[iwar] News
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Tue, 25 Apr 2000 13:36:13 -0700 (PDT)
fc Tue Apr 25 13:42:16 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Tue, 25 Apr 2000 13:42:16 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Tue Apr 25 20:42:10 2000)
X-From_: sentto-279987-309-fc=all.net@returns.onelist.com Tue Apr 25 15:36:17 2000
Received: from jk.egroups.com (jk.egroups.com [208.50.144.83]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id PAA26107 for ; Tue, 25 Apr 2000 15:36:17 -0500
X-eGroups-Return: sentto-279987-309-fc=all.net@returns.onelist.com
Received: from [10.1.10.36] by jk.egroups.com with NNFMP; 25 Apr 2000 20:36:22 -0000
Received: (qmail 16199 invoked from network); 25 Apr 2000 20:36:20 -0000
Received: from unknown (10.1.10.27) by m2.onelist.org with QMQP; 25 Apr 2000 20:36:20 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta2 with SMTP; 25 Apr 2000 20:36:17 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id NAA02811 for iwar@onelist.com; Tue, 25 Apr 2000 13:36:13 -0700
Message-Id: <200004252036.NAA02811@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Tue, 25 Apr 2000 13:36:13 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] News
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Web Site Claims It Duped 'Mafiaboy' Finder
A Web site claims to have signed onto Internet Relay
Chat (IRC) using the pseudonym "Mafiaboy" and tricked
a computer security expert into believing that he was
communicating with the teenaged suspect in a series
of hacker attacks in early February. A Montreal
15-year-old, suspected for two months of bringing down
Yahoo and several other prominent sites, was arrested
Monday on charges related to an attack on CNN.com and
has since been released. He faces maximum penalties
of two years in juvenile detention and a $650 fine.
Authorities in Canada and the US started investigating
the youth soon after the big sites were attacked.
http://www.newsbytes.com/pubNews/00/147697.html
Hacked to bytes
Law-enforcement officials were busy congratulating
themselves this week for tracking down the 15 year
old Montreal computer hacker known as Mafiaboy. One
would have thought the Unabomber had just been caught.
Press release at the ready, FBI director Louis Freeh
called the arrest a milestone in global law-enforcement
efforts to battle cyber-crime. That must have made
teenage computer nerds snicker. What Mafiaboy is
accused of - bringing down the CNN.com Web site in
the United States in February with a technique known
as distributed denial of service - is apparently so
easy to accomplish that, well, a 15-year-old can do
it on a home computer.
http://www.montrealgazette.com/editorial/pages/000421/3972140.html
Teens nabbed for using PC to counterfeit
Two teen-agers and their 20-year-old friend were
arrested after they allegedly used their computers
to make $2,000 in counterfeit bills for an undercover
Secret Service agent. It was the latest in a string
of counterfeiting arrests nationally involving
children as young as 13 and their personal computers.
''There has been a substantial increase in these
computer-generated cases in the last few years,''
said Secret Service spokesman David Zimmerman.
''These high-resolution scanners, copiers and
printers have become more affordable and are in
more and more homes.''
http://www.usatoday.com/life/cyber/tech/cth761.htm
Hacker disrupts service to Area 51 Web site
A hacker disrupted service for 36 hours to the Web
site that displays detailed satellite images of
Area 51, the top-secret Air Force site in Nevada.
Raleigh-based Aerial Images Inc. said the hacker
struck six hours after five images of the desert
proving ground were loaded Monday night onto the
site, http://www.terraserver.com. The attack,
combined with traffic 10 times what the site
usually bears, meant millions of people had
difficulty accessing the site or could not
connect with it at all, company officials said.
Service was disrupted until Thursday.
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/028161.htm
Malicious program attacks Real servers
A group of South American computer security researchers
earlier today released a program, called realdie.exe,
that can knock virtually any RealNetworks video server
offline. A company spokesperson says a fix for the
vulnerability exploited by the program is in the works
and will be available to Real customers by the end of
the day. Underground Security Research Systems announced
the program on security mailing lists earlier today
suggesting that "every RealServer is vulnerable to this
DoS attack." The program does not allow an intruder to
access any files on the server; it simply forces the
machine to shut down.
http://www.zdnet.com/zdnn/stories/news/0,4586,2553736,00.html
Navy Intranet a Security Threat?
The U.S. Navy's plan to build the world's biggest
Intranet could create a big security threat and a
boondoggle to boot, according to the country's
largest federal employees union. "We're concerned
about national security, because the Navy's not able
to answer basic questions about how they will protect
national security on (the new Intranet), and we're
concerned that they're playing a shell game with
money," said Brendan Danaher, policy analyst for
the 600,000 member-plus American Federation of
Government Employees (AFGE).
http://www.wired.com/news/politics/0,1283,35713,00.html
Employee E-Mail Leaks Company Secrets
As if corporate computer security managers didn't
have enough to worry about from disgruntled former
employees, a new study finds a marked increase in
the number of employees who acknowledge receiving
confidential information via e-mail from employees
at other companies. A recent study released by
Elron Software Inc., a Burlington, Mass.,-based
purveyor of monitoring software for corporate
e-mail and Internet accounts, interviewed 576
employees who have Web and e-mail access at work.
It found that the number of respondents who
reported receiving confidential e-email leaks
more than doubled since 1999.
http://www.newsbytes.com/pubNews/00/147649.html
Web terrorists are holding online traders hostage
For all the ensuing governmental and media hubbub,
the "denial of service" attacks that cut off access
to some of the Web's most popular destinations in
early February affected only a very few people. Even
active users who were temporarily shut out of their
favorite sites -- Amazon.com, eBay, Buy.com, for
example -- could simply pick up where they left off
after service was restored. Or most of them could,
anyway. Two sites were unfortunate exceptions:
online brokerage houses E(asterisk)Trade and Datek.
http://www.startext.net/news/doc/1047/1:COMP52A/1:COMP52A0420100.html
Hackers warn firms over data integrity
While much attention is paid to securing transactions,
the biggest threat to companies may be from compromised
data. "The worst thing you can do to a company is poison
its data," said the co-creator of integrity checker Back
Orifice, which was originally a hacking tool. "You then
let the poisoned data roll over to the backups." Security
advisor Winn Schwartau, author of Information Warfare,
agreed that data integrity was overlooked, saying that
companies are failing across the board.
http://www.zdnet.co.uk/news/2000/15/ns-14942.html
China ties watchdog to Net
China has created an office to regulate news on the
Internet and to help state media spice up their Web
sites so they may compete in the booming market,
officials and newspapers said today. Executives at
privately owned Web sites said they are worried by
the ambiguous mandate of the Internet Information
Management Bureau, which includes countering the
"infiltration of harmful information on the Internet."
http://news.cnet.com/news/0-1005-200-1726301.html
Cisco bug leaves networks wide open
Cisco has admitted that a vulnerability with versions
of its Lan switching software permits unauthorised
configuration changes on a Catalyst switch. The
networking giant's Catalyst software permits
unauthorised access to the enable mode in the 5.4(1)
release. Once initial access is granted, access can
be obtained for the higher level functions without
a password. The vulnerability can be exploited
remotely using remote access protocol Telnet.
http://www.vnunet.com/News/602450
Does a cyber-NATO make sense?
Mafiaboy today. Osama bin Laden tomorrow? That's
the nightmare scenario the spooks in the
government's national security apparatus may find
themselves dealing with in the not-too-distant
future. If guilty as charged, the 15-year-old
Canadian kid accused of bringing down CNN's Web
page last February in the denial-of-service attacks
against sundry Internet sites will become the poster
boy for the vulnerability of the nation's information
systems networks. This wouldn't fall under the
category of Uncle Sam again ginning up an issue
because the Cold War is over. Indeed, the Internet
may have been designed to withstand a nuclear
attack, but it wasn't built to ward off security
attacks.
http://www.zdnet.com/zdnn/stories/comment/0,5859,2553510,00.html
FC
------------------------------------------------------------------------
Avoid the lines and visit avis.com for quick and easy online
reservations. Enjoy a compact car nationwide for only $29 a day!
Click here for more details.
http://click.egroups.com/1/3011/7/_/595019/_/956694981/
------------------------------------------------------------------------
------------------
http://all.net/