August 23, 2000 Money-saving plan reveals hacker When Christchurch-based Xtra user Donna Brydon switched her internet plan from a flat-rate account to an hourly-charge rate last June she thought she would save money. But making the change uncovered a hacker who was stealing hundreds of dollars of connection time. Ms Brydon's children were the main internet users in her household so when they moved to a free service she changed from the $39.95 monthly flat rate to a $2.50 per hour plan. As a light internet user, she expected her bill to decrease by around $10 a month. But 10 days later when she checked her account, she was horrified to discover she had run up a bill of over $300. http://www.nzherald.co.nz/storydisplay.cfm?storyID=148735 - - - - - - - - - - - - UK police fear net fraud spreading Several internet banking operations may have been the victims of online fraud, police said on Wednesday after a six-month investigation into an attempt to defraud Egg, the online bank that is majority owned by Prudential. The National Crime Squad on Tuesday arrested three men and released them on bail without charge, pending further inquiries. The NCS said: "Our inquiries now indicate that it is possible that other internet banks - which we are not prepared to identify - may also have been victims of similar fraud." No other online bank acknowledged that it had been targeted. http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT39KR8R8CC - - - - - - - - - - - - Investors Back Attack on Hackers Three University of Washington computer science professors and a Ph.D. candidate have raised $3 million in start-up capital for a new company that plans to stop computer hackers in their tracks. Seattle-based Asta Networks -- which is developing technology to prevent denial-of-service attacks on computer networks -- was formed in April by faculty members Tom Anderson, David Wetherall and Daniel Weld. Stefan Savage, a Ph.D. candidate who has authored 15 research reports on the subject, is chief scientist at the company. Denial-of-service attacks, which cause a computer network to be flooded with unwanted Internet traffic, have paralyzed Web sites such as Amazon.com, eBay and Yahoo this year. In April, a 15-year-old Canadian boy nicknamed "Mafiaboy" was arrested for launching such an attack against CNN's Internet site, causing the online news organization to shut down for four hours. http://seattlep-i.nwsource.com/business/asta23.shtml - - - - - - - - - - - - A new national army: MS, GE, GM? The federal official in charge of protecting the nation's critical information systems sounded a Klaxon here Tuesday, calling on corporations to create a new type of civil defense system against hackers and hostile nation-states. "If the United States goes to war again ... our movements of troops, our movement of aircraft, our lines of supplies will probably be attacked not by bombs, not by bullets but by bytes," said Richard A. Clarke, national coordinator for security, infrastructure protection and counter-terrorism, at a daylong conference on information security. Tech industry leaders -- including Microsoft Corp., Oracle Corp., Sun Microsystems Inc. and Cisco Systems Inc. -- joined retailing, banking and manufacturing executives at the fourth in a series of five regional gatherings that began last spring in Washington. Their mission is clear, Clarke told corporate board members and the auditors who help them manage major risks. "By protecting the IT security of your company, you can protect the security of your country." http://www.zdnet.com/zdnn/stories/news/0%2C4586%2C2618582%2C00.html - - - - - - - - - - - - MasterCard eyeing digital IDs for cardholders MasterCard says it has formed a group to develop digital identifications that will protect cardholders against fraud when making purchases over cellular phones or on the Internet. "It authenticates you as the card holder of your card," Gail Francolini, vice president of global chip relationship management at MasterCard, said of the IDs, which would essentially be a string of numbers. MasterCard said yesterday that its new group will give its member banks a selection of choices to help them offer this technology to their cardholders. http://news.cnet.com/news/0-1007-200-2593378.html - - - - - - - - - - - - 3G: Will 3G devices be secure? 'Better safe than sorry.' Is this attitude going to jeopardise the future of 3G? While anticipating the delights of 3G, be aware of the inherent dangers. According to computer security experts, all this connectivity and functionality will inevitably mean an increased risk of attack by mobile viruses and worms as well as malicious hackers. Evidence of potential for new threats can already be seen. Earlier this month Japan's highly successful mobile broadband standard i-mode ran into its first major security issue highlighting the dangers ahead. http://www.zdnet.co.uk/news/2000/33/ns-17466.html - - - - - - - - - - - - Thwart hackers with a XyLoc wristwatch External hackers and mysterious system crackers get the attention, but security analysts say the real threat comes from within. Ensure Technologies, which makes a wireless access system, is preparing a kind of wearable password to make security even more automatic and effective. Once you've entered a password, your PC is available for access when you step away. Even biometric devices such as fingerprint or retinal scanners still leave a PC open after you've logged in. Ensure Technologies introduced XyLoc, its collection of wireless devices designed to overcome those limitations of other security systems, about a year ago. The system requires you carry a belt- or badge-mounted miniature transceiver that automatically identifies you when you approach your PC and unlocks it for you. http://www.cnn.com/2000/TECH/computing/08/23/encrypting.wristwatch.idg/index.html - - - - - - - - - - - - Security Techniques and Survivability I've seen a lot of discussion recently of various computer security techniques. It seems everyone has their own favorite solution, which they feel is the correct one, and all other solutions are of course flawed and inferior. But the truth is even simpler: all security techniques are flawed. No matter how well something is planned and implemented, there will still be some exploitable problem. Does this mean that a flawed security technique should not be used at all? http://www.securityportal.com/closet/closet20000823.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.