Return-Path: <sentto-279987-4466-1013752448-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 14 Feb 2002 22:16:09 -0800 (PST)
Received: (qmail 16207 invoked by uid 510); 15 Feb 2002 05:54:24 -0000
Received: from n29.groups.yahoo.com (216.115.96.79) by all.net with SMTP; 15 Feb 2002 05:54:24 -0000
X-eGroups-Return: sentto-279987-4466-1013752448-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.166] by n29.groups.yahoo.com with NNFMP; 15 Feb 2002 05:54:09 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_2); 15 Feb 2002 05:54:08 -0000
Received: (qmail 9168 invoked from network); 15 Feb 2002 05:54:07 -0000
Received: from unknown (216.115.97.167) by m12.grp.snv.yahoo.com with QMQP; 15 Feb 2002 05:54:07 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.snv.yahoo.com with SMTP; 15 Feb 2002 05:54:05 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g1F6E5L08826 for iwar@onelist.com; Thu, 14 Feb 2002 22:14:05 -0800
Message-Id: <200202150614.g1F6E5L08826@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 14 Feb 2002 22:14:05 -0800 (PST)
Subject: [iwar] [fc:Security.In.The.News]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Security In The News
LAST UPDATED: 2/13/02
This report is also available on the Internet at
<a href="http://news.ists.dartmouth.edu/todaysnews.html">http://news.ists.dartmouth.edu/todaysnews.html>
FBI Says It's Monitoring Internet Vulnerability:
Reuters, 2/13/02
Also - Newsbytes, 2/12/02
Also - Wired News, 2/12/02
FBI alert warns of possible attack:
MSNBC, 2/12/02
Also - USA Today, 2/12/02
Also - NY Times, 2/12/02
Will Anonymous E-Mail Become a Casualty of War?:
PCWorld, 2/11/02
Inmate's hacking through jail computers comes to an end:
Naples Daily News [Florida], 2/9/02
Senate Chair Urges Stronger Sanctions Against Digital Piracy:
Newsbytes, 2/11/02
Comcast to stop recording subscribers' Internet browsing:
nando times, 2/13/02
Also - ecommerce times, 2/13/02
Also - Newsbytes, 2/13/02
Study: E-Commerce To Top $1 Trillion in 2002:
E-Commerce Times, 2/13/02
U.S. Launches Spam Crackdown:
ecommerce times, 2/13/02
Also - Government Computer News, 2/13/02
Congressional Panels Join To Probe U.S. Intelligence:
Washington Post, 2/12/02
Bush IT Budget Promotes Info Sharing and Security:
Computerworld, 2/11/02
Worm Watchers:
Technology Review, 11/30/02
Deadlier Klez worm on the prowl:
ZDNet, 2/11/02
Russians on the hunt for Red alerts:
vnunet.com, 2/13/02
E-Mail Encryption for the Masses:
ecommerce times, 2/13/02
Microsoft launches .Net development tools:
Financial Times, 2/13/02
Cybersleuths Seek Truth About Enron:
TechTV, 2/11/02
Harvard Cyberposium highlights hot trends:
Network World Fusion, 2/11/02
Cybersecurity alliance launches without funding, leadership:
Government Computer News, 2/11/02
ISPs 'passing the buck' on security:
vnunet.com, 2/12/02
Comment - Firms lower their defences:
vnunet.com, 2/12/02
Home Network Defense In An Online World:
Newsbytes, 2/12/02
Cyberterrorism-Infrastructure Protection
Source: Reuters
Date Written: February 13, 2002
Date Collected: February 13, 2002
Title: FBI Says It's Monitoring Internet Vulnerability
In response to a warning issued by CERT of Carnegie Mellon University on February
12, 2002, the Federal Bureau of Investigation is monitoring computer network vulnerabilities
for potential cyber attacks. A representative from the National Infrastructure Protection
Center of the FBI indicated that the organization is aware of the vulnerabilities
and the potential for exploitation of the SNMP flaw. The flaw could allow hackers
to gain unauthorized access to a system or conduct a denial of service attack.
<a href="http://reuters.com/news_article.jhtml?type=internetnews&StoryID=591854">http://reuters.com/news_article.jhtml?type=internetnews&StoryID=591854>
Also - http://www.newsbytes.com/news/02/174447.html
Also - http://www.wired.com/news/politics/0,1283,50379,00.html
Source: MSNBC
Date Written: February 12, 2002
Date Collected: February 13, 2002
Title: FBI alert warns of possible attack
President Bush, Director of Homeland Security Tom Ridge, the Federal Bureau of Investigation,
and Attorney General John Ashcroft have urged Americans to be on high alert for a
possible terrorist attack. The report indicated that a Yemeni man, Fawaz Yahya al-Rabeei,
and 16 of his associates could be planning an attack, and posted photographs of the
suspects on the FBI web site with a request for information. Security at airports
and the Salt Lake City Winter Olympics became even more stringent, and law enforcement
agencies across the country were warned of the possible danger. The non-specific
warning is a result of interviews with Afghan war prisoners, decoded information
gathered from seized computers, and information from the nation's intelligence agencies.
<a href="http://www.msnbc.com/news/696835.asp">http://www.msnbc.com/news/696835.asp>
Also - http://www.usatoday.com/news/attack/2002/02/11/terror-warning.htm
Also - http://www.nytimes.com/2002/02/12/national/12FBI.html
Source: PCWorld
Date Written: February 11, 2002
Date Collected: February 13, 2002
Title: Will Anonymous E-Mail Become a Casualty of War?
The e-mail messages sent by alleged kidnappers of Wall Street Journal reporter Daniel
Pearl are being examined for the origin point. The anonymity and international nature
of the Internet makes task exponentially more difficult. There are several service
providers offering a guarantee that members will be able to send anonymous e-mails.
These services generally strip e-mail of electronic tags and identifiers and encrypt
the message before sending the e-mail to the intended recipient and decrypt the message
on delivery. However, the service provider generally maintains the identifiers.
In the current political environment, anonymous e-mail services are beginning to
be seen as tools for terrorists. The emphasis on legitimate user privacy can be
exploited by terrorists to communicate and, in the case of Pearl, issue ransom demands.
The Patriot Act, passed by Congress in 2001, enables law enforcement officials to
monitor such e-mail and electronic communication traffic in!
an investigation.
<a href="http://www.idg.net/ic_810063_1794_9-10000.html">http://www.idg.net/ic_810063_1794_9-10000.html>
Cybercrime-Hacking
Source: Naples Daily News [Florida]
Date Written: February 9, 2002
Date Collected: February 13, 2002
Title: Inmate's hacking through jail computers comes to an end
An inmate awaiting trail at the Monroe County Detention Center used computers designated
for law searches to reach the Internet and hack into the files of the jail. The
man gained access to the sheriff's office computers and connected to the Internet.
He destroyed jail files and accessed jail employee information. Jail officials
stated that they have since improved cyber security by installing a firewall.
<a href="http://www.naplesnews.com/02/02/florida/d759107a.htm">http://www.naplesnews.com/02/02/florida/d759107a.htm>
Source: Newsbytes
Date Written: February 11, 2002
Date Collected: February 13, 2002
Title: Senate Chair Urges Stronger Sanctions Against Digital Piracy
Senate Foreign Relations Committee chairman Joseph Biden (D-Del) lobbied for stronger
enforcement of anti-piracy laws and better protection of intellectual property.
Technologies are being developed to inhibit the copying of protected materials, such
as hardware-based measures on items such as CDs and DVDs. This has sparked a debate
in Congress between lawmakers who believe these measures violate consumer rights
of legitimate users and those emphasizing anti-piracy measures.
<a href="http://www.newsbytes.com/news/02/174406.html">http://www.newsbytes.com/news/02/174406.html>
Politics-Legislation
Source: nando times
Date Written: February 13, 2002
Date Collected: February 13, 2002
Title: Comcast to stop recording subscribers' Internet browsing
Congressman Ed Markey (D-Mass) sent a letter to Comcast, a large cable company providing
Internet service, regarding the potential privacy concerns about their customer information
recording policy. Information recorded, even for a brief period of time included
web sites visited as well as passwords and credit card numbers. Markey indicated
that recording customer actions or information without consent is a violation of
the 1984 Cable Act. In response, Comcast issued a statement that they will not track
the Web browsing actions of customers. A representative from Comcast stated that
the information was only collected in an effort to optimize network operations, and
did not share or redistribute the collected information externally.
<a href="http://www.nandotimes.com/technology/story/250681p-2361313c.html">http://www.nandotimes.com/technology/story/250681p-2361313c.html>
Also - http://www.ecommercetimes.com/perl/story/16316.html
Also - http://www.newsbytes.com/news/02/174474.html
Source: E-Commerce Times
Date Written: February 13, 2002
Date Collected: February 13, 2002
Title: Study: E-Commerce To Top $1 Trillion in 2002
According to IDC's Global Research Organization, e-commerce will garner more than
$1 trillion in 2002. There are an estimated 600 million Internet users worldwide,
but the United States accounts for more than 40 percent of the money spent on e-commerce.
Security and privacy concerns are indicated as large impediments to e-commerce growth.
<a href="http://www.ecommercetimes.com/perl/story/16314.html">http://www.ecommercetimes.com/perl/story/16314.html>
Source: ecommerce times
Date Written: February 13, 2002
Date Collected: February 13, 2002
Title: U.S. Launches Spam Crackdown
The Federal Trade Commission issued a warning to consumers to delete any unsolicited
e-mails without responding to them. The FTC launched a campaign to investigate deceptive
spam issuers. Customers send the FTC 15,000 e-mails a day about spam abuses.
<a href="http://www.ecommercetimes.com/perl/story/16304.html">http://www.ecommercetimes.com/perl/story/16304.html>
Also - http://www.gcn.com/vol1_no1/daily-updates/17940-1.html
Source: Washington Post
Date Written: February 12, 2002
Date Collected: February 13, 2002
Title: Congressional Panels Join To Probe U.S. Intelligence
Senate and House intelligence committees are joining to investigate the United States
intelligence community response to terrorism, including the September 11, 2001 attacks.
Analysis will be made on key decisions of agency leaders from President Reagan's
administration through the current President. A special nonpartisan staff will be
hired to conduct the inquiry into the actions made by and the evolution of intelligence
agencies.
<a href="http://www.washingtonpost.com/wp-dyn/articles/A60317-2002Feb11.html">http://www.washingtonpost.com/wp-dyn/articles/A60317-2002Feb11.html>
Source: Computerworld
Date Written: February 11, 2002
Date Collected: February 13, 2002
Title: Bush IT Budget Promotes Info Sharing and Security
President Bush has proposed integration of government IT systems and development
of a communication system capable of quickly disseminating information through government
agencies and the private sector. Security is a large focus of the $52 billion proposed
2003 fiscal year IT budget. Additionally, an Information Integration Office will
be created to establish a plan to improve communication means across all levels of
the U.S. government.
<a href="http://www.computerworld.com/storyba/0,4125,NAV47_STO68164,00.html">http://www.computerworld.com/storyba/0,4125,NAV47_STO68164,00.html>
Malware
Source: Technology Review
Date Written: November 30, 0002
Date Collected: February 13, 2002
Title: Worm Watchers
Simulation tools are being developed to analyze attack patterns of malware and enhance
the response ability of network operators. Administrators need to respond to invaders
and to take proactive measures and predict attack damages. Recently spread worms
are more sophisticated and damaging than previous malware. For example, Code Red
II installs a back door in a system that allows hackers to remotely control a server.
The current response is generally a reaction to particular malicious code; the code
is analyzed and a patch or anti-virus tool is created to neutralize or remove the
problem. The research and development center of CERT at Carnegie Mellon University
has created the simulation tool 'Easel' to analyze data from previous attacks and
run scenarios based on worm behavior analysis. The beta version was recently released
and is under development by anti-virus companies.
<a href="http://www.techreview.com/articles/innovation60102.asp">http://www.techreview.com/articles/innovation60102.asp>
Source: ZDNet
Date Written: February 11, 2002
Date Collected: February 13, 2002
Title: Deadlier Klez worm on the prowl
The Klez.e worm has a variant capable of overwriting text, HTMO, or MPEG files on
an infected computer with nonsense content or copies of itself on the sixth day of
odd-numbered months. The worm is spread on Windows systems through an Internet Explorer
versions 5.01 and 5.5 vulnerabilities. The worm is currently spreading through an
e-mail message disguised as an undelivered message. It contains auto-executing features
and will send itself to every address in an address book if an infected attachment
is opened with Outlook or Outlook Express. The worm also attempts to defeat anti-virus
measures.
<a href="http://zdnet.com.com/2100-1105-834489.html">http://zdnet.com.com/2100-1105-834489.html>
Source: vnunet.com
Date Written: February 13, 2002
Date Collected: February 13, 2002
Title: Russians on the hunt for Red alerts
Michael Kalinichenko, chief technical officer from a Russian anti-virus software
company, believes that proactive security measures can help detect and mitigate threats
posed by malware. Kalinichenko uses a method called behavioral control to determine
threat patterns and to examine attempts to change computer applications.
<a href="http://www.vnunet.com/Analysis/1129206">http://www.vnunet.com/Analysis/1129206>
Technology
Source: ecommerce times
Date Written: February 13, 2002
Date Collected: February 13, 2002
Title: E-Mail Encryption for the Masses
A large portion of the estimated 900 million people using e-mail are not utilizing
the available tools to secure communications. PGP encryption software is freely
available, but not universally used. Security does not seem a priority, possibly
due to general ignorance of the vulnerability of electronic communication.
<a href="http://www.ecommercetimes.com/perl/story/16306.html">http://www.ecommercetimes.com/perl/story/16306.html>
Source: Financial Times
Date Written: February 13, 2002
Date Collected: February 13, 2002
Title: Microsoft launches .Net development tools
Microsoft unveiled Visual Studio .Net on February 13, 2002. The software is a set
of development tools that would enable web sites and applications to be linked easily.
<a href="http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3A5CDFNXC&live=true&tagid=ZZZC00L1B0C">http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3A5CDFNXC&live=true&tagid=ZZZC00L1B0C>
Source: TechTV
Date Written: February 11, 2002
Date Collected: February 13, 2002
Title: Cybersleuths Seek Truth About Enron
Computer forensic experts believe they will be able to retrieve the documents from
Enron and Arthur Andersen employees' hard drives. In an attempt to delete a file,
data is not permanently destroyed, and the computer simply indicates that the space
in which the file was held is now available. Overwriting deleted files will occur
when the hard drive is full, which may take years. Investigators use optical imaging
technology to copy the hard drive and then will begin scanning for relevant documents.
A forensic expert stated that people believe deleted files and e-mail messages are
gone, but files are fairly easy to retrieve. Sifting through the enormous amount
of data retrieved to find relevant materials is the true challenge.
<a href="http://www.techtv.com/news/computing/story/0,24195,3371731,00.html">http://www.techtv.com/news/computing/story/0,24195,3371731,00.html>
Source: Network World Fusion
Date Written: February 11, 2002
Date Collected: February 13, 2002
Title: Harvard Cyberposium highlights hot trends
Experts speaking at a cyberposium conducted at Harvard Business School this February
indicated security technology is an area of growing importance. Biometrics, tools
to analyze vast amounts of personal data, interconnection of law enforcement systems,
and other technological means to secure the national infrastructure and physical
venues of the United States have come into national focus recently. However, experts
indicated that implementation of these security technology tools must be considered
in light of the privacy concerns and individual rights of legitimate citizens. Artificial
Intelligence, new networking products and services as well as wireless technology
were also areas of focus at the cyberposium.
<a href="http://www.nwfusion.com/news/2002/0211harvard.html">http://www.nwfusion.com/news/2002/0211harvard.html>
Vulnerabilities
Source: Government Computer News
Date Written: February 11, 2002
Date Collected: February 13, 2002
Title: Cybersecurity alliance launches without funding, leadership
The National Cyber Security Alliance is lacking a point of contact and an oversight
body to help coordinate and organize action. The Alliance is a joint venture between
government officials, such as members from the FBI or the Department of Defense,
and industry experts, from companies such as Microsoft and Cisco Systems. Their
goal is to educate the public on cyber security. The group has launched a Web site
called staysafeonline.info that identifies security measures and methods, as well
as the explaining the threats posed by cyber attack.
<a href="http://www.gcn.com/vol1_no1/daily-updates/17939-1.html">http://www.gcn.com/vol1_no1/daily-updates/17939-1.html>
Source: vnunet.com
Date Written: February 12, 2002
Date Collected: February 13, 2002
Title: ISPs 'passing the buck' on security
Experts believe that Internet service providers (ISPs) need to take a more proactive
approach to cyber security. Companies and individuals connected to the Internet
are largely responsible for stopping cyber attacks, some of which can be mitigated
at the source, such as filtering virus or worm attacks.
<a href="http://www.vnunet.com/News/1129189">http://www.vnunet.com/News/1129189>
Source: vnunet.com
Date Written: February 12, 2002
Date Collected: February 13, 2002
Title: Comment - Firms lower their defences
A study by Computer Sciences Corporation (CSC) indicates that worldwide IT executives
rank security as fifth on the list of priorities. The study shows that the top priorities
are on enhancing enterprise systems rather than on security spending. A formal security
policy was not in place for 46 percent of the respondents, and 68 percent indicated
that security risk analyses were not carried out on a regular basis. A large part
of the problem may be a misconception by company IT managers that simply installing
a security product, such as a firewall, will provide adequate protection.
<a href="http://www.vnunet.com/News/1129193">http://www.vnunet.com/News/1129193>
Source: Newsbytes
Date Written: February 12, 2002
Date Collected: February 13, 2002
Title: Home Network Defense In An Online World
The average home Internet user is generally unprepared to address the vulnerability
created through use of an 'always-on' broadband link. CERT of Carnegie Mellon University
issued a report entitled Home Network Security that details risks and potential countermeasures
that may be taken to defend against cyber attacks.
<a href="http://www.newsbytes.com/news/02/174418.html">http://www.newsbytes.com/news/02/174418.html>
To change your delivery preferences please go to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
To unsubscribe from this service please go to:
http://news.ists.dartmouth.edu/cgi-bin/remove.cgi
The Institute for Security Technology Studies (ISTS) accepts no responsibility for
any error or
omissions in this e-mail. The information presented is a compilation of material
from various
sources and has not been verified by staff of the ISTS. Therefore, the ISTS cannot
be made
responsible for the factual accuracy of the material presented. The ISTS is not
liable for any loss
or damage arising from or in connection with the information contained in this report.
It is the
responsibility of the user to evaluate the content and usefulness of this information.
References in
this e-mail to any specific commercial products, processes, or services by trade
name, trademark,
manufacturer, or otherwise, does not constitute or imply endorsement, recommendation,
or favoring by
the ISTS. ISTS is a research, not operational, organization, and makes its Security
in the News
e-mail available as a public service on a best-effort basis. Security in the News
will be sent out
on most business days, but not all.
Institute for Security Technology Studies
Dartmouth College
45 Lyme Road, Suite 200
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: <a href="mailto:dailyreport@ists.dartmouth.edu?Subject=Re:%20Security%20In%20The%20News%20-%20February%2013,%202002%2526In-Reply-To=%2526lt;200202132314.g1DNEI123847@mail.ists.dartmouth.edu">dailyreport@ists.dartmouth.edu</a>
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST