Return-Path: <sentto-279987-4611-1018498720-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 10 Apr 2002 21:21:12 -0700 (PDT) Received: (qmail 6466 invoked by uid 510); 11 Apr 2002 04:19:02 -0000 Received: from n9.grp.scd.yahoo.com (66.218.66.93) by all.net with SMTP; 11 Apr 2002 04:19:02 -0000 X-eGroups-Return: sentto-279987-4611-1018498720-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.192] by n9.grp.scd.yahoo.com with NNFMP; 11 Apr 2002 04:18:40 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_1); 11 Apr 2002 04:18:40 -0000 Received: (qmail 13119 invoked from network); 11 Apr 2002 04:18:39 -0000 Received: from unknown (66.218.66.216) by m10.grp.scd.yahoo.com with QMQP; 11 Apr 2002 04:18:39 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 11 Apr 2002 04:18:39 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g3B4KSw04530 for iwar@onelist.com; Wed, 10 Apr 2002 21:20:28 -0700 Message-Id: <200204110420.g3B4KSw04530@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 10 Apr 2002 21:20:26 -0700 (PDT) Subject: [iwar] [NewsBits] NewsBits - 04/05/02 (fwd) Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit April 5, 2002 Government agency hacked by teenager - again A young computer enthusiast called 'splices' has broken into a database of government contracts, apparently at the US General Services Administration (GSA), due to incredible carelessness with passwords. The necessary information was included in the comments section of a login banner. We won't tell you what the login and password were, but we will tell you that they were absurdly weak and eminently guessable. Broadcasting them made the situation only slightly worse. http://www.theregus.com/content/55/24533.html Judges end porn trial on skeptical note A two-week federal trial to determine how far the government can go to protect children from pornography on library computers ended on Thursday with judges openly concerned about whether the latest online smut law from Congress infringes on free-speech rights. The Children's Internet Protection Act, or CIPA, which supporters view as the government's best shot yet at reining in online smut, requires public libraries to install filtering software on all computers or lose federal technology funding. http://www.cnn.com/2002/TECH/industry/04/05/internet.porn.reut/index.html Federal judges to weigh Internet filtering law http://www.nandotimes.com/technology/story/345106p-2841270c.html=20 Semantic Attacks a New Wave of Cyber-terrorism Hits Home IN the wake of the terrorist attack on New York on September 11 all forms of national and international security have been dramatically stepped up. Although people mainly associate this with airport and travel- related security, the Internet is also being scrutinised. In addition to the more noticeable attacks made possible across the Internet, several more subtle threats exist. These include attacks on meaning, also known as 'semantic attacks'. Such attacks can go unnoticed on text heavy websites (for example on-line news services and government sites). Sites such as these influence the opinions of the people who read them and changes in the text can convey dangerous and misleading messages. http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=3D7811 Hacking up, disclosure down, FBI survey says Most large corporations and government agencies have been attacked by computer hackers, but more often and more frequently they do not inform authorities of the breaches, an FBI survey finds. The survey released Sunday found about 90 percent of respondents detected computer security breaches in the past year but only 34 percent reported those attacks to authorities. Many respondents cited the fear of bad publicity about computer security. http://www.nandotimes.com/technology/story/347520p-2853392c.html More Government, Military Databases Left Exposed For the third time in less than a month, internal databases owned by U.S. government agencies have been found exposed to anyone with a Web browser. The latest government sites that allowed visitors to view private documents include those operated by the Defense Information Systems Agency (DISA), the Department of Commerce's International Trade Administration (ITA), and the U.S. Navy's Distance Support Anchordesk. http://www.newsbytes.com/news/02/175695.html SSL encryption weaker in Europe than US UP TO 18 percent of servers using SSL (Secure Sockets Layer) encryption technology for Web site encryption are potentially vulnerable to hackers, with the problem being far more pronounced in Europe than in the U.S., according to the latest monthly survey of Web server usage conducted by Netcraft. http://www.idg.net/go.cgi?id=3D661386 Web-based attacks set to soar Automated scripts now the most significant risk Internet-based threats rose significantly in 2001 and continued to climb through the early months of 2002, according to a new report. Traditional incidents such as virus and Denial of Service attacks remained at or above previous levels, but automated scripts against common vulnerabilities are now the most significant online risk, said Internet Security Systems (ISS). The threats will continue to increase until fundamental internet risk actors are dealt with, the company said in its Internet Risk Impact Summary Report for the first quarter of 2002. http://www.vnunet.com/News/1130673 Server port 80 plagues Internet security THE INTERNET HAS become a riskier place for businesses since the fall of 2001 and doesn't look to be any more secure in the near future, according to security firm Internet Security Systems, which released its security incident figures for the first quarter of 2002 Wednesday. The Sept. 11 terrorist attacks on the U.S. have not prompted any obvious cyberattacks, ISS concluded. http://www.infoworld.com/articles/hn/xml/02/04/03/020403hniss.xml Ross: Systems complexity threatens security At today=92s National Institute of Standards and Technology conference on continuity of IT operations, Ron S. Ross, director of the National Information Assurance Partnership, said the growing complexity of IT systems =93has outstripped our ability to protect them. Complexity is the No. 1 enemy of security,=94 Ross said. Also addressing the NIST conference, former House Speaker Newt Gingrich said more basic research is needed to protect the nation=92s information resources. =93Unless we invest dramatically more in research, we will be unable to sustain our role as a world power,=94 he said. http://www.gcn.com/vol1_no1/daily-updates/18337-1.html Sept. 11's Impact On Data Security Is Limited Big enterprises were hit by hacker attacks in 2001 significantly more than small and medium companies. And despite the focus on corporate data security after Sept. 11, big companies haven't significantly changed their thinking about their approach to data security. Those are two of the key findings in a recent study of 405 corporate LAN managers conducted in February by In-Stat/MDR. http://www.internetwk.com/story/INW20020404S0009 Implantable Spy Chip Gets Green Light from U.S. The company said the VeriChip could be combined with a global positioning system and used for security purposes by potential kidnap victims. A Florida company Thursday said that it will begin marketing and selling a microchip that can be implanted under the skin, after receiving the go-ahead from the U.S. Food and Drug Administration (FDA). The FDA advised the company, Applied Digital Solutions, that its biochip, called "VeriChip," is not considered a medical device and therefore is not subject to FDA regulation. http://www.newsfactor.com/perl/story/17127.html ------------------------ Yahoo! Groups Sponsor ---------------------~--> HOW to SEE & RECORD EVERYTHING! TINY Camera for Under $80 BUCKS! PRICE BREAKTHROUGH --> CLICK! http://us.click.yahoo.com/w7toOC/.o6DAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:31 PDT