[iwar] news
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Wed, 10 May 2000 12:38:47 -0700 (PDT)
fc Wed May 10 12:39:15 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Wed, 10 May 2000 12:39:15 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed May 10 19:39:10 2000)
X-From_: sentto-279987-337-fc=all.net@returns.onelist.com Wed May 10 14:38:48 2000
Received: from mu.egroups.com (mu.egroups.com [207.138.41.151]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id OAA17342 for ; Wed, 10 May 2000 14:38:48 -0500
X-eGroups-Return: sentto-279987-337-fc=all.net@returns.onelist.com
Received: from [10.1.10.35] by mu.egroups.com with NNFMP; 10 May 2000 20:38:52 -0000
Received: (qmail 24656 invoked from network); 10 May 2000 19:38:49 -0000
Received: from unknown (10.1.10.142) by m1.onelist.org with QMQP; 10 May 2000 19:38:49 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta3 with SMTP; 10 May 2000 19:38:48 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id MAA21267 for iwar@onelist.com; Wed, 10 May 2000 12:38:47 -0700
Message-Id: <200005101938.MAA21267@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Wed, 10 May 2000 12:38:47 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
-- 10 May 2000 Email viruses are now spreading WITHOUT THE USER
OPENING ANY ATTACHMENT.
Personal computers running Internet Explorer (IE) version 5.0 and/or
Microsoft Office 2000 are vulnerable to virus attacks using most email
systems, even if the email recipient opens no attachments. You don't
even have to use IE; just have it installed with the default security
settings. If you have not closed the hole, you can receive viruses (and
spread them) by viewing or previewing malicious email without opening
any attachment, or by visiting a malicious web site. The problem is
caused by a programming bug in an Internet Explorer ActiveX control
called scriptlet.typelib. This is by far the fastest growing virus
distribution problem and ripe for a hugely destructive event - at least
as large as the ILOVEYOU virus. Updating your virus detection software,
while important, is not an effective solution for this problem. You must
also close the hole. The hole can be closed in five minutes or less
using tools available at Microsoft's security site:
http://www.microsoft.com/security/bulletins/ms99-032.asp
The correction script may be run directly from:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick
FitzGerald of Computer Virus Consulting Ltd. for raising the visibility
of this dangerous problem.
-- 8 May 2000 ILOVEYOU Virus Suspect Arrested
Officers from the Philippine National Bureau of Investigation have
arrested a man in connection with the ILOVEYOU virus that ran rampant
through e-mail systems worldwide last week.
http://www.usatoday.com/life/cyber/tech/cth864.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2564627,00.html?chkpt=zdhpnews01
-- 7 May 2000 ISP Cooperation Helps Target Suspect
Two Philippine Internet service providers (ISPs) helped track down a
suspect in the ILOVEYOU virus outbreak.
http://www.washingtonpost.com/wp-dyn/articles/A18849-2000May6.html
-- 6 May 2000 Mutations Circumvent Virus Protection
As the ILOVEYOU virus mutates, subtle changes in its behavior may
prevent virus detection systems from adequately protecting computers.
http://www.computeruser.com/news/00/05/06/news4.html
Editor's (Cowan) Note: As this story shows, virus scanners are a
reactive bandaid: This is going to keep happening until something is
done about the broken security model in Microsoft Office/Windows.
Editor's (Murray) Note: There is a difference between a lack of security
and gratuitous function. That they insist upon defending their features
in the face of problems is evidence that MS does not appreciate the
difference. Let us hope that our readers do.
-- 4 May 2000 How the Virus Works, and What to Do About It
http://www.wired.com/news/technology/0,1282,36129,00.html
http://www.zdnet.com/zdhelp/stories/main/0,5594,2562449,00.html?chkpt=zdhpedittop02
http://www.computerworld.com/home/print.nsf/all/000504DC06
-- 7 May 2000 Spam and E-Mail Worms/Viruses Share Characteristics
E-Mail worms bear the same types of "digital 'fingerprints'" used to
detect and block spam, according to a security expert.
http://www.computeruser.com/news/00/05/07/news3.html
Editors' Note: These so-called "fingerprints" may be forged and used to
frame innocent people.
-- 6 May 2000 Deutch Case to be Investigated Again
The Justice Department is conducting a new inquiry into the case of
former CIA director John Deutch and the possibility of mishandled
classified information on a home computer. The Justice Department wants
to be sure it holds Deutch to the same standards applied in the case of
Wen Ho Lee.
http://www.cnn.com/2000/US/05/06/deutch.justice.ap/index.html
-- 5 May 2000 Diligence, Not Legislation, Needed to Stop Attacks
Internet business groups claim new legislation won't stop crackers;
instead, companies need to improve security technology and forge
cooperation with federal agencies, and law enforcement needs both to be
better trained in cyber crime, and to enforce existing cyber crime laws
consistently.
http://www.cnn.com/2000/LAW/05/05/love.bug/index.html
-- 3 May 2000 International Cybercrime Proposal
A proposal that would pave the way to prosecute cyber criminals across
international borders has privacy advocates and civil libertarians
upset. Among the items taken up in the proposal are the criminalization
of the possession of certain software, the potential elimination of
anonymity, extradition procedures, and the establishment of cyber crime
centers.
http://www.wired.com/news/politics/0,1283,36047,00.html
-- 1 May 2000 Cyberstalking Legislation Pending
US lawmakers are considering making cyberstalking a felony.
Additionally, trained computer crime law enforcement units are necessary
for effective protection from cybercrimes.
http://www.wired.com/news/politics/0,1283,35728,00.html
-- 5 May 2000 Seventeen Charged in Piracy Scheme
Seventeen alleged members of a software piracy collective have been
arrested and charged with conspiracy to infringe copyrights.
http://www.cnn.com/2000/TECH/computing/05/05/software.pirates/index.html
-- 3 May 2000 New DDoS Tool Found "In the Wild"
A new distributed denial of service (DDoS) attack tool has been
discovered on a Linux-based computer at Washington State University.
While it appears still to be in development, Mstream has the potential
to be even more powerful than the attack tools used on major sites in
February of this year.
http://www.computeruser.com/news/00/05/03/news3.html
http://news.cnet.com/news/0-1003-200-1798064.html
-- 3 May 2000 Federal Agencies Trailing Private Industry in
"Cyberspace Race"
Government is lagging behind industry in technology. Many of the
government problems stem from lack of audits to ensure compliance with
security policies already in place. Many in Congress are in favor of
creating a federal IT "czar" position.
http://www.fcw.com/fcw/articles/2000/0501/web-afcea-05-03-00.asp
-- 3 May 2000 Microsoft Integrating Biometric Technology
Microsoft plans to enhance Windows security by integrating biometric
options into future versions of Windows 2000.
http://www.computerworld.com/home/print.nsf/all/000503DB6E
-- 2 May 2000 Supreme Court Rejects ISP Liability Appeal
The Supreme Court let stand a lower court ruling preventing an Internet
service provider (ISP) from being held liable for material on bulletin
boards or in e-mail. The ISP is considered a carrier of information
rather than a publisher, and hence is not held accountable for the
information.
http://www.computerworld.com/home/print.nsf/all/000502DB46
------------------------------------------------------------------------
Bids starting at $7 for thousands of products - uBid.com
http://click.egroups.com/1/3027/11/_/595019/_/957987530/
------------------------------------------------------------------------
------------------
http://all.net/