[iwar] [NewsBits] NewsBits - 10/18/01 (fwd)

From: Fred Cohen (fc@all.net)
Date: 2001-10-18 21:30:51


Return-Path: <sentto-279987-3124-1003465854-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 18 Oct 2001 21:33:10 -0700 (PDT)
Received: (qmail 16047 invoked by uid 510); 19 Oct 2001 04:30:31 -0000
Received: from n2.groups.yahoo.com (216.115.96.52) by 204.181.12.215 with SMTP; 19 Oct 2001 04:30:31 -0000
X-eGroups-Return: sentto-279987-3124-1003465854-fc=all.net@returns.onelist.com
Received: from [10.1.1.222] by n2.groups.yahoo.com with NNFMP; 19 Oct 2001 04:30:54 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 19 Oct 2001 04:30:53 -0000
Received: (qmail 65400 invoked from network); 19 Oct 2001 04:30:52 -0000
Received: from unknown (10.1.10.27) by 10.1.1.222 with QMQP; 19 Oct 2001 04:30:52 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 19 Oct 2001 04:30:51 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9J4UpN02167 for iwar@onelist.com; Thu, 18 Oct 2001 21:30:51 -0700
Message-Id: <200110190430.f9J4UpN02167@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 18 Oct 2001 21:30:51 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [NewsBits] NewsBits - 10/18/01 (fwd)
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

October 18, 2001

Russian Security Expose Computer Hackers at Space Rocket Plant The
Federal Security Service (FSB) department in Voronezh Region has
completed investigation of the criminal case against a programmer of the
Energiya research and production enterprise, a spokesman for the
department told Interfax Military News Agency on Monday.  The programmer
was detained following an inspection by an FSB technical intelligence
unit.  http://www.antionline.com/showthread.php?threadid=3D120723

Hackers Harvest Passwords from DSL Routers Cyberpunks raid Cayman
routers for 'disposable' dial-up accounts.  Hackers have developed a
trick for pilfering DSL account names and passwords right from
subscriber's routers, a technique that provides hackers with untraceable
Internet access, and potentially exposes subscriber email to
interception.  http://www.securityfocus.com/news/268

'Redesi' worm reformats hard drives A worm disguising itself as a
security patch for Microsoft products will in fact reformat the victim's
C: drive.  The Redesi worm spreads by e-mail under a number of guises,
and is set to trigger on November 11, 2001.  But not all PCs are
vulnerable to the worst of its effects, and there is an easy way to stop
the damage. 
http://www.zdnet.com/zdnn/stories/news/0,4586,2818442,00.html

U-Haul Denies Terrorism Claims In E-Mail Hoax Claims in an e-mail chain
letter spread virus like around the Internet since the Sept.  11
terrorist attacks have been strongly denied by one of the companies
named in the message.  U-Haul, in a brief statement to the media late
Wednesday, denied any of its trucks had been stolen for terrorist
activities, as alleged in the chain letter. 
http://www.newsbytes.com/news/01/171246.html

Taliban can't hack - UK govt The head of the UK Government's Computer
Emergency Response Team has hit a welcome note of commonsense by stating
that the September 11 terrorist attacks have changed nothing in the way
the country needs to defend against electronic attack. 
http://www.theregister.co.uk/content/55/22310.html

Hacker exploits make PC worms deadlier Computer worms are set to become
a more deadly combination of virus writing and hacker exploits,
according to security experts at Symantec.  Code Red and Nimda marked
the demise of socially engineered worms, by combining a blended threat
of proven hacker exploits. 
http://www.zdnet.com/zdnn/stories/news/0,4586,2818419,00.html

Security experts see nastier worms
http://news.cnet.com/news/0-1003-200-7572730.html

How White House plans to fight cyberterrorism President Bush has
released his long-awaited presidential order creating a high-level board
to protect the nation=92s critical information systems.  Executive Order
13231, published today in the Federal Register, launches a huge
administrative apparatus.  While it gives somewhat more authority and
staff to Richard Clarke, Bush=92s cybersecurity adviser, Office of
Management and Budget director Mitchell Daniels, Jr.  gets overall
responsibility for governmentwide security policy and implementation. 
http://www.gcn.com/vol1_no1/daily-updates/17312-1.html

Congress Moves Closer To Surveillance Compromise In a closed-door
meeting Wednesday, congressional leaders took a big step toward
completing a reconciled Senate-House bill that would substantially
expand the wiretapping and electronic surveillance capabilities of
federal investigators, sources say.  The Senate and the House earlier
this month each passed anti-terrorism bills that would make it easier
for law enforcers to obtain the phone and Internet records of suspected
terrorists and would give agencies broad new authority to monitor
suspects' real- time phone and electronic movements. 
http://www.newsbytes.com/news/01/171292.html

Governor Calls for 'Cyber Court' A government anti-terrorism commission
will recommend that Congress create a shadowy court to oversee
investigations of suspected computer intruders.  Gov.  James Gilmore
(R-Virginia), the commission's chairman, said Wednesday that federal
judges have been far too sluggish in approving search warrants and
eavesdropping of online miscreants. 
http://www.wired.com/news/conflict/0,2100,47676,00.html

Coordination urged on cyberterror Calling the Internet and information
technology "tools of freedom in the 21st century," Virginia Gov.  Jim
Gilmore told a House committee Oct.  17 that the nation's cybersecurity
efforts to protect those tools need to encompass all levels of
government =97 local, state and federal =97 as well as the private
sector. 
http://www.fcw.com/geb/articles/2001/1015/web-cyber-10-18-01.asp

Does the Net need anti-terrorist protection? An anti-terrorism advisory
group called on Congress this week to create a panel to protect against
potential attacks on the Internet's infrastructure.  Virginia Gov. 
James Gilmore, chairman of the advisory group known as the Gilmore
Commission, outlined recommendations to the House Committee on Science
in a hearing Wednesday. 
http://news.cnet.com/news/0-1005-200-7572793.html

Va.  Governor Touts State As Cyber-Terrorism Model
http://nationaljournal.com/pubs/techdaily/pmedition/tp011017.htm#1

Cyber-Terrorism Fears Stoke Industry-Govt.  Cooperation Private industry
and the federal government for years have been aware of the need to beef
up information sharing on cyber-vulnerabilities to help ward off
potential terrorist attacks on the nation's most vital computer systems. 
Yet, it has taken the events of Sept.  11 to really place the issue on
the front burner, according to leaders from both sectors. 
http://www.newsbytes.com/news/01/171281.html

U.S.  Cyberspace Security Office Must Define Its Mission The U.S. 
government's new Cyberspace Security Office marks an important first
step in protecting America's electronic infrastructure.  However, the
office must immediately establish its responsibility and authority.  On
9 October 2001, the U.S.  government announced the creation of the
Office of Cyberspace Security to advise the president on risks to
electronic infrastructure and protective measures. 
http://www3.gartner.com/DisplayDocument?doc_cd=3D101748

Hackers Put A Price Tag On New Attack Tool A new hacking tool is being
actively used by attackers hoping to take remote control of unpatched
Unix-based systems, security experts warned today.  The tool appears to
exploit a known bug in a popular authentication technology called Secure
Shell (SSH), according to Simple Nomad, senior security analyst with
Bindview Corporation.  The security firm's RAZOR team, a research and
development group, discovered the flaw in the SSH daemon, which it
dubbed the crc32 vulnerability, last winter. 
http://www.newsbytes.com/news/01/171291.html

List of attack suspects being sent to Wall Street U.S.  securities
regulators told Wall Street on Thursday that a list of people the FBI
identified as being behind the Sept.  11 attacks will be e-mailed to
financial institutions to help with a massive probe into suspicious
market trading before the attacks. 
http://www.siliconvalley.com/docs/news/tech/036390.htm

Web ads monitored for false anthrax drug claims U.S.  agencies and
pharmacists are monitoring Internet advertisements for anthrax treatment
products to ensure firms are not capitalizing on bioterror fears with
misleading or illegal offers.  Some Web sites are offering Cipro, the
main antibiotic used to treat the anthrax bacteria, without a
prescription, urging people to order the drug soon to protect their
families. 
http://www.usatoday.com/life/cyber/tech/2001/10/18/anthrax-web-site-claims.=
htm

New Spam Bill Introduced In Congress Rep.  Chris Smith, R-N.J., this
week reintroduced legislation that would restrict the transmission of
unsolicited commercial e-mail, otherwise known as spam.  The bill, H.R. 
3146, debuted this week, but Smith staffers were unavailable to comment
on the legislation following the shutdown of the House of
Representatives to sweep for possible anthrax contamination. 
http://www.newsbytes.com/news/01/171295.html

Energy Department Issues Microsoft XP/Office Warning The U.S. 
Department of Energy's own computer security watchdogs have a warning
for Microsoft Windows XP and Office users who want to keep their work
secret: The Redmond, Wash., software giant might be able to read their
PC's minds.  The Computer Incident Advisory Capability (CIAC) - whose
motto is "Keeping DOE Secure" - this week issued a bulletin warning
privacy- conscious users that the Internet-connected bug-reporting
capabilities of Windows XP or Office in combination with recent versions
of Microsoft's Internet Explorer browser could disclose sensitive data
to Microsoft.  However, it described the vulnerability as a "medium/low"
risk.  http://www.newsbytes.com/news/01/171293.html

Microsoft blames security community for breaches Microsoft, whose
software has been at the center of several recent high-profile security
incidents, has decided to turn up the heat on those the company
considers at least partially responsible: security firms and hackers who
release sample programs to exploit software flaws. 
http://www.usatoday.com/life/cyber/zd/zd10.htm
http://www.theregister.co.uk/content/55/22332.html

Office XP, IE 5 bug gets personal
http://www.zdnet.com/zdnn/stories/news/0,4586,5098483,00.html Office XP
hole compromises personal data
http://news.zdnet.co.uk/story/0,,t269-s2097597,00.html
http://news.cnet.com/news/0-1003-200-7571224.html

Philippines Lacks Internet, Convergence Laws The Philippines is still in
its infancy when it comes to Internet law.  Despite last year's passage
of Republic Act 8792, better known as the E-commerce Act, the government
has yet to resolve issues of security and privacy, trade regulations,
intellectual property rights, criminal law, and other pressing problems. 
http://www.newsbytes.com/news/01/171266.html

Worried workers turn to telecommuting Telecommuting is in vogue again. 
Employees concerned that the workplace could be a target of
anthrax-tainted mail or another terrorist attack are staying away and
using technology to get the job done.  But the surge in interest is a
new challenge for employers.  Some are relaxing policies or launching
telecommuting arrangements for the first time, while others are
wondering when the fear will subside enough to return jittery employees
to the workplace. 
http://www.usatoday.com/life/cyber/tech/2001/10/17/workers-telecommuting.htm

Recording industry 'copyright DoS attack' rumored We know the
entertainment industry has sought to slip language into current
anti-terror legislation which could result in blanket immunity from
prosecution for hacking file sharing networks.  We know the
entertainment industry fervently desires to parlay the secular sacrament
of copyright into a monopoly on content production and distribution, and
ultimately extend it to extort consumers with some sort of pay-per-use
DRM scheme.  So it's easy to believe that, after being spurned by
Congress in its bid to hack with impunity, the industry would settle for
the next best thing: shutting down file-shares with DoS attacks. 
http://www.theregister.co.uk/content/6/22327.html

Why the RIAA owes us all an apology The Recording Industry Association
of America (RIAA) should issue a public apology for its attempt last
week to lump music swappers together with terrorists--criminals worthy
of special efforts and restrictions on civil liberties in order to bring
them to justice. 
http://www.zdnet.com/zdnn/stories/comment/0,5859,2818346,00.html

In the wake of Sept.  11, encryption is no joke The events of Sept.  11
have caused us to reconsider so many things about the way we live. 
``What if?'' scenarios that we could ignore as distant and wholly
unlikely just a few weeks ago now seem uncomfortably close to home.  And
safeguards that seemed paranoid and extreme are beginning to take on a
grim new logic of their own.  Consider for a moment our attitudes toward
encryption. 
http://www.siliconvalley.com/docs/opinion/daveplot/dp101801.htm

SafeWeb ain't all that What a total idiot I am.  I never asked Web
anonymizer SafeWeb exactly what they mean when they say they "collect NO
logs or user data beyond what is required for performance tuning and
security monitoring of our servers.  Any such data is carefully
safeguarded, only analyzed statistically, and is destroyed soon
thereafter." http://www.theregister.co.uk/content/6/22331.html

Tech challenges in biodetection For the smuggler of weapons, explosives
or drugs, technology presents a formidable barrier.  Sensors can help
locate contraband inside luggage or in traces on a traveler's documents
or clothes.  But biological agents, like the anthrax spores that have
killed one person and sickened others in past weeks, are much tougher to
detect. 
http://www.cnn.com/2001/TECH/industry/10/18/pathogen.detectors.ap/index.htm=
l

A modest proposal for national ID You could hear the snickering recently
when Oracle Chief Executive Larry Ellison and Sun CEO Scott McNealy
endorsed the idea of a national identity card.  Ever so slyly, the
critics suggested these fine gentlemen were just hawking their products
-- Ellison with the servicing of a vast database, and McNealy through
the sale of new servers. 
http://www0.mercurycenter.com/premium/business/docs/herhold18.htm
http://www.siliconvalley.com/docs/hottopics/attack/014110.htm


------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:55 PST