[iwar] Historical posting


From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com

Mon, Jan 1, 1999


fc  Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, Jan 1, 1999
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting

          

Hackers target nuclear weapons labs
Teenage hackers stole thousands of internet accounts and used
them to scan the networks of two national laboratories involved
in the nuclear weapons programme, authorities in the US state of
California have said. The five hackers, aged 15-17, hacked 26
internet service providers in the US and overseas, said Captain
Jan Hoganson, of the Sacramento Valley High-Tech Crimes Task
Force in California. They had a list of 200,000 user accounts
from Pacific Bell and were able to successfully steal the passwords
for about 95,000 accounts. They used these accounts to anonymously
scan the networks of the Sandia and Oak Ridge National Laboratories.
http://news.bbc.co.uk/hi/english/world/americas/newsid_599000/599753.stm

Domains Hijacked from NSI
Network Solutions' administrative policies are once again being blamed
for Internet domain hijackings that took at least brief control over
some major Web domains. Beginning Saturday, an unidentified individual
began attempts, some successful, to seize control over domains
including major Web hosting service Exodus, Web standards body World
Wide Web Consortium and Emory University.
http://www.wired.com/news/politics/0,1283,33571,00.html

Internet Mischief On Rise
A new survey from Websense Inc., and the Center for Internet Studies
says nearly two out of three companies nationwide have disciplined,
and nearly one out of three have terminated, employees for Internet
misuse in the workplace. The Websense survey, called the first of
its kind on the topic of employee Internet misuse, was conducted
among 224 human resource directors at companies nationwide ranging
in size from six to 150,000 employees. "Misuse of the Internet at
work should never get to the point of termination," said John
Carrington, CEO and chairman of Websense. "Companies need to start
managing their Internet traffic and enforcing the Internet usage
policies they already have in place."
http://www.currents.net/newstoday/00/01/12/news4.html

Army establishes Infowar "DMZ"
The Army plans to establish network security demilitarized zones (DMZs)
at all its bases worldwide as part of a plan to beef up its cyberdefenses
against network intrusions and attacks. The DMZs are planned under the
Network Security Improvement Program (NSIP), which was designed by the
office of the Army's director of information systems for command,
control, communications and computers, which is headed by Lt. Gen.
William Campbell. Under NSIP, all Army bases and posts will have to
physically separate public servers from those providing access to
private Army intranets, according to an Army-wide message.
http://www.fcw.com/fcw/articles/web-dmz-01-12-00.asp

White house: New rules on encryption
The Clinton administration disclosed relaxed rules Wednesday
allowing high-tech companies to sell even the most powerful data
scrambling software overseas with virtually no restrictions. The
new rules had encountered strong opposition within the
administration. Top law enforcement and defense officials argued
that relaxing rules would allow criminals and terrorists to more
easily transmit scrambled electronic messages the government could
not decipher.
http://www.mercurycenter.com/svtech/news/breaking/ap/docs/84595l.htm

Encryption bill gets go-ahead for January
The Government will introduce a long awaited bill to regulate
encryption and introduce wire tapping for the Internet later
this month, ignoring further consultation pleas from internet
service providers. As revealed in vnunet.com in November, the
Government refused to have a period of consultation with Internet
Service Providers despite the fact that they argued several
issues remained unclear and that informal meetings were not
enough to solve them.
http://www.vnu.net/News/105202

Mitnick's Digital Divide
Hacker Kevin Mitnick will soon be released from prison, with a
court order barring him from all computer use for up to three
years. Kevin Poulsen examines the terms of his "freedom."
It's the year 2000, and Kevin Mitnick is going free. The
problem is, he'll be trapped in 1991. On Friday, January 21,
hacker Kevin Mitnick will go free after nearly five years
behind bars. But when he walks out the gates of the Lompoc
federal correctional institution in California, he'll be
burdened with a crippling handicap: a court order barring
him for up to three years from possessing or using computers,
"computer-related" equipment, software, and anything that could
conceivably give him access to the Internet.
http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2128328,00.html

Some thoughts on (network) intrusion detection systems
Last week I did a general overview of IDS systems and anti-virus
software, and why they may not be the answer. Well in some respects
they aren't and in some they are. But I think the main issue is the
current model of intrusion detection (be it host or network based,
looking for bad packets or data in the case of anti-virus software)
is flawed (and the alternatives have a ways to go). Now to back up
that statement so I don't get flame roasted.
http://securityportal.com/direct.cgi?/closet/closet20000112.html

FC