Return-Path: <sentto-279987-5172-1029295489-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 13 Aug 2002 20:41:08 -0700 (PDT) Received: (qmail 22520 invoked by uid 510); 14 Aug 2002 03:31:37 -0000 Received: from n25.grp.scd.yahoo.com (66.218.66.81) by all.net with SMTP; 14 Aug 2002 03:31:37 -0000 X-eGroups-Return: sentto-279987-5172-1029295489-fc=all.net@returns.groups.yahoo.com Received: from [66.218.66.98] by n25.grp.scd.yahoo.com with NNFMP; 14 Aug 2002 03:24:49 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 14 Aug 2002 03:24:48 -0000 Received: (qmail 33394 invoked from network); 14 Aug 2002 03:24:48 -0000 Received: from unknown (66.218.66.216) by m15.grp.scd.yahoo.com with QMQP; 14 Aug 2002 03:24:48 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 14 Aug 2002 03:24:48 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7E3PXp05644 for iwar@onelist.com; Tue, 13 Aug 2002 20:25:33 -0700 Message-Id: <200208140325.g7E3PXp05644@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 13 Aug 2002 20:25:33 -0700 (PDT) Subject: [iwar] [NewsBits] NewsBits - 08/12/02 (fwd) Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-3.6 required=5.0 tests=NEWSBITS,BULK_EMAIL,PORN_10,FOR_FREE,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: August 12, 2022 Pentagon gets its laptops back Top brass breathe collective sigh of relief. Military investigators have found two missing laptop computers that were taken from the headquarters of the US Army Central Command in Florida. The theft, which was right under the nose of some of the tightest security in the US, sparked a nationwide security alert involving a team of 50 investigators. Classified data on one of the laptops is understood to have been on military operations in Afghanistan. http://www.vnunet.com/News/1134271 http://www.af.mil/news/Aug2002/8120292.shtml Hacker steals Nasa shuttle plans Design data lifted from 'closed' server. Officials at Nasa were left red-faced last week after it emerged that a hacker had snuck onto the organisation's network and made off with design data about future space vehicles. Some 43MB of of data, including a 15-page PowerPoint presentation for a shuttle design that featured detailed engineering drawings, were copied from one of Nasa's 'closed' servers. http://www.vnunet.com/News/1134290 http://www.newsfactor.com/perl/story/18972.html State will promote cybersecurity guidelines The State Department is endorsing the development of a =93culture of security=94 as described in the Organization for Economic Cooperation and Development=92s new guidelines for protecting systems. OECD, an economic analysis agency in Paris, was founded after World War II to coordinate international development. Its support comes from Western European countries, Australia, Canada, Japan and the United States. http://www.gcn.com/vol1_no1/daily-updates/19599-1.html Government to crack down on chat rooms Home Office looks to make the "grooming" of children by paedophiles illegal. New laws aimed at targeting paedophiles who seek to entrap their victims over the Internet may be introduced, the Home Office has said. The move to criminalise "grooming" -- the term used by paedophiles to describe befriending children over the Internet -- has been given an extra sense of urgency by the disappearance a week ago of two ten-year-old schoolgirls who went missing shortly after using a computer. http://news.zdnet.co.uk/story/0,,t269-s2120671,00.html Stakes are higher for hackers since Sept. 11, experts say In 1997, a teenager who hacked into a Bell Atlantic network inadvertently crashed the computer, leaving 600 homes, a regional airport and emergency services without phone service and disabling communications to the air traffic control tower for 6 hours. The teen pleaded guilty and received a sentence of 2 years probation, a $5,000 fine and community service. But in the near future, that scenario could land someone in jail for life if a death were to result from a plane crash or a delay in reaching medics on the phone. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3845088.htm http://zdnet.com.com/2100-1105-949330.html http://www.cnn.com/2002/TECH/internet/08/12/hackers.reut/index.html http://www.usatoday.com/tech/news/computersecurity/2002-08-12-hacker-world_x.htm 'Sweeping' Up After Identity Theft Recent cases indicate that federal courts are emphasizing the severity of identity theft by imposing significant prison sentences. In a recent osOpinion column about identity theft, the writer intimated that cops and legislators are "deaf to the cries of [identity theft] victims," and pointedly asked, "When will we begin to see the identity thieves behind bars?" Recent events show that law enforcement's and legislatures' hearing has gotten a lot sharper, and that law enforcement is already getting good at catching and putting identity thieves in prison. http://www.newsfactor.com/perl/story/18967.html PGP flaw could let unauthorized people decode sensitive e-mail Snoopers on the Internet could decode sensitive e-mail messages simply by tricking recipients into hitting the reply button, computer security researchers warned Monday. The flaw affects software using Pretty Good Privacy, the most popular tool for scrambling e-mail. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3845811.htm http://zdnet.com.com/2100-1105-949368.html http://news.zdnet.co.uk/story/0,,t269-s2120724,00.html http://news.com.com/2100-1001-949368.html http://www.cnn.com/2002/TECH/internet/08/12/encryption.flaw.ap/index.html http://www.washingtonpost.com/wp-dyn/articles/A6879-2002Aug12.html http://www.nandotimes.com/technology/story/496086p-3955692c.html Flash flooded by security flaws Macromedia has warned that its Flash Player, a ubiquitous application for playing multimedia files, has a vulnerability that could allow attackers to run malicious code on Windows and Unix-based operating systems. Separately, researchers discovered a flaw in the player that could allow an attacker to read files on a user's local hard drive. The software flaws are serious because the Flash Player is so widespread. Macromedia estimates that more than 90 percent of PCs are capable of playing Flash content. http://zdnet.com.com/2100-1104-949344.html http://news.zdnet.co.uk/story/0,,t269-s2120688,00.html http://news.com.com/2100-1040-949364.html Unix GUI in heap big security trouble The Common Desktop Environment (CDE) ToolTalk RPC database server contains a vulnerability that could allow a remote attacker to execute arbitrary code on target systems or cause a denial of service. That's the gist of a warning issued today by security clearing house CERT which lists a variety of *Nix and Linux systems (including those from Caldera, Compaq, HP, IBM, SGI and Sun) as vulnerable. http://www.theregister.co.uk/content/55/26641.html Lethal vulnerability in PHP requires an upgrade PHP, a server-side scripting language popular with Apache Web server administrators, has a serious flaw that could give an attacker complete access to the server. Intel platform servers are less vulnerable to this potential attack but should also be attended to. Risk level=97critical Although there are no reports of actual attacks based on this vulnerability yet, it is a critical threat because it can allow the attacker to run any arbitrary code on the server. The PHP Group describes this vulnerability as "serious." It can be exploited by both local and remote users. http://www.techrepublic.com/article.jhtml?id=3Dr00220020812mco01.htm SSL defeated in IE and Konqueror A colossal stuff-up in Microsoft's and KDE's implementation of SSL certificate handling makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse hapless Konqueror and Internet Explorer users with impunity. http://online.securityfocus.com/news/573 Spamming the World In a popularity contest, =91bulk e-mailers=92 would rank just above child pornographers. But the scourge of the Internet is defending its vocation. Al Ralsky would like you to have thick, lustrous hair. He also wants to help you buy a cheap car, get a loan regardless of your credit history and earn a six-figure income from the comfort of your home. But according to his critics, Ralsky=92s not a do-gooder, but a bane of the Internet=97a spammer, responsible for deluging e-mail accounts and choking the Internet service providers (ISPs) that administer them. http://www.msnbc.com/news/792491.asp Lessons learned from the 'Great TechRepublic Laptop Theft' We was robbed! Actually, we was burgled=97but it doesn=92t have the same ring to it, does it? A couple of weeks ago, the TechRepublic offices were among several in our area that were hit by the classic =93person or persons unknown.=94 The thieves got away with a bunch of stuff=97including my laptop. http://www.techrepublic.com/article.jhtml?id=3Dr00620020808bob01.htm One is not enough Most press releases are self-serving, hype-ridden, mistargeted, and just plain useless. So when one arrives that's actually useful, it's a pleasant surprise, to say the least. This happened last week when GFI Software in Valetta, Malta, sent a note stressing the importance of using multiple antivirus engines to screen e-mail that enters your enterprise from the outside world. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2876822,00.html Undefended e-mail gateway no bargain http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2852468,00.html New computer security dilemma: a lack of viruses The first half of 2002 has been an eerily quiet period for the computer experts on watch for worms and viruses, leaving some to trumpet their effectiveness even as their predictions of doom are now looking overblown. Nobody has a bullet- proof explanation, but theories range from the introduction of enhanced anti-virus software to stiffer anti-hacker laws to more vigilant computer users. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3848828.htm http://zdnet.com.com/2100-1105-949411.html Teenage virus-creators disappear http://news.zdnet.co.uk/story/0,,t269-s2120728,00.html http://www.usatoday.com/tech/news/computersecurity/2002-08-12-virus-creator= s=20 _x.htm BBC impartiality not hit by 'hacking' The BBC has insisted its coverage is always impartial despite claims that Downing Street hacked into its computer system in efforts to influence journalists. The Conservatives are calling on the BBC to outline what it did to investigate the allegations. http://news.bbc.co.uk/2/hi/uk_news/politics/2188079.stm http://www.vnunet.com/News/1134277 The hacker's worst enemy? Another hacker By far the most entertaining - and controversial - speech of this year's DNSCON, the UK hacker conference, was delivered by Scotsman Gus (something of the Irvine Welsh of the UK's h4xOr scene) who lambasted the Hollywood image of hacking. Gus, who doesn't admit to being a hacker himself ('that would be criminal') but clearly knows a thing or two, fired his opening shot by saying anybody who thought hacking was glamorous or a "way to get chicks" was hopelessly wrong http://online.securityfocus.com/news/574 The Original Anti-Piracy Hack The entertainment industry's plan to use malicious cyber attacks to enforce its copyrights has precedent in a strange British case from a decade past. Hey, all Peer-to-Peer Piracy Prevention Act purveyors! I have a can't-miss technology development plan for you. Buried deep in the stacks of ancient cyber-history, it is called the tale of the AIDS Information Trojan horse. http://online.securityfocus.com/columnists/102 We must engage in copyright debate If you can set the rules, you can win the contest. That's the major reason the entertainment cartel is winning the debate over copyright in the Digital Age. http://www.siliconvalley.com/mld/siliconvalley/business/columnists/gmsv/384= 2=20 508.htm Conduct an internal and external security audit Conducting a thorough network security audit has never been more critical. Almost every organization is connected to the Internet in some way, the number of interconnections between organizations is growing, and the ranks of telecommuters are increasing. Of course, for an audit to be effective, you need to know where and how to look for vulnerabilities. (TechRepublic article, free registration required) http://www.techrepublic.com/article.jhtml?id=3Dr00220020814low01.htm TalkBack: You Missed A Facet As I read this, I agree with Mr. Farber about there being no "be all, end all" solution to system security. For example, most people with some amount of computer expertise know that antivirus software alone is not adequate in securing a system against viruses. Unfortunately, I'd say that a fair number of computer users do not necessarily have this expertise. http://forums.zdnet.com/group/zd.Tech.Update/it/itupdatetb.tpt/@thread@7799= @=20 forward@1@D-,D@ALL/@article@7799?EXP=3DALL&VWM=3Dhr&ROS=3D1& Miracle cure for security woes? http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2876552,00.html British schools watch for text-message bullying When students return to England's school in September, teachers plan to crack down on the latest method of bullying: sending threatening text messages over mobile phones. Students caught doing that face being expelled in an effort to stop the growing problem, the government said Monday. An updated guidance to teachers on bullying will explicitly recognize the phenomenon for the first time, the Department for Education and Skills said. Victims will be encouraged to keep the threatening messages they receive, or a record of them, officials said. Students who prove their case also could have their mobile phone operators change their phone number for free. http://www.nandotimes.com/technology/story/496502p-3960011c.html Protesters tear up Japan ID numbers Protesters tore up government notices assigning them ID numbers at Japan's Public Management Ministry in downtown Tokyo on Monday, the latest civil disobedience against the new nationwide resident registry system. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3847177.htm http://www.nandotimes.com/technology/story/496142p-3957612c.html http://www.usatoday.com/tech/news/internetprivacy/2002-08-12-japan-id-syste= m=20 _x.htm ------------------------ Yahoo! Groups Sponsor ---------------------~--> 4 DVDs Free +s&p Join Now http://us.click.yahoo.com/pt6YBB/NXiEAA/RN.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT