November 1, 2000 Microsofts hacking attempt may have had inside help Security experts yesterday suggested that the hacking attack Microsoft experienced late last week was so serious it must have had inside help. Chief executive Steve Ballmer admitted that the episode was ``extremely damaging'', but company representatives in the UK appeared to backtrack on suggestions that the hacking had been going on for weeks. A UK spokesman, while admitting that the company had experienced several previous attacks, insisted that this incident had taken place last Wednesday and had been uncovered ``that day'' by the group's own security procedures. ``The situation seems to be much narrower than was at first thought,'' insisted corporate marketing director Shaun Orpen. http://www0.mercurycenter.com/svtech/news/breaking/merc/docs/048026.htm Insiders help Windows code leak to warez sites, claims 'finder' Microsoft's network security problems consist largely of two things - people, and the fact that there's demand for its software. Free, preferably. Practically all companies have the first problem, but Microsoft's problems with warez sites and piracy loom rather larger than, say, Sun's, IBM's or Oracle's. So go figure. People on the outside want the software, people on the inside are weak, and what happens? As The Register pointed out yesterday, most hacking (the hacking you hear about, anyway) is pretty simplistic stuff that uses off-the-shelf tools aided by a little human frailty on the inside; send an executable to enough people and someone, sooner or later, is going to run it. http://www.theregister.co.uk/content/1/14390.html - - - - - - - - - Interpol moves to fight global cybercrime When Onel de Guzman was detained by the Philippine authorities in May for unleashing the Love Bug virus, a slight technicality meant he could not initially be charged: the country had no laws to tackle computer crime. He was eventually prosecuted under legislation covering the illegal possession of passwords, something that is normally used to tackle credit card fraud. But the case highlighted a problem that has been a thorn in the side of police forces around the world: the internet is a global medium, but the law is not. As a result, some experts have suggested that the international community needs a global cyber police force. But others argue that such a body would require worldwide backing - something that would be close to impossible to achieve. http://www.uk.internet.com/Article/100770 - - - - - - - - - System on lookout for cyber threat Gambling, bank robberies, fraud, prostitution--all can be described as "easy" offenses to deal with compared with solving today's increasing computer crimes, according to Richmond FBI Special Agent John Donahue. Donahue recently shared his thougnts on InfraGard, a new alert system for businesses that helps protect them from Internet thieves and hackers, at a meeting of the Central Virginia Computer Users Group. "We've always had our fences, our lights, our locks and chains," he said. "We lock the door when we leave the house. But now we have the cyber threat." http://www.timesdispatch.com/business/metrobusiness/MGBUXZ4MOEC.html - - - - - - - - - Experts predict more mutating viruses Havoc wrought by Internet-based computer viruses continues to worsen, a new study concludes. And the worse news is that software vendors are predicting an even darker future in which self-mutating viruses become practically undetectable and almost unstoppable. These mutating menaces, known as polymorphic and metamorphic viruses, are not yet common. But virus hunters warn that a few of this year's virus crop - in particular the NewLove worm - are precursors of mutants that will be difficult to stop because they change shape to evade detection. http://www.nwfusion.com/news/2000/1030virus.html - - - - - - - - - Senate Passes Net False ID Act The Senate Tuesday passed a bill designed to prevent false identification development on the Internet, months after highly publicized hearings showing the online false IDs are a rampant and growing problem. Sponsored by Sen. Susan Collins, R-Me., and supported by Sens. Charles Grassley, R-Iowa, and Dianne Feinstein, D-Calif., S. 2924 - the Internet False Identification Prevention Act - now has been referred to the House of Representatives. The bill, Collins said, criminalizes the use of computer equipment and the Internet to create false identification documents, and also outlaws the practice of "producing false identification containing easily removable disclaimers," which Collins said is a technicality that allows ID thieves currently to escape prosecution. http://www.newsbytes.com/news/00/157524.html - - - - - - - - - Agencies get cyberattack guidance The CIO Council and the Office of Management and Budget issued guidelines this week directing agencies to coordinate cyberattack reports and warnings with the Federal Computer Incident Response Center. The memorandum details the processes that agencies should follow to improve coordination and interaction with FedCIRC at the General Services Administration. http://www.fcw.com/fcw/articles/2000/1030/web-cio-11-01-00.asp - - - - - - - - - Hackers and Highwaymen Cyberspace Safety Can Benefit from Lessons of Past - The best way to deal with the hacker problem of the present is to look backwards - 600 years, in fact. An interesting phenomenon of our time is that, like clockwork, every couple of months the newspapers and networks are filled with stories about the latest hacking of a popular Web site, a major corporation, or a government institution. http://abcnews.go.com/sections/business/SiliconInsider/SiliconInsider.html - - - - - - - - - Hushmail backs UK anti-snooping effort UK Internet civil liberties group Cyber Rights & Cyber Liberties has teamed up with US email encryption company Hush Communications to overcome the RIP Act, which was recently made law. Through a joint project 'Cyber-Rights.Net', the pair will provide a route to bypass snooping regulations in the UK and at the same time draw attention to what they view as international moves to synchronise Internet surveillance. http://www.zdnet.co.uk/news/2000/43/ns-18819.html - - - - - - - - - Cybercrime treaty gets it wrong ... again The Council of Europe's latest cybercrime treaty, which bans "hacker tools," is another case of trying to solve society's problems with the legal system. Most of the laws passed over the last 20 years to protect privacy and security in this electronic age aren't really effective; preventative security measures are really the only viable solution. Back in the 1980s, when cell phones first became popular among the rich and powerful, it became apparent that people were eavesdropping on cell phone conversations with radio scanners available at any Radio Shack. Instead of informing cell phone users of the limitations of the current technology, or building encryption technology into the phones, the cell phone manufacturers lobbied to criminalize listening to "their" section of the radio spectrum. And Congress complied -- making listening illegal with the Electronic Communications Privacy Act (ECPA) of 1986. http://www.zdnet.com/zdnn/stories/comment/0,5859,2647940,00.html - - - - - - - - - NSF invites cyber scholarship proposals The National Science Foundation has invited colleges to develop grant proposals for a new federal initiative to bring information security professionals into government. NSF released its solicitation last week for the Scholarship for Service (SFS) initiative, one of several security training and education projects under President Clinton’s Federal Cyber Service program. The main thrust of the SFS initiative is to provide scholarships to students pursuing information security degrees in return for a period of service in the federal government. http://www.fcw.com/fcw/articles/2000/1030/web-nsf-11-01-00.asp - - - - - - - - - Agencies say goal of network security is a moving target Ensuring that networks are secure for Internet transactions, either for commerce or just for the exchange of information, is an uphill battle, agency participants said Tuesday at a Federal Communications Commission conference. Those trying to ensure network security "are operating on moving ground," said William Mularie, director of the Information Systems Office at the Defense Advanced Research Projects Agency. Technology and security officers are faced with very clever people who find ways around the security measures that are put in place, and "the world is not going to get any better," he said. http://www.govexec.com/dailyfed/1100/110100td2.htm - - - - - - - - - Security Dominates Agenda at Federal Linux Conference Security was a hot topic at Monday's first-ever federal Linux user's conference. While many people view the Linux operating system with suspicion, believing it to be even more vulnerable to security breaches and attacks than other systems, this is not the case, said Piers McMahon, a senior security business manager at Computer Associates International Inc. in Islandia, N.Y. http://www.zdnet.com/eweek/stories/general/0,11011,2647630,00.html - - - - - - - - - Kasten Chase wins White House Security deal A small Canadian software company, Kasten Chase Applied Research (KCA.TO), said on Wednesday that its anti-hacking computer products would protect sensitive data in the U.S. White House, and the news sent its stock soaring. Kasten Chase, which already has computer security contracts with the U.S. military and some government agencies, said the U.S. President's Executive Office would use its RASP Secure Access system. The system is designed to protect sensitive data that can be accessed by remote computers and to prevent unauthorized access to internal networks. http://www0.mercurycenter.com/svtech/news/breaking/reuters/docs/584459l.htm - - - - - - - - - Symantec's security info site debuts Symantec has launched a site designed to give home users easy-to- understand information about their individual Internet security needs. The free-to-use site includes Symantec Security Check, a Web-based tool to evaluate potential online security threats and recommend solutions. World Wide Web: http://www.symantec.com/securitycheck http://www.newsbytes.com/news/00/157536.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.