[iwar] News


From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com

Sat, 15 Apr 2000 20:11:40 -0700 (PDT)


fc  Sat Apr 15 20:12:15 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Sat, 15 Apr 2000 20:12:15 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Sun Apr 16 03:12:09 2000)
X-From_: sentto-279987-297-fc=all.net@returns.onelist.com  Sat Apr 15 22:11:41 2000
Received: from b05.egroups.com (b05.egroups.com [207.138.41.189]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id WAA05345 for ; Sat, 15 Apr 2000 22:11:41 -0500
X-eGroups-Return: sentto-279987-297-fc=all.net@returns.onelist.com
Received: from [10.1.10.36] by b05.egroups.com with NNFMP; 16 Apr 2000 03:11:46 -0000
Received: (qmail 6997 invoked from network); 16 Apr 2000 03:11:43 -0000
Received: from unknown (10.1.10.27) by m2.onelist.org with QMQP; 16 Apr 2000 03:11:43 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta2 with SMTP; 16 Apr 2000 03:11:41 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id UAA22293 for iwar@onelist.com; Sat, 15 Apr 2000 20:11:40 -0700
Message-Id: <200004160311.UAA22293@all.net>
To: iwar@onelist.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Sat, 15 Apr 2000 20:11:40 -0700 (PDT)
X-eGroups-From: Fred Cohen 
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] News 
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

"White Hat" Hacker in Court
A 27-year-old computer security expert and former
FBI source returned to federal court in San Jose,
California Wednesday, where he stands accused of
penetrating a string of defense department and
civilian computers. Max Butler, known as "Max Vision"
to friends and associates, was slammed with a
fifteen count indictment last month charging him
with interception of communications, computer
intrusion and possession of stolen passwords in
connection with an alleged hacking spree in the
Spring of 1998. At Wednesday's appearance, Judge
James Ware set a new date of May 8th for laying
down the timetable of deadlines and court
appearances that lead to trial.
http://www.securityfocus.com/templates/article.html?id=3D18

Hacker Leader Guilty In Fed Web Intrusions
The 19-year-old co-founder of a hacker group known
as Global Hell faces up to five years in prison and
a $250,000 fine after pleading guilty to breaking
into White House and US Army Web sites. A report in
the Wall Street Journal today said Patrick W. Gregory
of Houston, a high school dropout known on the Net as
"MostHateD" was one of the founders of the Global Hell
online cybergang, and pleaded guilty to a single count
of conspiracy to commit telecommunications wire fraud
and computer hacking in Texas US District Court.
http://www.newsbytes.com/pubNews/00/147420.html
http://www.zdnet.com/zdnn/stories/news/0,4586,2542224,00.html

911 virus fears exaggerated
Although the feared 911 virus has caused some localised
damage in the US, it represents little real threat to UK
users, according to security experts. The virus, actually
a worm, takes its name from the fact that it forces an
infected PC's modem to dial 911 - the US equivalent of
999 - and then erases the computer's hard drive. The FBI
posted a warning about it on 1 April. Unlike a virus,
911 isn't downloaded from the internet in an infected
file. Instead, it jumps directly from PC to PC on the
internet by scanning for open shared drives in Windows.
It calls 911 one out of five times, and erases the hard
drive on a trigger date, reported to be the 19th of the
month.
http://www.vnunet.com/News/602125
[FC - sounds like a virus to me...]

Where Is WhoAmI.com?
In another domain hijacking case, Solid Oak Software
lost control over its domain Saturday -- and still
hadn't gotten it back Wednesday after several days of
interaction with registrar Network Solutions. Solid Oak
runs a personal profiling service at whomami.com for
customers of its Cybersitter Web filtering software.
As of Wednesday the domain still directed Web visitors
to Solid Oak's content, but the new owner could
redirect the traffic at any time by changing the server
associated with the address. "Someone in Serbia was
able to get into Network Solutions, use my name as
administrative contact, and change all the registration
information for the whoami.com domain," said Brian
Milburn, president of Solid Oak.
http://www.wired.com/news/print/0,1294,35628,00.html
http://www.zdnet.com/zdtv/cybercrime/hackingandsecurity/story/0,9955,224915=6=20,00.html

GSA to subsidize 500,000 digital certificates for early users
In an effort to jump-start digital signature efforts by
federal agencies, the General Services Administration
is close to awarding a task order that will provide
digital certificates at a reduced cost. GSA has created
a so-called Certificate Bank task order, which is
expected to be awarded next week. The program will
cover some of the costs of issuing digital certificates
under the GSA Federal Technology Service's Access
Certificates for Electronic Services contract.
http://www.gcn.com/vol1_no1/daily-updates/1697-1.html

Shopping Cart Program Leaves Back Door Open
The developer of a highly-rated ecommerce shopping
cart is accused of building a software backdoor into
the program that could give him or hackers complete
control of the server on which it's installed. The
Dansie Shopping Cart, which is currently in use at more
than 200 e-commerce sites and is recommended by several
Web hosting firms, contains code that enables the author,
Craig Dansie of Moreno Valley, Calif., to potentially
run any command on the Web server.
http://www.internetnews.com/ec-news/article/0,2171,4_340591,00.html

EPIC surveys state of global encryption and snooping
Efforts by governments to regulate encryption have
largely been defeated, for three reasons: political
action; a realisation that it was becoming increasingly
impossible to enforce encryption controls; and most of
all because of the rise of electronic commerce. The
third annual report on the worldwide state of encryption,
issued earlier this month by EPIC, the Electronic Privacy
Information Center in Washington DC, documents the
relaxations that have occurred, and gives a very
interesting review of encryption regulation.
http://www.theregister.co.uk/000413-000013.html

Cybersnooping reaching down to the keystroke
One day, you're so mad at your boss, you stomp over
to your computer and fire off one of the nastiest
memos in the history of the working world. You call
the supervisor every name in the book, and maybe even
make up a few. Finally, after venting your anger and
frustration, you delete the entire thing. After all,
you're mad, not an idiot. Sending that message would
certainly get you fired, and that's the last thing
you want. But later you are called into the boss'
office, and guess what? She knows about the memo.
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/085400.htm

Record encryption puzzle cracked -- finally
An encryption method widely expected to secure next
generation wireless phones and other devices succumbed
to a brute-force collaborative effort to break it,
a French research agency announced Thursday. An
international team of researchers -- led by crypto
researcher Robert Hurley of the French National
Institute for Research in Computer Science and Control,
or INRIA -- and other computer enthusiasts found the
108-bit key to a scrambled message after four months
of number crunching by 9,500 computers worldwide.
http://www.zdnet.com/zdnn/stories/news/0,4586,2542359,00.html

Net Attacks Can Spread Beyond PCs
Bugs that lurk in computer systems around the world are
poised to leap into the new era of post-PC computing--
and that could spell trouble for technology consumers
and security experts. Manufacturers are starting to
equip a range of products from cars to refrigerators
with programmable computer chips and Internet access.
Since everything connected can be infected, the new
world of computing holds invisible threats.
http://www.pcworld.com/pcwtoday/article/0,1510,16247,00.html

'We're the good guys' claim hackers
Hackers claimed today to be allies of the security
industry without whom a vast number of potentially
devastating exploits would go unnoticed. "Most
innovations in security come from hackers," said
self-styled Sir Dystic, author of the infamous Back
Orifice tool and member of hacker group, the Cult
of the Dead Cow (CdC), as he addressed an audience
of security experts at the Infosec conference in
London today. "Hackers raise the bar for security
and find holes that wouldn't otherwise be found,"
said Kent Browne of Condemned.org, a group of
volunteer hackers that target child pornography
sites.
http://www.vnunet.com/News/602156

MS admits planting secret password
Microsoft Corp. acknowledged Thursday that its engineers
included in some of its Internet software a secret password
-- a phrase deriding their rivals at Netscape as "weenies" --
that could be used to gain illicit access to hundreds of
thousands of Internet sites worldwide. The manager of
Microsoft's security-response center, Steve Lipner,
acknowledged the online-security risk in an interview
Thursday and described such a backdoor password as
"absolutely against our policy" and a firing offense for
the as-yet-unidentified employees. The company planned to
warn customers as soon as possible with an e-mail bulletin
and an advisory published on its corporate Web site. Microsoft
urged customers to delete the computer file--called "dvwssr.dll"
--containing the offending code. The file is installed on the
company's Internet-server software with Frontpage 98 extensions.
http://www.zdnet.com/zdnn/stories/news/0,4586,2543490,00.html

Doubt cast on MS 'back door' report
New analysis of a security hole refutes a report that a
Microsoft employee put a "back door" in a module installed
by Microsoft Corp.'s Web server software, an expert says.
Russ Cooper, editor of Microsoft-software security site
NTBugTraq, said it's just a bug, not a back door -- albeit
one that Web site hosting services should quickly fix.
"This is a hole that could allow information to be
manipulated by others," Cooper wrote on the NTBugTraq Web
site. "However, it's limited to 'others' who already have
Web authoring permissions on the same box."
http://www.zdnet.com/zdnn/stories/news/0,4586,2550387,00.html

Web sites of Falun Gong hit
Authorities have hacked into Falun Gong Web sites, causing
them to crash, as part of a renewed mainland crackdown on
the banned movement, US-based group members said yesterday.
Starting on Tuesday, at least five Falun Gong Web sites,
three in the United States and two in Canada, were attacked
simultaneously with an overload of information, said group
spokeswoman Gail Rachlin.
http://www.scmp.com/News/China/Article/FullText_asp_ArticleID-2000041403463=9021.asp

Security measures at DOE get thumbs-up
The House Commerce Subcommittee on Energy and Power
voted Wednesday to add congressional backing to a number
of new security initiatives Energy Secretary Bill Richardson
has already instituted. Richardson has created an Office of
Independent Security Oversight at the Department of Energy,
which will be responsible for inspecting security arrangements
at all DOE facilities, and have special responsibility for
protecting the agency from the emerging threat posed by
computer hackers.
http://www.govexec.com/dailyfed/0400/041400b2.htm

Proposal would outlaw spying across European borders
Spying on electronic communications by international
agencies is a serious invasion of privacy according to
proposals put before the European Parliament in Strasbourg
this week. If accepted, the proposal would outlaw spying
across European borders by member and non-member nations.
It could then find its way into the new Charter for Human
Rights, due in October.
http://www.zdnet.co.uk/news/2000/14/ns-14833.html

Hackers turn to security
In a striking case of poachers turning gamekeepers, a group
of American hackers are planning to set up a computer security
company to protect corporate computer systems from malicious
attack. Computer hackers specialise in breaking into systems,
sometimes merely to prove that they can, or in the case of
"bad" or "black hat" hackers, to wreak damage or steal
information. But the American hackers, who in true underground
tradition are keeping their identities secret until their
company is ready to begin operations, will use their skills
to foil their unscrupulous fellows from robbing banks and
conducting industrial espionage on the internet, according
to people familiar with the plans.
http://news.ft.com/ft/gx.cgi/ftc?pagename=3DView&c=3DArticle&cid=3DFT3ZX4UL=07C

Hacker to Speak at Security Conference
Kevin Mitnick, the self-confessed superhacker who was
recently released from jail following his latest escapades,
will give his first public presentation in Salt Lake City
next week. Billed as one of the most visible hackers in the
world, Mitnick will be leading a three-person panel discussion
on cyber security issues at the Utah Information Technologies
Association (UITA) two-day event on Apr. 19. The event is
known as "NetTrends 2000: The Digital Revolution," and aims
to cover a variety of IT and security issues.
http://www.currents.net/newstoday/00/04/14/news8.html

Bertie Ahern in =A31m porn scandal, while Serbian hackers go haywire
Cybersquatting has found a new lease of life with the
arrival of www.bertieahern.com (specialising in teenage
girls in uncompromising positions) and a dedicated group
of Serbian hackers going for big-name sites. Irish premier
Bertie Ahern is none too plussed, and was forced to raise
the issue in the Irish Parliament. The site(and its sister
sitewww.thetaoiseach.com) is a blatant attempt to get the
concerned party to buy it out - there is very little
material on the site and text is mostly restricted to how
to buy the URL. It also prominently features a denial of
an Irish Times story, claiming the site's owners had
approached the Taoiseach, asking =A31m for the web address.
As they say, all publicity is good publicity. At the same
time, Serbian hackers have gone on a huge dot.com sacking
spree, nabbing, among others, Manchester United, Adidas,
Viagra, Jamesbond, France, Italy the list goes on. The boys
from Belgrade managed to hack into Network Solutions and
register themselves as the owners of a whole range of
different sites.
http://www.theregister.co.uk/000413-000022.html

Serb Hackers Stage Web Hacking Campaign
Network Solutions was left holding the baby this week
after Serbian hackers appeared to have gained unauthorized
access to a small number of contact details on the Internet
service provider's database. A report on the BBC news Web
portal says that unknown Serbian hackers appear to have
gained temporary administrator level access to around 50
high profile Web sites.
http://www.newsbytes.com/pubNews/00/147517.html
http://news.bbc.co.uk/hi/english/world/europe/newsid_712000/712211.stm

Ireland Eases Restrictions on Encryption Export Procedures
Ireland, the world's largest computer software exporter,
said it is relaxing rules governing the export of mass
market cryptographic items used in electronic commerce
to make it easier for companies to sell abroad. The
Irish government said it would no longer require
software companies operating in Ireland to apply for
export licenses for individual products or countries.
http://quote.bloomberg.com/fgcgi.cgi?ptitle=3DTechnology%20News&s1=3Dblk&tp=
=3Dad_topright_tech&T=3Dmarkets_fgcgi_content99.ht&s2=3Dblk&bt=3Dad_bottom_=
tech&s=3DAOPb25RYfSXJlbGFu

Internet security body to check data leak
An Internet security committee has been set up to
safeguard official information from leakage that can
undermine public confidence in high technology, Deputy
Prime Minister Datuk Seri Abdullah Ahmad Badawi said
yesterday. The committee, chaired by chief secretary
to the government Tan Sri Abdul Halim Ali, would adopt
measures to prevent misuse of official information
following the introduction of electronic government,
he said. "Without guarantee of security, public
confidence and enthusiasm to embrace new technologies
and adopt the electronic system may be affected," he
told reporters after opening a seminar.
http://www.straitstimes.asia1.com/asia/mal9_0414.html

FC

------------------------------------------------------------------------
Avoid the lines and visit avis.com for quick and easy online 
reservations. Enjoy a compact car nationwide for only $29 a day! 
Click here for more details.
http://click.egroups.com/1/3011/7/_/595019/_/955854704/
------------------------------------------------------------------------

------------------
http://all.net/