[iwar] News
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Mon, 31 Jul 2000 22:05:40 -0700 (PDT)
fc Mon Jul 31 22:07:29 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Mon, 31 Jul 2000 22:07:29 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Tue Aug 1 05:07:23 2000)
X-From_: sentto-279987-469-965106347-fc=all.net@returns.onelist.com Tue Aug 1 00:06:12 2000
Received: from fh.egroups.com (fh.egroups.com [208.50.144.71]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id AAA29438 for ; Tue, 1 Aug 2000 00:06:12 -0500
X-eGroups-Return: sentto-279987-469-965106347-fc=all.net@returns.onelist.com
Received: from [10.1.10.37] by fh.egroups.com with NNFMP; 01 Aug 2000 05:05:47 -0000
Received: (qmail 22618 invoked from network); 1 Aug 2000 05:05:46 -0000
Received: from unknown (10.1.10.26) by m3.onelist.org with QMQP; 1 Aug 2000 05:05:46 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta1 with SMTP; 1 Aug 2000 05:05:43 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id WAA07233 for iwar@onelist.com; Mon, 31 Jul 2000 22:05:41 -0700
Message-Id: <200008010505.WAA07233@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Mon, 31 Jul 2000 22:05:40 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] News
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
European Union ministers vow cyber crime crackdown
European Union ministers said on Saturday they would seek
new laws to crack down on fast-growing crime by Internet
fraudsters, computer hackers and child pornographers.
Squaring up to growing ranks of cyber crooks who exploit
differences in national computer crime laws to strike
across borders with impunity, ministers said they would
extend the reach of justice into cyberspace. ``It is not
at all our intention to limit the development of the
Internet, but we must avoid letting it become a lawless
zone,'' said French Justice Minister Elisabeth Guigou.
http://www.mercurycenter.com/svtech/news/breaking/internet/docs/254761l.htm
Dow Chemical fires 50 over offensive email
In the latest clash involving email privacy, Dow Chemical
has fired 50 employees and has disciplined 200 others in
the wake of an investigation that found workers had
emailed pornography and violent images from company
computers. "We have to protect our other employees," Eric
Grates, spokesman for Dow's Michigan Operations, said
yesterday. "This sort of activity creates a harassment
environment that we can't tolerate." Firing employees
for accessing pornographic Web sites and distributing
offensive email messages is not confined to Dow Chemical.
The New York Times fired 22 employees in Virginia last year
for allegedly passing around potentially offensive emails.
Xerox also fired 40 workers for spending work time surfing
pornographic and shopping sites on the Web.
http://news.cnet.com/news/0-1007-200-2372621.html
Hackers steal Cyprus university exam results
Computer hackers left the Cypriot education ministry in a
flap Friday after closely guarded exam results were leaked.
Angry education ministry officials said they would launch
an official probe after local radio stations beat them to
releasing the results by about four hours. The lists were
scheduled to be released on the ministry's web site at
noon. Authorities suspect hackers swiped the lists after
a technician entered a password-sensitive area of the Web
site for a routine check earlier in the day. ``I was told
that technologically, there was no way this could be leaked,''
an angry education minister Ouranios Ioannides told a news
conference.
http://www.mercurycenter.com/svtech/news/breaking/internet/docs/252067l.htm
Barr Introduces Legislation To Kill Carnivore
Hoping to permanently pull the plug on the FBI's
controversial e-mail surveillance device, Carnivore, Rep.
Bob Barr, R-Ga., on Thursday introduced legislation that
would curtail law enforcers' rights to monitor the activity
of Internet users. As he promised earlier this week, Barr
introduced the Digital Privacy Act of 2000, which updates
federal wiretapping laws to "bring them in line with
technological developments such as the Internet, wireless
phones and electronic mail," Barr's office said in a
statement today.
http://www.newsbytes.com/pubNews/00/152922.html
Warrants for online data soar: Demands served on Internet,
e-mail providers up 800%, study finds.
The number of search warrants seeking citizens' online data
has soared more than 800% during the past few years, a USA
TODAY study shows. The findings, based on an examination of
warrants served on the top Net service provider, America
Online, surprised federal lawmakers and civil libertarians
and prompted calls for legal reforms. Searches for the online
data typically involve cases ranging from harassment and
child pornography to violent crime and fraud and are aimed
at discovering the identity and tracking the activities of
subscribers. Last year, AOL was served with 301 search
warrants, up from 33 in 1997. This year, state and local
investigators have served 191 warrants through July 17,
filings show.
http://www.usatoday.com/usatonline/20000728/2499612s.htm
Join us, don't fight us, Pentagon tells hackers
The largest-ever convention of computer hackers has opened
here with top-ranking U.S. military officials offering to
hire the elite of the cybervandal world and put them to
work defending against foreign government attacks. ``I
invite you to join the government, or private industry for
that matter. But get on the defense side,'' said Art Money,
U.S. Assistant Secretary of Defense, and the Pentagon's
Chief Information Officer with responsibility for command,
control, communications and intelligence. Money and a panel
of colleagues from the Pentagon, the Air Force and Federal
police agencies, were at turns cordial, threatening,
moralizing and patriotic in their remarks Friday to the
conference, called DEF CON 8.0, which has drawn up to 5,000
attendees this year.
http://www.mercurycenter.com/svtech/news/breaking/internet/docs/255078l.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2609334,00.html
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO47706,00.html
Cybersecurity Project Threatened
A lack of funding is threatening a public-private initiative
aimed at preventing cyberattacks similar to the
denial-of-service attacks against Yahoo, eBay and others in
February. Government officials championing the Partnership
for Critical Infrastructure Security, which gained momentum
after the first cybersummit in February, are disheartened
after Congress tentatively slashed the budget for the agency
overseeing the initiative.
http://www.thestandard.net/article/display/0,1151,17209,00.html
How the FBI Investigates Computer Crime
This guide provides information about the federal investigative
and prosecutive process for computer related crimes. It will
help you understand some of the guidelines, policies, and
resources used by the Federal Bureau of Investigation (FBI)
when it investigates computer crime. The FBI has implemented
various technical programs to address the growing complexity
of computer investigations. FBI legal attach=E9 stationed in
41 countries enable the FBI to use sophisticated methods to
investigate and coordinate cyber incidents around the world.
In Washington, DC, the National Infrastructure Protection Center
(NIPC) is a special unit that coordinates computer crimes
investigations throughout the United States. The FBI trains
and certifies computer forensic examiners for each of the 56
FBI field offices in the United States to recover and preserve
digital evidence. The FBI maintains a computer forensic
laboratory in Washington, DC for advanced data recovery and
for research and development.
http://www.cert.org/tech_tips/FBI_investigates_crime.html
New IT czar bill introduced
Adding to a flurry of legislation proposing a federal chief
information officer, Rep. Tom Davis (R-Va.) on Thursday
introduced a bill to create an office that would coordinate
IT resources and information security decisions government
wide. The Federal Information Policy Act (FIPA) of 2000 would
establish an Office of Information Policy headed by a national
CIO to who would report directly to the president. The office
would have a deputy, staff and appropriated funds through
fiscal 2005 and could rely on federal agencies for services,
staff and space to perform its duties.
http://www.fcw.com/fcw/articles/2000/0724/web-cio-07-28-00.asp
CIO offers security budget warning
Agencies should not expect any additional funding for
security this year, even though the need to protect their
systems is rapidly growing, according to Fernando Burbano,
chief information officer at the State Department. As the
number of Internet users grows and intrusion tools become
simpler but more sophisticated, it is easier for hackers
to infiltrate a system, Burbano said at a conference
Wednesday organized by the Digital Government Institute.
Many hacker tools are "point and click" and are freely
available on the Internet, he said.
http://www.fcw.com/fcw/articles/2000/0724/web-secrity-07-28-00.asp
Ruling seeks to draw `fair use' boundary
As copyright law collides with technology, implications
aren't clear. The federal judge's order directing Napster
Inc. to stop allowing users to share digitized copies of
copyrighted songs is likely to be the first salvo in a war
that could dramatically alter business practices. While the
courts have tolerated devices like VCRs that are capable of
making illegal copies, Napster's reliance on Internet
technologies, which can distribute millions of copies
worldwide, puts it in a different league, according to
Chief U.S. District Judge Marilyn Hall Patel.
http://www.mercurycenter.com/premium/business/docs/legal28.htm
Olympics challenge: Filtering hate mail
IBM is closely guarding the secret of the filtering
technology it is using to protect its Olympic fan mail
site from hate mail, political propaganda and inappropriate
content. Million of emails are expected to pass through the
site to the more than 10,000 athletes from more than 100
countries competing at the Sydney Olympics. While the vast
majority of messages are expected to be encouraging and
congratulatory, IBM faces a major task filtering out
potentially damage messages. IBM spokesperson Natalie Harms
said the technology was an enhancement of the filter used
during the 1998 Nagano Winter Olympics where 300,000 messages
were sent to competitors.
http://www.zdnet.com/zdnn/stories/news/0,4586,2608987,00.html
Internet fight brewing over 'spam'
Peter Kaldis, a systems support manager for Pixar Animation
Studios in Richmond, Calif., estimates he gets about 100
e-mails per day, some 25 percent of which are junk e-mails
offering everything from get-rich-quick schemes to entry
to pornographic Web sites and sham cures for cancer. The
companywide infestation of ``spam,'' or unsolicited e-mail,
eats up time, resources and disk space, Kaldis said. Kaldis
clearly is not alone. The problem plagues thousands, if not
millions, of Internet users and has spawned companies and
nonprofit groups whose sole purpose is to help Internet
service providers block spam.
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/047181.htm
Northrop Grumman focuses on information warfare
Northrop Grumman Corp.'s strategy is to concentrate on the
key information technologies that it expects will dominate
21st century warfare, the U.S. defense contractor's chief
executive said in an interview. ``We are focusing on niches
that we believe are going to be extremely important for the
future,'' chief executive Kent Kresa told Reuters. ``And
that has to do with surveillance, information warfare and
battle management.''
http://www.mercurycenter.com/svtech/news/breaking/reuters/docs/256287l.htm
Step inside the world of hacking
Witness an attack through the eyes of a hacker and a
=91white hat=92. The world of computer hackers is a constant
cat-and-mouse game between "white hats" and "black hats."
Some white hats use "honeypots" to learn about their enemy.
Honeypots look like normal Web servers to a black hat, but
they are really traps with special software that allow
white hats to track every step a computer vandal takes.
http://www.msnbc.com/news/437641.asp
Why they call the internet Scam Land
Want to know about the biggest money-making opportunity
on the internet today? It=92s fraud. Swindling. Hacking.
Scamming. And outright theft. Online crime is the
internet=92s biggest growth industry. "The online world
is like the Wild West at the moment," says Ramin Marzbani,
internet analyst with www.consult. "There are plenty of
outlaws, but not enough sheriffs and hanging judges out
there to uphold the law."
http://www.afr.com.au/perspective/20000728/A36256-2000Jul28.html
Barclays security breach forces online service to close
UK bank Barclays was hit by an online security breach Monday
morning which allowed at least four customers to access the
bank details of other Barclays customers. The breach follows
the introduction of new security infrastructure designed to
strengthen the bank's defences Saturday evening and forced
the company to close its online services.
http://www.zdnet.co.uk/news/2000/30/ns-17002.html
Cyber-war? U.S. defense sites invaded by young hackers, not Iraqis
Iraq was mistakenly suspected of sponsoring cyber attacks
on hundreds of U.S. defense sites. U.S. officials said Iraq
was believed to have employed hackers to break into at least
200 unclassified defense sites operated by the Pentagon and
military during the United Nations crisis with Baghdad in
1998. At the time, President Saddam Hussein ordered the
expulsion of UN inspectors.
http://www.worldtribune.com/Archive-2000/ss-cyberterror-07-31.html
EU steps up cybercrime talks
The European Union met informally Saturday to discuss new
cross-border powers for law enforcement agencies to combat
international Internet crime. Discussions centre around a new
RIP-style approach across Europe. EU representatives said
Internet crime was rapidly outpacing the implementation of
necessary policing powers and that urgent action was required.
http://www.zdnet.co.uk/news/2000/30/ns-16986.html
Commons security run by 'terrorist suspect'
A SUDANESE businessman who has been linked by the American CIA
to the world's most wanted terrorist is the leading shareholder
in a company that provides security systems to the Houses of
Parliament. Salah Idris, 48, whose pharmaceutical factory in
Sudan was flattened by American cruise missiles after it was
linked to Osama Bin Laden, the Saudi terrorist, owns 25% of
IES, a company specialising in high-technology surveillance and
security management.
http://www.the-times.co.uk/news/pages/sti/2000/07/30/stinwenws01037.html
Microsoft cookie tool stirs controversy
What began as an effort to give Web browser users more
control over their privacy has put Microsoft Corp. in
the cross-fire of Web advertisers and privacy advocates.
With Internet Explorer 5.5, Microsoft is testing a cookie
management feature that blocks certain kinds of cookies
-- data records created by a browser that preserve
information about Web sessions. The seemingly innocuous
add-on has raised the ire of Web advertising services and
e-commerce vendors that claim the feature unfairly excludes
them from the benefits of cookies: driving traffic and ad
dollars to a site and supplying key demographic data to
e-businesses.
http://www.zdnet.com/zdnn/stories/news/0,4586,2609257,00.html
Data Privacy Gains Ground
The U.S. House of Representatives recently passed an
amendment to an appropriations bill that would force federal
agencies to show how they collect personal data from the
Internet. The amendment, proposed by Rep. Jay Inslee (D-Wash.),
calls for federal agencies to advise visitors to federal Web
sites that their personal data is being collected and
demonstrate how it's done.
http://www.computerworld.com/cwi/story/frame/0,1213,NAV47_STO47652,00.html
Bankers to Offer Online IDs
To help banks compete against start-ups in the field of
online identity authentication, the American Bankers
Association (ABA) in Washington earlier this month
announced the launch of TrustID, an online identification
system. According to e-strategies director Stephen Schutze,
the ABA's TrustID system is an attempt to put banks back
in charge of digital signature authentication. "Banks are
trusted parties," Schutze said. "And banks know their
customers."
http://www.computerworld.com/cwi/story/frame/0,1213,NAV47_STO47637,00.html
Pentagon scrutinizes handheld security
The Defense Department is conducting a top-down review
of security concerning the use of personal electronic
devices, including palmtop computers, certain pagers,
cell phones and laptop computers. The review is part of
a larger DOD effort to institute tougher security measures
and to treat the Pentagon as a command center for the
nation's defense.
http://www.fcw.com/fcw/articles/2000/0731/news-pda-07-31-00.asp
DOD top brass will outsource network management, security
The Office of the Secretary of Defense plans to outsource all
common applications and information security services for its
5,500 unclassified users. The contract "will give us one belly
button to push" and make it easier to measure vendor performance,
said Paul Brubaker, deputy chief information officer for the
Defense Department. At least 15 contractors already manage
some portion of OSD's systems enterprise, so the new contract
would consolidate those services, he said. And, roughly 95
percent of the systems staff in the CIO's office are contract
employees.
http://www.gcn.com/vol1_no1/daily-updates/2496-1.html
Lotus E-Mail Security Problem: The Domino Effect
Companies that rely on a version of Lotus Notes e-mail
system called Domino could find their e-mail accounts
and passwords jeopardized by a security weakness in
the software, according to online security firm iDefense.
The security flaw, found in many Lotus Domino Web-based
user-authentication tools, is due in part to a password
file that relies on "weak" encryption methods for the
text password. According to an iDefense alert issued
today, an attacker using a "brute-force" method on any
Lotus client can access the HTTP password file and obtain
permission levels identical to the "spoofed" account.
http://www.newsbytes.com/pubNews/00/152989.html
http://www.nwfusion.com/news/2000/0731lotushole.html
Defcon: The Hacker's Bacchanalia
What do you get when you mix 6,000 hackers and hacker
wannabees with booze, gambling and some of the hottest
temperatures in the history of Sin City? Defcon, an
annual gathering that holds the Alexis Park Hotel's all
time record for the most alcohol consumed by one group
in a weekend.
http://www.wired.com/news/culture/0,1284,37896,00.html
Rave Against the Machine
Defcon 2000: Hackers, Geeks, 'Script Kiddies' Party
It's not just about the machines. There are probably
hundreds of people at Defcon, the world's largest
computer security convention, who could take down your
company's network with a few well-placed keystrokes.
There are even some who are trying to explain how to
avoid such attacks, if anyone's willing to listen.
http://www.abcnews.go.com/sections/tech/DailyNews/defcon000728_old.html
Spot the Fed
Hackers Play Games as Feds Appeal for Cooperation
He's a Fed. She snitched him out. Can they find love?
Life started echoing reality TV at Defcon, the world's
largest hacker convention, when a 32-year-old system
administrator named Tahkara picked an Air Force
reserveman named Brian out of the crowd, pegged him as
a "fed," and then convention organizers set them up on
a date. "Spot the Fed" is one of the hackers' favorite
games at the annual convention, usually well-attended
by federal agents looking for intelligence. Tahkara
said she'd pegged Brian because, "how much normaler
can you get looking?"
http://www.abcnews.go.com/sections/tech/DailyNews/hacker000730.html
Hackers Seek Privacy: Seeking Ways to Cover Their Tracks
Ever want to walk away from your life? You can change
your identity, hide your tracks on the Internet, and
cloak your e-mail in privacy. Battered wives can elude
their painful pasts; harassers and criminals can hide
from the law. But you probably can't escape your boss.
http://www.abcnews.go.com/sections/tech/DailyNews/hacker000729.html
cDc bores two thousand people at once
The Cult of the Dead Cow -- authors of Back Orifice and
BO2K and the undisputed glam rockers of the hacking
underground -- amazed the crowds at Defcon with an hour
of shallow meditations on site defacements, network
security, and themselves. We knew we were in trouble at
the opening, as member Tweety Fish kicked off the long
anticipated festivities with the disclaimer, "Just to
let you guys know, um, we were pretty much perfectly
aware that, that, that, we were not going to top last
year? So, we're not going to try? So, we're just going
to talk to you a while."
http://www.theregister.co.uk/content/1/12261.html
Mitnick prepares to take the security stage
Notorious computer hacker Kevin Mitnick is set to speak
at a Los Angeles conference on Internet security--his
first keynote after challenging the conditions of his
parole in a federal court. The Sept. 27 conference,
given by Massachusetts-based Giga Information Group, is
expected to draw 350 to 400 people. "I'd like to help
organizations and entities better understand what risks
and vulnerabilities that are out there," Mitnick said
in an interview, adding that he hopes to provide insight
into the mind-set of hackers and how persistent they can
be. "I intend to inform the audience of risks and get
people to think like a hacker," he added.
http://news.cnet.com/news/0-1005-200-2401675.html
Computer Security Is No Sure Thing
Two-thirds of the way through the process of writing his
new book on computer security, cryptographer, mathematician
and computer security guru Bruce Schneier made a horrifying
discovery. He was writing the book to offer hope to his
readers but he had no hope to offer. His vision of the
practice of computer security, based mostly on beautiful
models rooted in complex yet elegant mathematical
algorithms, was breaking up on the rocky shores of reality.
http://www.forbes.com/tool/html/00/jul/0731/feat.htm
What the "Love" bug teaches about business ethics
For most computer users, any reference to the recent "I Love
You" virus conjures only bad memories. But for many residents
of the Philippines, where the virus reportedly originated, the
publicity generated by the incident also served as a reminder
of the thriving computer industry that exists in this Southeast
Asian country of approximately 68 million people. At Wharton's
seventh Asian Regional Alumni Meeting, held in Manila on
June 10, Wharton alumnus and guest speaker Manuel V. Pangilinan
opened his remarks with a reference to the "I Love You" virus.
http://news.cnet.com/news/0-1007-200-2341560.html
How Do I Tighten Security on My System?
In my last article, "Why do I have to harden?", I discussed
how security exploits develop and why you must do more than
just patch. Here, I explain what that "do more" bit means.
"Hardening" a system is the practice of making that system
much harder to crack. I like to think that this involves
steps not only to prevent break-ins, but also to detect them
when they happen.
http://www.securityportal.com/cover/coverstory20000731.html
---------------------------------------------------------------------
------------------
http://all.net/