[iwar] [NewsBits] NewsBits - 02/09/01 (fwd)
From: Fred Cohen
To: Information Warfare Mailing List
From: fc@all.net
To: iwar@onelist.com
Mon, 12 Feb 2001 06:56:18 -0800 (PST)
fc Mon Feb 12 06:57:08 2001
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Mon, 12 Feb 2001 06:57:08 -0800 (PST)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Mon Feb 12 14:57:02 2001)
X-From_: fc@all.net Mon Feb 12 08:56:19 2001
Received: from hk.egroups.com (hk.egroups.com [208.50.99.220])
by multi33.netcomi.com (8.9.3/8.9.3) with SMTP id IAA17011
for ; Mon, 12 Feb 2001 08:56:16 -0600
X-eGroups-Return: sentto-279987-923-981989780-fc=all.net@returns.onelist.com
Received: from [10.1.4.55] by hk.egroups.com with NNFMP; 12 Feb 2001 14:56:20 -0000
X-Sender: fc@all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_0_3); 12 Feb 2001 14:56:20 -0000
Received: (qmail 18774 invoked from network); 12 Feb 2001 14:56:19 -0000
Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 12 Feb 2001 14:56:19 -0000
Received: from unknown (HELO all.net) (65.0.156.78) by mta3 with SMTP; 12 Feb 2001 15:57:24 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id GAA01680 for iwar@onelist.com; Mon, 12 Feb 2001 06:56:18 -0800
Message-Id: <200102121456.GAA01680@all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe:
Date: Mon, 12 Feb 2001 06:56:18 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [NewsBits] NewsBits - 02/09/01 (fwd)
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
[FC - mostly propaganda today - but I thought is was interesting...]
February 9, 2001
Indian hackers busted
Concern over cyber crime is rising in India Delhi
Police have arrested two men for allegedly hacking
a website in the first ever cyber-crime case in India.
The two were detained for allegedly blocking the
website - go2nextjob.com - which provides support
and information to job-seekers and employers. The
hackers posted a message on the website saying it
was closed. The site is now back in operation and
the hackers have been sent to judicial custody for
14 days. "This is probably the first instance where
anyone has been arrested for cyber crime," said
Rajan Bhagat, assistant commissioner of police.
http://news.bbc.co.uk/hi/english/world/south_asia/newsid_1162000/1162245.stm
Feds Say Fidel Is Hacker Threat
These must be jittery times for anyone in the military
who uses the Internet. Not only do they have to guard
against Love Bug worms and security holes in Microsoft
Outlook -- now they've got to worry about Fidel Castro
hacking into their computers. Admiral Tom Wilson, head
of the Defense Intelligence Agency, says the 74-year-old
communist dictator may be preparing a cyberattack against
the United States. Wilson told the Senate Intelligence
Committee during a public hearing Wednesday that Castro's
armed forces could initiate an "information warfare or
computer network attack" that could "disrupt our military."
http://www.wired.com/news/politics/0,1283,41700,00.html
Proposed law would erase free Web users' anonymity
Child pornographers are hiding behind untraceable free
Internet e-mail accounts, frustrating law enforcement
agents and prompting new legislation that would require
free Internet service providers to collect more
information about subscribers. BlueLight.com, the
6-million subscriber service run by Kmart Corp., has
already changed its policies in response to a request
from Wayne County Sheriff Robert Ficano's Internet crime
task force. Most of the free providers, however, are
ignoring requests to do more to identify their
subscribers. And online privacy-rights groups are
soundly criticizing such requests. "BlueLight recognized
the problem and has acted responsibly," Ficano said
Wednesday. "Unfortunately, we're not having as much
success with other providers. These free services can
be a haven for child pornographers."
http://freep.com/money/tech/mwend8_20010208.htm
Don't be fooled: DCS1000 still a 'Carnivore' at heart
The FBI has dressed its online wolf in sheep's clothing,
changing the name of its controversial e-mail surveillance
system, known to this point as Carnivore. Carnivore now
goes by the less beastly moniker of DCS1000, drawn from
the work it does as a "digital collection system." The
investigative agency built the tool to monitor the
Internet communications of suspects under its surveillance,
but the system, housed on computers at Internet service
providers, also can collect e-mail messages from people
who are not part of an FBI probe.
http://www.zdnet.com/zdnn/stories/news/0,4586,2684186,00.html
A comedy of errors
Norton AntiVirus proxy sends e-mail around in circles
There's an arms race going on in your PC, and your
e-mail program is standing there on the front lines.
As viruses, Trojans, and worms become more dangerous,
antivirus software get more sophisticated. Back and
forth it goes, and at some point something's going to
break. Recently, it has been Norton AntiVirus (NAV)
that is blocking all e-mails on some systems. It's
not necessarily a bug, but NAV's methods are confusing
users and angering ISPs.
http://www.msnbc.com/news/528726.asp
An early test for Bush on encryption
Just days into the new Bush administration, the law
enforcement leakers are gulling credulous reporters
with a propaganda campaign that should chill anyone
who cares about liberty. In a gee-whiz, uh-oh story
in USA Today earlier this week, we learned that Osama
bin Laden and his operatives are using technology to
hide their communications from the eyes and ears of
law enforcement. The story was a propaganda triumph
for the leakers. It was a threat to the rest of us.
http://www0.mercurycenter.com/premium/business/docs/gillmor09.htm
Follow Your E-Mail Everywhere
Imagine being able to trace where your e-mail goes,
and where it's forwarded. Say you had a way to verify
that the CEO of the Fortune 500 company you've been
hounding for a job indeed got the resume you e-mailed
him. Or that you could tell if your girlfriend lied
when she denied getting your message that begged her
not to go to that conference in Jamaica with her
assistant who turned out to be rather hunky? Both
scenarios are possible, thanks to services that track
when and where e-mail messages are read without the
recipient's knowledge. The technology has long been
used by online marketers to determine who reads their
spam; now it's available to consumers as well.
http://www.wired.com/news/technology/0,1282,41686,00.html
New software gives hackers nowhere to hide
A US startup will next month release a software tool
which it claims can help protect against hacking
attempts and traces the attackers back to their IP
addresses. Aimed at small businesses, Sharp
Technology's Hack Tracer II uses database and web
router tracking technologies to help determine the
locations of potential hackers and reports them
to their internet service providers (ISPs).
http://www.vnunet.com/News/1117499
Trojans, Valentines and Love
Valentine's Day approaches we can expect to see at
least two events occur: A lot of attachments and
active content will be sent out via email; The media
will be covering love malware stories wherever they
abound, regardless of the actual threat. There are
three current issues that every Internet user should
be aware of to avoid spreading myths, hoaxes, and
malware: APSTrojan.qa, Valentin.exe and
VBS.LoveLetter.CD
http://securityportal.com/articles/valentines20010209.html
How quickly should security flaws be made public?
For as long as computers have been in use, information
about the security (or lack thereof) of the machines
themselves and the software they run has been doled
out in tantalizingly tiny bits on a need-to-know basis.
Indeed, many vendors, network administrators and security
companies adopt a policy of less-is-more when it comes to
the question of how much information to release to the
public about a particular software bug, exploit or attack.
The reasoning goes something like this: If they release
too many details, not only will they give hackers more
ammunition for their attacks, but also -- and more
importantly for the vendor whose software or standard
was breached -- they'll open themselves up to public
scrutiny and criticism.
http://www.zdnet.com/eweek/stories/general/0,11011,2684308,00.html
Are Digital Signatures Safe?
The success of e-commerce relies on one thing, really:
companies must be able to guarantee that confidential
information--credit card numbers, say--are kept
unaltered as they travel through cyberspace. A widely
used technique is the Digital Signature Algorithm (DSA),
designed by the National Security Agency and approved
under the Digital Signature Standard from the National
Institute of Standards and Technology. This so-called
public-key encryption method generates a numerical
"signature," which in theory makes it possible for
software at the receiving end of a transaction to
verify a message's integrity.
http://www.sciam.com/news/020701/2.html
------------------------ Yahoo! Groups Sponsor ---------------------~-~>
eGroups is now Yahoo! Groups
Click here for more details
http://click.egroups.com/1/11231/1/_/595019/_/981989780/
---------------------------------------------------------------------_->
------------------
http://all.net/