November 20, 2000 Morocco's government Internet site attacked by hacker A hacker broke into Morocco's Finance Ministry's Web site for the first time at the weekend but caused no damage, an official said Monday. Web surfers or potential investors visiting the site at www.mfie.gov.ma found a message in bad French saying the cover page had been hacked by ``NetOperat.'' http://www0.mercurycenter.com/svtech/news/breaking/internet/docs/654819l.htm - - - - - - - - - Nothing Romantic About New Romeo & Juliet Virus GFI, the e-mail content checking software company, said it has uncovered another problematic virus called Romeo & Juliet. The bad news, the IT security firm said, is that the virus is not detectable using current anti-virus software. The firm said that this is the second virus this year to bear romantic connotations, following the Love Bug worm of last spring. Like the Love Bug worm, GFI said that Romeo & Juliet is particularly dangerous because current virus scanners cannot detect it. The firm said that the virus is transported by an HTML e-mail containing malicious code, an executable file called My Romeo and a compiled help file called My Juliet. http://www.newsbytes.com/news/00/158373.html - - - - - - - - - Hackers Worldwide Fan Flames In Middle East Conflict As tensions in the Middle East continue to simmer, more than a hundred Web sites have been defaced or shut down by pro-Palestinian and pro-Israeli hackers, often with the assistance of activist hackers from several countries not actively involved in the conflict, according to security experts. Ben Venzke, director of intelligence production at iDefense, a Web security firm that has been monitoring the Middle East conflict as it plays out online, said hackers from as far away as South America to the US are expanding the conflict by contributing their skills to whichever side has their sympathies. http://www.newsbytes.com/news/00/158423.html - - - - - - - - - Russia's hackers: notorious or desperate? While the International Space Station brings new renown to Russia, the nation is gaining a darker sort of notice from other explorers -- the hackers who launch into cyberspace. Russia's reputation as home to some of the world's most gifted and devious hackers was underscored last month when Microsoft Corp. disclosed that passwords used to access its coveted source code had been sent from the company network to an e-mail address in St. Petersburg. It is by no means clear whether a Russian was behind the break-in -- that e-mail account could have been managed remotely. But that doesn't stop Russian hackers -- "khakeri," or "vzlomshchiki (house-breakers)" -- from puffing out their chests at such exploits. http://www.cnn.com/2000/TECH/computing/11/20/russia.hackers.ap/index.html - - - - - - - - - Hacking With a Conscience Is a New Trend In the "old days" of the early '90s, the only message a hacker was likely to leave on a Web page was "I was here" or "Hackers rule." But now, more and more hackers are using their tricks to spread socially conscious messages, security experts say. The trend -- dubbed "hacktivism" -- has shown up in a number of recent incidents. http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/11/20/BU121645.DTL - - - - - - - - - Privacy group picks at Carnivore claims An FBI memo reveals that Carnivore, the FBI’s e-mail bugging system, is able to intercept far more information than FBI officials testified to Congress, a privacy advocacy organization claims. Carnivore can intercept so-called unfiltered e-mail traffic - which is not covered by court orders - according to Wayne Madsen of the Electronic Privacy Information Center in Washington, D.C. But that’s not what FBI officials told Congress in September, Madsen said. http://www.fcw.com/fcw/articles/2000/1120/web-epic-11-20-00.asp - - - - - - - - - Teleworkers bring thorny problems to security's front lines Home is where the heart is. It's also where the backdoor to your enterprise is. In the wake of the hack into Microsoft Corp.'s network, many security administrators have turned their attention to what some believe is the greatest security challenge facing corporations: teleworkers. Craig LaHote is struggling with it now, and just a week ago he had a meeting with executives about it. "We're having a hard time controlling it. It's a real gray area with home computers accessing the network and the Internet," said LaHote, network administrator at SR Equipment, in Toledo, Ohio. "We really have a hard time enforcing policies there. We have a policy but no real way to audit [users] except basically asking them to comply." http://www.zdnet.com/zdnn/stories/news/0%2C4586%2C2655595%2C00.html - - - - - - - - - French court orders Yahoo! to block French users In a landmark ruling, a French court on Monday ordered Yahoo! to block French Web users from its auction sites selling Nazi memorabilia. The decision closed a seven-month court battle started by several anti-racism groups that accused the Santa Clara, Calif.-based Internet giant of trivializing the Holocaust. http://www0.mercurycenter.com/svtech/news/breaking/merc/docs/015848.htm - - - - - - - - - Spam? Not us, says 24/7 A US District Court in Denver has issued a temporary restraining order on behalf of online marketing gurus, 24/7, against the Mail Abuse Prevention System (MAPS). 24/7 Media went to the court after MAPS included its subsidiary, 24/7 Exactis, in the spammers blacklist the Real Time Blackhole List. The list is used by many ISPs to determine whether or not to block mail coming from a particular address. 24/7 said that it should not have been included in the list. Cindy Brown, the company's senior vice president said: "We don't believe any serious observer could contend that we are spammers." http://www.theregister.co.uk/content/1/14829.html - - - - - - - - - Microsoft fixes Exchange security flaw Microsoft has issued a patch to fix a security vulnerability that could allow a hacker to log in remotely to early versions of Exchange 2000 Server and potentially access other resources on the same domain. In a security notice Microsoft said: "This vulnerability could potentially allow an unauthorised user to remotely login to an Exchange 2000 Server and possibly other servers on the affected computer's network." http://www.vnunet.com/News/1114177 - - - - - - - - - Think Your Email is Private: Guess Again Email is fast becoming as common in the workplace as the telephone, and as with the phone, many employees use email for personal matters. Email, however, is not a private, personal form of communication, and it is not against the law for employers to monitor their workers' email without telling them. http://www.techtv.com/cybercrime/privacy/story/0,9955,3011858,00.html - - - - - - - - - Watching for Internet Privacy Law Signals E-commerce companies and other Internet-based operations are going to face a cyberspace odyssey on the privacy front in 2001. In its next session, Congress is more likely than ever to pass online personal data protection legislation. If you're wondering where the issue is going to surface, just listen as members, business groups and privacy advocates begin to seriously knock their heads together. When officials from the Information Technology Industry Council released their third High-Tech Voting Guide in mid-October, they noted that privacy online is a vastly more complex issue than previously thought. http://www.washtech.com/news/rmacmillan/5280-1.html - - - - - - - - - Is Your Network Safe? Attacks against Microsoft underscore the dangers facing the computers of corporate America. Feel sorry for Microsoft? Who would’ve thought it? Yet it’s hard not to have at least some sympathy for the software giant lately. In October someone broke into its network and rummaged around for almost two weeks, sending valuable product source code to Russia. http://www.msnbc.com/news/491830.asp - - - - - - - - - Lock hackers out of your small biz The two owners of a Web consulting firm were puzzled. Last summer the Maine businessmen worked on financial information and planning documents on one of their company’s computers. The next morning those files were gone. The electronic documents weren’t deleted; that would have left traces. It was as if the files were completely sucked out of the hard drive through a straw, leaving everything else untouched. http://www.msnbc.com/news/490852.asp - - - - - - - - - Real hackers go to Usenix Tired of conferences not living up to your expectations? Then you haven't been to Usenix. In this month's Wizard's Guide to Security, Carole Fennelly reports that Usenix's recent security conference offered interesting and accessible talks -- and a who's who of security experts to schmooze with. http://www.sunworld.com/sunworldonline/swol-11-2000/swol-1117-security.html - - - - - - - - - Anticipating The Attack They say prevention is the best cure, and one Internet security firm seems to be taking that old maxim to heart by devising what it says is a tool that can successfully predict hostile cyber-attacks before they occur. SecurityPortal is a free service that identifies what it calls the Top 20 viruses each week, providing details concerning their origins. http://www.newsbytes.com/news/00/158388.html - - - - - - - - - The latest security fad: Partnering Security vendors, still scrambling for the right combination of software, hardware and services to offer the enterprise, have another new idea: When in doubt, partner. This week, firewall and intrusion detection maker Zone Labs Inc., of San Francisco, and Tokyo-based anti-virus software developer Trend Micro Inc. will announce a close relationship, capping a furious week of partnering and punctuating a year of failed security solutions. No fewer than five partnerships were announced last week, but many observers say the moves have less to do with making enterprise users' lives better and more to do with vendors' inability to reverse what has become a predictable course of failure for them. http://www.zdnet.com/eweek/stories/general/0,11011,2655640,00.html - - - - - - - - - DVD Piracy Judge Tells All U.S. District Judge Lewis Kaplan doesn't truly dislike hackers and open-source programmers, not exactly. Kaplan, who sided with the motion picture industry in a landmark DVD-descrambling lawsuit this year, simply views them as lawless miscreants. To Kaplan, a 56-year-old jurist who once represented Time Warner as a lawyer in private practice, the coders who crafted the DeCSS DVD-decrypting utility are "what might be called cyber-freedom fighters, or perhaps cyber-anarchists." In August, Kaplan ruled that the DeCSS Windows program violated the Digital Millennium Copyright Act, and compared the spread of the application to a "common-source outbreak epidemic." http://www.wired.com/news/politics/0,1283,40226,00.html - - - - - - - - - INFOSEC, Quality Assurance, and Extortion I was having a chat with a student at the latest Common Body of Knowledge (CBK) review course in Washington, DC this week. The eight-day CBK course is from the (ISC)2, the body that controls the CISSP designation (Certified Information Systems Security Professional). For more information about the (ISC)2 and the CISSP, visit http://www.isc2.org. http://securityportal.com/cover/coverstory20001120.html - - - - - - - - - The Latest Version Of Kevin Mitnick Kevin Mitnick, cult hero and hacker icon, is apologetic. Repentant, even. After spending five years in jail, he says he is eager to get on with his life. But he stops short of being truly contrite. He qualifies each mea culpa with an afterthought. "I do want to make a public apology," he said recently to 300 software designers at a Washington, D.C., conference. "My past actions have invaded their privacy by getting into (companies') machines and getting into their code, and I do regret doing that stuff because it's wrong to do. But I was a kid having fun. I can't change the past, but ...hopefully I can be forgiven." http://www.newsbytes.com/news/00/158412.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.