[iwar] Historical posting

From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com
Mon, Jan 1, 1999
Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"
fc  Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, Jan 1, 1999
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting

          


             'cyber defense' not valid, prosecutors argue

Prosecutors argued Wednesday against an 18 year old using a ``cyber

defense'' by claiming he was in a virtual world and was not responsible

when he allegedly threatened a Columbine student on the Internet. 

Michael Ian Campbell of Cape Coral, Florida, was arrested in December

and charged with the federal crime of ``transmitting a threatening

communication'' to a student at the Littleton, Colorado, high school,

where two teenage gunmen last April killed 12 fellow students and a

teacher before killing themselves. 

http://www.sjmercury.com/svtech/news/breaking/internet/docs/165898l.htm



Teens Used Internet Recipe for Napalm Bomb

Two teenagers who allegedly made a napalm bomb in order to let loose a

huge fireball instead got themselves into a firestorm of trouble after

one of the boys bragged about the plot, police said.  The teens

allegedly downloaded the napalm recipe from the Internet. 

http://www.apbnews.com/newscenter/breakingnews/2000/02/02/napalm0202_01.html



Future loses bid to secure documents seized in FBI raid

A Montreal court has ruled that documents seized from Future Electronics

Inc.  by investigative authorities last May should be released to U.S. 

authorities to enable them proceed with their investigation into the

electronic components distributor's business practices.  In response,

Future said it will seek to have the Quebec Court of Appeal overturn the

decision.  The U.S.  Federal Bureau of Investigation, which is leading

the investigation, accused Future in a warrant of defrauding some

component suppliers, including Texas Instruments Inc.  and Motorola

Inc., by keeping two sets of accounting books.  The FBI said the seized

documents, which have been sealed since they were carted away from

Future's office, will prove that the company committed the alleged

crime. 

http://www.ebnonline.com/digest/story/OEG20000202S0023



Web site preys on those who want to help crash victims

Alaska Airlines officials say a Web site that seeks money for crash

victims' families is a fraud that sends a computer virus when a donor

form is downloaded.  Launched in Costa Rica, the new site is a callous

attempt to victimize people trying to help in a tragedy, an Alaska

Airlines spokeswoman said. 

http://www.sjmercury.com/svtech/news/breaking/merc/docs/013502.htm



FDA warns foreign Web sites selling prescriptions

U.S.  health officials said on Wednesday they had sent letters via the

Internet to a dozen operators of foreign-based Web sites warning them

that they may be selling prescription drugs illegally to U.S.  citizens. 

http://www.sjmercury.com/svtech/news/breaking/internet/docs/165954l.htm



Pornographic embarrassment of the highest order perhaps

evidence of an ongoing 'deep cover' investigation? The CIA today has

concluded an investigation that revealed that former CIA Director John

Deutch stored some of the nation's most sensitive national security

information on a home computer that was routinely used to access

pornographic Web sites.  There was no evidence that Deutch's unsecured

PC had been hacked by foreign adversaries. 

http://www.mercurycenter.com/svtech/news/breaking/merc/docs/033037.htm



Thumbs Down on Net Wiretaps

It took four months, a grim debate, and thousands of mailing list

messages, but the group that sets Internet standards has decided not to

support wiretapping.  The executive committees of the Internet

Engineering Task Force dismissed the idea with characteristic

understatement, saying they would not "consider requirements for

wiretapping" in protocols.  The 15 KB draft document released this week

caps an unusually public debate inside IETF that was marked by an FBI

call to permit wiretaps, Congressional condemnation of the idea, and a

flame-ridden mailing list called "raven" that lived up to its

homophonous name. 

http://www.wired.com/news/politics/0,1283,34055,00.html



U.S. says near agreement with Europe on data privacy

The United States is on track to avoid a major trade dispute with the

European Union over the treatment of personal information collected from

consumers over the Internet or in other electronic forms, a U.S. 

official said. 

http://www.sjmercury.com/svtech/news/breaking/merc/docs/009832.htm

http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2432072,00.html



NIST Updates Gov't Security And Encryption Standard

The National Institute of Standards and Technology (NIST) has issued a

draft revision of the government's systems security and encryption

validation standard that streamlines the standard and addresses new

technological threats.  "The standard has not changed in focus or

emphasis," said Ray Snouffer, program manager for NIST's Cryptographic

Module Validation Program (CMVP).  "We've removed the redundant areas

and clarified the language." The Federal Information Processing Standard

140-1 includes 11 areas of security requirements and four levels of

security.  It mandates that federal agencies use FIPS-compliant

cryptography modules to protect sensitive but unclassified information

in government systems.  NIST reviews the standard at five-year

intervals. 

http://www.newsbytes.com/pubNews/00/143287.html



GAO finds security plan lacking

Federal agencies do not have the experience, tools or legislative

backing to secure their systems to the degree required by the

administration's new National Plan for Information Systems Protection,

according to the General Accounting Office.  The plan is "an important

and positive step forward toward building the cyberdefense necessary to

protect critical information assets and infrastructures," said Jack

Brock, director of governmentwide and defense information systems at

GAO's accounting and information management division.  But there are

several ways the Critical Infrastructure Assurance Office could improve

it, he said this week in written testimony to the Senate Judiciary

Subcommittee on Technology, Terrorism and Government Information. 

http://www.fcw.com/fcw/articles/2000/0131/web-gao-02-03-00.asp



WASHINGTON -- The nation's top computer experts warned Internet users



Wednesday about a serious new security threat that allows hackers to

launch malicious programs on a victim's computer or capture information

a person volunteers on a Web site, such as credit card numbers.  The

threat, dubbed "cross-site scripting," involves dangerous computer code

that can be hidden within innocuous-looking links to popular Internet

sites. 



The links can be e-mailed to victims or published to online discussion

groups and Web pages. 



The vulnerability was especially unusual because it is not limited to

software from any particular company.  Any Web browser on any computer

visiting a complex Web site is at risk.  ... 



Only a massive effort by Web site designers can eliminate the threat,

according to the CERT Coordination Center of Carnegie Mellon University

and others.  Software engineers at CERT issued the warning Wednesday

together with the FBI and the Defense Department. 



The problem, discovered weeks ago but publicly disclosed Wednesday,

occurs when complex Internet sites fail to verify that hidden software

code sent from a consumer's browser is safe. 



Experts looking at how often such filtering occurred found that Internet

sites failing to perform that important safety check were "the rule

rather than the exception," said Scott Culp, the top security program

manager at Microsoft. 



"Any information that I type into a form, what pages I visit on that

site, anything that happens in that session can be sent to a

third-party, and it can be done transparently," Culp warned.  He added:

"You do have to click on a link or follow a link in order for this to

happen."



The dangerous code also can alter information displayed in a consumer's

Web browser, such as account balances or stock prices at financial

sites.  And it can capture and quietly forward to others a Web site's

"cookie," a small snippet of data that could help hackers impersonate a

consumer on some Internet pages. 



"It really goes across a huge number of sites," said Marc Slemko, a

Canadian software expert who studied the problem.  Slemko said

Internet-wide repairs will be "a very, very major undertaking."
Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"