June 22, 2000 'Stages' scribe: 'I'm not fooling anybody' "Zulu" is an Argentine programmer in his 20s who writes viruses in his spare time. His "works" include the much publicized Bubble Boy and Monopoly viruses. His latest creation, the virus Stages.Worm, has everyone talking about him again. Although he is not very fond of the press, Zulu agreed to give an exclusive interview under condition of anonymity, to clear up some misunderstandings about what occurred this week. http://www.zdnet.com/zdnn/stories/news/0,4586,2592429,00.html 'Stages' worms into Australian university Despite regular updates to its anti-virus software, the University of Southern Queensland suffered at the handiwork of the Stages worm, which flooded the campus' e-mail systems and infected as many as 180 desktop machines. USQ's mail servers were shut down for about 24 hours as IT staff scanned machines overnight, removing each of the worm's attachments from the systems. http://www.zdnet.com.au/zdnn/stories/zdnn_display/au0003512.html - - - - - - - - - - - - - - Energy orders tighter security Energy Secretary Bill Richardson told Congress Wednesday that he has ordered tough new security measures in the wake of the lost and found saga at Los Alamos National Laboratory. Testifying before a hostile Senate Armed Services Committee, Richardson said the lab’s security policies have been under review since the disappearance of two computer drives containing nuclear secrets. The drives were found last week behind a copying machine, and the FBI is investigating why they could not be found for more than a month. http://www.fcw.com/fcw/articles/2000/0619/web-alamos-06-22-00.asp - - - - - - - - - - - - - - Cell Phone Virus Hoax This hoax has been forwarded due to misinformation related to an Internet worm named VBS/Timofonica. Although the script did send notice messages to phone users on a specific subscription service, the information below is completely unrelated. http://vil.nai.com/villib/dispvirus.asp?virus_k=98695 - - - - - - - - - - - - - - UN aide wants Web drug crime pursued like genocide A U.N. official said Thursday he wanted to crack down on use of the Internet in trading illegal drugs by classifying such dealings via the World Wide Web as a universal crime like genocide or war crimes. Pino Arlacchi, head of the Vienna based United Nations Office for Drug Control and Crime Prevention, said his office was exploring giving so-called ``universal jurisdiction to Internet crimes because wrongdoing in cyberspace so easily evades traditional national jurisdictional lines. http://www.mercurycenter.com/svtech/news/breaking/merc/docs/032715.htm - - - - - - - - - - - - - - U.S. appeals court rules against Internet porn law A federal appeals court ruled the U.S. government's latest bid to restrict Internet pornography unconstitutional Thursday, dealing a fresh blow to congressional efforts to protect minors from online smut. In a unanimous decision, a three-judge panel of the 3rd U.S. Circuit Court of Appeals reluctantly upheld an earlier ruling by a lower court judge who found that the Child Online Protection Act violated the First Amendment right to free speech. http://www.mercurycenter.com/svtech/news/breaking/merc/docs/050423.htm - - - - - - - - - - - - - - Home Office to retreat on cyber-spying bill The Home Office is preparing to retreat on the most controversial aspects of the oft-condemned, cyber-snooping RIP (Regulation of Investigatory Powers) Bill, according to the British Chamber of Commerce (BCC). The BCC suggested the government intends to amend RIP in order to smooth its path through the House of Lords, where serious concerns about the legislation have been raised. "The message from our conversations with the Home Office is that they are prepared to move on some of the areas causing concern to business," said a BCC spokesman. http://www.zdnet.co.uk/news/2000/24/ns-16179.html - - - - - - - - - - - - - - Online Snafu exposes CIA names A classified 1954 CIA file recently released on the web in redacted form by the New York Times, is being re-released by a noted cypherpunk archivist with the names of foreign agents restored, courtesy of a blunder in the method the newspaper used to conceal that information. The Times released the report titled "Overthrow of Premier Mossadeq of Iran" on their web site Sunday. The document details the secret history of CIA and British officials' successful efforts to engineer the 1953 coup that overthrew Iran's elected leadership. It sheds light on the genesis of the CIA's use of illegal covert operations throughout the cold war. http://www.securityfocus.com/templates/article.html?id=51 - - - - - - - - - - - - - - Cos. wary of sharing cybersecurity Corporations insist they won't fully participate in any national cybersecurity efforts unless they get Freedom of Information Act waivers and lawsuit protection. Businesses say they're afraid that if they share private information with the federal government to help fight off hacker attacks, it would be made public with an FOI request and used against them. http://www.mercurycenter.com/svtech/news/breaking/ap/docs/125659l.htm http://www.newsbytes.com/pubNews/00/151071.html - - - - - - - - - - - - - - Team to Quash Hackers, Expert Says The simple act of reporting hackers to authorities is one of the most effective weapons businesses can use to fight cybercriminals, but it is also among the most rarely used. "Companies are naturally resistant to tell the world they have been victims of fraud. They are afraid people will laugh at them," says Pottengal Mukundan, director of the International Chamber of Commerce's Commercial Crime Services division. http://www.pcworld.com/pcwtoday/article/0,1510,17334,00.html - - - - - - - - - - - - - - Directives issued on federal use of Internet tracking software The Clinton administration's budget office issued strict new rules Thursday for how government agencies use software to track Internet users and ordered all departments to immediately review their compliance with existing privacy policies. http://www.mercurycenter.com/svtech/news/breaking/merc/docs/046892.htm - - - - - - - - - - - - - - Australian Govt Asks WIPO To Rid World Of Cybersquatters The Australian Federal Government has joined with a number of other nations to call on the World Intellectual Property Organisation (WIPO) to develop international guidelines and policies to prevent cybersquatters reserving the Internet domain names of legitimate businesses and keeping them out of the reach of their namesakes. http://www.newsbytes.com/pubNews/00/151015.html - - - - - - - - - - - - - - Obscure rock band urges dirty deeds against Napster A San Francisco Bay Area rock band is waging an unconventional war against Napster. The band, The Tabloids, has launched a Web site, Stopnapster.com, that urges people to sabotage the controversial music-sharing service by mislabeling songs posted to Napster's site. It also calls for releasing songs to Napster that have anti-piracy speeches inserted randomly in the music. http://news.cnet.com/news/0-1005-200-2128478.html - - - - - - - - - - - - - - Body parts, odors key to Army networks The Army, its computers increasingly under assault from hackers, is about to begin using security systems that identify parts, voice patterns and even body odors to replace the password-based systems that now control access to everything from battlefield weapons to officers' clubs. "007 is here," says Phillip Loranger, a civilian who was named the Army's first biometrics director in March. "In fact, he's been here for a while." He adds that although a computer "recognizes a password, biometrics can validate identity. It can lock in on a person (as well as) a user ID." (***EDITOR'S NOTE - Phil was a guest instructor at Silicon Valley's HTCIA Training Conf. in May and NewsBits subscriber. Good job Phil!) http://www.usatoday.com/life/cyber/tech/review/crh249.htm http://www.fcw.com/fcw/articles/2000/0619/web-bio-06-21-00.asp - - - - - - - - - - - - - - Net enables global crime sprees CRIMINALS have always been ahead when it comes adopting new technologies, but never before has there been anything like the Internet, which means that a few malicious keystrokes in one part of the world can cause huge problems for a corporation thousands of miles away. "Risk is now chaotic and complex in a way that a small incident in one place can become a major incident in another place that you hadn't even thought of," said Nick Beale, research and development officer for intelligence services group Infrastructure Defense U.K. http://infoworld.com/articles/hn/xml/00/06/22/000622hnglobal.xml - - - - - - - - - - - - - - Network security threats growing NETWORKS face three vulnerabilities: physical security problems, logical security problems such as computers within a network, and security problems involving people -- all of which should be equally important to businesses, according to a British Telecommunications executive speaking here at InfowarCon Thursday. "We are potentially vulnerable in just about anything we do anywhere," said William Morris, manager of policy and system integrity for London-based BT's group security. http://www.infoworld.com/cgi-bin/deleteframe.pl?story=/articles/hn/xml/00/06/22/000622hnthreats.xml - - - - - - - - - - - - - Coming soon: A virus in the Palm of your hand? Although a recent computer "virus" affecting cell phones in Spain caused a stir, computer security experts say a more inviting target for bug authors in the near future will be hand-held computers such as the Palm Pilot and Handspring's Visor. So far, hand-held devices, often used to "sync" or interface with Web sites and other e-mail devices freely, have been virus-free since Palm introduced its first Pilot in 1996. But unlike cell phones, hand-held technology is vulnerable, experts say, because it is more evolved and more functional. http://www.digitalmass.com/news/daily/06/22/pda_viruses.html - - - - - - - - - - - - - - When "Love" hits your "Resume" and it isn't so "Funny" What's in a name? Everything, when it comes to computer viruses. Virus writers get poor marks from security experts for their packaging efforts. But occasionally they hit on an effective ruse, as the "Stages" outbreak shows. Using simple email headers such as "Jokes" and an attachment disguised as a harmless text file, the virus gained sufficient momentum to shut down corporate email systems early this week. http://news.cnet.com/news/0-1005-200-2122854.html - - - - - - - - - - - - - - Software Acts As Robotic Hacker The best way to determine if your IT infrastructure is secure is to have a hacker try to break into your corporate systems. Short of that, software that simulates attacks is the next best thing. Wednesday, Sanctum rolled out an automated audit tool that analyzes Web applications, points to security glitches, and provides advice on how to fix any vulnerability. http://www.techweb.com/wire/story/TWB20000621S0013 - - - - - - - - - - - - - - Intel admits wireless security concerns The head of Intel's Wireless Competency Centre admits that security is a serious concern in the company's future vision of wireless technology and mobile Internet. Speaking at Intel's Wireless Competency Centre in Stockholm this week managing director Leif Persson acknowledged hugely complicated wireless environments are causing them serious anxiety. http://www.zdnet.co.uk/news/2000/24/ns-16164.html - - - - - - - - - - - - - - Laptops get car immobiliser style security The iKey slots into the USB port and restricts physical and network access to authorised personnel. It must be used in conjunction with a randomly generated four digit pin before a user may log on. Once on the system, the pin number identifies the user to the server using Internet key exchange standard protocol encryption. This means that even if the authentication process is monitored by alien software, it cannot be duplicated later. It also makes it impossible for hotdeskers to log on using a collegues id. http://www.theregister.co.uk/content/2/11528.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.