November 16, 1999 MS bug opens door to your hard drive Outlook, Outlook Express save temporary copy of file to disk when you open attachment. Forget for now about the BubbleBoy Virus, which has yet to cause anyone harm. There’s a real vulnerability lurking in Microsoft Outlook and Outlook Express capable of delivering your machine into malevolent hands. http://www.msnbc.com/news/335418.asp - - - - - - - - - - - - - - - - - - Windows NT update carries bug A software update for Microsoft's corporate-use operating system introduced a bug that could potentially cripple Lotus Notes unless companies compromise network security. The bug in Windows NT Service Pack 6 prevents users from accessing Lotus Notes without administrator rights--the highest and broadest level of network access, typically reserved for network managers. Companies generally restrict user access to prevent security breaches or catastrophic accidental changes to PCs or servers. http://news.cnet.com/news/0-1003-200-1439342.html?tag=st - - - - - - - - - - - - - - - - - - Usenet Ban a Slippery Slope? A brutal, months-long Usenet word brawl that cost jobs and came to death threats ended in a Seattle court Friday when a judge forbade one of the combatants to post new messages on pain of felony charges. http://www.wired.com/news/politics/0%2C1283%2C32550%2C00.html - - - - - - - - - - - - - - - - - - New Jersey charges nine in Internet fraud sweep The New Jersey attorney general's office has filed civil charges against nine people as part of an Internet fraud crackdown that uncovered bogus sales of company stocks, Beanie Baby toys and the impotence drug Viagra. http://www.mercurycenter.com/svtech/news/breaking/internet/docs/1087887l.htm - - - - - - - - - - - - - - - - - - Murder trial begins today As five of six defendants prepare for the start of their murder trial in Alameda County (CA) Superior Court today, investigators say they hope to arrest a seventh suspect in connection with the slaying of a high-tech worker during a botched robbery of Wintec Industries in Fremont last year. Opening statements in the case are scheduled for this morning at the Fremont Hall of Justice. Prosecutors allege that the defendants may be responsible for a string of high-tech heists throughout the Bay Area in recent years. http://www.mercurycenter.com/premium/local/docs/wintec16.htm - - - - - - - - - - - - - - - - - - "Cybersmeared" One victim's tale It was the end of another long day at her home office when Amy, a New York City consultant, discovered to her horror that she had been enrolled in a small but growing club that no one joins voluntarily — victims of a “cybersmear.” http://www.msnbc.com/news/334729.asp - - - - - - - - - - - - - - - - - - Police smash UK's biggest pirate software operation PlayStation games, blank discs, cash uncovered in Stetchford West Midlands police last week smashed one of the UK's largest ever counterfeit software operations. In association with Birmingham City Trading Standards and investigators from the Crime Unit at European Leisure Software Publishers Association (ELSPA), the police raided a commercial computer shop in the Stetchford area of Birmingham. The raid to the discovery of over 2,000 suspect counterfeit PlayStation games, along with 5,000 blank discs and a large amount of cash. http://www.zdnet.co.uk/news/1999/45/ns-11477.html - - - - - - - - - - - - - - - - - - - One step forward, two steps back?: The Clinton Administration hopes this week to issue a draft proposal for lifting its controversial restrictions on the export of encryption technology, a document that could upset the administration's fragile two-month truce with Congress. (New York Times article; free registration required) http://www.nytimes.com/library/tech/99/11/cyber/capital/16capital.html - - - - - - - - - - - - - - - - - - EU, US Crawl Toward Privacy Accord The European Union and the US Department of Commerce appear to be well on their way toward approaching an accord on the issue of data protection, though certain important details continue to elude the spirit of compromise and agreement. If an accord on data protection is not reached, the lucrative arena of e-commerce trade between EU member states and the US could be cut off at the feet. http://www.newsbytes.com/pubNews/99/139426.html - - - - - - - - - - - - - - - - - - Grokking the Privacy Lesson Just last week, RealNetworks provided the Internet world with a case study of data collection gone wrong. Its RealJukebox software was caught red-handed collecting detailed information on user behavior and sending the data back to the company. In the aftermath of that embarrassment, do people in the data-collection business worry more about privacy? http://www.wired.com/news/business/0,1367,32505,00.html - - - - - - - - - - - - - - - - - - Internet advertisers to develop standard for exchanging customer profiles. Leaders in Internet marketing, tracking and analysis software announced today that they're joining forces to develop a standard for sharing personal information about online customers across different enterprise applications. The standard, called Customer Profile Exchange, or CPEX, would combine online and off-line data about customers, such as information gleaned from catalog sales, into one format. http://www.computerworld.com/home/news.nsf/all/9911151privacy - - - - - - - - - - - - - - - - - - - Profiling Vs. Privacy The growing momentum in the use of profiles to target web and e-mail audiences brings with it a growing concern over consumer privacy. Unfortunately, recent industry news includes several stories about high-profile companies running into privacy problems. http://gt.clickz.com/cgi-bin/gt/en/pm/pm.html?user=ffffffffffff&article=956 - - - - - - - - - - - - - - - - - - - Singapore Parents Group To Promote Safe Internet Use Parents of young children in Singapore will be encouraged to get involved in educational and promotional activities to make the Internet a safer experience for their children. The Parents Advisory Group for the Internet (PAGi) will provide parents with a support base to guide their children in the safe use of the Internet. http://www.newsbytes.com/pubNews/99/139423.html - - - - - - - - - - - - - - - - - - - ActiveSync 2.x Allows Unauthorized Access to Your NT Password Windows CE offers the ability to connect to Windows 95/98 and Windows NT desktop systems, allowing the user to move information between the device and the desktop with ease. To facilitate this connection process, Windows CE performs much of this connection process automatically. http://www.cegadgets.com/artsusageP.htm - - - - - - - - - - - - - - - - - - - Security? Mission possible REMEMBER the closely guarded room protected by heat and motion sensors and supposedly accessible only through the use of biometric scanning in the Tom Cruise film Mission: Impossible? Picture that and you'll get some idea of the level of security surrounding the new data and processing centre that fledgling e-commerce security company, eSign Australia, is building in South Melbourne. http://www.it.fairfax.com.au/networking/19991116/A41265-1999Nov12.html - - - - - - - - - - - - - - - - - - - The Danger of Trojan Horses In my last column, I explained how the availability of source code can let an attack take an exploit that merely makes a program dump core and turn it into an attack that can give away root privileges. But there is another way that source code can become a tool for an attacker: source code makes it easier for an attacker to take a legitimate program and turn it into a Trojan Horse by adding back doors or logic bombs. http://www.wideopen.com/story/103.html