High Tech "NewsBits" for 12/20/99

December 20, 1999 Judge rejects new bid to free ex-disney executive A judge on Monday refused to free from jail a former top Disney executive convicted of possessing child pornography, saying that an appeals court's decision to strike down part of the law he was convicted under did not apply to his case. http://www.sjmercury.com/svtech/news/breaking/internet/docs/11792l.htm - - - - - - - - - - - - - - - - - - US Record Companies Sue Chinese Music Pirates A group of five major recording companies are hoping that the long arm of the law will become even longer... stretching all the way to China. EMI Group, Sony Music, Universal Music, Warner Music, and China Record Guangzhou Company filed two separate civil lawsuits earlier this week, in China, against two Internet Web sites which the recording companies claim have been selling more than 1,000 illegal Internet-based music files. http://www.newsbytes.com/pubNews/99/140956.html - - - - - - - - - - - - - - - - - - Zhirinovsky: 'I'll celebrate by hacking' Russia's maverick politician Vladimir Zhirinovsky, whose ultra-nationalist bloc looks set to do well in a parliamentary election, said on Monday he would celebrate by hacking into Western computers. Zhirinovsky's bloc was running at more than eight percent in early results compared with pre-election opinion polls which had given him some five percent. Asked to have a drink to mark his party's good showing, he said: "No. No way, we Russians don't drink any more. We now work on computers, we use computers to send viruses to the West and then we poach your money. We have the best hackers in the world. We do not need to drink or smoke...We do not drink, smoke, have drugs and we don't have AIDS, that's what you have got in the West." http://www.zdnet.com/zdnn/stories/news/0,4586,2411665,00.html - - - - - - - - - - - - - - - - - - Bill Would Outlaw Internet Drug Information Critics Say Measure Violates Free-Speech Rights The days of ordering bongs and pipes and other drug paraphernalia online, getting information on the medical uses of marijuana or instructions on growing hemp may go up in smoke if lawmakers have their way. A bill passed by the Senate in November seeks to make it illegal to provide any information online about marijuana. The measure also would increase penalties for drugs classified as methamphetamines, which go by street names such as "speed," "meth," "crank," "crystal-meth" and "glass." Free-speech advocates say the proposed law banning marijuana information violates the First Amendment. http://www.apbnews.com/newscenter/internetcrime/1999/12/20/pot1220_01.html - - - - - - - - - - - - - - - - - - First-e claims hate mail came from customer Anonymous accusation of customer 'chaos' is untrue, claims online bank Internet bank First-E has suggested that a disgruntled customer may have sent out an email to thousands of people claiming that money has disappeared from its customer accounts. General manager Richard Thackery says that this is the most likely explanation for the email that he describes as "factually completely inaccurate". http://www.zdnet.co.uk/news/1999/50/ns-12269.html - - - - - - - - - - - - - - - - - - FDA offers tips for buying medicines online With new Internet drugstores appearing every day, the U.S. government Monday outlined steps for consumers to avoid trouble when purchasing prescription drugs or medical devices online. The Food and Drug Administration unveiled an online guide with tips for safe shopping among the hundreds of Internet- based pharmacies, complete with an e-mail form for consumers to alert the agency of suspect Web sites. http://www.sjmercury.com/svtech/news/breaking/merc/docs/039761.htm - - - - - - - - - - - - - - - - - - Security Alert: HTML_THE_FLY HTML_The_Fly is a JavaScript worm that was posted on a hacker website on Dec. 14, 1999 and it is assumed to have originated from Argentina. This worm spreads via MIRC, PIRCH98 as an IRC Worm Trojan and spreads via Microsoft Outlook 98 and 2000 as spam mail, disguised as an attachment THE_FLY.CHM (Compiled HTML Help File -- *.CHM). The author of VBS_BubbleBoy has allegedly written this worm. http://www.antivirus.com/vinfo/security/sa121899.htm - - - - - - - - - - - - - - - - - - WM97/Ethan Most Popular Virus Monthly statistics published today by Sophos report that WM97/Ethan retains the "top slot" of computer viruses reported in the wild by the anti-virus software company. However, while the virus accounted for 12.6 percent of virus reports to the firm, the new WM97/Class-ED virus has shot into the charts at number two, with 11.3 percent of the reports. Third slot was taken by WM97/Marker-O, with 6.2 percent of the reports, up from fifth position in November. http://www.currents.net/newstoday/99/12/20/news6.html - - - - - - - - - - - - - - - - - - Linux Developers Gain More Antivirus Options Utility software provider Network Associates today announced that a version of its antivirus software development toolkit is now available to developers using the Linux operating system. McAfee's Virus Interface for Protective Early Response (VIPER) for Linux enables third party developers and service providers to embed the company's antivirus engine into Linux-based e-business applications, Internet appliances and managed service offerings. http://www.ecommercetimes.com/news/articles/991220-6.shtml - - - - - - - - - - - - - - - - - - Y2K Virus Outbreak Expected Recognizing that during the first six months of 1999 alone,companies and end-users experienced more than $7.6 billion in damages as a result of outbreaks of computer viruses, Network Associates Inc. today announced its tips for guarding against Y2K viruses. In an interview with Newsbytes, Networks Associates spokesperson, John Sun, acknowledged that his company was "expecting the worse over the holidays and Y2K." Because of these expectations, Sun said that Network Associates' virus researchers who form AVERT - the company's Anti-Virus Emergency Response Team - will be working in shifts around-the-clock beginning Dec. 27, and lasting through Jan. 4. http://www.currents.net/newstoday/99/12/20/news1.html - - - - - - - - - - - - - - - - - - Computer security teams brace for attacks Computer security teams are bracing for attacks by two programs hat enlist multiple systems to launch coordinated attacks on Web servers. Concern is mounting that the two programs, called Tribe Flood Network and Trinoo, will show their colors in the near future. The programs, when installed onto hundreds or thousands of computers, simultaneously bombard a select point on the Internet. If the information from the attackers comes fast enough, the target computer freezes up. http://news.cnet.com/news/0-1003-200-1501144.html - - - - - - - - - - - - - - - - - - eToys attacks show need for strong Web defenses Network-based attacks against eToys last week and the emergence of a particularly destructive method for launching such raids are fresh reminders of the need for e-commerce sites to keep their defenses sharp. Online retailer eToys has taken legal steps to prevent a Swiss art group from using the domain name etoy.com. Last week, that move prompted an Internet activist group to launch what are known as denial-of-service attacks on the toy seller's Web site with the intent of bringing it down. http://www.nwfusion.com/news/1999/1220etoys.html - - - - - - - - - - - - - - - - - - Security hole found in Click TV Web site A security hole in Click TV's Web site will allow access to individuals' email addresses and passwords through a simple routine which a five year old could crack. We will not reveal here how the system works but have independently verified that it is possible to obtain email addresses and passwords using a simple sequence of commands that take only a minute or so. The information was supplied by a reader who says that TV Data is one of the largest television listings firms in the US, used by many third party newspapers and magazines. http://www.theregister.co.uk/991218-000003.html?&_ref=647444474 - - - - - - - - - - - - - - - - - - An epidemic of hacking may prove to be worse than Y2K's millennium bug. HACKERS who broke into Eircom Net's Internet server last weekend and others who have attacked the servers of Cork Institute of Technology and RTÉ recently are indicative of an increase in criminal computer activity approaching the millennium, a computer security specialist warned this weekend. http://www.independent.ie/1999/352/b17g.shtml Digital vandalism hits Irish websites Site cracking: Eircom's share price may not be thriving, but at lunchtime on Friday, December 10th, its Internet subsidiary Eircom.net was looking positively sick. Someone had broken into its web server and defaced the main page, replacing it with one of their own. The replacement page appeared just after 1 p.m. and 15 minutes later Eircom shut down the site, along with some customers' sites. Eircom.net stayed down for six hours. It was the best-known one, but it was not the only Irish website affected in a binge of site-cracking that week. http://www.ireland.com/newspaper/computimes/1999/1220/compu3.htm - - - - - - - - - - - - - - - - - - Hack bugs Government's Y2K website A STATE Government website dealing with Y2K issues was taken down for the day today after a security breach. The password protected site at www.y2k.dpc.vic.gov.au was changed to show the name of a hacker calling themselves "Net Illusion", sometime between 7am and 8.30am. http://www.it.fairfax.com.au/breaking/19991220/A48742-1999Dec20.html - - - - - - - - - - - - - - - - - - Feds leave doors open for hackers After repeated break-ins through the same door, a shaken business owner likely would get the message and buy a sturdy lock, a big dog or a loud alarm. But many agencies have failed to follow such common sense. Repeated intrusions of federal World Wide Web sites reveal that agencies are not adequately training their IT sentries to take advantage of readily available systems security solutions. http://www.fcw.com/pubs/fcw/1999/1220/fcw-newshackers-12-20-99.html Federal Web sites that have been defaced since Oct. 20: http://www.fcw.com/pubs/fcw/1999/1220/fcw-newshackers-list-12-20-99.html - - - - - - - - - - - - - - - - - - (***EDITOR'S NOTE*** - I've been a Beta tester of this "game" and have been VERY impressed with it!) Security game: Playing for keeps DISA-produced game includes hacker attacks and budget constraints Would you be interested in a way to train network administrators about security that is fun and inexpensive? The Defense Information Systems Agency has produced a new interactive training CD that might fit the bill. CyberProtect is an interactive game that enables players to practice the implementation of network security without actually placing their production network at risk. http://www.fcw.com/pubs/fcw/1999/1220/fcw-newsgame-12-20-99.html - - - - - - - - - - - - - - - - - - DISA office secures spot in training CDs, videos help systems administrators understand security threats, defenses. Training has surfaced as a critical component of protecting federal information resources against modern-day cyberattacks, and one resource for information security training lies in the Defense Information Systems Agency's Infosec Program Management Office. The office has developed a series of CD-ROMs and videos that can be distributed physically or across an agency's network to provide employees with basic security awareness. http://www.fcw.com/pubs/fcw/1999/1220/fcw-newsdisa-12-20-99.html - - - - - - - - - - - - - - - - - - Top E-Shops Lack Privacy Protection Most popular shopping sites still sell your personal information, EPIC charges. Shoppers going online to pick up the latest gifts and gizmos may find that the Web sites they visit are picking up personal details about their habits and selling the data to marketers, according to a survey conducted by the Electronic Privacy Information Center, a leading privacy group. http://www.pcworld.com/pcwtoday/article/0,1510,14441,00.html - - - - - - - - - - - - - - - - - - Data sealed but delivered Surfers might assume the reassuring sight of a reliability or privacy seal on a Web site is a sign they won't be cheated and their privacy won't be violated. But they'd be only half-right. The four main seal programs do ensure that e-commerce sites use good business practices and offer redress if buyers feel they have been treated unfairly. But when it comes to privacy, they offer far less protection than their names imply. http://www.usatoday.com/life/cyber/tech/ctg933.htm - - - - - - - - - - - - - - - - - - Privacy Advocates Like New Crypto Regs Computer privacy advocates are hailing the Clinton Administration's latest crack at encryption regulations as a major improvement over the draft regulations unveiled earlier this year. "There are a few flaws, but there are not the monumental deal killers" that were present in the first draft, Americans For Computer Privacy (ACP) spokesperson Sue Richard told Newsbytes today. "This draft comes a lot closer to addressing the promises made" by the Administration, she said, adding that the ACP is "very encouraged" by the progress that has been made. http://www.newsbytes.com/pubNews/99/141044.html - - - - - - - - - - - - - - - - - - EU and U.S. extend data privacy negotiations The European Union and U.S. government have set March as the new deadline for reaching agreement on data privacy, a Commission spokesman said today. However, the two sides have still failed to resolve their fundamental differences over how best to ensure consumer have clear dispute settlement rights when privacy violations occur. The U.S. advocates industry self-regulation. European nations favor legislation. This conflict could delay the prospects for reaching an agreement to later in the year. http://www.computerworld.com/home/news.nsf/all/9912201privacy - - - - - - - - - - - - - - - - - - If All the World's a Computer... Privacy: When technology hooks us up in one enormous network, will we have any secrets left? Any time, anywhere: that is the promise the captains of technology make us, even as we struggle with our existing machines, our cranky software and our creaky Internet. They mean it too. Imagine this: computers that enfold you, like a second skin. Rooms that come alive with sensors, cameras and embedded chips, allowing them to "know" you and adjust to your preferences when you arrive. Cars that monitor not only traffic but also your vital signs, and tell you when you're not fit to be on the road. http://www.newsweek.com/nw-srv/printed/us/st/a64686-1999dec19.htm - - - - - - - - - - - - - - - - - - Firm may have fix for e-mail gaffes Ever fired off an e-mail only to have it come back to haunt you? John Blumenthal can relate. He started his Colorado Springs e-mail security company, QVtech Inc., last year after an email he wrote ended up in the wrong hands. QVtech allows an e-mail sender to control what happens to an message once it's sent and even program it to self-destruct in the future. Blumenthal said he came up with the idea when, as a consultant working on a technology project for a Tokyo bank, he sent an e-mail to his boss complaining of the problems he was having with the Japanese client. His boss promptly forwarded his message to bank officials in Japan. "I felt like I had a heart attack," said Blumenthal of his embarrassment. http://www.denverpost.com/business/biz1220a.htm - - - - - - - - - - - - - - - - - - DSL Suppliers Boost Security Features In a bid to assuage IT managers' concerns about remote PC security related to the deployment of DSL and cable modem services, vendors are prepping a series of products that offer better security features. This week, 3Com will ship its PathBuilder S500 switches with support for VPN connections over DSL links, with prices starting at $17,995. VPNs use encryption to carve out secure tunnels to carry traffic between a remote client and a server. http://techweb.com/wire/story/TWB19991220S0005 - - - - - - - - - - - - - - - - - - AT&T is beefing up its VPN offering AT&T earlier this week announced that its Virtual Private Networking Service customers now have more ways to keep their data secure over the Internet. AT&T is supporting the IETF's IP Security (IPSec) protocol, Layer 2 Tunneling Protocol and the industry standard Point-to-Point Tunneling Protocol. Prior to these latest enhancements AT&T was only offering its customers TCP clear path tunneling. http://www.nwfusion.com/news/1999/1217attvpn.html - - - - - - - - - - - - - - - - - - Shackling Online Hackers: Encryption Applications Provide Security Solutions, Growth Opportunities. Data security is no longer a speculative concern, but an immediate necessity. Burgeoning e-commerce opportunities, demonstrable ROI for companies using security networks and the fear of intellectual property theft are driving U.S. encryption application market growth. http://biz.yahoo.com/bw/991220/tx_frost_s_2.html - - - - - - - - - - - - - - - - - - Hacker threat almost spoiled holidays for DVD makers THINK of him as the Grinch who almost stole DVD's first big Christmas. A week before the start of digital video disc's breakout-sales season (mid-November through early January), news arrived that a resourceful Norwegian hacker had cracked a DVD security code or CSS (content scrambling system), making it possible to download information off a disc played on a computer's DVD-ROM. http://www.mercurycenter.com/svtech/news/indepth/docs/dvd121999.htm - - - - - - - - - - - - - - - - - - Troubleshooting IP Security Problems Unauthorized users can access your sensitive information using several methods. Depending on your level of security, intruders can log on to a computer and access the data, capture packets going across your network, or sniff packets traveling over a public network such as the Internet. To help you combat such threats, Microsoft has included a new service called IP Security (IPSec) with Windows 2000 (Win2K) that offers machine-based authentication. http://www.winntmag.com/Articles/Content/7831_01.html