single UDP packet sent to whoever is on the Windows
network - it's unsolicited," a PGP researcher told The Register. "That
person never needs to ask a question to receive an invalid response
and for their cache to be corrupted, and for that machine to be the
under the control of the attacker."
http://www.theregister.co.uk/content/4/12951.html
European pot site puts launch on back burner
Internet start-up iToke planned to start delivering marijuana in
Amsterdam today, but the launch was delayed by negative sentiment
from some local coffee shop owners and frenzied press requests.
"We felt there was an impending media circus and some recent
misperceptions regarding iToke's goals and business model," Tim
Freccia, iToke's co-founder, said in a phone interview from his
boat near Barcelona. Freccia said some coffee shop owners, who
run the only businesses authorized to sell marijuana in Holland,
see iToke as a threat to the status quo and dislike the fanfare
surrounding the company. "We're not in Amsterdam to 'Amazonify'
pot," said Freccia, an American who co-founded iToke with Mike
Tucker, both from Seattle, Wash. "We're just there to get along
with everybody and to put a happy face on pot.
http://news.cnet.com/news/0-1007-200-2672155.html
Would you hire a hacker?
DAN GEER, CTO OF @STAKE in Cambridge, Mass., an Internet security
company, hires hackers. So does Firas Bushnaq, president and CEO
for eCompany in Aliso Viejo, Calif., an Internet solutions company.
In fact, a growing number of security organizations are hiring
hackers=97people driven by an unquenchable desire to understand
programmable systems and find the weaknesses in them. Some hackers
have questionable histories, and some are squeaky clean, but all
have what many employers consider to be a crucial element of good
security. Geer calls it "the love of the game."
http://www.cio.com/archive/090100_soundoff_content.html
------------------
http://all.net/