Return-Path: <sentto-279987-4115-1008964959-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 21 Dec 2001 12:04:07 -0800 (PST) Received: (qmail 31756 invoked by uid 510); 21 Dec 2001 20:03:01 -0000 Received: from n33.groups.yahoo.com (216.115.96.83) by all.net with SMTP; 21 Dec 2001 20:03:01 -0000 X-eGroups-Return: sentto-279987-4115-1008964959-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.165] by n33.groups.yahoo.com with NNFMP; 21 Dec 2001 20:02:38 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 21 Dec 2001 20:02:38 -0000 Received: (qmail 99914 invoked from network); 21 Dec 2001 20:02:38 -0000 Received: from unknown (216.115.97.171) by m11.grp.snv.yahoo.com with QMQP; 21 Dec 2001 20:02:38 -0000 Received: from unknown (HELO red.all.net) (12.232.125.69) by mta3.grp.snv.yahoo.com with SMTP; 21 Dec 2001 20:02:36 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fBLK2cX03813 for iwar@onelist.com; Fri, 21 Dec 2001 12:02:38 -0800 Message-Id: <200112212002.fBLK2cX03813@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 21 Dec 2001 12:02:38 -0800 (PST) Subject: [iwar] News to Use from Infowar.Com 12-21-01 (fwd) Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit "News to Use from Infowar.Com" is a periodic output of information relevant to computer security, information warfare, and related genres. If you do not wish to receive this email, please feel free to unsubscribe. Those directions are at the bottom of this email. Infowar.Com PROTECTS your privacy. Your email address is never sold or leased to outside parties. You have received this email because you have JOINED the list, or someone has forwarded this to you. News to Use is brought to you by Recourse Technologies. ======================================================================= Have you heard about Recourse Technologies? If not... Listen! IS YOUR COMPANY PROTECTED AGAINST ZERO DAY ATTACKS? How can you protect your network from attack when you don't know what's coming? Simple: You need smart weapons to defend against the unknown. Recourse Technologies, the leading provider of threat management solutions, is the only company that can equip you with the products you need to protect your business-critical network from zero day attacks. For more information, download our FREE WHITE PAPER, "Arsenal for the Unknown: Detecting New Exploits in the Wild," at www.recourse.com/InfoWar. Learn how Recourse threat management solutions can help you stop zero day attacks cold. ======================================================================= Table of Contents 1. Defense Department to train more cybercrime fighters 2. Oracle paints a bull's-eye for hackers 3. David Litchfield breaks ''unbreakable'' Oracle 4. House Panel Boosts Funds for Cybersecurity Research 5. Study: Medical files open to hackers 6. Government Agrees to Defer Prosecution of Dmitry Sklyarov 7. Man Sentenced for Unauthorized Access into Connecticut Firm Systems 8. FBI wants access to worm's pilfered data 9. AOL/Time Warner secures Secret Service veteran as CSO and VP 10. Cerf Disses Bush's Patch Plan 11. FBI streamlines cybercrime operations 12. ** FREE Web Seminar: Palm Tightens Grip on Network Security ** ======================================================================= 1. Defense Department to train more cybercrime fighters The Defense Department renewed its commitment to investigate cybercrime this week by extending a contract with Computer Sciences Corp. (CSC) to operate the Defense Computer Investigations Training Program. Under the eight-year, $86 million contract, CSC will help train cybercrime fighters from the Defense Department's numerous criminal investigation commands. It's technology training for cops, said Chris Steinbach, director of defense group service delivery at CSC. We've put 1,400 new law enforcement officials within Defense on the street who know how to deal with crime scenes where there might be digital evidence." http://www.govexec.com/dailyfed/1201/121301j1.htm ======================================================================= 2. Oracle paints a bull's-eye for hackers "Since Oracle Chief Executive Larry Ellison began boasting that his software was "unbreakable," hackers have taken that as a challenge to try to crack the company's code and the confidence behind its brash marketing effort, executives said this week. In the seven weeks Oracle's "Unbreakable" ad campaign has been running, hacking attempts on the company's Web site have increased ten-fold, Ellison said during his Oracle OpenWorld keynote this week. `"Normally we get roughly 3,000 attacks a week. Now we're getting 30,000 attacks a week," Mark Jarvis, senior vice president and chief marketing officer, told Reuters. "We are not inviting hackers to come and attack our site. They have decided to take it on of their own accord."" http://www.zdnet.com/zdnn/stories/news/0,4586,2831288,00.html ======================================================================= 3. David Litchfield breaks ''unbreakable'' Oracle At NGSSoftware, David Litchfield discovered two high-risk vulnerabilities in Oracle 9iAS, specifically in the Oracle PL/SQL Apache Module. This is not a theoretical vulnerability, David demonstrated these problems at the Blackhat Briefings 2001 Europe in Amsterdam. NGSSoftware advisory http://www.nextgenss.com/advisories/plsql.txt Oracle advisory http://otn.oracle.com/deploy/security/pdf/modplsql.pdf Oracle patches http://metalink.oracle.com Blackhat Briefings 2001 Europe http://www.blackhat.com/html/bh-europe-01/bh-europe-01-index.html ======================================================================= 4. House Panel Boosts Funds for Cybersecurity Research "A House of Representatives panel voted to dramatically boost federal spending on cybersecurity on Thursday, earmarking $880 million over five years for research, scholarships and other incentives. The House Science Committee also voted to increase spending on high-tech research as a whole by 10 percent per year over the next five years, and require government agencies to coordinate their research efforts." http://www.bayarea.com/rc/news/docs/1696715l.htm ======================================================================= 5. Study: Medical files open to hackers "The private medical files of thousands of Ontario patients have been stored on-line where they're vulnerable to hackers and the prying eyes of government-hired technicians, according to documents obtained by The Globe and Mail. Less than a month after the Health Ministry set up a much-vaunted patient-information database for doctors, Ontario's privacy commissioner is investigating the system for breaching one of the most sacred tenants of medicine: doctor-patient confidentiality. The commissioner is looking into a wide range of allegations, from whether private companies have been given access to patient information to whether some of the information has already been lost." http://www.theglobeandmail.com/servlet/GIS.Servlets.HTMLTemplate?tf=tgam/common/FullStory.html&cf=tgam/common/FullStory.cfg&date=20011210&cache_key=national¤t_row=1&start_row=1&num_rows=1 ======================================================================= 6. Government Agrees to Defer Prosecution of Dmitry Sklyarov "San Jose - U.S. Federal Court Judge Ronald Whyte today signed a court agreement permitting Russian programmer Dmitry Sklyarov to return to his native land after a five-month enforced stay in the U.S. The agreement should eventually clear him of all charges brought against him for distributing software that permits electronic book owners to convert the Adobe e-book format so they can make use of e-books without access restrictions. As part of the agreement, Sklyarov will testify for the government in the case that remains against Elcomsoft, Sklyarov's employer. He will likely testify on behalf of Elcomsoft as well." http://www.eff.org/IP/DMCA/US_v_Sklyarov/20011213_eff_pr.html ======================================================================= 7. Man Sentenced for Unauthorized Access into Connecticut Firm Systems "United States Attorney John A. Danaher III announced that MARKUS P. LUKAWINSKY, age 32, of 54970 Avenida Madero, La Quinta, California, was sentenced yesterday in federal court in Bridgeport, Connecticut by United States District Judge Janet C. Hall. LUKAWINSKY received a sentence of twelve months plus one day in prison, to be followed by three years’ supervised release. In addition, LUKAWINSKY was required to pay restitution in the amount of $198,458.31 to the Greenwich consulting firm of Mars & Co. LUKAWINSKY was originally indicted in November 2000 by a federal grand jury sitting in Bridgeport, Connecticut on charges of interstate transportation of stolen property and computer intrusion. He pleaded guilty to both charges in August 2001 before Judge Hall. At that time, LUKAWINSKY admitted that, from May 1999 through January 2000, he had transported stolen computer equipment belonging to Mars & Co. worth over $21,500 from Greenwich, Connecticut to White Plains, New York, and ultimately to La Quinta, California. Also, during approximately the same time period, LUKAWINSKY unlawfully accessed or "hacked" into the computer systems of Mars & Co. without authorization to read and delete electronic mail that belonged to another person." http://www.usdoj.gov/criminal/cybercrime/LukawinskySent.htm ======================================================================= 8. FBI wants access to worm's pilfered data "The FBI is asking for access to a massive database that contains the private communications and passwords of the victims of the Badtrans Internet worm. Badtrans spreads through security flaws in Microsoft mail software and transmits everything the victim types. Since November 24, Badtrans has violated the privacy of millions of Internet users, and now the FBI wants to take part in the spying. Victims of Badtrans are infected when they receive an email containing the worm in an attachment and either run the program by clicking on it, or use an email reader like Microsoft Outlook which may automatically run it without user intervention. Once executed, the worm replicates by sending copies of itself to all other email addresses found on the host's machine, and installs a keystroke-logger capable of stealing passwords including those used for telnet, email, ftp, and the web. Also captured is anything else the user may be typing, including personal documents or private emails. " http://www.dailyrotten.com/articles/archive/189387.html The database is available at http://badtrans.monkeybrains.net/ ======================================================================= 9. AOL/Time Warner secures Secret Service veteran as CSO and VP "In the wake of the Sept. 11 terrorist attacks, AOL Time Warner Inc. is breaking new ground in the media industry, saying Monday that it has named the deputy director of the U.S. Secret Service to the new position of chief security officer and senior vp. Larry Cockell, a 20-year Secret Service veteran, will start his new assignment at the world's largest entertainment and online conglomerate Jan. 14. Reporting to AOL TW executive vp administration Patricia Fili-Krushel, Cockell will be responsible for security on a global basis, coordinating and overseeing all security policies and operations, the company said." http://dailynews.yahoo.com/htx/bpihw/20011210/en/aol_tw_secures_secret_service_vet_1.html ======================================================================= 10. Cerf Disses Bush's Patch Plan "One of the Internet's founders said Wednesday there were important weaknesses in the Bush administration's plans to build an ultra-secure government network and to encourage companies to make computers safer for consumers. Vinton G. Cerf, widely recognized as a "father of the Internet" for co-inventing one of its communications technologies, warned against a White House proposal to have software companies automatically repair their products whenever new vulnerabilities were discovered." <http://www.wired.com/news/conflict/0,2100,49095,00.html> ======================================================================= 11. FBI streamlines cybercrime operations The FBI is taking steps to eliminate duplication of effort in its cybercrime investigation programs, rolling 11 existing units into four new divisions. A new Cybercrime Division will be integrated with the bureau's Criminal Investigation Division. Ruben Garcia Jr., the new executive assistant director for criminal investigations, will lead the effort. The three other divisions that will manage the bureau's major areas of responsibility will be Counterterrorism/Counterintelligence, Law Enforcement Services and Administration. <http://www.computerworld.com/cwi/story/0,,NAV47_STO66417,00.html> ======================================================================= 12. FREE Web Seminar: Palm Tightens Grip on Network Security Join us on 1/15/02 to learn how Palm, Inc. tightened their grip on Network Security, a case study approach. Learn how the right threat management infrastructure can efficiently contain, control and respond to unauthorized access attempts. Discover the best ways to proactively strengthen your own distributed enterprise defenses. Understand the most cost-effective methods to secure your business against intruders and interruptions using the latest technology. Limited seats available. Register today! www.recourse.com/webseminarpalm RECOURSE HAS MOVED TO NEW HEADQUARTERS EFFECTIVE 12/14/01. PLEASE NOTE NEW ADDRESS AND PHONE NUMBERS BELOW. Julie Lopez Marketing Programs Manager Recourse Technologies, Inc. PACIFIC SHORES CENTER 1600 SEAPORT BLVD., SUITE 400 REDWOOD CITY, CA 94063 phone (650) 381-8084 fax (650) 568-0599 e-mail jlopez@recourse.com Recourse Technologies? is the leading provider of threat management solutions that contain, control, and respond to malicious computer attacks, enabling secure and uninterrupted business operations. Visit us on the web at www.recourse.com <http://www.recourse.com> ======================================================================= Infowar.Com Ltd. 3030 N. Rocky Pt. Drive W # 240 Tampa, FL, 33607 813-288-1955 Voice 813-288-1985 FAX 888-648-2448 http://www.infowar.com http://estore.infowar.com ------------------------ Yahoo! Groups Sponsor ---------------------~--> Access Your PC from Anywhere - Full setup in 2 minutes - Free Download http://us.click.yahoo.com/StuHlD/E6eDAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST