[iwar] [NewsBits] NewsBits - 08/20/01 (fwd)

From: Fred Cohen (fc@all.net)
Date: 2001-08-21 08:03:37
Next message: Fred Cohen: "[iwar] [NewsBits] NewsBits - 08/21/01 (fwd)"
Previous message: Fred Cohen: "[iwar] [NewsBits] NewsBits - 08/17/01 (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200108211503.IAA05767@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Tue, 21 Aug 2001 08:03:37 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [NewsBits] NewsBits - 08/20/01 (fwd)
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

[FC - This issues of newsbits shows just how easy it is to make new news
out of old news...]

August 20, 2001

Used PCs may leak sensitive secrets Three weeks ago, Jake Wilson bought
a used laptop for $400 at a dot-com liquidation auction.  When he booted
up the IBM ThinkPad 600E, he got a lot more than he bargained for. 
There, on the hard drive, was a folder containing sensitive data from a
now-defunct network software company called IPHighway Inc.  In the file
were the social security numbers and salaries of at least 46 employees,
payroll information, employee termination letters, extensive minutes
from executive and board meetings and documents outlining strategic
plans.
http://www.zdnet.com/zdnn/stories/news/0,4586,2805690,00.html

[FC - This has been commonplace for ever since I can remember - I think
I even gave a detailed example in my 1995 book of a case where we bought
a used computer from a bank and got...  You guessed it...  their whole
accounting system - all customer records - all account numbers - and on
and on...]

HTML 'Hack' Could Use Browsers To Open Net Security Hole An independent
computer programmer in Germany has discovered that malicious hackers
could wield seemingly ordinary-looking Web pages to send commands to
servers behind such barriers as corporate firewalls.  Jochen Topf, those
own software credits include a POP3-protocol server for managing user
access to large e-mail systems, says he found that many common Web
browsers can be tricked into passing on commands from hackers
unbeknownst to the browsers' users. 
http://www.newsbytes.com/news/01/169207.html

[FC - This was well documented in the analysis of the (failed) attacks
on the all.net web site in...  1998.  It just took a while to make the
news...  In my case it was a URL of the form <img src=...> which
autoloaded as part of the DCA - which reminds me - that is also where
DCAs (the more general case of what is now called DDoS) were first
analyzed... which took only 3 years to hit the media.]

HP CEO says Web privacy law needed The chief executive of one of the
world's largest computer makers kicked off a conference on resuscitating
the New Economy by calling for government legislation to ensure privacy
for Web users.  Carly Fiorina, the head of the printer and computer
giant Hewlett-Packard Co., said her industry had not lived up to its
leadership responsibilities in setting such standards. 
http://www.siliconvalley.com/docs/news/tech/026056.htm
http://www.siliconvalley.com/docs/news/reuters_wire/1424213l.htm
http://www.wired.com/news/business/0,1367,46182,00.html

[FC - Of course we all knew this many years ago... but it is good
to see that even CEOs eventually learn what the rest of us knew.]

Domain disputes don't get fair hearing, study says The system set up to
resolve disputes over Internet addresses like kodaktheater.com can be
easily manipulated to favor trademark holders, according to a study
released on Monday.  University of Ottawa professor Michael Geist found
that the domain-name dispute-resolution system set up by the Internet
Corporation for Assigned Names and Numbers allows those filing a
complaint to select forums and formats that are more likely to award
cases in their favor. 
http://www.siliconvalley.com/docs/news/reuters_wire/1423976l.htm

[FC - Not exactly a surprise.  Those with the money generally win...]

Wireless Networks in Big Trouble Wireless networks are a little less
secure today with the public release of "AirSnort," a tool that can
surreptitiously grab and analyze data moving across just about every
major wireless network.  When enough information has been captured,
AirSnort can then piece together the system's master password.  In other
words, hackers and/or eavesdroppers using AirSnort can just grab what
they want rom a company's database wirelessly, out of thin air. 
http://www.wired.com/news/wireless/0,1382,46187,00.html

[FC - I love this stuff...  same old thing we have had for the last 20+
years with LANs retreaded to radio LANs.  When will we ever learn?  Never
is my best guess...]

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Secure all your Web servers now: Get your FREE Guide and learn to: DEPLOY THE LATEST ENCRYPTION,
DELIVER TRANSPARENT PROTECTION, and More!
http://us.click.yahoo.com/VihfLB/nT7CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [NewsBits] NewsBits - 08/21/01 (fwd)"
Previous message: Fred Cohen: "[iwar] [NewsBits] NewsBits - 08/17/01 (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT