August 15, 2000 FBI, Mounties hunt Internet hackers RCMP are working with the FBI to track down computer hackers who overloaded an Edmonton-based Internet service provider yesterday, denying access to some customers. Edmonton RCMP found the "denial of service" attack on OA Group Inc.'s server that barred subscribers from logging on to their Internet accounts originated in Chicago and they were working with the FBI to zero in on the culprit, said RCMP Cpl. Gibson Glavin. "We work with the FBI regularly in this section working with Internet crime," he said. http://www.canoe.ca/TechNews0008/15_hackers.html - - - - - - - - - - FBI could do better job defending Carnivore Less than a year ago, when a top priority of privacy advocates was to get rid of the U.S. government's tight encryption export policy, government officials told an interesting anecdote that helped explain why they wanted to maintain the tight controls. They said the investigators who cracked the case of the 1993 World Trade Center bombing in New York were able to capture evidence from the bomber's laptop only because he used low-grade encryption. Had he used the stronger encryption that at the time was being restricted, evidence needed to convict him would have been much harder to obtain. http://www.nwfusion.com/news/2000/0815fbidefend.html - - - - - - - - - - Cobb squad clicks on computer crime The bomb threat appeared in an American Online chat room. Someone in cyberspace said they were going to blow up Walton High School. A man saw the message and alerted Cobb County police. That's where Detective Gary Lowe and his high-tech crime unit picked up the trail. He traced the message to an account in Indianapolis. That didn't make sense. Why would someone in Indiana threaten a suburban Atlanta school? He got his answer when he learned that a hacker had stolen the password for the Indianapolis account. http://www.accessatlanta.com/partners/ajc/epaper/editions/tuesday/local_news_93892e49936c60351001.html - - - - - - - - - - A bumper crop of break-ins This morning the press covered a mixed bag of security troubles at Bloomberg, Safeway U.K. and Verizon. The first two suffered embarrassing break-ins; Bloomberg provided a rare happy ending. Bloomberg's story was the most dramatic -- the company's founder and chief played a role in the arrest of two extortionists -- but the Bloomberg news agency itself played the story short and cool. http://www.mercurycenter.com/svtech/news/breaking/internet/docs/310905l.htm - - - - - - - - - - U.S. Court orders FCC to rewrite wiretap rules A U.S. federal appeals court on Tuesday ordered federal regulators to rewrite rules that would require phone companies to turn over certain data about wireless calls being sought by law enforcement officials for investigations. The Federal Communications Commission failed to adequately address privacy and cost concerns raised by telephone companies and privacy advocates, according to a ruling issued by the U.S. Court of Appeals for the District of Columbia. http://www.mercurycenter.com/svtech/news/breaking/reuters/docs/311289l.htm - - - - - - - - - - Experts corroborate Windows, IE security hole Security experts today confirmed that certain configurations of Microsoft's Windows operating system and its Internet Explorer Web browser are open to a potentially dangerous vulnerability allowing a malicious programmer to take over a computer through local and remote folders. As previously reported by CNET News.com, security consultant Georgi Guninski yesterday published a report on the vulnerability, which is triggered when folders accessed through Microsoft Networking are viewed as Web pages. The problem occurs in Windows 98 and is the default setting in Windows 2000, he wrote. http://news.cnet.com/news/0-1005-200-2530362.html - - - - - - - - - - Firm Tracking Consumers on Web for Drug Companies A Boston technology firm is surreptitiously tracking computer users across the Internet on behalf of pharmaceutical companies, a practice that demonstrates the limits of a recent agreement to protect the privacy of Web surfers. By invisibly placing ID codes on computers that visit its clients' World Wide Web sites, Pharmatrak Inc. can record consumers' activity when they alight on thousands of pages maintained by 11 pharmaceutical companies. For example, the company can tell when the same computers download information about HIV, a prescription drug or a company's profits from different sites. http://washingtonpost.com/wp-dyn/articles/A25494-2000Aug14.html - - - - - - - - - - Cybersquatting Rules Delayed - WIPO A United Nations organization that plays a central role in policing disputes over Internet addresses has pushed back a deadline for comments on a proposal to fine-tune its definitions of what constitutes "cybersquatting." The World Intellectual Property Organization (WIPO) had originally picked today as the deadline to receive input on the terms of reference for what it's calling the Second WIPO Internet Domain Process. That deadline is now set at Sept. 15. http://www.newsbytes.com/pubNews/00/153688.html - - - - - - - - - - FAA to develop security certification The Federal Aviation Administration is on the verge of awarding a contract to develop a certification program for FAA information systems security workers. The FAA announced plans Aug. 11 to make a sole-source award to the International Information Systems Security Certification Consortium 2 (ISC 2), a nonprofit corporation that develops certification programs for information systems security practitioners. http://www.fcw.com/fcw/articles/2000/0814/web-faa-08-15-00.asp - - - - - - - - - - Lab certified to test security software The government has certified CygnaCom Solutions Inc.’s Security Evaluation Laboratory to test information security software based on international criteria established to assure users that security products perform the functions that vendors claim. The laboratory accreditation, announced Monday, comes from the National Infrastructure Assurance Partnership (NAIP), a collaboration of the National Institute of Standards and Technology and the National Security Agency. The partnership oversees the certification of laboratories and testing of products under the Common Criteria evaluation and validation program, an international standard that experts are encouraging civilian agencies to consider when purchasing security products. http://www.fcw.com/fcw/articles/2000/0814/web-lab-08-15-00.asp - - - - - - - - - - Windows 2000 Patch Broke Firewalls Several popular firewall products rendered ineffective by a Windows 2000 fix are back on the job, with patches from the manufacturers. Zone Labs' ZoneAlarm 2.1 and Network ICE's BlackICE Defender 2.1 are among the firewalls that would not function properly when used with a service pack update to Microsoft Windows 2000, released earlier in August. http://www.pcworld.com/pcwtoday/article/0,1510,18051,00.html - - - - - - - - - - Sigaba Enhances E-Mail Security Recent attention to the FBI's "Carnivore" e-mail sniffer has privacy-minded Netizens looking for e-mail encryption options, and Sigaba is releasing a free end-user product this week. SigabaSecure uses the 128-bit Blowfish encryption algorithm. (See "How it Works: Encryption.") You can read encrypted messages sent with SigabaSecure using a browser interface, although you also need a free SigabaSecure account. To send encrypted messages, you need the free SigabaSecure plug-in, which is downloadable now from the company's site. http://www.pcworld.com/pcwtoday/article/0,1510,18038,00.html - - - - - - - - - - Myplay toys with ad-based anti-piracy tool A New York-based encryption technology company is partnering with online music-storage site Myplay.com in an effort to boost the market for advertising-supported music downloads. EverAd has designed an encryption technology that places restrictions on the use of downloaded music files so they can be played only when people accept banner advertising. http://news.cnet.com/news/0-1005-200-2530313.html - - - - - - - - - - HP preparing security appliance SUGGESTING THAT TODAY'S corporate firewalls may not provide adequate protection from hacker intrusions and DoS (denial of service) attacks, Hewlett-Packard plans to begin offering what it calls "security appliances" sometime in 2001. According to Roberto Medrano, general manger for HP's Internet Security Solution Division, the HP security appliance will sit directly behind a company's existing firewall and in front of Web servers. Medrano also suggested that another security appliance be placed behind any secondary firewalls that protect a company's application servers. http://www.infoworld.com/cgi-bin/deleteframe.pl?story=/articles/hn/xml/00/08/14/000814hnhpsecure.xml - - - - - - - - - - Net security is 'fatally flawed' A stark warning from a world expert on internet security is threatening to have a devastating effect on online banking and e-commerce. Bruce Schneier, a cryptographer and chief technology officer at consultancy Counterpane Internet Security, says that there are fatal flaws in the way systems operate. And he believes that security breaches such as the recent Barclays bank blunder, where customers could see other accounts, are just the tip of the iceberg. http://www.thisismoney.com/20000813/nm19067.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.