[iwar] Historical posting

From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com
Mon, Jan 1, 1999
Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"
fc  Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, Jan 1, 1999
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting

          


             Police pinch DeCSS author: Norwegian police yesterday

raided the home of Jon Johansen, the first person to post

the source code for DeCSS -- the code that allows users to

side-step copyright protection controls on DVD -- to the

Web. The 16-year-old Johansen (and his father) have been

charged with copyright violations on behalf of the Motion

Picture Association and the DVD CCA, which allegedly

controls and protects copyright of DVD products. Johansen

says the DVD codes are not copy-protection, but

replay-protection.

http://www.lemuria.org/DeCSS/

http://slashdot.org/articles/00/01/25/0827258.shtml

http://www.aftenposten.no/english/local/d121152.htm



Hackers tampered with Web sites run for two Japanese

government agencies, posting messages that criticized the

the Japanese government for refusing to acknowledge that

the Nanjing Massacre ever took place. It was uncertain

whether the same hacker was responsible for both cases of

infiltration.

http://www.mercurycenter.com/svtech/news/breaking/merc/docs/007900.htm



Japan Says to Seek U.S. Help to Deal With Hackers

Japan said on Tuesday it will seek help from the United States

in an investigation into hackers who penetrated two government

Web sites. Computer systems at Japan's Science and Technology

Agency were raided on Monday and its homepage was replaced with

derogatory messages insulting the Japanese in the first-ever

hacking of a Japanese government computer system.

http://news.excite.com/news/r/000125/00/net-japan-hackers



Big keys unlock door to strong encryption

AUSTRALIANS will find it much easier to get strong cryptography

protection for their on-line business activities following the

United States Government's 14 January decision to liberalise

its export restrictions. But a local representative of leading

US digital certificate vendor, Verisign, has warned that the

decision will take some time to take effect in the marketplace.

Ian Waters, technology director of eSign, Verisign's Australian

distributor, said the effects of the decision will first be felt

in the way in which digital certificates are issued.

http://www.it.fairfax.com.au/software/20000125/A39666-2000Jan21.html



How safe is voice mail?

Not very, expert says, though phone companies are confident.

When Steven Boudrias was charged recently with infiltrating

the Montreal Urban Community police department's voice-mail

system, the question blinking alongside the message light

on most people's phones is how safe electronic call-answering

really is. Phone companies insist their systems are secure.

But police and computer experts suggest voice-mail security

is as vulnerable as any password-based technology.

http://www.montrealgazette.com/news/pages/000124/3483600.html



Windows 2000 Subject To Russian Import Regs

On Jan. 12, the US government announced a drastic reduction

of export limitations for software products bith built-in

encryption technologies. As a result, Microsoft has announced

that, taking the new export regulations into account, it will

use 128-bit encryption in Windows 2000 versions shipped to

other countries. The new regulations were effective Jan. 14,

and mean that software vendors do not need US export licenses

for products which utilize encryption with key lengths

exceeding 56 bits. However, in this case, Windows 2000 is

subject to Russian import limitations for cryptographic software.

Current Russian legislation strictly prohibits selling any

software products with built-in encryption algorithms,

regardless of the key length, within the country.

http://www.newsbytes.com/pubNews/00/142700.html



Deciphering Encryption Law Ramsi Yousef was the model of a modern

terrorist.  Thoroughly ambitious, he traveled the world, planning to

blow up American jetliners over Hong Kong, to assassinate the Pope in

the Philippines, to bomb the Israeli Embassy in Thailand, and, of

course, to detonate a massive explosion that would topple one of the

World Trade Center's towers into the other.



Such an agenda required formidable organizational skills; Yousef needed

to keep track of schedules, targets and supplies -- to say nothing of

far-flung networks of co-conspirators and the funds to support his

ventures.  And like any globetrotting executive, Yousef carried a laptop

computer, and on this computer he carried encrypted files detailing his

agenda. 



As it happened, this computer played a crucial role in Yousef's

downfall.  When the bomb chemicals he was mixing in the kitchen sink of

his Manila apartment caught fire, he left the laptop behind in his haste

to escape.  As FBI Director Louis Freeh recounted in testimony before

the U.S.  Senate,



"[w]e were fortunate in that Yousef was careless in protecting his

computer password.  Consequently, we were able to decrypt his files.  . 

.  .  Had that fire not broken out or had we not been able to access

those computer files, Yousef and his co-conspirators might have carried

out the simultaneous bombings of 11 United States airliners, with

potentially thousands of victims."



http://www.upside.com/texis/mvm/upside_counsel?id



Intelligence Gathering

Prerequisites for computer security professionals include a

knowledge of networking, scripting languages, operating systems,

and security countermeasures. High-level technical savvy marks

the true professional; such expertise, however, carries a

practitioner only so far. An effective professional also

listens for what's coming down the track.

http://securityportal.com/direct.cgi?/topnews/intell20000125.html



Hate site distorts King's dream

It's a new tactic for white supremacist groups on the Net --

capitalizing on the name of slain civil rights leader Martin Luther

King Jr. to preach bigotry and hatred to unsuspecting Web surfers.

MartinLutherKing.org appears to be a benign site dedicated to the

life and writings of the man who gave the famous "I Have a Dream"

speech during the 1963 March on Washington. It's actually hosted

by Stormfront.org, one of the oldest and largest white supremacist

sites on the Internet. It appears to be a clear case of cybersquatting,

but legal experts agree there is little that can be done to return

the name to the King family. Unlike living celebrities such as

Brad Pitt and Kenny Rogers, who have recently filed lawsuits under

the U.S. Anticybersquatting Consumer Protection Act passed by

Congress last November, Martin Luther King's name is not protected

because he is deceased.

http://www.zdnet.com/zdnn/stories/news/0,4586,2427505,00.html



Clinton aides fight for cybersecurity bill

Senior Clinton administration officials are urging Congress to support

a bill that would provide a defense against criminals who now have

access to more secure communications thanks to new encryption export

regulations released this month. In a letter to House Majority Leader

Dick Armey (R-Texas) dated Jan. 7, Attorney General Janet Reno said

the Cyberspace Electronic Security Act (CESA) is a "critical component"

to the administration's new security and encryption policy. CESA would

be used to balance law enforcement's concerns that new encryption

export regulations, which allow U.S. vendors to sell stronger encryption

products overseas, will make it harder for agencies, including the Justice

and Defense departments, to track and catch criminals and terrorists.

http://www.fcw.com/fcw/articles/2000/0124/web-securitybill-01-26-00.asp



Japan's science agency removes direct access switch to

pornographic Web site: In the aftermath of two days of

humiliating hacker assaults on its computer systems, the

Japanese government has finally decided to bring the

country up to U.S. standards of computer security. By

2003. The announcement came amid revelations that the

Science and Technology Agency had been penetrated twice in

two days, and that census information stored on another

site had been erased.

http://www.mercurycenter.com/svtech/news/breaking/merc/docs/006354.htm

http://www.sjmercury.com/svtech/news/breaking/internet/docs/134052l.htm

http://news.bbc.co.uk/hi/english/world/asia-pacific/newsid_619000/619139.stm

http://news.cnet.com/news/0-1005-200-1532239.html



Key to China's economic future coincidentally also a threat

communist control: China's State Bureau of Secrecy

announced it will enforce new controls over the Internet

designed to protect "state secrets." Oddly enough, the

bureau's definition of "state secrets" is so broad that it

includes nearly any information not specifically approved

for publication.

http://www.mercurycenter.com/svtech/news/breaking/merc/docs/007515.htm



'Ferret' detects classified info in e-mail

Work reportedly is progressing toward an autumn pilot project with

Ferret, an artificial-intelligence concept that's being developed

at the Y-12 nuclear weapons plant to scan e-mail for classified

information. `Right now we seem to be pretty much on track,'' said

Peter Kortman, program manager at Lockheed Martin Energy Systems,

the contractor operating Y-12 for the federal government. ``We're

still in the initial stages, and the tough issues are being ferreted

out (pun intended, presumably),'' Kortman said. One of the issues

being addressed is how Ferret (formerly called Pherret) deals with

the informal lingo sometimes used in e-mail. Apparently the system

does quite well with the language used in formal documents and

technical reports.

http://www.sjmercury.com/svtech/news/breaking/merc/docs/079315.htm



Hacking frenzy shows network security breaches are not about to go

out of fashion

OUT OF THE BLUE, your bank issues you a new credit card. Why? Not

because the old one expired. Although the bank doesn't publicly admit

anything, the explanation during a phone conversation says it all:

"The bank decided to issue new cards to all our subscribers for the

year 2000." Yeah, and I like to throw money out the window for no

good reason. Chances are that the bank's credit card numbers have

been compromised.

http://www.infoworld.com/articles/op/xml/00/01/24/000124opswatch.xml



FC
Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"