Return-Path: <sentto-279987-5172-1029295489-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 13 Aug 2002 20:41:08 -0700 (PDT)
Received: (qmail 22520 invoked by uid 510); 14 Aug 2002 03:31:37 -0000
Received: from n25.grp.scd.yahoo.com (66.218.66.81) by all.net with SMTP; 14 Aug 2002 03:31:37 -0000
X-eGroups-Return: sentto-279987-5172-1029295489-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.66.98] by n25.grp.scd.yahoo.com with NNFMP; 14 Aug 2002 03:24:49 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_7_4); 14 Aug 2002 03:24:48 -0000
Received: (qmail 33394 invoked from network); 14 Aug 2002 03:24:48 -0000
Received: from unknown (66.218.66.216) by m15.grp.scd.yahoo.com with QMQP; 14 Aug 2002 03:24:48 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 14 Aug 2002 03:24:48 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7E3PXp05644 for iwar@onelist.com; Tue, 13 Aug 2002 20:25:33 -0700
Message-Id: <200208140325.g7E3PXp05644@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 13 Aug 2002 20:25:33 -0700 (PDT)
Subject: [iwar] [NewsBits] NewsBits - 08/12/02 (fwd)
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=-3.6 required=5.0 tests=NEWSBITS,BULK_EMAIL,PORN_10,FOR_FREE,DIFFERENT_REPLY_TO version=2.20
X-Spam-Level:
August 12, 2022
Pentagon gets its laptops back Top brass breathe collective sigh of
relief. Military investigators have found two missing laptop computers
that were taken from the headquarters of the US Army Central Command in
Florida. The theft, which was right under the nose of some of the
tightest security in the US, sparked a nationwide security alert
involving a team of 50 investigators. Classified data on one of the
laptops is understood to have been on military operations in
Afghanistan. http://www.vnunet.com/News/1134271
http://www.af.mil/news/Aug2002/8120292.shtml
Hacker steals Nasa shuttle plans Design data lifted from 'closed'
server. Officials at Nasa were left red-faced last week after it
emerged that a hacker had snuck onto the organisation's network and made
off with design data about future space vehicles. Some 43MB of of data,
including a 15-page PowerPoint presentation for a shuttle design that
featured detailed engineering drawings, were copied from one of Nasa's
'closed' servers. http://www.vnunet.com/News/1134290
http://www.newsfactor.com/perl/story/18972.html
State will promote cybersecurity guidelines The State Department is
endorsing the development of a =93culture of security=94 as described in
the Organization for Economic Cooperation and Development=92s new
guidelines for protecting systems. OECD, an economic analysis agency in
Paris, was founded after World War II to coordinate international
development. Its support comes from Western European countries,
Australia, Canada, Japan and the United States.
http://www.gcn.com/vol1_no1/daily-updates/19599-1.html
Government to crack down on chat rooms Home Office looks to make the
"grooming" of children by paedophiles illegal. New laws aimed at
targeting paedophiles who seek to entrap their victims over the Internet
may be introduced, the Home Office has said. The move to criminalise
"grooming" -- the term used by paedophiles to describe befriending
children over the Internet -- has been given an extra sense of urgency
by the disappearance a week ago of two ten-year-old schoolgirls who went
missing shortly after using a computer.
http://news.zdnet.co.uk/story/0,,t269-s2120671,00.html
Stakes are higher for hackers since Sept. 11, experts say In 1997, a
teenager who hacked into a Bell Atlantic network inadvertently crashed
the computer, leaving 600 homes, a regional airport and emergency
services without phone service and disabling communications to the air
traffic control tower for 6 hours. The teen pleaded guilty and received
a sentence of 2 years probation, a $5,000 fine and community service.
But in the near future, that scenario could land someone in jail for
life if a death were to result from a plane crash or a delay in reaching
medics on the phone.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3845088.htm
http://zdnet.com.com/2100-1105-949330.html
http://www.cnn.com/2002/TECH/internet/08/12/hackers.reut/index.html
http://www.usatoday.com/tech/news/computersecurity/2002-08-12-hacker-world_x.htm
'Sweeping' Up After Identity Theft Recent cases indicate that federal
courts are emphasizing the severity of identity theft by imposing
significant prison sentences. In a recent osOpinion column about
identity theft, the writer intimated that cops and legislators are "deaf
to the cries of [identity theft] victims," and pointedly asked, "When
will we begin to see the identity thieves behind bars?" Recent events
show that law enforcement's and legislatures' hearing has gotten a lot
sharper, and that law enforcement is already getting good at catching
and putting identity thieves in prison.
http://www.newsfactor.com/perl/story/18967.html
PGP flaw could let unauthorized people decode sensitive e-mail Snoopers
on the Internet could decode sensitive e-mail messages simply by
tricking recipients into hitting the reply button, computer security
researchers warned Monday. The flaw affects software using Pretty Good
Privacy, the most popular tool for scrambling e-mail.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3845811.htm
http://zdnet.com.com/2100-1105-949368.html
http://news.zdnet.co.uk/story/0,,t269-s2120724,00.html
http://news.com.com/2100-1001-949368.html
http://www.cnn.com/2002/TECH/internet/08/12/encryption.flaw.ap/index.html
http://www.washingtonpost.com/wp-dyn/articles/A6879-2002Aug12.html
http://www.nandotimes.com/technology/story/496086p-3955692c.html
Flash flooded by security flaws Macromedia has warned that its Flash
Player, a ubiquitous application for playing multimedia files, has a
vulnerability that could allow attackers to run malicious code on
Windows and Unix-based operating systems. Separately, researchers
discovered a flaw in the player that could allow an attacker to read
files on a user's local hard drive. The software flaws are serious
because the Flash Player is so widespread. Macromedia estimates that
more than 90 percent of PCs are capable of playing Flash content.
http://zdnet.com.com/2100-1104-949344.html
http://news.zdnet.co.uk/story/0,,t269-s2120688,00.html
http://news.com.com/2100-1040-949364.html
Unix GUI in heap big security trouble The Common Desktop Environment
(CDE) ToolTalk RPC database server contains a vulnerability that could
allow a remote attacker to execute arbitrary code on target systems or
cause a denial of service. That's the gist of a warning issued today by
security clearing house CERT which lists a variety of *Nix and Linux
systems (including those from Caldera, Compaq, HP, IBM, SGI and Sun) as
vulnerable. http://www.theregister.co.uk/content/55/26641.html
Lethal vulnerability in PHP requires an upgrade PHP, a server-side
scripting language popular with Apache Web server administrators, has a
serious flaw that could give an attacker complete access to the server.
Intel platform servers are less vulnerable to this potential attack but
should also be attended to. Risk level=97critical Although there are no
reports of actual attacks based on this vulnerability yet, it is a
critical threat because it can allow the attacker to run any arbitrary
code on the server. The PHP Group describes this vulnerability as
"serious." It can be exploited by both local and remote users.
http://www.techrepublic.com/article.jhtml?id=3Dr00220020812mco01.htm
SSL defeated in IE and Konqueror A colossal stuff-up in Microsoft's and
KDE's implementation of SSL certificate handling makes it possible for
anyone with a valid VeriSign SSL site certificate to forge any other
VeriSign SSL site certificate, and abuse hapless Konqueror and Internet
Explorer users with impunity. http://online.securityfocus.com/news/573
Spamming the World In a popularity contest, =91bulk e-mailers=92 would
rank just above child pornographers. But the scourge of the Internet is
defending its vocation. Al Ralsky would like you to have thick,
lustrous hair. He also wants to help you buy a cheap car, get a loan
regardless of your credit history and earn a six-figure income from the
comfort of your home. But according to his critics, Ralsky=92s not a
do-gooder, but a bane of the Internet=97a spammer, responsible for
deluging e-mail accounts and choking the Internet service providers
(ISPs) that administer them. http://www.msnbc.com/news/792491.asp
Lessons learned from the 'Great TechRepublic Laptop Theft' We was
robbed! Actually, we was burgled=97but it doesn=92t have the same ring
to it, does it? A couple of weeks ago, the TechRepublic offices were
among several in our area that were hit by the classic =93person or
persons unknown.=94 The thieves got away with a bunch of
stuff=97including my laptop.
http://www.techrepublic.com/article.jhtml?id=3Dr00620020808bob01.htm
One is not enough Most press releases are self-serving, hype-ridden,
mistargeted, and just plain useless. So when one arrives that's
actually useful, it's a pleasant surprise, to say the least. This
happened last week when GFI Software in Valetta, Malta, sent a note
stressing the importance of using multiple antivirus engines to screen
e-mail that enters your enterprise from the outside world.
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2876822,00.html
Undefended e-mail gateway no bargain
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2852468,00.html
New computer security dilemma: a lack of viruses The first half of 2002
has been an eerily quiet period for the computer experts on watch for
worms and viruses, leaving some to trumpet their effectiveness even as
their predictions of doom are now looking overblown. Nobody has a
bullet- proof explanation, but theories range from the introduction of
enhanced anti-virus software to stiffer anti-hacker laws to more
vigilant computer users.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3848828.htm
http://zdnet.com.com/2100-1105-949411.html
Teenage virus-creators disappear
http://news.zdnet.co.uk/story/0,,t269-s2120728,00.html
http://www.usatoday.com/tech/news/computersecurity/2002-08-12-virus-creator=
s=20 _x.htm
BBC impartiality not hit by 'hacking' The BBC has insisted its coverage
is always impartial despite claims that Downing Street hacked into its
computer system in efforts to influence journalists. The Conservatives
are calling on the BBC to outline what it did to investigate the
allegations. http://news.bbc.co.uk/2/hi/uk_news/politics/2188079.stm
http://www.vnunet.com/News/1134277
The hacker's worst enemy? Another hacker By far the most entertaining -
and controversial - speech of this year's DNSCON, the UK hacker
conference, was delivered by Scotsman Gus (something of the Irvine Welsh
of the UK's h4xOr scene) who lambasted the Hollywood image of hacking.
Gus, who doesn't admit to being a hacker himself ('that would be
criminal') but clearly knows a thing or two, fired his opening shot by
saying anybody who thought hacking was glamorous or a "way to get
chicks" was hopelessly wrong http://online.securityfocus.com/news/574
The Original Anti-Piracy Hack The entertainment industry's plan to use
malicious cyber attacks to enforce its copyrights has precedent in a
strange British case from a decade past. Hey, all Peer-to-Peer Piracy
Prevention Act purveyors! I have a can't-miss technology development
plan for you. Buried deep in the stacks of ancient cyber-history, it is
called the tale of the AIDS Information Trojan horse.
http://online.securityfocus.com/columnists/102
We must engage in copyright debate If you can set the rules, you can win
the contest. That's the major reason the entertainment cartel is
winning the debate over copyright in the Digital Age.
http://www.siliconvalley.com/mld/siliconvalley/business/columnists/gmsv/384=
2=20 508.htm
Conduct an internal and external security audit Conducting a thorough
network security audit has never been more critical. Almost every
organization is connected to the Internet in some way, the number of
interconnections between organizations is growing, and the ranks of
telecommuters are increasing. Of course, for an audit to be effective,
you need to know where and how to look for vulnerabilities.
(TechRepublic article, free registration required)
http://www.techrepublic.com/article.jhtml?id=3Dr00220020814low01.htm
TalkBack: You Missed A Facet As I read this, I agree with Mr. Farber
about there being no "be all, end all" solution to system security. For
example, most people with some amount of computer expertise know that
antivirus software alone is not adequate in securing a system against
viruses. Unfortunately, I'd say that a fair number of computer users do
not necessarily have this expertise.
http://forums.zdnet.com/group/zd.Tech.Update/it/itupdatetb.tpt/@thread@7799=
@=20 forward@1@D-,D@ALL/@article@7799?EXP=3DALL&VWM=3Dhr&ROS=3D1&
Miracle cure for security woes?
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2876552,00.html
British schools watch for text-message bullying When students return to
England's school in September, teachers plan to crack down on the latest
method of bullying: sending threatening text messages over mobile
phones. Students caught doing that face being expelled in an effort to
stop the growing problem, the government said Monday. An updated
guidance to teachers on bullying will explicitly recognize the
phenomenon for the first time, the Department for Education and Skills
said. Victims will be encouraged to keep the threatening messages they
receive, or a record of them, officials said. Students who prove their
case also could have their mobile phone operators change their phone
number for free.
http://www.nandotimes.com/technology/story/496502p-3960011c.html
Protesters tear up Japan ID numbers Protesters tore up government
notices assigning them ID numbers at Japan's Public Management Ministry
in downtown Tokyo on Monday, the latest civil disobedience against the
new nationwide resident registry system.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3847177.htm
http://www.nandotimes.com/technology/story/496142p-3957612c.html
http://www.usatoday.com/tech/news/internetprivacy/2002-08-12-japan-id-syste=
m=20 _x.htm
------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/RN.GAA/kgFolB/TM
---------------------------------------------------------------------~->
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT