Return-Path: <sentto-279987-4394-1012267227-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 28 Jan 2002 17:22:08 -0800 (PST)
Received: (qmail 12176 invoked by uid 510); 29 Jan 2002 01:20:17 -0000
Received: from n1.groups.yahoo.com (216.115.96.51) by all.net with SMTP; 29 Jan 2002 01:20:17 -0000
X-eGroups-Return: sentto-279987-4394-1012267227-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.189] by n1.groups.yahoo.com with NNFMP; 29 Jan 2002 01:20:27 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_1_3); 29 Jan 2002 01:20:26 -0000
Received: (qmail 78511 invoked from network); 29 Jan 2002 01:20:23 -0000
Received: from unknown (216.115.97.171) by m3.grp.snv.yahoo.com with QMQP; 29 Jan 2002 01:20:23 -0000
Received: from unknown (HELO red.all.net) (12.232.72.98) by mta3.grp.snv.yahoo.com with SMTP; 29 Jan 2002 01:20:19 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0T1LD925461 for iwar@onelist.com; Mon, 28 Jan 2002 17:21:13 -0800
Message-Id: <200201290121.g0T1LD925461@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 28 Jan 2002 17:21:13 -0800 (PST)
Subject: [iwar] [fc:Security.In.The.News]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Security In The News
LAST UPDATED: 1/28/02
This report is also available on the Internet at
<a href="http://news.ists.dartmouth.edu/todaysnews.html">http://news.ists.dartmouth.edu/todaysnews.html>
Technology: Fewer hacking reports noted in wake of attacks:
nando times, 1/26/02
White House seeks industry’s ‘good ideas’:
Government Computer News, 1/28/02
White House official outlines cybersecurity initiatives:
Government Executive, 1/25/02
Computer Attacks on Companies Up Sharply:
Washington Post, 1/28/02
Also - CBS News, 1/28/02
Israel, U.S. among top sources of cyber attacks, study finds:
SiliconValley.com, 1/28/02
Hackers hijack Epson website:
The New Zealand Herald, 1/26/02
Also - The New Zealand Herald, 1/25/02
Hackers hit western governments:
The New Zealand Herald, 1/24/02
Head of CIA's venture capital arm lists challenges:
Government Executive, 1/25/02
NIST prepping security guides:
Federal Computer Week, 1/28/02
Aussie Agencies Get Access To U.S. Net Fraud Database:
Newsbytes, 1/28/02
Warning over new type of computer virus:
Ananova, 1/28/02
Also - C-Net News, 1/28/02
Also - NY Times, 1/28/02
Also - Network World Fusion, 1/28/02
Hacker plants virus on Dispatch server:
Daily Dispatch, 1/26/02
Advisory: WORM_COUPLE.A from l33tdawg:
Hack in the Box, 1/28/02
Bush Proposes Tracking System for Noncitizens:
Washington Post, 1/26/02
OMB offers dim view of security:
Federal Computer Week, 1/25/02
Wireless offices - good news for hackers?:
ZDNet, 1/28/02
Also - ZDNet, 1/28/02
Online Security: Job One for E-Commerce:
E-Commerce Times, 1/25/02
Cyberterrorism-Infrastructure Protection
Source: nando times
Date Written: January 26, 2002
Date Collected: January 28, 2002
Title: Technology: Fewer hacking reports noted in wake of attacks
The Federal Bureau of Investigation warned computer users that cyber attacks were
a likely consequence to the terrorist attacks of September 11, 2001. However, the
Pentagon, the National Infrastructure Protection Center, and security experts indicate
that the rate of cyber attacks has maintained a normal rate of activity or actually
decreased, in the months following the attacks. Nonetheless, Andrew Macpherson of
the Institute for Security Technology Studies indicated that cyber attacks in reaction
to the war on terrorism have still occurred.
<a href="http://www.nandotimes.com/technology/story/229905p-2201885c.html">http://www.nandotimes.com/technology/story/229905p-2201885c.html>
Source: Government Computer News
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: White House seeks industry’s ‘good ideas’
Paul Kurtz, the director of critical infrastructure protection, has issued a request
to the private sector to inform government officials and policy makers of any methods
and means of securing the nation's critical infrastructure.
<a href="http://www.gcn.com/vol1_no1/daily-updates/17839-1.html">http://www.gcn.com/vol1_no1/daily-updates/17839-1.html>
Source: Government Executive
Date Written: January 25, 2002
Date Collected: January 28, 2002
Title: White House official outlines cybersecurity initiatives
Coordination with the private sector and increased information sharing are among
the initiatives detailed in the strategy for infrastructure protection released by
Paul Kurtz, the director of Critical Infrastructure Protection for the White House.
Coordination is essential, as private companies own the vast majority of the nation’s
critical infrastructure assets. Kurtz also indicated such programs as Cybercops,
which offers scholarships to those focused on technology security issues, will help
increase the number of professionals prepared to address the issue.
<a href="http://www.govexec.com/dailyfed/0102/012502td1.htm">http://www.govexec.com/dailyfed/0102/012502td1.htm>
Cybercrime-Hacking
Source: Washington Post
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: Computer Attacks on Companies Up Sharply
Riptech, an Internet security firm, released a report on January 28, 2002 detailing
security breaches of their 300 worldwide clients. In the previous six months, 128,678
cyber attacks against the clients have been verified, but few posed severe threats.
Last year, CERT recorded 52,658 security breaches, a marked increase from 2000.
Worm attacks were not recorded in the tally of security breaches, and would have
increased the total attacks by 63 percent. According to a Computer Science and Telecommunications
Board report, companies could do a good deal to reduce computer system vulnerability
if presently available security measures were implemented. An additional finding
by the report indicated that the majority of the attacks were non-discriminate attacks
on vulnerable systems, but 39 percent were directed attacks against a targeted company.
The security experts of Riptech stated that the goals of the attacks seem to be
gaining unauthorized access, remotely controlling!
systems, disrupting networks, or accessing proprietary information.
<a href="http://www.washingtonpost.com/wp-dyn/articles/A46836-2002Jan27.html">http://www.washingtonpost.com/wp-dyn/articles/A46836-2002Jan27.html>
Also - http://www.cbsnews.com/now/story/0,1597,325784-412,00.shtml
Source: SiliconValley.com
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: Israel, U.S. among top sources of cyber attacks, study finds
The majority of cyber attacks originate from the United States, Israel is the second
most common source. Attacks stemming from the Middle East seem to target the energy
infrastructure. The study was released January 28, 2002 that detailed information
on the suspected target, source, and severity of attacks. Targets tended to be high-tech
companies, financial services, entertainment, and infrastructure companies. Source
countries seemed to be predominantly the U.S. and Israel, but it is possible for
a hacker to mask their location. Most attacks were relatively harmless, but 43 percent
were critical attacks.
<a href="http://www.siliconvalley.com/docs/news/svfront/040898.htm">http://www.siliconvalley.com/docs/news/svfront/040898.htm>
Source: The New Zealand Herald
Date Written: January 26, 2002
Date Collected: January 28, 2002
Title: Hackers hijack Epson website
The Primesuspectz hacker group has breached a security hole in Microsoft's website
and hijacked the web page of Epson. The group defaced the page, but did not gain
access to any information. In a law proposed in New Zealand, the location of the
server for the defaced site, unauthorized access to computer systems could lead to
two years in prison.
<a href="http://www.nzherald.co.nz/storydisplay.cfm?storyID=169810&thesection=technology&thesubsection=general">http://www.nzherald.co.nz/storydisplay.cfm?storyID=169810&thesection=technology&thesubsection=general>
Also - http://www.nzherald.co.nz/storydisplay.cfm?storyID=169716&thesection=technology&thesubsection=general
Source: The New Zealand Herald
Date Written: January 24, 2002
Date Collected: January 28, 2002
Title: Hackers hit western governments
A semantic attack on government or official sites targeted Australian, British,
and United States government web sites. The attacks have been attributed to Pentaguard,
a hacker group that provided no motive for the attack.
<a href="http://www.nzherald.co.nz/storydisplay.cfm?storyID=169522&thesection=technology&thesubsection=general">http://www.nzherald.co.nz/storydisplay.cfm?storyID=169522&thesection=technology&thesubsection=general>
Source: Government Executive
Date Written: January 25, 2002
Date Collected: January 28, 2002
Title: Head of CIA's venture capital arm lists challenges
In-Q-Tel, a venture capital arm of the Central Intelligence Agency, has indicated
that demand has increased for intelligence and security technologies in the months
following the September 11, 2001 terrorist attacks. As federal agencies charged
with national security and defense are seeking technologies to address vulnerabilities,
the search for better and more effective technologies has followed. Before a new
tool is implemented, the ultimate need that a security technology will fill for a
corporation or government agency must be established.
<a href="http://www.govexec.com/dailyfed/0102/012502td2.htm">http://www.govexec.com/dailyfed/0102/012502td2.htm>
Politics-Legislation
Source: Federal Computer Week
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: NIST prepping security guides
Experts from the National Institute of Standards and Technology have released guidelines
to address critical security concerns. The general intention of the guides is to
eliminate some security vulnerabilities through education and widespread administration
of security initiatives.
<a href="http://www.fcw.com/fcw/articles/2002/0128/web-nist-01-28-02.asp">http://www.fcw.com/fcw/articles/2002/0128/web-nist-01-28-02.asp>
Source: Newsbytes
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: Aussie Agencies Get Access To U.S. Net Fraud Database
Consumer Sentinel is a database of the Federal Trade Commission (FTC) that catalogues
consumer complaints of Internet and telemarketing fraud. Australian law enforcement
agencies have made an arrangement to access the database when investigating fraud
complaints in their districts.
<a href="http://www.newsbytes.com/news/02/174000.html">http://www.newsbytes.com/news/02/174000.html>
Malware
Source: Ananova
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: Warning over new type of computer virus
A new e-mail virus, 'W32/Myparty@MM', dubbed MyParty, issues a bogus web link, a
.com URL, that infects a machine when the attachment is opened. The subject line
is "New photos from my party," but once opened, the virus will attempt to send itself
to any addresses in the infected machine's Windows address book, and installs a backdoor
into the system. Experts believe the worm/virus originated in Russia and infects
systems using Microsoft Outlook Express.
<a href="http://www.ananova.com/news/story/sm_506213.html">http://www.ananova.com/news/story/sm_506213.html>
Also - http://news.com.com/2100-1001-823959.html
Also - http://www.nytimes.com/reuters/news/news-tech-myparty-worm.html
Also - http://www.nwfusion.com/news/2002/0128myparty.html
Source: Daily Dispatch
Date Written: January 26, 2002
Date Collected: January 28, 2002
Title: Hacker plants virus on Dispatch server
A hacker breached the security of a newspaper's site servers and infected the system
with the W23 Nim Da @mm (Nimda) virus. Officials of the Dispatch Online have warned
viewers that they may be infected if anyone visited the site before the virus was
discovered and eliminated.
<a href="http://www.dispatch.co.za/2002/01/26/easterncape/ADISPATC.HTM">http://www.dispatch.co.za/2002/01/26/easterncape/ADISPATC.HTM>
Source: Hack in the Box
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: Advisory: WORM_COUPLE.A from l33tdawg
A mass-mailing worm seems to be spreading through the Internet by MAPI and Microsoft
Outlook. The virus arrives in an e-mail with a subject line, "Nice Couple", and
reportedly installs a backdoor in the infected computer.
<a href="http://www.hackinthebox.org/article.php?sid=5105">http://www.hackinthebox.org/article.php?sid=5105>
Technology
Source: Washington Post
Date Written: January 26, 2002
Date Collected: January 28, 2002
Title: Bush Proposes Tracking System for Noncitizens
President Bush unveiled a plan to track the arrival and departure of non-citizens
through the United States. The system was proposed by the Immigration and Naturalization
Service (INS) that could integrate security technologies such as biometric identification
systems and coordination and sharing of information between agencies.
<a href="http://www.washingtonpost.com/wp-dyn/articles/A37758-2002Jan25.html">http://www.washingtonpost.com/wp-dyn/articles/A37758-2002Jan25.html>
Vulnerabilities
Source: Federal Computer Week
Date Written: January 25, 2002
Date Collected: January 28, 2002
Title: OMB offers dim view of security
The authors of a report conducted by the Office of Management and Budget have found
that the federal cyber security is poor. The report will be sent to the President
in February and will state that security programs are not being measured, security
education is weak, and incident response to attacks and proactive measures are inconsistent.
<a href="http://www.fcw.com/fcw/articles/2002/0121/web-gisra-01-25-02.asp">http://www.fcw.com/fcw/articles/2002/0121/web-gisra-01-25-02.asp>
Source: ZDNet
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: Wireless offices - good news for hackers?
As more wireless systems are created, the vulnerability of the new technology becomes
more apparent. Without encryption and implementation of security standards, information
traveling through the wireless system is relatively open to interception.
<a href="http://news.zdnet.co.uk/story/0,,t269-s2103237,00.html">http://news.zdnet.co.uk/story/0,,t269-s2103237,00.html>
Also - http://www.zdnet.com/anchordesk/stories/story/0,10738,2842639,00.html
Source: E-Commerce Times
Date Written: January 25, 2002
Date Collected: January 28, 2002
Title: Online Security: Job One for E-Commerce
Security was often an afterthought for E-Commerce companies, but with the increased
focus on vulnerabilities, customers are demanding more complete measures. As the
importance of cyber security is continually emphasized, companies wishing their web
business to thrive will need to sacrifice their bottom line to increase security
measures.
<a href="http://www.ecommercetimes.com/perl/story/16008.html">http://www.ecommercetimes.com/perl/story/16008.html>
To change your delivery preferences please go to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
To unsubscribe from this service please go to:
http://news.ists.dartmouth.edu/cgi-bin/remove.cgi
The Institute for Security Technology Studies (ISTS) accepts no responsibility for
any error or
omissions in this e-mail. The information presented is a compilation of material
from various
sources and has not been verified by staff of the ISTS. Therefore, the ISTS cannot
be made
responsible for the factual accuracy of the material presented. The ISTS is not
liable for any loss
or damage arising from or in connection with the information contained in this report.
It is the
responsibility of the user to evaluate the content and usefulness of this information.
References in
this e-mail to any specific commercial products, processes, or services by trade
name, trademark,
manufacturer, or otherwise, does not constitute or imply endorsement, recommendation,
or favoring by
the ISTS. ISTS is a research, not operational, organization, and makes its Security
in the News
e-mail available as a public service on a best-effort basis. Security in the News
will be sent out
on most business days, but not all.
Institute for Security Technology Studies
Dartmouth College
45 Lyme Road, Suite 200
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: <a href="mailto:dailyreport@ists.dartmouth.edu?Subject=Re:%20Security%20In%20The%20News%20-%20January%2028,%202002%2526In-Reply-To=%2526lt;200201282346.g0SNkf118934@mail.ists.dartmouth.edu">dailyreport@ists.dartmouth.edu</a>
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sponsored by VeriSign - The Value of Trust
Do you need to encrypt all your online transactions? Find
the perfect solution in this FREE Guide from VeriSign.
http://us.click.yahoo.com/jWSNbC/UdiDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST