[iwar] News

• Messages sorted by: [ date ][ subject ][ author ][ recipient ]
• Next message: From: Fred Cohen To: "[iwar] News"
• Previous message: From: Fred Cohen To: "[iwar] News"

fc  Tue Aug  8 06:24:14 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Tue, 08 Aug 2000 06:24:14 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Tue Aug  8 13:24:08 2000)
X-From_: sentto-279987-475-965740987-fc=all.net@returns.onelist.com  Tue Aug  8 08:23:36 2000
Received: from mw.egroups.com (mw.egroups.com [208.50.144.94]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id IAA17017 for ; Tue, 8 Aug 2000 08:23:36 -0500
X-eGroups-Return: sentto-279987-475-965740987-fc=all.net@returns.onelist.com
Received: from [10.1.10.35] by mw.egroups.com with NNFMP; 08 Aug 2000 13:23:11 -0000
Received: (qmail 20705 invoked from network); 8 Aug 2000 13:23:07 -0000
Received: from unknown (10.1.10.142) by m1.onelist.org with QMQP; 8 Aug 2000 13:23:06 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta1 with SMTP; 8 Aug 2000 13:23:06 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id GAA09745 for iwar@onelist.com; Tue, 8 Aug 2000 06:23:05 -0700
Message-Id: <200008081323.GAA09745@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Tue, 8 Aug 2000 06:23:05 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] News
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Major e-crime case goes to court in Pakistan
Three young Pakistani men from "good families" will be
tried this week for alleged Internet fraud, in a case
that has raised long-overdue questions about the
country's ability to police computer crime. Immad Ahmed,
Shahid Hussain and Ali Owais were arrested late last
month after a foreign bank complained that one of its
clients had found 2.7 million rupees ($50,000) worth
of unexplained purchases on his credit card. The men
have allegedly confessed to using the card number
obtained from a local restaurant to go on a
cyber-spending spree on a U.S.-based Web site.
http://www.techserver.com/noframes/story/0,2294,500236449-500345839-501991772-0,00.html

Security hole in Adobe Acrobat
Adobe has quietly released a patch for a security hole
in its latest version of Acrobat, 4.05. The hole is a
"buffer overrun" problem, which basically means that
malicious code can get through Acrobat and run on the
client machine. This, of course, means that all means
of nasties can get at your PC.
http://www.theregister.co.uk/content/4/12426.html

Beware 'Brown Orifice'
A new backdoor called "Brown Orifice" turns Netscape
Navigator into a covert web server by exploiting
devastating security holes in the browser's Java
interpreter. Gray hat hacker and Silicon Valley
computer consultant Dan Brumleve released the
program over the weekend to demonstrate holes he
discovered that allow a Java applet to listen on
an network port that is accessible to the world,
and to access local files.
http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D70

Specter Of Network Attacks Looms Anew
Internet service providers and dot-coms hit by a storm
of denial-of-service attacks earlier this year should
brace for another onslaught, said knowledgeable security
experts. Simple Nomad, aka Mark Loveless, a senior security
analyst at information management and security company
BindView, unveiled a new attack blueprint at Def Con, the
annual hacker convention. Held last week in Las Vegas,
Def Con is billed as the place where so-called white-hat
and black-hat hackers meet.
http://www.zdnet.com/zdnn/stories/news/0,4586,2612050,00.html

White House, industry to push Congress on computer security
The Clinton administration and industry officials will push
Congress this fall to provide more funding for protection
of computer security initiatives, saying current legislation
falls short of providing the necessary resources. The issue
was among the concerns raised at the second meeting last
month of the Partnership for Critical Infrastructure
Security (PCIS), an industry-led effort aimed at encouraging
better cooperation across the key critical infrastructure
industry sectors.
http://www.govexec.com/dailyfed/0800/080700td.htm

'Tempest' program addresses worries over computer-screen spying
When most computer users worry about privacy in the
digital age, they wonder who's reading their e-mail
or watching where they go online. But inside the U.S.
government, security officials have a much greater
fear: Is someone with the right surveillance equipment
tuning in to what is on their computer monitors from
a nearby office, or a floor below or even across the
street?
http://www.msnbc.com/news/442690.asp

Hacker Groups Mull Corporate Offers
The relationship between individual hackers and security
experts used to be simple: security companies hired a
black hat, who became a white hat. Now some companies are
trying to purchase entire hacker collectives. The security
firm @stake bought the London-based collective Cerberus
Information Security late last month for an undisclosed
sum. Investors have even expressed interest in the graybeard
of all hacker groups, Cult of the Dead Cow, proposing various
business combinations, including and initial public offering.
The prospect troubles Deth Veggie, minister of propaganda at
the collective.
http://www.zdnet.com/zdnn/stories/news/0,4586,2612056,00.html

Hackers sink Pay-to-Surf website
FreeWebStuff.com Inc., a Paid-to-Surf company, has put
itself up for sale, after finding out that hackers had
undermined its entire business model. The San Jose,
California-based firm says it will also consider a
partnership with an Internet security firm. FreeWebStuff,
which launched only on July 5 this year, cites growth
"far in excess of projections, complicated by excessive
'fake' signups by hackers" as the reason for its
early foray into the world of Mergers & Acquisitions.
http://www.theregister.co.uk/content/1/12435.html

Cybersquatter ordered to quit Jimi Hendrix web site
The family of the late American rock legend Jimi Hendrix
have won a case at an international panel to evict the
holder of the Internet address www.jimihendrix.com, U.N.
arbitrators said Monday. The family of the guitar genius,
who died in 1970, filed the case in May at the Geneva-based
World Intellectual Property Organization (WIPO) against
American Denny Hammerton of Minneola, Florida, who had been
the first to register the address as an Internet domain.
http://www.mercurycenter.com/svtech/news/breaking/internet/docs/281660l.htm

PKI still mired in pilot mode
This, the year of the security breach, has brought
unprecedented acceptance of security products. All but
one. PKI (public-key infrastructure) two years ago held
the title of most promising security technology. But in
the battle to become a staple of IT security, PKI has
fallen behind intrusion detection, anti-virus software
and e-mail filtering and is in danger of becoming
"forever pilotware," said Chris King, an analyst at
Greenwich Technology Partners Inc., in Stamford, Conn.
http://www.zdnet.com/zdnn/stories/news/0,4586,2612063,00.html

Swiss firm uses army bunkers for data storage
A Nasdaq-listed group likes a Swiss firm's idea of
using Alpine mountain army bunkers for computer data
storage so much it is buying the company. Markus
Bernhard, finance director of data storage services
group Cope Inc., told Reuters in an interview on
Monday his firm had agreed a reverse takeover of
Swiss unlisted Mount10 which is scheduled to take
place in the fourth quarter of this year. Mount10
operates a data center near the upmarket winter
sports resort of Gstaad in an army bunker which is
constantly guarded by armed soldiers.
http://www.mercurycenter.com/svtech/news/breaking/reuters/docs/281390l.htm

Openhack: lessons learned
When it comes to security, build for success, but
plan for failure.   eWeek Labs' Openhack.com
e-business site was built from the ground up with
security in mind, and the site was co-designed
and co-maintained by security company Guardent Inc.
Yet Openhack was cracked by two different people in
less than one month. After we reported the hacks, a
reader asked despairingly whether there was hope for
anyone to stay secure. There is hope, but only for
organizations that acknowledge the risk and work to
manage it constantly.
http://www.zdnet.com/eweek/stories/general/0,11011,2612064,00.html

The Reality of Building Secure Private Networks - Part Two
Virtual Networks - Real Risks. IPSec is beginning to
support key business and technology objectives such as
B2B extranet backbones and dial access VPN's for remote
computing. Despite the security and operational benefits
of a VPN, the problem of authenticating client entities
for access control decisions remains a risk management
issue.
http://www.securityportal.com/cover/coverstory20000807.html

Frontier Defense
Most of the security tips you find these days will slow
down a determined hacker - for about 5 seconds. By that
time, his highly modified script has blasted past the
errors you've fixed in your operating system and finds
the one hole you left unplugged. If you have a direct
Internet connection (cable modem, DSL, ISDN or a T-1
line) and you're not behind an industrial-strength
corporate firewall, you're wide open to attack. Even
if you're behind a corporate firewall, remember that
about half of all damage is done by those on the
inside. Disgruntled employees and the insanely
curious can do a lot of damage over their lunch break.
http://www.nwfusion.com/reviews/2000/0807rev.html

Stop 'em with a box
When most people think about protecting their network
from attackers, they think of firewalls. Firewalls offer
the best and most basic form of isolating internal network
users from the big, bad outside world of the Internet. Of
course, any solution will involve more than just firewalls
- virus scanners and putting solid network security policies
in place are also important. Every network needs some form
of protection; the trick is to understand the balance of
price, features and ease of use.
http://www.nwfusion.com/reviews/2000/0807rev2.html

---------------------------------------------------------------------

------------------
http://all.net/

• Next message: From: Fred Cohen To: "[iwar] News"
• Previous message: From: Fred Cohen To: "[iwar] News"