[iwar] news

From: Fred Cohen (fc@all.net)
Date: 2001-04-01 20:29:23

Return-Path: <sentto-279987-1086-986182166-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sun, 01 Apr 2001 20:30:08 -0700 (PDT)
Received: (qmail 23496 invoked by uid 510); 2 Apr 2001 03:30:00 -0000
Received: from fk.egroups.com ( by with SMTP; 2 Apr 2001 03:30:00 -0000
X-eGroups-Return: sentto-279987-1086-986182166-fc=all.net@returns.onelist.com
Received: from [] by fk.egroups.com with NNFMP; 02 Apr 2001 03:29:26 -0000
X-Sender: fc@all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_1_0_1); 2 Apr 2001 03:29:25 -0000
Received: (qmail 37068 invoked from network); 2 Apr 2001 03:29:24 -0000
Received: from unknown ( by l7.egroups.com with QMQP; 2 Apr 2001 03:29:24 -0000
Received: from unknown (HELO all.net) ( by mta1 with SMTP; 2 Apr 2001 03:29:23 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id UAA25934 for iwar@onelist.com; Sun, 1 Apr 2001 20:29:23 -0700
Message-Id: <200104020329.UAA25934@all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Sun, 1 Apr 2001 20:29:23 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Massive solar flare eruptions likely to disrupt telecommunications
Telecommunications may be disrupted briefly and
the northerly night skies will shimmer red and
green this weekend as intense storms rage on the
sun, scientists say. The biggest sunspot cluster
seen in at least 10 years has developed on the
upper right face of the sun's disc, according to
satellite readings. Researchers said the sunspot
could persist for several days. The sunspot,
which is a cooler, darker region on the sun's
surface, is caused by temporarily distorted
magnetic fields. It spawns tremendous eruptions,
or flares, into the sun's atmosphere and hurls
clouds of electrified gas toward Earth. NASA
scientists said the most powerful flare erupted
Thursday, rated a class X, the most potent
category. The other flares were less intense.

Study: Insiders pose main hacking threat
While chief executives worry about external
foes hacking into corporate networks, their
real concerns should be the Trojan Horses--
disgruntled employees with the inside
knowledge to easily steal sensitive secrets--
according to a study released on Thursday.
Over 90 percent of global CEOs and chief
information officers believe a breach of
e-commerce systems would be perpetrated
through the Internet or other external
means, said survey of 1,283 companies by
the accounting firm KPMG. And while the
breach could come from outside the company
walls, it is highly likely that the electronic
fraudster will be an employee or consultant,
as is the situation with more traditional
forms of fraud, said Norman Inkster, president
of KPMG Investigation and Security Inc.
"Most security breaches are committed by
individuals who possess intimate knowledge of
the systems they are attacking," said Inkster.

Hacking 'is now bigger threat than terrorism'
COMPUTER hacking could now cripple Britain more
quickly than a military strike or terrorist
campaign, Robin Cook, the Foreign Secretary,
told the Commons last night. He said that the
electronic technology controlling essential
services such as water, power and transport had
become a leading target for terrorists and other
groups who wanted to disrupt the life of the
nation.Mr Cook gave a graphic account of how
terrorists or anti-capitalist protesters could
wreak havoc in a modern economy such as Britain's
if they managed to gain access to the computer
systems of the key public services.

Internet Crime-Fighting Plan May Open Door for Snoopers
Governments this year are expected to approve
a wide-ranging treaty to combat cybercrime,
a document that some critics are describing
as a potentially Orwellian threat to privacy
and as a wish list for law enforcement agencies.
The proposal has the laudable aim of preventing
serious crimes, such as child pornography, and
will be a weapon against hacking into computer
systems and propagating electronic viruses. But
critics contend that it contains no safeguards
for privacy and due process and places few
limits on government snooping. The document
would require that all countries that sign the
treaty make copyright infringement a crime,
hold Internet service providers responsible
for the content of their systems, and outlaw
anonymity on the Internet. The treaty, known
as the Convention on Cybercrime, has been
drawn up by the Council of Europe, a 43-nation
intergovernmental organization based in
Strasbourg. The European Union and the United
States, meanwhile, have been coordinating their
actions against cybercrime within the Group of
Seven industrialized countries plus Russia.

Lawmakers To Probe Federal Cyber-Security
A House Oversight and Investigations subcommittee
Apr. 3 plans to hold a hearing examining cyber-
security problems at federal agencies. The House
Energy and Commerce Committee's oversight
subcommittee under Chairman James Greenwood,
R-Penn., will look into the issue, one that the
Commerce Committee last year under former Chairman
Thomas Bliley, R-Va., examined in meticulous
detail. Witnesses scheduled to appear at the
hearing include Ron Dick, director of the FBI's
National Infrastructure Protection Center;
Sallie McDonald, assistant commissioner in the
General Services Administration's Office of
Information Assurance and Critical Infrastructure
Protection; John Tritak, director of the Commerce
Department's Critical Infrastructure Assurance
Office; Robert Dacey, director of information
security issues at the General Accounting Office;
Tom Noonan, president and CEO of Internet
Security Systems Inc.; and Glenn Podonsky, the
Energy Department's director of independent
oversight and performance assurance.

Companies tight-lipped over cyber breaches
Almost one in 10 firms had a cyber-security breach
in the past year, and most sought no legal action,
according to a global survey. A poll of leading
companies in 12 countries including Hong Kong by
accounting firm KPMG showed gross under-reporting
and ignorance among executives of security risks.
Only 17 per cent of the companies that suffered a
security breach took legal steps against the
offenders. An equally bleak picture emerged in a
separate KPMG survey on conventional fraud in Hong
Kong, with 25 per cent of companies admitting they
were victims. However, less than one in five
reported the crime to law enforcers.

OpenHack: Did He Win or Not?
A hacker is claming that he has won Argus'
ballyhooed OpenHack III competition by cracking
its much-vaunted PitBull security system. Argus
concedes the crack, but isn't awarding the
promised big cash prize. Systems running Argus'
PitBull were offered up as a challenge to hackers
in the OpenHack III competition in February.
During the contest, 40,000 people attempted to
crack the system and were unsuccessful. The same
challenge was offered at the European technology
conference CeBit this week. This time, one person
says he was able to crack the system. But he
evidently missed the deadline.

VeriSign certificate snafu highlights threat of human errors
When VeriSign Inc. disclosed last week that
it had issued two digital certificates to
an individual who fraudulently claimed to
be a Microsoft Corp. employee, the incident
highlighted for corporate users how simple
human error can undo technology-based security
schemes. The mistaken issuance of the digital
certificates, which led Microsoft to release a
software update for all Windows releases dating
back to 1995, also put companies on notice about
the importance of having both preventive and
reactive processes in place to deal with such
security lapses. In addition, users and analysts
said, VeriSign's goof points out some of the
broader challenges associated with reliably
establishing identities within public-key
infrastructure (PKI) networks.

------------------------ Yahoo! Groups Sponsor ---------------------~-~>
Find software faster. Search more than 20,000
software solutions on KnowledgeStorm. Register
now and get started.


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:06 PDT