[iwar] News
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Fri, 21 Jul 2000 21:19:24 -0700 (PDT)
fc Fri Jul 21 21:20:25 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Fri, 21 Jul 2000 21:20:25 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Sat Jul 22 04:20:18 2000)
X-From_: sentto-279987-461-964239571-fc=all.net@returns.onelist.com Fri Jul 21 23:19:55 2000
Received: from fg.egroups.com (fg.egroups.com [208.50.144.70]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id XAA05380 for ; Fri, 21 Jul 2000 23:19:55 -0500
X-eGroups-Return: sentto-279987-461-964239571-fc=all.net@returns.onelist.com
Received: from [10.1.10.38] by fg.egroups.com with NNFMP; 22 Jul 2000 04:19:31 -0000
Received: (qmail 2427 invoked from network); 22 Jul 2000 04:19:29 -0000
Received: from unknown (10.1.10.142) by m4.onelist.org with QMQP; 22 Jul 2000 04:19:29 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta1 with SMTP; 22 Jul 2000 04:19:26 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id VAA24779 for iwar@onelist.com; Fri, 21 Jul 2000 21:19:24 -0700
Message-Id: <200007220419.VAA24779@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Fri, 21 Jul 2000 21:19:24 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] News
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Customs agent arrested in counterfeit software sting
A senior Customs Service agent, a lawyer and three others
have been arrested for an alleged scheme to smuggle 15,000
counterfeit Microsoft computer programs from Hong Kong to
the United States. The arrests announced yesterday stemmed
from an investigation of complaints that Richard Casas, a
senior Customs agent, was receiving kickbacks for referring
criminal suspects to criminal defense attorney
Lawrence S. Boyle. An undercover informant helped make the
arrests after winning the group's confidence by pretending
to be trouble with the law. Boyle boasted to the operative
that he had a Customs source who could arrange the smuggling
through the Port of Los Angeles without being detected, said
Ken Cates, supervisor of the Customs Service's internal
affairs investigation.
http://news.cnet.com/news/0-1003-200-2285807.html
Judge sets aside network sabotage verdict
A U.S. District Court judge last Friday set aside the
guilty verdict in the case of a former network administrator
who had been convicted in May on a federal charge of computer
sabotage.A jury found Tim Lloyd, 37, of Wilmington, Del.,
guilty of planting a software time bomb in a centralized file
server at Omega Engineering Corp.'s Bridgeport, N.J.,
manufacturing plant. The malicious software code destroyed
the programs that ran the company's manufacturing machines,
costing Omega more than $10 million in losses and eventually
leading to 80 layoffs.
http://www.networkworld.com/news/2000/0717verdict.html
PowerGen credit card security cock-up
Utility firm PowerGen has left thousands of its online
customers' bank and contact details unprotected. The
company claims 2,500 of its customers were affected by
security cock-up but Leicester based IT consultant John
Chamberlain, who discovered the hole in PowerGen's online
payment system, reckons the figure is almost three times
that. While trying to pay his bill online Chamberlain
discovered a file containing the names, addresses, debit
and credit card numbers, and expiry dates of an estimated
7,000 PowerGen customers.
http://www.theregister.co.uk/content/6/12040.html
Hackers watching Big Brother
Intel suspect a 'denial of access' hacker attack could
have been the reason for technical teething problems on
Big Brother's Web site, says source. ZDNet UK News has
learnt that hackers are on a list of suspected reasons
behind disruption to Channel 4's Big Brother Web site.
A source says Intel suspects a "denial of access" hacking
attack on the Big Brother Web site although it is reluctant
to go on the record. Intel's computers host the Web site
which has faced massive traffic since its launch last week.
http://www.zdnet.co.uk/news/2000/28/ns-16728.html?&_ref=3D1069132020
Online fraud used as political football
Law enforcers say that a rise in Internet fraud has
contributed significantly to the latest crime figures
in Britain. The comments were immediately shot down by
civil liberty campaigners who argue this a smokescreen
for increased government control of the Internet.
According to the National Criminal Intelligence Service
(NCIS), an upsurge in online swindling demands legislation
in the form of the RIP Bill, which gives the police powers
to monitor email and Internet browsing.
http://www.zdnet.co.uk/news/2000/28/ns-16730.html
Feds Warn Banks About Misleading Web Site Names
The agency that oversees the operations of US financial
institutions has issued an alert calling for banks to
take caution in safeguarding their domain name, as it
appears a growing number of online banking customers are
sending sensitive financial information to the wrong bank,
federal regulators said Tuesday. The alert, issued by the
Treasury Department's Office of the Comptroller of the
Currency, said financial institutions need to be judicious
when selecting domain names for a place to do business on
the Internet, and suggested banks might even consider
buying up similarly spelled domain names.
http://www.newsbytes.com/pubNews/00/152402.html
GSA rethinks FIDNet solution
The General Services Administration this week decided
to delay its acquisition of a government wide system to
detect cyberattacks so that the agency can better align
the request for proposals with commercial market solutions.
GSA released a draft RFP for the Federal Intrusion
Detection Network (FIDNet) last month and tried to leave
the solicitation open enough for vendors to offer a system
specially developed for the government or a solution based
on commercial managed security services. FIDNet is intended
to provide a central place for correlating information from
civilian agencies' intrusion-detection sensors.
http://www.fcw.com/fcw/articles/2000/0717/web-fidnet-07-19-00.asp
Hackers stumble toward legitimacy
Social, legal issues push disparate hacker community onto
national stage. Controlled chaos broke out at Hope 2000,
a gathering loosely defined as a "hacker convention." The
meeting was a social stew consisting of thousands of geeks,
social cast offs, media, law enforcement, digital underground
celebrities, used-to-be's and wannabes, all tossed into the
equally seedy and fraying surroundings of the past-its-prime
Pennsylvania Hotel. The H2K attendees didn't realize it at
first, but a spontaneous outbreak of conscience was spreading,
virally, among them.
http://www.msnbc.com/news/435153.asp
The Convention on Cybercrime: Why It Will Do Far More Harm Than Good
The Council of Europe recently released a draft of a document
called the "Draft Convention on Cybercrime." This document is
meant as an international treaty governing "cybercrime" and an
attempt to standardize law for easier prosecution of attackers
(some countries have no laws specifically governing computer
attacks).
http://www.securityportal.com/topnews/cybercrime20000719.html
IPSec - We've Got a Ways to Go (Part I)
IPSec, supposedly the next great thing that will fix most
(if not all) our network security problems. No longer will
attackers be able to sniff network traffic, hijack connections
or spoof servers. Hijacking domain names will be impossible
with DNSSEC, and redirecting people to fake Websites will be
a thing of the past. Or will it? There are currently a lot of
problems and shortcomings with IPSec that prevent the majority
of network traffic from being encrypted.
http://www.securityportal.com/closet/closet20000719.html
FBI Seizes ex-official's computer hard drive
The FBI has seized a computer hard drive used by former
Energy Department intelligence chief Notra Trulock,
concerned that he may have included classified data in
a proposed article, The Washington Post reported on
Thursday. The Post quoted senior U.S. officials as
saying the FBI obtained the hard drive after officials
at the CIA and other federal agencies expressed concern
about the possible leak of classified information.
FBI spokesman John Collingwood told the paper that the
FBI ''received information from other government agencies
that classified information was subject to possible
compromise.''
http://www.mercurycenter.com/svtech/news/breaking/reuters/docs/216852l.htm
The technology behind FBI's 'Carnivore'
The law enforcement agency's secret box for sniffing emails
may run on Windows NT - but details are still a mystery.
The FBI's email snooping "Carnivore" -- now the centre of a
fierce debate over privacy -- began life on a store shelf.
What would later become an email monitoring system rankling
civil libertarians and Internet service providers had rather
humble beginnings as a commercially available email sniffing
program, FBI officials said Tuesday. FBI engineers went to
work on it 18 months ago, and within a year added enough bells
and whistles to create a telephone tap for the 2000s -- and
scandal over just how much information the program is able to
cull. For the last two weeks, the FBI has been quiet about
Carnivore, which it has been using with judges' permission
since March to sift through email messages that flow through
some of the world's ISPs. But it will be doing a lot more
talking beginning Monday. The bureau will trot out its chief
technologist, Marcus C Thomas, to brief the press about
Carnivore. Hours later, Thomas and others will be on Capitol
Hill, telling Congress the same facts and figures.
http://www.zdnet.co.uk/news/2000/28/ns-16738.html
RIP Bill nearly law, critics say more changes needed
Legislation that will give UK police more power to snoop on
Internet users is on the verge of becoming law after passing
through a third and final reading in the House of Lords
Wednesday. Despite significant amendments to the Regulation
of Investigatory Powers (RIP) Bill, opponents remain convinced
that once it becomes law it will damage Britain's e-business
credibility. Changes made in the Lords introduced safeguards
that give companies the right to sue law enforcers if negligence
is suspected in the handling of sensitive information. A further
amendment made it incumbent on the police to inform a senior
judge before they can capture encryption keys.
http://www.zdnet.co.uk/news/2000/28/ns-16742.html
EU to regulate spam and cookies
The European Commission is considering regulating the use
of spam and cookies on the Internet. Spam, or unsolicited
commercial e-mail, and cookies, files stored on an Internet
user's computer which enable their visits to web sites to
be tracked, are two of the less digestible aspects of life
on the Internet today. The commission's move is part of a
proposal for a new regulatory framework for telecommunications,
which will pave the way to tighter data privacy protection
for all electronic communications, commission officials
explained Thursday during a technical briefing.
http://idg.net/ic_203436_1773_1-483.html
Laws protecting consumers online need revision
Observers have called for a review of UK laws that
protect consumers from the sort of security blunders
that saw thousands of Powergen customers' credit card
details published on the Internet this week. Experts say
current legislation does little to protect consumers and
argue that unless positive steps are taken, a lack of
consumer confidence could scupper Tony Blair's vision
of a successful "e-Britain". According to the 1998 Data
Protection Act, Powergen's customers are not entitled to
any financial compensation except anybody who suffers
credit card fraud or other damages. Powergen has offered
customers affected by the security breach =A350 compensation
each for the inconvenience.
http://www.zdnet.co.uk/news/2000/28/ns-16758.html
FTC Commissioner Warns Industry of Pending Privacy Laws
Companies doing business on the Web need to act soon to show
they can sort out on their own concerns raised by consumer
privacy groups, or else Congress is going to do it for them,
a key member of the Federal Trade Commission said today.
Speaking at a luncheon on consumer privacy at the US Chamber
of Commerce today, FTC Commissioner Orson Swindle urged
business leaders in town for the conference to pay a visit
to their state lawmakers and showcase the steps they have
taken to protect the privacy rights of its customers.
http://www.newsbytes.com/pubNews/00/152469.html
Paranoia Runs Deep at Hacker Convention
The 'phreaks' and geeks at H2K wore disguises and used code
names while listening to talks about not selling out to
'The Man.' "I don't want to be recognized," says the guy in
the yellow poncho and Groucho Marx glasses. "People at my
office knew I wanted to come here, so I have to be careful."
http://www.thestandard.com/article/display/0,1151,17002,00.html
To heck with hactivism
Do politically motivated hackers really think they're
promoting global change by defacing Web sites? The
keynote address at a typical hacker convention is delivered
by the "Wizened Security Guru," usually an ex-CIA spook who
wows the crowd with cloak-and-dagger tales. If he's not available,
then the honor may fall to the "Hot Young Programmer," invariably
a cocky coder who recounts his latest "eureka!" moment. But at
last weekend's third-ever Hackers on Planet Earth convention,
nicknamed H2K, the featured speaker was a confessed techno-idiot,
a man who denies ever having so much as pressed an "ESC" key:
Jello Biafra, ex-frontman for punk provocateurs the Dead Kennedys.
http://salon.com/tech/feature/2000/07/20/hacktivism/index.html
TX woman, CA man arrested for pilfering online stock accounts
A Richardson, Texas, woman and a Los Angeles man were
arrested Wednesday on charges of fraudulently using
confidential information to drain $1.5 million from
online stock trading accounts and various credit card
companies. Jeanette Franklin, 29, was arrested by Secret
Service agents in Dallas while 35-year-old Babatunde
Osiname was picked up in Los Angeles. They are accused
of stealing more than $700,000 from the online stock
trading accounts of eight U.S.-based employees of
Swedish telecommunications giant Telefonaktiebolaget
LM Ericsson. The investigation also revealed that at
least 25 Ericsson employees had credit cards opened
in their names, which were used to open online stock
trading accounts. The Secret Service said an additional
$840,000 was taken from various credit card companies.
Both suspects were charged with bank fraud, mail fraud,
wire fraud and identity theft.
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/018058.htm
Venture Businessman Held for Hacking Info on 110,000 People
A 24-year-old venture businessman has been detained for
stealing information on 110,000 online customers of an
unidentified marketing agency by hacking the company's
servers. The anti-cyber crime team of the National Police
Agency said the businessman, identified only as Choi,
tried to sell the information to Internet consulting
firms. According to police, Choi came to know the user
ID of one of his primary school alumni who had been
working for the marketing agency on May 25. Then, he
logged on to the agency's servers with the user ID and
stole a roster featuring names, workplaces, duties,
telephone numbers and addresses of 11,000 customers.
http://211.169.240.72/search/search.cgi?KW=3DHacking&ST=3Dtitle%2fnews&year=
1=3D200=20
0&month1=3D7&date1=3D7&year2=3D2000&month2=3D7&date2=3D21&SA=3DKoreaTimes%3=
aAll&ON=3D20&SO=20
=3Ddate&MS=3D1&ISLSTPG=3Dlist%5fkthome%5fall&IMGSBMT.x=3D14&IMGSBMT.y=3D11&=
Row=3D1&TNAME=20
=3DKL200007&CID=3D14608&TOT=3D1
HACKER THEORY PROMPTS SECURITY REVIEW CALL
The Labour Party must review its electronic security in
case the series of damaging leaked memos were captured in
cyberspaceby a computer hacker, backbenchers said today.
The investigation into the leaks - eight in three months -
will almost certainly examine e-mail and other electronic
communication between Mr Blair and his closest circle,
introduced only over the last few years into Downing Street
and Chequers. Labour backbencher Fraser Kemp, a co-ordinator
in the party's 1997 General Election campaign, said: "It is
certainly the major area of concern that someone is hacking
into Downing Street.
http://web.lexis-nexis.com/more/cahners-chicago/11407/6088382/1
Norwegian Teenager Appears at Hacker Trial He Sparked
The person who kicked off a huge legal battle involving
Hollywood and the Internet is a skinny, 16-year-old Norwegian
computer programmer who, with his serious face, wire-rimmed
glasses and almost-there mustache, could maybe pass for 17.
Yesterday the mild-looking young man, Jon Johansen, was the
focus of attention in Judge Lewis A. Kaplan's courtroom in
federal court in Manhattan. He calmly admitted, for the first
time in a legal tribunal, that he and two other hackers wrote
the computer program known as DeCSS.
(NY Times article, free registration required)
http://www.nytimes.com/library/tech/00/07/cyber/cyberlaw/21law.html
Lawmakers want employers to tell workers if they are monitored
Two conservative House Republicans joined a liberal Senate
Democrat Thursday in introducing legislation to require
employers to notify workers if they're monitoring their
electronic communications at work. Rep. Bob Barr, R-Ga.,
and Rep. Charles Canady, R-Fla., sponsored the House version
of legislation that would force employers to tell employees
if they scan or read their e-mail, monitor their computer
keystrokes or Web use or eavesdrop on their telephone
conversations. Sen. Charles Schumer, D-N.Y., introduced
a companion bill in the Senate. ``We would never stand
for it if an employer steamed open an employee's mail,
read it and put it back,'' Schumer said. ``It is the same
thing with an employee's e-mail.
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/015940.htm
http://www.newsbytes.com/pubNews/00/152470.html
http://www.msnbc.com/news/435656.asp
GOP Opposes FBI E-Mail Scrutiny, Plans Hearing
The Clinton administration's plans for policing the Internet
are running into sharp opposition from Republican leaders
in Congress, who say the government is overstepping laws
intended to protect citizens' privacy. The controversy
focuses on "Carnivore," the FBI-designed e-mail-sniffing
system that allows law enforcement officials to sift a
suspect's messages out of the full stream of data passing
through an Internet service provider. Critics object to
the fact that the system sorts through the communications
of innocent people in order to monitor suspects. Hearings
about Carnivore and another system developed earlier by
the FBI, code-named "Omnivore," are scheduled for Monday
before the House Judiciary subcommittee on the Constitution.
http://www.newsbytes.com/pubNews/00/152510.html
House approves privacy amendment
The House approved an amendment Thursday directing the
Treasury Department, Postal Service and other federal
agencies to show how they collect personal information
from visitors to their Internet sites. The amendment
addresses fears that federal Web sites threaten privacy
by tracking a visitor's progress through the site and
collecting identifiable data. ``If the federal government
is collecting information about our personal habits, we
have a right to know about it so that we can stop any
inappropriate invasion of privacy,'' said Rep. Jay Inslee,
D-Wash., who introduced the amendment.
http://www.mercurycenter.com/svtech/news/breaking/ap/docs/222471l.htm
Online stalwarts beef up privacy initiatives
Trying to quell concern over online profiling, several
major Internet players are stepping up efforts to give Net
surfers more notice about their privacy online. Microsoft
said it will offer an Internet Explorer 5.5 update that
gives people the option to manage cookies, which can track
consumer preferences and whereabouts on the Web. Also this
week, Yahoo launched a new privacy center where visitors
can get information on its privacy policy and practices.
In addition, Net media services company Engage submitted
an enhanced outline of its privacy standard--TrustLabels--
to the Internet Engineering Task Force (IETF), an
international community concerned with the evolution
and operation of the Internet.
http://news.cnet.com/news/0-1007-200-2307398.html
Pixel-high privacy spy
Big Brother is getting smaller all the time. Spies too small
to see are keeping an eye on you while you browse the world
wide web. The "web bugs" hide computer codes behind images
only a pixel in size to gather information aboutsurfing habits.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_842000/842624.stm
Murder via the Internet
Computer crime originated in the popular imagination as
the manipulating of program code or the illegal penetrating
of a computer system. The crime was a nonviolent trick by
someone who understood the incantations of COBOL, C, C++,
or Perl. No one ever got hurt, no blood got spilled. It was
a new arena for wayward electrons, not for common-law crimes
like murder, robbery, or sexual assault. A new alchemy of
crime had emerged.
http://www.securityportal.com/topnews/murdervia20000721.html
New breed' drowning out hacker culture?
A lot has changed in the last 10 years since I first poked my head
below the surface of the mainstream computer world into the realm
of the computer underground. The thing that most intrigued me about
this world, and why I stayed, was the huge body of knowledge and
ways of looking at things that wasn't taught in schools and wasn't
in any books. This incredibly important information about the
computers that ran most of the businesses and governments in the
world was largely ignored.
http://www.zdnet.com/zdnn/stories/comment/0,5859,2605327,00.html
------------------------------------------------------------------------
Huge Shoe Selection at Zappos.com
(small sizes also available)
http://click.egroups.com/1/7062/14/_/595019/_/964239571/
------------------------------------------------------------------------
------------------
http://all.net/