Return-Path: <sentto-279987-3874-1005795075-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 14 Nov 2001 19:33:07 -0800 (PST) Received: (qmail 4887 invoked by uid 510); 15 Nov 2001 03:30:04 -0000 Received: from n3.groups.yahoo.com (216.115.96.53) by all.net with SMTP; 15 Nov 2001 03:30:04 -0000 X-eGroups-Return: sentto-279987-3874-1005795075-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.52] by n3.groups.yahoo.com with NNFMP; 15 Nov 2001 03:31:16 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 15 Nov 2001 03:31:14 -0000 Received: (qmail 55870 invoked from network); 15 Nov 2001 03:31:13 -0000 Received: from unknown (216.115.97.171) by m8.grp.snv.yahoo.com with QMQP; 15 Nov 2001 03:31:13 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 15 Nov 2001 03:31:14 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAF3Vv123584 for iwar@onelist.com; Wed, 14 Nov 2001 19:31:57 -0800 Message-Id: <200111150331.fAF3Vv123584@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 14 Nov 2001 19:31:57 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [NewsBits] NewsBits - 11/14/01 (fwd) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit November 14, 2001 Key Internet servers vulnerable to attack, experts say It would not take much for a malicious hacker to shut down the Internet, researchers at a meeting of the body that oversees Web address allocation warned on Tuesday. An attack designed to flood the Web's master directory servers with traffic ``is capable of bringing down the Internet,'' Paul Vixie, a speaker at the Internet Corporation for Assigned Names and Numbers (ICANN) annual meeting, told Reuters. http://www.siliconvalley.com/docs/news/tech/015622.htm http://www.zdnet.com/zdnn/stories/news/0,4586,2824455,00.html http://www.techtv.com/news/hackingandsecurity/story/0,24195,3360616,00.html http://news.zdnet.co.uk/story/0,,t269-s2099170,00.html http://www.newsbytes.com/news/01/172127.html http://www.wired.com/news/politics/0,1283,48384,00.html http://www.usatoday.com/life/cyber/tech/2001/11/14/internet-vulnerable.htm Top Internet weaknesses double to 20 on new list http://www.gcn.com/vol1_no1/daily-updates/17480-1.html Bush Signs Funding Bills With Technology Provisions President Bush Tuesday signed several government funding bills into law, including the Treasury appropriations bill that contains restrictions on how much Internet user information federal government agencies can collect. http://www.newsbytes.com/news/01/172152.html NMCI to shore up security Some Navy networks have virtually no protection from cyberattacks, according to the officer who spearheads the Navy's efforts to assess network security. Such vulnerabilities have resulted in 40 instances of root access to Navy systems this year, including some that took days to detect, said Capt. Jim Newman, who leads the Navy's "Red Team," the group of 20 sailors and civilian personnel who attempt to break network defenses. http://www.fcw.com/fcw/articles/2001/1112/web-nmci-11-14-01.asp U.S. Attorneys to target data sharing To ease data sharing and cooperation among federal, state and local officials in the fight against terrorism, Attorney General John Ashcroft on Nov. 13 directed the U.S. Attorneys to develop communications protocols and designate chief information officers. http://www.fcw.com/geb/articles/2001/1112/web-ash-11-14-01.asp http://www.gcn.com/vol1_no1/daily-updates/17477-1.html Commerce official suggests rewrite of information-sharing rules http://www.govexec.com/dailyfed/1101/111301td1.htm Information Commission lambasts anti-terror bill The part of the Home Office Bill that requests communications providers to retain traffic data for the police is branded 'unnecessary'. Sweeping measures to retain communications data for law enforcement purposes have been branded "unnecessary" by the Office of the Information Commissioner, along with the warning that such provisions are likely to infringe the Human Rights Act. http://news.zdnet.co.uk/story/0,,t269-s2099174,00.html House hold hearing on proposed secure government network A House subcommittee chairman on Tuesday announced plans to hold an oversight hearing on the Bush administration's proposed government-only Internet called Govnet. Virginia Republican Tom Davis, chairman of the House Government Reform Technology and Procurement Policy Subcommittee, said he plans to hold the hearing in late January or early February. http://www.govexec.com/dailyfed/1101/111301td2.htm Lawmakers To Question Industry Leaders On Cybersecurity A congressional panel has called a clutch of high-tech industry leaders to testify this week about the precautions the private sector is taking to secure their software and networks. The House Energy and Commerce Committee's Commerce, Trade and Consumer Protection Subcommittee will hear from security officials at Microsoft Corp., Oracle Corp., EDS and a handful of other major industry players when it convenes a hearing on cybersecurity Thursday. http://www.newsbytes.com/news/01/172160.html Report: Business fails on global security Multinational corporations are still far off from securing their networks and seem to be focusing on the wrong threats, according to a report expected from Big Five accounting firm KPMG this week. For the risk assessment report, KPMG interviewed 500 executives in August and discovered that although 85 percent felt they gave enough attention to protecting their information, nearly four out of 10 thought their company could suffer a serious breach of security. http://www.zdnet.com/zdnn/stories/news/0,4586,5099609,00.html Argentina Peeks Into E-Mail Laws If you illegally read someone else's e-mail in Argentina, you might end up spending from 15 days to six months in jail. And sending spam without identifying it as such, and including your real name, could saddle you with a fine of more than $25,000. http://www.wired.com/news/politics/0,1283,48291,00.html Unix flaw could allow malicious hacking A vulnerability in a component of a graphical user interface currently shipping with several commercial Unix systems could let a malicious attacker take administrative control of an affected host system. CERT, the US government- backed institute that monitors Internet security, said the vulnerability existed in a function used by the common desktop environment (CDE) sub-process control service, which is responsible for accepting requests from clients to execute commands and open applications remotely. http://www.cw360.com/article&rd=&i=&ard=107845&fv=1 How Computer Worms Work - and Why They Never Die Experts say the main reason for the long life of viruses is a lack of updated anti-virus protection by system administrators and computer users. Although their names are not necessarily in the latest headlines, security bulletins or virus alerts, old computer worms such as Magistr, Sircam and, more recently, Nimda, continue to stay atop the threat lists of many anti-virus firms. http://www.osopinion.com/perl/story/14733.html Printers could be security risk Software packages that allow clients to share printers over a network may be leaving enterprises open to attack. Security experts are warning that many system and network administrators may have overlooked multiple vulnerabilities in several implementations of line printer systems software. Researchers at security organisation Cert said the problems relate to buffer overflow issues that let remote users gain root access to servers. http://news.zdnet.co.uk/story/0,,t269-s2099057,00.html Increased Security A Threat To Laptops Sterling, Va. resident Richard Shapiro was flying United Airlines to Missoula, Mont., with his Sony laptop computer when he encountered the post-Sept. 11 security procedures at Dulles International Airport regarding laptops. Since the terrorist hijackings, travelers must remove laptops from their cases and place the computers on the conveyer belts of X-ray machines. http://www.newsbytes.com/news/01/172142.html Do-it-yourself Internet anonymity Along with the recent government hysteria over terrorists, we've seen legislative measures and 'emergency powers' inviting law-enforcement agencies worldwide to conduct Internet surveillance on an unprecedented scale. But because the state-of-the-art of electronic dragnets makes it difficult if not impossible to exclude the comings and goings of innocent citizens, we thought this a good time to run down the basic techniques for ordinary, law-abiding folk to come and go anonymously on the Net, and keep their private business private. http://www.theregister.co.uk/content/6/22831.html Aimster the Latest to Chime In The company that released the Aimster file- trading software unveiled a monthly subscription plan, promising users quicker connection and download times for those who pay for the premium service. AbovePeer, based in Troy, New York, quietly released Club Aimster, a subscription service that allows users to create their own homepages and bypass traffic congestion for $4.95 per month, according to company spokesman Johnny Deep. http://www.wired.com/news/mp3/0,1285,48255,00.html Server Farm: Your Place or Mine? In an era of growing insecurity, having your computer equipment tucked into a hole 85 feet underground has a certain appeal. That's the selling point of Underground Secure Data Center Operations (USDCO), a server farm located in an abandoned gypsum mine near Grand Rapids, Michigan. USDCO execs are stressing the bunker- like qualities of their 750,000-square-foot mine in the wake of the terrorist attacks and subsequent data and equipment destruction. http://www.wired.com/news/business/0,1367,48104,00.html Comdex 2001: Security products evolve IT managers looking to increase corporate network protection will look at products from companies such as Siemens, RedHand, and Wave Systems. There's no question that security is in the minds of IT buyers as they prowl the Comdex trade show in Las Vegas this week. Companies that produce products even tangentially related to security display that fact prominently. Companies with products that are distantly related to security still list themselves in the security product section. http://news.zdnet.co.uk/story/0,,t269-s2099236,00.html EDS Launches Aviation Security Suites http://www.fcw.com/fcw/articles/2001/1112/web-air-11-14-01.asp Kevin Mitnick on Social Engineering Watch the video of former hacker Kevin Mitnick speaking about tricks hackers use on humans. Former hacker and current radio host Kevin Mitnick appeared on "The Screen Savers" to talk about social engineering, which refers to tricks hackers use to get information from users on how to access a computer system. The goal of social engineering is to trick humans, not machines. http://www.techtv.com/screensavers/showtell/story/0,24330,3360637,00.html ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/Vv.L9D/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST