[iwar] Historical posting
From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com
Mon, Jan 1, 1999
fc Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Mon, Jan 1, 1999
From: Fred Cohen
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting
GAO lists security bargains
Agencies can cut their information systems' security risks
with low-cost and no-cost solutions, federal experts told
Congress Wednesday. The General Accounting Office listed
six steps that agencies can take to immediately cut down
on their security risks:
* Increase security awareness throughout the organization.
* Ensure that existing controls are operating effectively.
* Ensure that software patches are up-to-date.
* Use automated scanning and testing tools to quickly identify
vulnerabilities.
* Expand the use of best practices throughout the agency.
* Ensure that the most common vulnerabilities are addressed.
http://www.fcw.com/fcw/articles/2000/0327/web-cheap-03-30-00.asp
International hackers battle security, politicians for conference
Hackers from around the world overcame interrogations,
censorship and an all-around bad image to hold Israel's first
hacker convention, wrapping up the two-day conference Thursday
without a glitch. The 350-strong gathering was the first of its
kind since the Yahoo! and eBay commercial sites were crippled
in February, reminding companies across the globe of the dangers
hackers can pose. At the request of lawmakers, Israeli police
had considered banning the conference, but Attorney General
Eliyakim Rubinstein gave the go-ahead.
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/001465.htm
Hacker School Teaches Security
More than 20 students recently sat in a muggy room on the
12th floor of a New York office building to learn how to
hack into Microsoft Windows NT and Linux systems. But it
wasn't an underground session run by computer criminals;
instead, these students hoped to learn how to protect their
computer systems and E-commerce Web sites from attack. The
Ultimate Hacking class was taught by startup Foundstone Inc.,
formerly Rampart Security Systems, which offers security
consulting services as well as classes on the tools of the
hacker's trade. Foundstone, in Mission Viejo, Calif., has
received $3 million in funding from Olympic Venture Partners.
"We have laptops for everybody with both Linux and NT, and
we bring our own server boxes that have been misconfigured
or have known vulnerabilities on them and then allow the
students to break into them," says Stuart McClure,
Foundstone's president and chief technology officer. "We
want to train people to understand what hackers do and how
they do it, because that's the only way they can protect
themselves. Know thy enemy."
http://www.techweb.com/se/directlink.cgi?IWK20000327S0051
I Call It Spyware. So Sue Me!
Let's face it, journalists are cynical, skeptical, and
extremely suspicious by nature. When someone tries to muzzle
me, my "spider senses" start tingling. After my recent column
about Radiate's spyware Trojan horse program, which has been
secretly installed on over 22 million Windows computers,
Radiate's reaction was somewhat extreme. They called our head
of Public Relations and demanded to talk to the boss so they
could get me fired. When they found out that, as Editorial
Director, I was unlikely to fire myself, they threatened
hail, brimstone, and a lawsuit.
http://www.zdnet.com/zdtv/freshgear/mindthegap/story/0,3679,2495501,00.html
FC