[iwar] News


From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com

Wed, 13 Sep 2000 09:57:36 -0700 (PDT)


fc  Wed Sep 13 10:14:15 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Wed, 13 Sep 2000 10:14:15 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed Sep 13 17:14:08 2000)
X-From_: sentto-279987-523-968865213-fc=all.net@returns.onelist.com  Wed Sep 13 12:13:28 2000
Received: from fl.egroups.com (fl.egroups.com [208.50.144.74]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id MAA08286 for ; Wed, 13 Sep 2000 12:13:28 -0500
X-eGroups-Return: sentto-279987-523-968865213-fc=all.net@returns.onelist.com
Received: from [10.1.10.38] by fl.egroups.com with NNFMP; 13 Sep 2000 17:13:33 -0000
Received: (qmail 31886 invoked from network); 13 Sep 2000 16:57:41 -0000
Received: from unknown (10.1.10.26) by m4.onelist.org with QMQP; 13 Sep 2000 16:57:41 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta1 with SMTP; 13 Sep 2000 16:57:40 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id JAA12407 for iwar@onelist.com; Wed, 13 Sep 2000 09:57:36 -0700
Message-Id: <200009131657.JAA12407@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Wed, 13 Sep 2000 09:57:36 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] News
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

-------------------------- eGroups Sponsor -------------------------~-~>
Great savings and lots more -- beMANY!
http://click.egroups.com/1/8034/14/_/595019/_/968865213/
---------------------------------------------------------------------_->

 --11 September 2000  Western Union Cracked
Crackers broke into Western Union's web site servers and made off with
nearly 16,000 customer credit and debit card numbers.  The company began
informing affected customers of the breach, and the site remains
off-line.  A security specialist with underground connections says the
hole was opened during routine site maintenance and that crackers who
happened to be monitoring the site at the time took advantage of the
opportunity just to prove they could.
http://www.wired.com/news/business/0,1367,38698,00.html?tw=wn20000911

 --7 & 8 September 2000  AmEx Aims to Improve Consumer Security
American Express is offering its customers who shop on-line disposable
credit card numbers for each purchase; customers' actual credit card
information is never transmitted over the Internet.  The company also
plans to launch a product that will let its customers decide how much
information they want to reveal to web sites they visit.
http://news.cnet.com/news/0-1007-200-2718520.html
http://www.usatoday.com/life/cyber/tech/cti499.htm

 --7 & 8 September 2000  Format String Vulnerabilities
A new class of vulnerabilities affecting Unix and Linux systems can give
attackers control of computers.
http://news.cnet.com/news/0-1003-200-2719802.html
http://vnunet.com/News/1110537
[Editor's (Cowan) Note: While this report is excellent, it incorrectly
implies that this is a UNIX/Linux problem.  Windows-based format bugs
have also been found.

 --7 September 2000  E-Commerce Servers Vulnerable, Says Consultant
Nearly one third of e-commerce servers are vulnerable to attack, due
largely to problems with SSLv2 (secure socket layers) protocol,
encryption, or digital certificates, according to a security consultant.
European sites were particularly weak because many European servers
pre-date the relaxed US export restrictions.
http://vnunet.com/News/1110445
[Editor's (Murray) Note: If SSLv2 is the weak link in your security,
you are a lot more secure than most people.]

 --7 September 2000  Cost-Free Encryption Security
Now that the RSA patents have expired and the algorithms have been
released to the public domain, one company has announced that it will
post a free toolkit on its web site to encourage the use of public key
cryptography.
http://www.wired.com/news/business/0,1367,38635,00.html
[Editor's (Cowan) Note: Several no-cost encryption tools have been
available for some time: Open SSH, Open SSL just to name two.)

 --5 & 6 September  W2K.Stream Virus Hides in ADS
The W2K.Stream virus, written as a "proof of concept", works by hiding
much of its code in alternate data streams (ADS) which anti-virus scans
don't find.  Security experts disagree on the gravity of the virus.
http://www.zdnet.com/zdnn/stories/news/0,4586,2624500,00.html
http://www.msnbc.com/news/455905.asp?0nm=N22H
Additional useful information at:
http://vil.nai.com/vil/virusChar.asp?virus_k=98803
http://www.symantec.com/avcenter/venc/data/w2k.stream.html

 --5 & 6 September 2000  Trinity DDoS Tool
A powerful new distributed denial of service (DDoS) tool, dubbed
Trinity, uses IRC as its delivery system  Trinity software agents have
already been found on more than 400 Linux systems.
http://news.cnet.com/news/0-1005-200-2701686.html
http://www.computerworld.com/cwi/story/0,1199,NAV65-663_STO49651,00.html

 --8 September 2000  Protecting Systems from Trinity
This article describes how some IT managers have been protecting their
systems from Trinity.
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO49889,00.html

 --5 September 2000  Computer Security and Insurance 
The Association of British Insurers (ABI) commissioned a study
concluding that computer crime is on the rise; insurance companies hope
to see their business increase as a result.  Some security firms are
teaming up with insurance brokers to offer policies that will cover
losses incurred due to security breaches.
http://vnunet.com/News/1110206

 --4 September 2000  Wireless Security May Fail By Default
A network engineer discovered by accident that he could use his laptop
computer's wireless LAN card to connect to the network of a neighboring
company, which quickly shut down its wireless hub. The problem was the
company was using factory defaults. Analysts say that IT managers should
provide rigorous authentication and other security protections for
wireless networks.
http://computerworld.com/cwi/story/0,1199,NAV47_STO49371,00.html

 --4 September 2000  Open Source Software for the Government
The President's Information Technology Advisory Committee (PITAC) will
recommend funding open-source software for government supercomputers.
Benefits will include elimination of back doors and faster bug
correction; drawbacks include national security concerns and the
possibility of proprietary extensions from big vendors.
http://www.gcn.com/vol19_no26/news/2822-1.html
[Editors' Note: Many of us are fans of open source software, but claims
that open source software provides faster bug correction have not been
proven.]

FC

------------------
http://all.net/