October 18, 1999 Planned attack: In order to test the security of its Web site, a Shanghai Internet company is offering computer hackers $600 if they can break into the site and obtain documents. http://www.mercurycenter.com/svtech/news/breaking/merc/docs/017635.htm - - - - - - - - - - - - - - - - - - - - - - Melissa mutations keep coming Several companies have been hit by a new variant of the Melissa virus, but anti-virus experts are downplaying the strain's potential threat to businesses. The new virus, called Melissa.U(Gen 1), has hit one U.S. company with 30,000 computers, according to Symantec Corp.'s AntiVirus Research Center. Because the virus is a corrupted version of the Melissa.U virus that surfaced last week, it's been flying under the radar screen of some anti-virus software. http://www.zdnet.com/zdnn/stories/news/0,4586,2375641,00.html - - - - - - - - - - - - - - - - - - - - - - California cracks down on piracy California Gov. Gray Davis on Friday took a tough stand against software piracy, saying the problem had gotten so bad that some of the same government agencies charged with enforcing copyright laws may be unwittingly using counterfeit products themselves. Davis signed an executive order that every state agency not only work to combat software piracy but also enforce compliance within their own offices. http://www.zdnet.com/zdnn/stories/news/0,4586,2374954,00.html - - - - - - - - - - - - - - - - - - - - - - Online 'posse' searching for auction scammer A group of nine Netizens have been brought together with a common goal: nailing "Kuchar1," the person responsible for running an elaborate online auction scam that has gleaned tens of thousands of dollars from unsuspecting high bidders on eBay and Yahoo!. The posse includes a California detective and several auction site investigators and is rounded out by Kuchar1 fraud victims. The group shares information and leads through a private e-mail list. http://www.zdnet.com/zdnn/filters/bursts/0,3422,2375123,00.html - - - - - - - - - - - - - - - - - - - - - - - Spam Needs More Federal Oversight - Survey Most people support at least some congressional action to block the mass infiltration of unsolicited commercial bulk e-mail, otherwise known as spam, according to a survey of more than 1,200 Internet users released by the Coalition Against Unsolicited Commercial E-Mail and Survey.com, an Internet research company. http://www.newsbytes.com/pubNews/99/137965.html - - - - - - - - - - - - - - - - - - - - - - - Reps. Wilson, Green Plan Spam Bill It's an issue that gets a lot of press, but not a lot of legislative action, but Reps. Heather Wilson, R-N.M., and Gene Green, D-Texas, are going to introduce another bill to fight the proliferation of unsolicited bulk e-mail - otherwise known as spam. http://www.newsbytes.com/pubNews/99/137750.html - - - - - - - - - - - - - - - - - - - - - - - Microsoft fights handful of IE holes Microsoft today moved to patch one security hole in its Web browser just as another came to light. Both problems spring from the browser's implementation of JavaScript, a scripting language created by Netscape Communications. Web sites use scripting technology to take actions on a visitor's computer without his or her input. Typical uses for scripting include launching pop-up windows or scrolling text across a screen. http://news.cnet.com/news/0-1005-200-918551.html?tag=st - - - - - - - - - - - - - - - - - - - - - - - Computer Crime-Abetting Sites Will Dramatically Increase Costs for Businesses and Consumers Hacking and computer-crime-abetting Web sites are supplying Web surfers with tools and instructions that could cost consumers and businesses worldwide over a trillion dollars this year. Computer Economics research shows that hacking and computer crime will experience a dramatic increase in the next few years due to the abundance of Web sites devoted to these topics. Also factoring into the growth of computer crime is the low cost of the tools and instructions that these sites sell, and the rise of the wireless Internet. http://www.businesswire.com/cgi-bin/f_headline.cgi?day0/192910213&ticker= - - - - - - - - - - - - - - - - - - - - - - - SANS: Cybersecurity risks real On behalf of IT managers whose bosses may be skeptical about security risks, the SANS Institute offered a briefing last week that took participants on four virtual "field trips" to the sites of cyberattacks. The Washington-based cooperative research and education organization, which distributes information on computer security issues, held the briefing at MITRE Corp. http://www.computerworld.com/home/news.nsf/all/9910181sans - - - - - - - - - - - - - - - - - - - - - - - More managers monitor e-mail Computerworld survey: Fearing lawsuits, loss of secrets, employers scan more worker messages. Spot checks just aren't good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words, according to an exclusive Computerworld survey. About 31% of 75 corporate e-mail managers already use monitoring software either regularly or for spot checks. Of those who don't, 21% plan to install it next year, according to the survey. http://www.computerworld.com/home/print.nsf/all/991018C7D2 - - - - - - - - - - - - - - - - - - - - - - - GAO: IT security law needed Law would help direct disparate security policies Agencies have improved the security of many information systems, but the lack of clearly defined roles among agencies coordinating security has hindered federal security experts' ability to protect systems from intrusion, according to the General Accounting Office. Agencies have spent the past two years plugging security holes in computer systems, but it has been such an ad hoc effort that federal security managers have been left without any coordinated guidance on developing a fully secure government, GAO officials told the Senate Judiciary Technology, Terrorism and Government Information Subcommittee this month. http://www.fcw.com/pubs/fcw/1999/1018/fcw-pollaw-10-18-99.html - - - - - - - - - - - - - - - - - - - - - - - SafetyEd International Hosts Clinic To Promote Online Safety and IRC CyberSmarts SafetyEd International, an Internet safety organization, announced today that there will be a weeklong clinic of classes and games to promote online awareness and safety. Beginning on October 25th, and running through October 31st, the organization will take participants on an informative trip; interspersed with some fun games and culminating in a Halloween party on October 31st. This will take place on our main network - chatworks.net. http://www.internetwire.com/technews/tn/tn984794.dsl - - - - - - - - - - - - - - - - - - - - - - - Internet community debates wiretapping The Internet engineering community is engaged in heated debate over whether it should develop protocols that would make it easier for law enforcement agencies to intercept communications over the 'Net. The issue promises to be the hottest topic at the next Internet Engineering Task Force meeting, which will be held in Washington, D.C., in November. E-mails are flying fast and furious between IETF members about whether wiretapping should be supported in protocols for switches that will combine voice and data traffic for transmission over the 'Net. http://www.networkworld.com/news/1999/1018wiretap.html - - - - - - - - - - - - - - - - - - - - - - - ITxpo '99: The IT security struggle continues Although outside hackers get all the publicity, technology-savvy employees pose the biggest security threat, because they understand their company's business and how the computer systems work, an analyst said. "The skilled insider clearly represents the greatest threat, and represents the greatest challenge," said William Malik, research area director at Gartner Group, during the company's Symposium/ITxpo '99. http://www.networkworld.com/news/1999/1018insidejob.html - - - - - - - - - - - - - - - - - - - - - - - BLOWN TO BITS: Cyberwarfare Breaks the Rules of Military Engagement Sixteen years ago, in the movie "WarGames," Matthew Broderick played a computer hacker who electronically ferrets his way into the Pentagon's Norad early warning system inside Cheyenne Mountain, Colo., and almost starts World War III by accident. Last week the military finally struck back. The Pentagon created a new military center to harness the nation's disparate cyberwarfare forces under the Air Force Space Command at Peterson Air Force Base in Colorado Springs. That followed the public acknowledgment by Gen. Henry H. Shelton, chairman of the Joint Chiefs of Staff, that the United States played hacker itself earlier this year -- waging a keyboard war against Serbian computer networks. http://www.nytimes.com/library/review/101799cyberwarfare-review.html - - - - - - - - - - - - - - - - - - - - - - - Spy in the sky? That could be Echelon Some fear snoops target e-mail, calls Is the government listening in on your phone calls? Reading your e-mail for words like "plutonium," "Clinton" or "terrorism"? Rep. Bob Barr, R.-Ga., a former CIA analyst, worries it might be. The European Parliament is concerned, too. So is a small group of computer users who call themselves "hacktivists." They're so convinced we're all being spied on that Thursday they're planning what may be the first mass protest using electronic mail as a weapon. http://www.uniontribune.com/news/uniontrib/sun/news/news_1n17spy.html - - - - - - - - - - - - - - - - - - - - - - - Anatomy of a Network Intrusion Empty Red Bull cans litter the floor, reflecting the warm glow of the monitors. Alongside the sketch boards lie drained liters of Mountain Dew, partially eaten burritos and dozens of 486 machines configured as Linux Beowulf clusters. A Pentium II machine plugged into a seemingly endless line of surge suppressors hums as it continues to brute-force password guesses at a rate of 10 million per second. Only 12 more hours to go... http://www.networkcomputing.com/1021/1021ws1.html - - - - - - - - - - - - - - - - - - - - - - - Philippines - Free Use Of Copyrighted Materials Bill Opposed The Philippine Software Association (PSA) said it was opposing the passage of a bill that would allow free use of any copyrighted material for educational purposes. PSA President Muriel Macabuag said that current legislation on fair use of software programs is already enough. http://www.newsbytes.com/news/99/137670.html - - - - - - - - - - - - - - - - - - - - - - - Many servers easy prey to hackers A check by an IT security firm reveals nearly 25 per cent of servers with .sg addresses are using flawed software with holes hackers can exploit easily. MORE than a fifth of nearly 8,000 operational Internet servers here are using flawed software that would allow hackers to enter in under a minute. The 1,833 servers hosting websites which have .sg in their addresses are either using old software riddled with holes hackers can exploit, or newer software in which the holes have not been "patched" with security-enhancing updates. http://web3.asia1.com.sg/archive/st/0/cyb/cyb1_1017.html - - - - - - - - - - - - - - - - - - - - - - - HACKING WEBSITES: Why I do it CYBER vandal "mistuh clean", who recently defaced the eduMall and Mediacity websites here, talked to Samantha Santa Maria via e-mail. http://web3.asia1.com.sg/archive/st/0/cyb/cyb3_1017.html - - - - - - - - - - - - - - - - - - - - - - - Clueless about Net flaws It is easy to put your own website on the Internet. But many businesses have no idea how to make sure these are safe from hackers, who can easily download the tools they need. http://web3.asia1.com.sg/archive/st/0/cyb/cyb2_1017.html - - - - - - - - - - - - - - - - - - - - - - - Security for All - The ongoing battle between the hackers and the banks The 'cyber-robbing' of banks is ongoing, as these examples show. Prompted by an ongoing hunt for a bank hacker, we began looking through our archives. It is interesting to see that the "cyber-robbing"of banks seems to be ongoing-and we are sure there are many more cases that we will never know about. The most spectacular and well-known example was probably in 1995, when Citibank was hacked by Russian hackers, led by the 24 year-old Vladimir Levin. They were arrested while trying to transfer over $10 million. http://216.46.170.184/data/131099_Database18.html - - - - - - - - - - - - - - - - - - - - - - - The the Ministry of Information Industry, Ministry of Public Security, and Ministry of State Security in Hong Kong issued a joint memorandum urging all state and private organizations to not connect internal computer systems to the world wide internet. This is in direct response to the threat of cyber attack from Taiwanese intruders. The Ministry of Information and Industry have also established the China Computer Network Security Management Center. Fearing that imported computers and software may contain security holes, Trojan Horses, or Backdoors the ministry is also asking that the development of domestically-made computers and software systems be increased. - - - - - - - - - - - - - - - - - - - - - - - U.S. activist praises Japan's efforts to fight child cyber porn. A new Japanese law banning child pornography will close a loophole that allowed pedophiles worldwide to use the country as a base for putting their material on the Internet, a U.S. activist said Friday. Japanese authorities say that under the new law, they can prosecute anyone suspected of using a Japanese Internet provider to publish child porn, no matter what country that person is in. About 40 percent of all child pornography web sites originate in Japan, said Parry Aftab, a lawyer and director of Cyberangels, a group that monitors Internet safety. While some are Japanese, many are launched from abroad via Japanese Internet providers. ``Because of the loopholes and lack of law here in Japan, the rest of the pornographers in the world learned that you could get cheap, efficient access in Japan,'' she said. Until now, there was nothing authorities could do to fight the phenomenon. In March, however, Parliament passed legislation banning the sale, distribution, production, possession and trading of child pornography. Violators face up to three years in prison or fines of up to 3 million yen (dlrs 28,360). The new restrictions, to take effect next month, also make it illegal to have sex with anyone 17 years old or younger. Japan has been criticized internationally for a lack of explicit laws against child pornography, with many claiming inaction has allowed child Internet porn and sex tourism to persist both at home and abroad. Aftab, in Tokyo to speak at a conference on child pornography, said the legislation will make ``a huge difference'' in the war against child porn on the Internet. ``I've got all these sites waiting to be turned over to law enforcement'' in Japan, she said. The law has ``given us the stuff we need that will enable us to do our job.'' Some Japanese activists have criticized the new legislation because it does not explicitly refer to Internet pornography. But Yuji Fujiyama, an official from the Juvenile Division of the National Police Agency who attending the conference, said that will not stop police from nabbing cyber offenders. ``Internet pornography is not explicitly mentioned in the law, but it will be regulated if it is child pornography,'' he said. ``There will be no impediments.''