[iwar] News
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Fri, 25 Aug 2000 08:42:03 -0700 (PDT)
fc Fri Aug 25 08:43:15 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Fri, 25 Aug 2000 08:43:15 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Fri Aug 25 15:43:09 2000)
X-From_: sentto-279987-509-967218127-fc=all.net@returns.onelist.com Fri Aug 25 10:42:35 2000
Received: from ci.egroups.com (ci.egroups.com [208.50.99.231]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id KAA29628 for ; Fri, 25 Aug 2000 10:42:35 -0500
X-eGroups-Return: sentto-279987-509-967218127-fc=all.net@returns.onelist.com
Received: from [10.1.10.37] by ci.egroups.com with NNFMP; 25 Aug 2000 15:42:10 -0000
Received: (qmail 1687 invoked from network); 25 Aug 2000 15:42:07 -0000
Received: from unknown (10.1.10.26) by m3.onelist.org with QMQP; 25 Aug 2000 15:42:07 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta1 with SMTP; 25 Aug 2000 15:42:05 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id IAA06228 for iwar@onelist.com; Fri, 25 Aug 2000 08:42:03 -0700
Message-Id: <200008251542.IAA06228@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Fri, 25 Aug 2000 08:42:03 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] News
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
FBI arrests extortion suspect at library computer
The man wrote e-mails to a company threatening to
release company secrets unless it paid him $1-million,
the FBI says. The man using the Internet at the
Tarpon Springs Public Library looked inconspicuous.
Inrecent weeks, he came and went from the library,
largely unnoticed by the librarians. But Federal Bureau
of Investigation agents were watching Michael Pitelis
closely. They watched as he drove from his Tarpon Point
Condominium complex to the library earlier this week.
An agent looked at the computer screen as he typed the
words "payment in full," "cold war" and "PTC" in
an e-mail message Monday.
http://www.sptimes.com/News/082400/TampaBay/FBI_arrests_extortion.shtml
Online Bank Targeted by Cyber Thieves
British police have arrested three men suspected of
attempting a robbery in cyberspace of Internet bank
Egg -- a sign that organized crime is turning to the
computer rather than the gun in bank raids. Egg, which
has 1.1 million customers, said its security systems
were never breached in the case and that no money was
stolen. It said "fraudulent applications" had been
served on the bank but neither Egg nor the police would
elaborate. UK media reports said a criminal gang had
made multiple, bogus applications for savings accounts
and loans, prompting a six-month investigation which
culminated in Tuesday's arrests.
http://news.excite.com/news/r/000823/05/net-crime-financial-dc
http://www.theregister.co.uk/content/6/12822.html
BT Web site security blunder
The Insight Interactive portion of the BT.com Web site
has a gaping hole in its security. Any registered user's
details can be accessed by entering their user name and
password. The trouble is, the same password works
whichever username you use. And no, we are not going to
tell you what the password is. Or how the user names work.
Details recorded on the site are work related: job title
and work address, rather than any home details. So while
no one's personal life has been compromised, it is still
rather embarrassing for BT.
http://www.theregister.co.uk/content/6/12794.html
Justice Dept releases guidelines for Carnivore review
The Justice Department Thursday released guidelines
for an independent review of its controversial
Carnivore e-mail surveillance program to ensure
that the program works as intended. The review was
prompted by concerns that the program could infringe
on Internet privacy or slow down traffic on the Web.
Carnivore allows law enforcement agents to gather
e-mail messages of criminal suspects as they pass
through the gates of an Internet service provider.
Like a telephone wiretap, it requires a court order
to be used.
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/062976.htm
http://www.usdoj.gov/jmd/pss/busopp.html
Encryption Could Starve Carnivore
Even as the FBI slowly releases details of its Carnivore
e-mail wiretap technology, software developers are
readying schemes to starve Carnivore of meaningful data.
ChainMail and Sigaba are among the companies promoting
encryption technology designed to render any captured
e-mail meaningless to third parties. Meanwhile, developers
like Privada and Zero-Knowledge offer anonymity to both
sender and recipient, so a third party has no idea whose
e-mail it is reading. In most cases, you need to rely on
your Internet service provider to implement this level of
technology, which keeps private your e-mail--right down
to its address.
http://www.pcworld.com/shared/printable_articles/0,1440,18209,00.html
Widely used program for confidential e-mail proves flawed
A widely used program that scrambles e-mail for
confidentiality has a flaw that can make scrambled
messages readable, the software maker said Thursday.
Network Associates Inc. said a sophisticated attacker
could exploit the flaw to gain access to e-mail
messages that were encrypted using the company's PGP
software. The company will post a fix for the problem
on its PGP Web site and will inform customers, said
Mike Wallach, president of the PGP Security unit for
the company, based in Santa Clara, Calif. ``This a
fairly esoteric attack. It's not likely that anybody
without specialized knowledge could use it,'' Wallach
said.
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/016083.htm
Top Pokemon creature triggers email virus
A slow-spreading computer virus attached to a Japanese
"Pokemon" animated character has damaged computers at
a small number of U.S. companies over the past two
months, said executives at an antivirus software company.
The virus, labeled "Pokemon Pikachu," spreads to people
through Microsoft Outlook email attachments or through
Microsoft's Internet Explorer browser, said Eric Chien,
chief researcher for Symantec's antivirus research center.
http://news.cnet.com/news/0-1005-200-2602292.html
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/013843.htm
Email security blown open by Critical Path bug
Millions of email users were today warned of a potentially
devastating security flaw that allows malicious hackers
to take control of their accounts. The vulnerability in
the web-based email service from Critical Path affects
more than 22 million people, including users of webmail
offerings from CompuServe, ICQ, AltaVista, Network
Solutions, US West and other customers of Critical Path's
outsourced webmail service. The security bug enables a
malicious user to take over victims' email accounts,
reading and deleting items and sending mail as the victims.
http://www.uk.internet.com/Article/100448
Microsoft glitch leaves IM contact lists vulnerable
Microsoft is investigating complaints that its MSN
Instant Messenger usernames and contact lists can be
taken over through lapsed Hotmail accounts. For the
past week Microsoft has been "thoroughly investigating"
a scenario in which expired Hotmail accounts are thought
to provide an avenue for either malicious or unwitting
appropriation of existing IM usernames and contact lists,
according to a company spokeswoman. A recent complaint
followed a general warning about the problem, which
surfaced more than a year ago.
http://news.cnet.com/news/0-1005-200-2599161.html
Superpower status risks cyberattack
Cyberwarfare and other security threats simply come with
the territory when your country is the world's only remaining
"superpower," Defense Secretary William Cohen told a group
of veterans this week. "We're looking at what I call a
"superpower paradox,'" Cohen said during a speech Monday
to the National Convention of the Veterans of Foreign Wars
and The Ladies Auxiliary. "There is no other country that
can challenge us directly. So they look for indirect ways
to challenge us.... That can come in the form of chemical
or biological or even cyber [warfare]."
http://www.fcw.com/fcw/articles/2000/0821/web-cohen-08-24-00.asp
Love Bug Author Offered Various Jobs
Just days after all charges were dropped against him for
the distribution of the infamous Love Bug virus, Onel de
Guzman has told the media that he has been inundated
with job offers as a result of the case. The 24-year-old
computer school dropout told reporters, however, that
despite the job offers he has received since the spotlight
fell on him in May, he plans to complete his studies and
produce something "educational" and not controversial. The
Philippine Department of Justice dropped charges against
de Guzman on Aug. 21, after it decided that it could not
backdate the new anti-hacking legislation introduced in
June of this year.
http://www.newsbytes.com/pubNews/00/154136.html
Security group says major privacy organization tracks users
TRUSTe, a privacy advocate organization that runs a
privacy seal-of-approval program for retail Web sites
and shows companies how to write effective privacy
policies, itself has tracked users with means not
mentioned in its own privacy policy, a security group
says. Interhack Corp., a Columbus, Ohio, security
consulting firm that has found other privacy breaches
in the past, noticed that TRUSTe's Web site contained
``cookies,'' small text files used for online tracking
and profiling, as well as invisible images and other
tools aimed at identifying users' online habits.
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/083090.htm
Internet Privacy Hashed Out At Aspen Summit
Maybe John Palafoutas said it best. "People are not
concerned about privacy, they're hysterical about
privacy," the head of the American Electronics
Association said during a spirited debate at the
Aspen Summit Monday night. The debate will rage on
in the private sector, among consumers and in
government circles before the issue is concisely
defined, let alone settled. Even the language in
the largely-uncharted waters of online privacy is
vague. Not just consumers, but business and government
are still pretty much in the dark about Internet
privacy, including what it really is, summiteers say.
http://www.computeruser.com/news/00/08/23/news7.html
Parody sites sucked into cybersquatting squabbles
Protest and parody sites that register Internet addresses
based on trademarked corporate names are increasingly
coming out on the losing end in domain name disputes,
according to a review of arbitration records. In January,
the Internet Corporation for Assigned Names and Numbers
(ICANN) instituted a new resolution policy for domain name
disputes, ordering conflicts into binding arbitration.
Since then, arbitrators have sided with trademark holders
in nine out of 11 domain name disputes involving "-sucks"
variations on corporate names, according to records on
ICANN's Web site. The two cases out have not yet been
resolved.
http://news.cnet.com/news/0-1005-200-2604599.html
Arachne Browser Architect Dismisses Virus Charge
Michael Polak, a Czech scientist whose browser has been
causing so many problems for its users that he was accused
of disseminating a virus, issued an explanation on his Web
site this week. Polak, who offers Arachne free of charge
for non-commercial use, had received numerous complaints
from people who had their files wiped out after they
installed the browser.
http://www.newsbytes.com/pubNews/00/154190.html
MS Fixes FrontPage Hole, Quietly
Microsoft has quietly plugged a security hole in FrontPage
Server Extensions. The hole made Web servers vulnerable
to denial-of-service attacks similar to the ones that
crippled Yahoo, eBay, and Amazon.com in February. But
was fixing the problem enough? Some security specialists
and Web administrators say no, and believe that Microsoft
was hoping to slip the solution to its latest problem
silently onto servers.
http://www.wired.com/news/technology/0,1282,38410,00.html
Made-in-China Firewall Challenges Global Hackers
Noted Chinese consumer electronics production company,
Hisense, has challenged hackers all over the world to
hack a server equipped with its newly developed firewall
products before September 1 to win 500,000 yuan. The
company has set up a large screen in front of a major
department store in Beijing, showing the homepage of the
protected server and the number and sources of hackers.
Hackers would be awarded with the money if they could
hack the homepage of the server or gained access to a
designated document on the server, company sources said.
http://english.peopledaily.com.cn/200008/23/eng20000823_48861.html?
METASeS Shares Security Expertise In New Guidebook
Security looms large in the Internet economy, and
METASeS, the security services firm spun off last
year by Meta Group, has taken a step to help companies
be more proactive in protecting their information
systems. Four METASeS execs have combined their vast
experience in the security field into a guidebook that
makes it clear that security is about more than putting
up firewalls. "It really covers the waterfront out there,"
says co-author Patrick McBride, executive VP of METASeS.
"It's not just a tech-weenie book." The book, Secure
Internet Practices: Best Practices for Securing Systems
in the Internet and e-Business Age, is available through
either METASeS or Meta Group.
http://www.informationweek.com/story/IWK20000823S0008
How Secure Are You?
While IT managers spent huge amounts of time and
resources to thwart the threat of year 2000 problems,
information security breaches in the Internet economy
are an even bigger threat. And unlike the millennium
rollover bug, security is not a one-time,easy-to-identify
issue. It's a process that must be continually refined
using audits, access-rights revisions, new tools, and
changes to how data is stored. That may be why so
many businesses put security on the back burner until a
crisis flares up. It's time to go beyond awareness and
take action. Protection from security breaches requires
investment in technology, services, and personnel as
well as adjustments in corporate culture.
http://www.techweb.com/wire/story/TWB20000823S0006
Decoding spam's secret recipe
After receiving a batch of spam mail for the umpteenth
time -- everything from marriage offers from "available,
attractive, Russian ladies" to cheesy get-rich schemes
-- I thought I'd try my hand at deciphering the real
meaning behind these anonymous missives. Behold, a real
world example from the Charlie Cooper mailbox.
http://www.zdnet.com/zdnn/stories/comment/0,5859,2618549,00.html
Choosing spam over censorship
I have pretty much made my peace with spam - hose
annoying unwanted e-mails from folks trying to sell
you something. The stuff just doesn't bother me as
much as it used to, even though I get more of it
than ever. I've learned to chuckle at messages that
offer me the chance to retire rich at age 35 - eight
years too late, guys. FedEx me a time machine and try
again. Meanwhile, I'll just delete this crapola with
the flick of a finger ... there! That wasn't too bad.
And maybe the next batch will be even sillier.
http://www.boston.com/dailyglobe2/237/business/Choosing_spam_over_censorship+.shtml
-------------------------- eGroups Sponsor -------------------------~-~>
Special Offer-Earn 300 Points from MyPoints.com for trying @Backup
Get automatic protection and access to your important computer files.
Install today:
http://click.egroups.com/1/6347/14/_/595019/_/967218127/
---------------------------------------------------------------------_->
------------------
http://all.net/