December 23, 1999 AOL reports alleged terrorist threat in chat room A New Jersey man was arrested by federal agents after he allegedly posted a message in an America Online chat room threatening to leave a van filled with explosives in a tunnel leading to New York City. Renato DeSousa Flor was arrested yesterday by members of the Joint Terrorism Task Force after AOL alerted the force about the posting of the threat in a chat room. The message was sent using an AOL email account. http://news.cnet.com/news/0-1005-200-1504779.html - - - - - - - - - - - - - - - - - - Hacker, 14, in jail over ransom scheme A 14-year-old hacker who held a Toronto e-commerce company for ransom will spend Christmas in jail. He was held over in custody to Jan. 4 at his bail hearing yesterday on request of his lawyer. Meanwhile, Toronto police are scanning his hard drive, seized from his computer, to see just what else the juvenile hacker has been up to. "We have no idea how far this goes or if this is the only company that has been victimized," said Det. Myron Demkiw of the west-end 14 division. He was guarded about the youth's technique and background because the accused is a young offender. However, Jim Carroll, co-author of the Canadian Internet Handbook, says the youth probably isn't a computer genius. "Most of the time hackers can do what they do because of negligence on the part of the network administrators," he said. http://www.canoe.ca/TechNews9912/23_hacker.html - - - - - - - - - - - - - - - - - - Internet Well Guarded For Y2K Attacks New Year's weekend would not be a good time to try to take down the Internet, said the nation's Y2K chief on Thursday. The nation's industries and government agencies are on heightened alert to system vulnerabilities with the year 2000 date changeover. The Internet is critical, not only to many industries, but to the economy in general for commerce and communications. Twenty-five information security companies and organizations have formed the Y2K Cyber Assurance National Information Center to track the Internet during the rollover. http://techweb.com/wire/story/TWB19991223S0002 - - - - - - - - - - - - - - - - - - Hackers say they'll take off New Year's Two hacking groups have struck again, defacing several Web pages around the Internet. This time, however, they have a message for others looking to circumvent security on the Net: Don't hack over the New Year's weekend. "STOP HACKING FOR ONE DAY, FROM 31th DECEMBER 1999 TO 1st JANUARY 2000," read a one-line message that one group, using the handle Verb0, inserted into several sites, including online games site Echelon Entertainment, on Tuesday. On Wednesday, Hackers In Paradise, a group that has claimed responsibility for defacing more than 30 sites, including chat site Talk City's main page, put up a Web page calling on other hackers not to hack over the New Year's weekend. http://www.zdnet.com/zdnn/stories/news/0,4586,2413134,00.html - - - - - - - - - - - - - - - - - - Hackers more 'perilous than Y2K bug' Computer hackers and rogue virus programmes transmitted via the internet may be a bigger threat to critical information technology systems than the much-anticipated "millennium bug", security experts in the US are warning. CERT, an organisation funded by the US Defence Department to co-ordinate responses to computer security threats, has identified at least seven new damaging virus programmes set to activate on January 1. These are designed to mimic a year-end problem in which the computer is unable to recognise Year 2000 dates, but they may also erase or damage stored data. http://www.ft.com/hippocampus/q30edfa.htm - - - - - - - - - - - - - - - - - - As New Year nears, threat of Net attack program mounts A new and potentially more dangerous version of an Internet attack program has been posted just in time for the holidays, and another is on the way. A new version of a malicious program called the Tribe Flood Network (TFN) is more powerful and harder to detect than an earlier version, according to experts. And an updated sister program called Trinoo is due to be released next week. Few incidences of their use have been publicly acknowledged, but experts are warning sites to prepare against attacks that may coincide with New Year's. Widely anticipated problems owing to the Y2K computer glitch may provide cover for other mischief. http://news.cnet.com/news/0-1003-200-1504709.html - - - - - - - - - - - - - - - - - - Computer viruses 'poised for ambush' on New Year's Day Millennnium bug viruses may have infected computers, where they will lie dormant until 1 January, after which they will wreak havoc when the machine is next switched on. The warning about "millennium bug viruses" has come from a number of companies that write "anti-virus" software. They say they have detected half a dozen such viruses, transmitted via e-mail, and that more may already have been sent. http://www.independent.co.uk/news/Digital/Update/milbug231299.shtml - - - - - - - - - - - - - - - - - - ACLU Sues Over Effort to Ban Y2K Video The American Civil Liberties Union has filed a lawsuit against top law enforcement agencies for trying to ban an online fictional video about a supposedly secret plot by the U.S. military to spark a race riot in Times Square on New Year's Eve. http://www.apbnews.com/newscenter/internetcrime/1999/12/22/videosuit1222_01.html - - - - - - - - - - - - - - - - - - Firms probed for breach of Web privacy The Privacy Commissioner has launched an investigation into 16 companies and Internet groups with Web sites for alleged breaches of privacy laws. Commissioner Stephen Lau Ka-men yesterday announced the investigation the first of its kind as he warned of a rising Internet commerce culture insensitive to the privacy of customers. ''Some of the companies we have contacted did not even know their obligations and responsibilities in using personal data they had collected,'' he said. ''The Internet industry is young in Hong Kong and the awareness level is quite low.'' The 16 Web sites all appear to have breached privacy laws by not posting a statement stating how personal data collected from customers or Web page visitors would be used. http://www.technologypost.com/internet/DAILY/19991223094643506.asp - - - - - - - - - - - - - - - - - - Security hole found in Norton antivirus app KeyLabs tests confirm e-mail scanner fears in AntiVirus 2000 Viruses are scary, especially e-mail viruses. They strike mercilessly, without warning or recourse. However, considering a recently discovered security hole within Symantec’s Norton AntiVirus 2000, it now appears that e-mail virus-scanning applications themselves can be just as scary as the viruses they seek to eradicate. http://www.msnbc.com/news/349602.asp - - - - - - - - - - - - - - - - - - New Javascript vulnerability discovered in Microsoft Internet Explorer - reported by Georgi Guninski, IE 5.01 allows circumventing "Cross frame security policy" by using the external.NavigateAndFind routine. Access to local files is possible by malicious web site operator. http://www.securityportal.com/list-archive/bugtraq/1999/Dec/0263.html - - - - - - - - - - - - - - - - - - Microsoft fixes bug in Mac version of Outlook Express Microsoft has issued a software patch designed to fix a security glitch in the Macintosh version of its Outlook Express 5.0 e-mail client. The vulnerability could allow attachments of HTML mails to be automatically downloaded onto a user's computer, according to a bulletin issued yesterday by Microsoft's security notification service. Outlook Express isn't supposed to download mail attachments until a user requests it to do so. http://www.nwfusion.com/news/1999/1223outlook.html - - - - - - - - - - - - - - - - - - New Ways of Securing Online Data The problem with passwords is that there are so many of them, a problem the computer industry is confronting with solutions that range from virtual key rings to smart cards that do all of the logging in for you. The basic solution is to store the passwords in a file called a key ring. This file is usually encrypted with a master password, ideally one that is easy to remember. Key rings have been used for many years, but lately researchers have concentrated on making them easier to use by integrating them with the many Web sites that require passwords. (NY Times article; free registration required) http://www.nytimes.com/library/tech/99/12/circuits/articles/23next.html