July 20, 2000 FBI Seizes ex-official's computer hard drive The FBI has seized a computer hard drive used by former Energy Department intelligence chief Notra Trulock, concerned that he may have included classified data in a proposed article, The Washington Post reported on Thursday. The Post quoted senior U.S. officials as saying the FBI obtained the hard drive after officials at the CIA and other federal agencies expressed concern about the possible leak of classified information. FBI spokesman John Collingwood told the paper that the FBI ''received information from other government agencies that classified information was subject to possible compromise.'' http://www.mercurycenter.com/svtech/news/breaking/reuters/docs/216852l.htm - - - - - - - - - - - Biggest German free e-mailer hacked The third major problem in several weeks hit the biggest German free e-mail provider GMX, when a hacker changed 1,625 passwords of users. Customers of the service told ZDNet that the hack occurred after opening an e-mail with a Trojan horse. Last Friday, all e-mails of 118,000 users were deleted by accident. And a few weeks ago, a "lightning strike" disabled all the file servers of the company. http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2605773,00.html - - - - - - - - - - - The technology behind FBI's 'Carnivore' The law enforcement agency's secret box for sniffing emails may run on Windows NT - but details are still a mystery. The FBI's email snooping "Carnivore" -- now the centre of a fierce debate over privacy -- began life on a store shelf. What would later become an email monitoring system rankling civil libertarians and Internet service providers had rather humble beginnings as a commercially available email sniffing program, FBI officials said Tuesday. FBI engineers went to work on it 18 months ago, and within a year added enough bells and whistles to create a telephone tap for the 2000s -- and scandal over just how much information the program is able to cull. For the last two weeks, the FBI has been quiet about Carnivore, which it has been using with judges' permission since March to sift through email messages that flow through some of the world's ISPs. But it will be doing a lot more talking beginning Monday. The bureau will trot out its chief technologist, Marcus C Thomas, to brief the press about Carnivore. Hours later, Thomas and others will be on Capitol Hill, telling Congress the same facts and figures. http://www.zdnet.co.uk/news/2000/28/ns-16738.html - - - - - - - - - - - Another security hole found in Microsoft's Outlook A newly discovered vulnerability in Microsoft Corp.'s Outlook and Outlook Express e-mail clients could give outsiders access to a remote computer simply by sending it an e-mail message. And unlike the wave of viruses that have hit PCs worldwide in the last few months, this hole can be exploited without the recipient even opening the message. "This has managed to accomplish what everyone hoped wasn't possible -- compromising a machine by just sending it an e-mail," said Ben Venzke, manager of intelligence production at iDefense Intelligence Service, a computer security firm in Alexandria, Va. http://www.zdnet.com/eweek/stories/general/0,11011,2605668,00.html - - - - - - - - - - - Computer experts find AutoCAD virus Researchers at a Russian antivirus company announced Thursday that they have discovered what they say is the first computer virus that infects AutoCAD, a popular architecture and design tool. AutoCAD, made by San Rafael, Calif.-based Autodesk, Inc., is the most popular professional design program in the world, used by architects and engineers to draft buildings, roads, landscapes or furniture. Kaspersky Lab calls the virus, named ACAD.Star, an ``extremely primitive'' and tiny macro virus, just over 500 bytes in length. A macro is a set of commands used to automate or speed up repetitive processes. There are many macro viruses, frequently found in Microsoft's Word or Excel office software. http://www.mercurycenter.com/svtech/news/breaking/ap/docs/221167l.htm - - - - - - - - - - - Security guru: Napster a security risk Music execs, Metallica and copyright lawyers have already registered their protests about the free online jukebox known as Napster. Add to the list another group of skeptics: network security experts and administrators. Technicians who run those large computer networks are increasingly voicing concerns over the security risks the online music downloads pose. "We call it risky Internet behavior," says Chris Rouland, director of research at Atlanta-based Internet Security Systems Inc., a leading computer security firm. The risk comes from users opening up their computers to anonymous Web surfers who select music files to download to their own computers. http://www.zdnet.com/zdnn/stories/news/0,4586,2605466,00.html - - - - - - - - - - - FBI program here aims to protect businesses from cybercrime and hackers The FBI is launching an effort in the St. Louis area to alert companies and other institutions about computer viruses or other cyberattacks. The effort, a chapter of the FBI's nationwide Infragard program, also will help companies share informationconfidentially about cybercrimes and ways to prevent them. http://www.postnet.com/postnet/stories.nsf/News%2FToday's%20Post%2FThis%20Week%2FBusiness/29785A600873C43B86256922003D447C - - - - - - - - - - - IE will warn users about 'cookies' Microsoft Corp. will announce a major change to the newest version of its dominant Internet browser, unveiling a feature that will better warn consumers when Web sites attempt to implant "cookies," which can be used in some circumstances to track Web surfing by consumers. The warning -- which will appear as a pop-up, on-screen box -- will allow users of Microsoft Internet Explorer to reject attempts by third-party Web sites, such as advertising companies, to plant cookies. Privacy experts have long complained about the practice, which could be used to quietly log which Web sites a person visits. http://www.zdnet.com/zdnn/stories/news/0,4586,2605551,00.html - - - - - - - - - - - States sue to stop Toysmart from selling customer info In a filing with a federal court today, 39 states requested that a bankrupt online toy retailer be prevented from selling personal information about its customers. Waltham, Mass.-based Toysmart.com declared bankruptcy in June and asked a federal bankruptcy court for permission to put all its assets, including its customer records--such as names, addresses and credit card numbers--up for sale despite a privacy policy that assured customers the information would remain private. http://news.cnet.com/news/0-1007-200-2307727.html - - - - - - - - - - - Movie studios target Scour with copyright lawsuit The Motion Picture Association of America sued Scour.net today, charging that the Web site has contributed to massive violations of the movie studios' copyrights--much as Napster has been charged in the record industry's case. While the movie studios have weighed in on the record industry's suit against Napster, it's the first time they've filed their own lawsuit against a file-sharing company that allows movie trading online. The Recording Industry Association of America (RIAA) and the National Music Publishers Association (NMPA) joined the Motion Picture Association of America (MPAA) in its suit. http://news.cnet.com/news/0-1005-200-2302214.html - - - - - - - - - - - RIP Bill nearly law, critics say more changes needed Legislation that will give UK police more power to snoop on Internet users is on the verge of becoming law after passing through a third and final reading in the House of Lords Wednesday. Despite significant amendments to the Regulation of Investigatory Powers (RIP) Bill, opponents remain convinced that once it becomes law it will damage Britain's e-business credibility. Changes made in the Lords introduced safeguards that give companies the right to sue law enforcers if negligence is suspected in the handling of sensitive information. A further amendment made it incumbent on the police to inform a senior judge before they can capture encryption keys. http://www.zdnet.co.uk/news/2000/28/ns-16742.html - - - - - - - - - - - EU to regulate spam and cookies The European Commission is considering regulating the use of spam and cookies on the Internet. Spam, or unsolicited commercial e-mail, and cookies, files stored on an Internet user's computer which enable their visits to web sites to be tracked, are two of the less digestible aspects of life on the Internet today. The commission's move is part of a proposal for a new regulatory framework for telecommunications, which will pave the way to tighter data privacy protection for all electronic communications, commission officials explained Thursday during a technical briefing. http://idg.net/ic_203436_1773_1-483.html - - - - - - - - - - - Laws protecting consumers online need revision Observers have called for a review of UK laws that protect consumers from the sort of security blunders that saw thousands of Powergen customers' credit card details published on the Internet this week. Experts say current legislation does little to protect consumers and argue that unless positive steps are taken, a lack of consumer confidence could scupper Tony Blair's vision of a successful "e-Britain". According to the 1998 Data Protection Act, Powergen's customers are not entitled to any financial compensation except anybody who suffers credit card fraud or other damages. Powergen has offered customers affected by the security breach £50 compensation each for the inconvenience. http://www.zdnet.co.uk/news/2000/28/ns-16758.html - - - - - - - - - - - FTC Commissioner Warns Industry of Pending Privacy Laws Companies doing business on the Web need to act soon to show they can sort out on their own concerns raised by consumer privacy groups, or else Congress is going to do it for them, a key member of the Federal Trade Commission said today. Speaking at a luncheon on consumer privacy at the US Chamber of Commerce today, FTC Commissioner Orson Swindle urged business leaders in town for the conference to pay a visit to their state lawmakers and showcase the steps they have taken to protect the privacy rights of its customers. http://www.newsbytes.com/pubNews/00/152469.html - - - - - - - - - - - Paranoia Runs Deep at Hacker Convention The 'phreaks' and geeks at H2K wore disguises and used code names while listening to talks about not selling out to 'The Man.' "I don't want to be recognized," says the guy in the yellow poncho and Groucho Marx glasses. "People at my office knew I wanted to come here, so I have to be careful." http://www.thestandard.com/article/display/0,1151,17002,00.html - - - - - - - - - - - To heck with hactivism Do politically motivated hackers really think they're promoting global change by defacing Web sites? The keynote address at a typical hacker convention is delivered by the "Wizened Security Guru," usually an ex-CIA spook who wows the crowd with cloak-and-dagger tales. If he's not available, then the honor may fall to the "Hot Young Programmer," invariably a cocky coder who recounts his latest "eureka!" moment. But at last weekend's third-ever Hackers on Planet Earth convention, nicknamed H2K, the featured speaker was a confessed techno-idiot, a man who denies ever having so much as pressed an "ESC" key: Jello Biafra, ex-frontman for punk provocateurs the Dead Kennedys. http://salon.com/tech/feature/2000/07/20/hacktivism/index.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.