Return-Path: <sentto-279987-4394-1012267227-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 28 Jan 2002 17:22:08 -0800 (PST) Received: (qmail 12176 invoked by uid 510); 29 Jan 2002 01:20:17 -0000 Received: from n1.groups.yahoo.com (216.115.96.51) by all.net with SMTP; 29 Jan 2002 01:20:17 -0000 X-eGroups-Return: sentto-279987-4394-1012267227-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.189] by n1.groups.yahoo.com with NNFMP; 29 Jan 2002 01:20:27 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 29 Jan 2002 01:20:26 -0000 Received: (qmail 78511 invoked from network); 29 Jan 2002 01:20:23 -0000 Received: from unknown (216.115.97.171) by m3.grp.snv.yahoo.com with QMQP; 29 Jan 2002 01:20:23 -0000 Received: from unknown (HELO red.all.net) (12.232.72.98) by mta3.grp.snv.yahoo.com with SMTP; 29 Jan 2002 01:20:19 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0T1LD925461 for iwar@onelist.com; Mon, 28 Jan 2002 17:21:13 -0800 Message-Id: <200201290121.g0T1LD925461@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 28 Jan 2002 17:21:13 -0800 (PST) Subject: [iwar] [fc:Security.In.The.News] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Security In The News LAST UPDATED: 1/28/02 This report is also available on the Internet at <a href="http://news.ists.dartmouth.edu/todaysnews.html">http://news.ists.dartmouth.edu/todaysnews.html> Technology: Fewer hacking reports noted in wake of attacks: nando times, 1/26/02 White House seeks industry’s ‘good ideas’: Government Computer News, 1/28/02 White House official outlines cybersecurity initiatives: Government Executive, 1/25/02 Computer Attacks on Companies Up Sharply: Washington Post, 1/28/02 Also - CBS News, 1/28/02 Israel, U.S. among top sources of cyber attacks, study finds: SiliconValley.com, 1/28/02 Hackers hijack Epson website: The New Zealand Herald, 1/26/02 Also - The New Zealand Herald, 1/25/02 Hackers hit western governments: The New Zealand Herald, 1/24/02 Head of CIA's venture capital arm lists challenges: Government Executive, 1/25/02 NIST prepping security guides: Federal Computer Week, 1/28/02 Aussie Agencies Get Access To U.S. Net Fraud Database: Newsbytes, 1/28/02 Warning over new type of computer virus: Ananova, 1/28/02 Also - C-Net News, 1/28/02 Also - NY Times, 1/28/02 Also - Network World Fusion, 1/28/02 Hacker plants virus on Dispatch server: Daily Dispatch, 1/26/02 Advisory: WORM_COUPLE.A from l33tdawg: Hack in the Box, 1/28/02 Bush Proposes Tracking System for Noncitizens: Washington Post, 1/26/02 OMB offers dim view of security: Federal Computer Week, 1/25/02 Wireless offices - good news for hackers?: ZDNet, 1/28/02 Also - ZDNet, 1/28/02 Online Security: Job One for E-Commerce: E-Commerce Times, 1/25/02 Cyberterrorism-Infrastructure Protection Source: nando times Date Written: January 26, 2002 Date Collected: January 28, 2002 Title: Technology: Fewer hacking reports noted in wake of attacks The Federal Bureau of Investigation warned computer users that cyber attacks were a likely consequence to the terrorist attacks of September 11, 2001. However, the Pentagon, the National Infrastructure Protection Center, and security experts indicate that the rate of cyber attacks has maintained a normal rate of activity or actually decreased, in the months following the attacks. Nonetheless, Andrew Macpherson of the Institute for Security Technology Studies indicated that cyber attacks in reaction to the war on terrorism have still occurred. <a href="http://www.nandotimes.com/technology/story/229905p-2201885c.html">http://www.nandotimes.com/technology/story/229905p-2201885c.html> Source: Government Computer News Date Written: January 28, 2002 Date Collected: January 28, 2002 Title: White House seeks industry’s ‘good ideas’ Paul Kurtz, the director of critical infrastructure protection, has issued a request to the private sector to inform government officials and policy makers of any methods and means of securing the nation's critical infrastructure. <a href="http://www.gcn.com/vol1_no1/daily-updates/17839-1.html">http://www.gcn.com/vol1_no1/daily-updates/17839-1.html> Source: Government Executive Date Written: January 25, 2002 Date Collected: January 28, 2002 Title: White House official outlines cybersecurity initiatives Coordination with the private sector and increased information sharing are among the initiatives detailed in the strategy for infrastructure protection released by Paul Kurtz, the director of Critical Infrastructure Protection for the White House. Coordination is essential, as private companies own the vast majority of the nation’s critical infrastructure assets. Kurtz also indicated such programs as Cybercops, which offers scholarships to those focused on technology security issues, will help increase the number of professionals prepared to address the issue. <a href="http://www.govexec.com/dailyfed/0102/012502td1.htm">http://www.govexec.com/dailyfed/0102/012502td1.htm> Cybercrime-Hacking Source: Washington Post Date Written: January 28, 2002 Date Collected: January 28, 2002 Title: Computer Attacks on Companies Up Sharply Riptech, an Internet security firm, released a report on January 28, 2002 detailing security breaches of their 300 worldwide clients. In the previous six months, 128,678 cyber attacks against the clients have been verified, but few posed severe threats. Last year, CERT recorded 52,658 security breaches, a marked increase from 2000. Worm attacks were not recorded in the tally of security breaches, and would have increased the total attacks by 63 percent. According to a Computer Science and Telecommunications Board report, companies could do a good deal to reduce computer system vulnerability if presently available security measures were implemented. An additional finding by the report indicated that the majority of the attacks were non-discriminate attacks on vulnerable systems, but 39 percent were directed attacks against a targeted company. The security experts of Riptech stated that the goals of the attacks seem to be gaining unauthorized access, remotely controlling! systems, disrupting networks, or accessing proprietary information. <a href="http://www.washingtonpost.com/wp-dyn/articles/A46836-2002Jan27.html">http://www.washingtonpost.com/wp-dyn/articles/A46836-2002Jan27.html> Also - http://www.cbsnews.com/now/story/0,1597,325784-412,00.shtml Source: SiliconValley.com Date Written: January 28, 2002 Date Collected: January 28, 2002 Title: Israel, U.S. among top sources of cyber attacks, study finds The majority of cyber attacks originate from the United States, Israel is the second most common source. Attacks stemming from the Middle East seem to target the energy infrastructure. The study was released January 28, 2002 that detailed information on the suspected target, source, and severity of attacks. Targets tended to be high-tech companies, financial services, entertainment, and infrastructure companies. Source countries seemed to be predominantly the U.S. and Israel, but it is possible for a hacker to mask their location. Most attacks were relatively harmless, but 43 percent were critical attacks. <a href="http://www.siliconvalley.com/docs/news/svfront/040898.htm">http://www.siliconvalley.com/docs/news/svfront/040898.htm> Source: The New Zealand Herald Date Written: January 26, 2002 Date Collected: January 28, 2002 Title: Hackers hijack Epson website The Primesuspectz hacker group has breached a security hole in Microsoft's website and hijacked the web page of Epson. The group defaced the page, but did not gain access to any information. In a law proposed in New Zealand, the location of the server for the defaced site, unauthorized access to computer systems could lead to two years in prison. <a href="http://www.nzherald.co.nz/storydisplay.cfm?storyID=169810&thesection=technology&thesubsection=general">http://www.nzherald.co.nz/storydisplay.cfm?storyID=169810&thesection=technology&thesubsection=general> Also - http://www.nzherald.co.nz/storydisplay.cfm?storyID=169716&thesection=technology&thesubsection=general Source: The New Zealand Herald Date Written: January 24, 2002 Date Collected: January 28, 2002 Title: Hackers hit western governments A semantic attack on government or official sites targeted Australian, British, and United States government web sites. The attacks have been attributed to Pentaguard, a hacker group that provided no motive for the attack. <a href="http://www.nzherald.co.nz/storydisplay.cfm?storyID=169522&thesection=technology&thesubsection=general">http://www.nzherald.co.nz/storydisplay.cfm?storyID=169522&thesection=technology&thesubsection=general> Source: Government Executive Date Written: January 25, 2002 Date Collected: January 28, 2002 Title: Head of CIA's venture capital arm lists challenges In-Q-Tel, a venture capital arm of the Central Intelligence Agency, has indicated that demand has increased for intelligence and security technologies in the months following the September 11, 2001 terrorist attacks. As federal agencies charged with national security and defense are seeking technologies to address vulnerabilities, the search for better and more effective technologies has followed. Before a new tool is implemented, the ultimate need that a security technology will fill for a corporation or government agency must be established. <a href="http://www.govexec.com/dailyfed/0102/012502td2.htm">http://www.govexec.com/dailyfed/0102/012502td2.htm> Politics-Legislation Source: Federal Computer Week Date Written: January 28, 2002 Date Collected: January 28, 2002 Title: NIST prepping security guides Experts from the National Institute of Standards and Technology have released guidelines to address critical security concerns. The general intention of the guides is to eliminate some security vulnerabilities through education and widespread administration of security initiatives. <a href="http://www.fcw.com/fcw/articles/2002/0128/web-nist-01-28-02.asp">http://www.fcw.com/fcw/articles/2002/0128/web-nist-01-28-02.asp> Source: Newsbytes Date Written: January 28, 2002 Date Collected: January 28, 2002 Title: Aussie Agencies Get Access To U.S. Net Fraud Database Consumer Sentinel is a database of the Federal Trade Commission (FTC) that catalogues consumer complaints of Internet and telemarketing fraud. Australian law enforcement agencies have made an arrangement to access the database when investigating fraud complaints in their districts. <a href="http://www.newsbytes.com/news/02/174000.html">http://www.newsbytes.com/news/02/174000.html> Malware Source: Ananova Date Written: January 28, 2002 Date Collected: January 28, 2002 Title: Warning over new type of computer virus A new e-mail virus, 'W32/Myparty@MM', dubbed MyParty, issues a bogus web link, a .com URL, that infects a machine when the attachment is opened. The subject line is "New photos from my party," but once opened, the virus will attempt to send itself to any addresses in the infected machine's Windows address book, and installs a backdoor into the system. Experts believe the worm/virus originated in Russia and infects systems using Microsoft Outlook Express. <a href="http://www.ananova.com/news/story/sm_506213.html">http://www.ananova.com/news/story/sm_506213.html> Also - http://news.com.com/2100-1001-823959.html Also - http://www.nytimes.com/reuters/news/news-tech-myparty-worm.html Also - http://www.nwfusion.com/news/2002/0128myparty.html Source: Daily Dispatch Date Written: January 26, 2002 Date Collected: January 28, 2002 Title: Hacker plants virus on Dispatch server A hacker breached the security of a newspaper's site servers and infected the system with the W23 Nim Da @mm (Nimda) virus. Officials of the Dispatch Online have warned viewers that they may be infected if anyone visited the site before the virus was discovered and eliminated. <a href="http://www.dispatch.co.za/2002/01/26/easterncape/ADISPATC.HTM">http://www.dispatch.co.za/2002/01/26/easterncape/ADISPATC.HTM> Source: Hack in the Box Date Written: January 28, 2002 Date Collected: January 28, 2002 Title: Advisory: WORM_COUPLE.A from l33tdawg A mass-mailing worm seems to be spreading through the Internet by MAPI and Microsoft Outlook. The virus arrives in an e-mail with a subject line, "Nice Couple", and reportedly installs a backdoor in the infected computer. <a href="http://www.hackinthebox.org/article.php?sid=5105">http://www.hackinthebox.org/article.php?sid=5105> Technology Source: Washington Post Date Written: January 26, 2002 Date Collected: January 28, 2002 Title: Bush Proposes Tracking System for Noncitizens President Bush unveiled a plan to track the arrival and departure of non-citizens through the United States. The system was proposed by the Immigration and Naturalization Service (INS) that could integrate security technologies such as biometric identification systems and coordination and sharing of information between agencies. <a href="http://www.washingtonpost.com/wp-dyn/articles/A37758-2002Jan25.html">http://www.washingtonpost.com/wp-dyn/articles/A37758-2002Jan25.html> Vulnerabilities Source: Federal Computer Week Date Written: January 25, 2002 Date Collected: January 28, 2002 Title: OMB offers dim view of security The authors of a report conducted by the Office of Management and Budget have found that the federal cyber security is poor. The report will be sent to the President in February and will state that security programs are not being measured, security education is weak, and incident response to attacks and proactive measures are inconsistent. <a href="http://www.fcw.com/fcw/articles/2002/0121/web-gisra-01-25-02.asp">http://www.fcw.com/fcw/articles/2002/0121/web-gisra-01-25-02.asp> Source: ZDNet Date Written: January 28, 2002 Date Collected: January 28, 2002 Title: Wireless offices - good news for hackers? As more wireless systems are created, the vulnerability of the new technology becomes more apparent. Without encryption and implementation of security standards, information traveling through the wireless system is relatively open to interception. <a href="http://news.zdnet.co.uk/story/0,,t269-s2103237,00.html">http://news.zdnet.co.uk/story/0,,t269-s2103237,00.html> Also - http://www.zdnet.com/anchordesk/stories/story/0,10738,2842639,00.html Source: E-Commerce Times Date Written: January 25, 2002 Date Collected: January 28, 2002 Title: Online Security: Job One for E-Commerce Security was often an afterthought for E-Commerce companies, but with the increased focus on vulnerabilities, customers are demanding more complete measures. As the importance of cyber security is continually emphasized, companies wishing their web business to thrive will need to sacrifice their bottom line to increase security measures. <a href="http://www.ecommercetimes.com/perl/story/16008.html">http://www.ecommercetimes.com/perl/story/16008.html> To change your delivery preferences please go to: http://news.ists.dartmouth.edu/cgi-bin/change.cgi To unsubscribe from this service please go to: http://news.ists.dartmouth.edu/cgi-bin/remove.cgi The Institute for Security Technology Studies (ISTS) accepts no responsibility for any error or omissions in this e-mail. The information presented is a compilation of material from various sources and has not been verified by staff of the ISTS. Therefore, the ISTS cannot be made responsible for the factual accuracy of the material presented. The ISTS is not liable for any loss or damage arising from or in connection with the information contained in this report. It is the responsibility of the user to evaluate the content and usefulness of this information. References in this e-mail to any specific commercial products, processes, or services by trade name, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the ISTS. ISTS is a research, not operational, organization, and makes its Security in the News e-mail available as a public service on a best-effort basis. Security in the News will be sent out on most business days, but not all. Institute for Security Technology Studies Dartmouth College 45 Lyme Road, Suite 200 Hanover, NH 03755 Tel: (603) 646 0700 E-mail: <a href="mailto:dailyreport@ists.dartmouth.edu?Subject=Re:%20Security%20In%20The%20News%20-%20January%2028,%202002%2526In-Reply-To=%2526lt;200201282346.g0SNkf118934@mail.ists.dartmouth.edu">dailyreport@ists.dartmouth.edu</a> ------------------------ Yahoo! Groups Sponsor ---------------------~--> Sponsored by VeriSign - The Value of Trust Do you need to encrypt all your online transactions? Find the perfect solution in this FREE Guide from VeriSign. http://us.click.yahoo.com/jWSNbC/UdiDAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST