September 8, 2000 Bug Alert: Hotmail flaw puts e-mail at risk For many people, the axiom, “If it ain’t broke, don’t fix it”, is their modus operandi. With so many other things to worry about, updating a browser that seems to be working fine just isn’t a high priority. However, a recently discovered security bug in Hotmail may serve as a wakeup call to all Internet Explorer 4.x and 5.0 users. BugNet has verified a security vulnerability that would allow a malicious user to usurp control of someone else’s Hotmail account, allowing the hacker to read and to send e-mail from that account. Because this security hole can be thwarted by upgrading IE, we recommend that all Hotmail users verify that they are running the most current version of the Microsoft browser. http://www.msnbc.com/news/456304.asp - - - - - - - - - - - - - Carnivore to get new name In an effort to polish the image of the FBI’s controversial e-mail monitoring system, Carnivore, Attorney General Janet Reno said today that the FBI will change the program’s name. Reno also said that an independent review of Carnivore is going forward, in an effort to reassure a skeptical Congress and civil liberties groups that the program doesn’t infringe on the privacy rights of citizens. http://www.msnbc.com/news/457153.asp Father Of The Internet Lends Carnivore Credence The FBI's e-mail surveillance tool "Carnivore" took center stage at a congressional hearing Wednesday, as Senate lawmakers sought to learn more about the controversial device that consumer advocates say presents a threat to the privacy of innocent Americans. While the witnesses called to testify before the Senate Judiciary Committee included the usual suspects from the FBI, Department of Justice and several privacy groups, the Justice Department gained an important ally in Vint Cerf, a senior vice president at WorldCom and a man considered by many to be one of the principal architects of the early Internet. In a simplified discourse on the mechanics of Carnviore vis-á-vis the Internet, Cerf countered claims that the FBI's e-mail snooping device could easily be used to randomly drop in on communications between parties not placed under surveillance by a court order. http://www.computeruser.com/news/00/09/08/news10.html - - - - - - - - - - - - - FBI warns Congress: foreign telecomms may inhibit wiretaps The great twins of American obsessiveness, Power and Wealth, stood in direct conflict on Capitol Hill Thursday as the House Commerce Subcommittee considered numerous implications of Deutsche Telekom's $46 billion takeover bid for US mobile phone operator VoiceStream Wireless. At issue was concern that the German government owns fifty-eight per cent of Deutsche, meaning that if the deal were approved, an American telecomms company would fall under the influence of a foreign state. http://www.theregister.co.uk/content/6/13096.html - - - - - - - - - - - - - Two SuSE Linux Apache Vulnerabilities Identified According to the security company @stake, inc., two vulnerabilities affect Versions 6.3 and 6.4 of SuSE Linux. Both vulnerabilities provide a malicious user with access to sensitive data on a Web server running Apache 1.3.9 (Apache 1.3.12 in SuSE 6.4). Apache is the default Web server in SuSE Linux. Cgi-bin Is Exposed. The first vulnerability allows a malicious user to gain access to the source code of any CGI script. The source code present in a typical CGI script may contain user IDs, passwords, and details of the network structure. This information could provide a malicious user with the means to gain unauthorized access at some future date. http://www.zdnet.com/zdhelp/stories/main/0,5594,2626044,00.html - - - - - - - - - - - - - HAL and Computer Security The central character of Stanley Kubrick’s 2001: A Space Odyssey is HAL. An extremely intelligent computer that turns murderer, HAL understands standard English, reads lips, and possesses “common sense.” HAL’s motive in trying to kill the entire crew of the Jupiter probe is that he’s trying to protect the mission’s secret. HAL’s Legacy, edited by David Stork and published in 1997, discusses how far we’ve come since 1968 in creating such a machine. The book also raises the philosophical question, “When HAL kills, who’s to blame?” http://www.securityportal.com/topnews/hal20000908.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.