December 8, 2000 FTSE gets hacked The FTSE web site at FT-SE.co.uk has been hacked by a group calling themselves "kat krew." The FTSE confirmed that the front page had been hacked in the early hours of this morning, at around four AM. A spokeswoman for FTSE said: "The home page is more of a marketing tool, and we don't have the same security in place so it would have been quite easy, we are aware of that." She said that FTSE was talking with its "external consultants" and was reviewing the security procedures. She also emphasised that the business critical information was on different servers which were not hacked. http://www.theregister.co.uk/content/6/15345.html - - - - - - - - - Crime and punishment in cyberspace In 1986, the San Jose Police Department became the first local law enforcement agency in the nation to form a high technology crime detail. Today, the department's 11-person high-technology crimes unit is responsible for investigating crimes ranging from chip thefts from local semiconductor companies to corporate credit-record fraud. The unit handles about 130 cases a year, supports other parts of the police department in cases involving computers and assists other departments in high-tech investigations as part of the regional Rapid Enforcement Allied Computer Team. Sgt. Don Brister, one of the unit's two supervisors, recently spoke with Mercury News Staff Writer David Plotnikoff about crime and punishment in cyberspace. http://www0.mercurycenter.com/svtech/news/front/docs/short120800.htm - - - - - - - - - Schwab admits has 'small' Web security hole Charles Schwab Corp. confirmed on Friday its market leading Web brokerage was vulnerable to a common security flaw that could allow a hacker to hijack subscribers' stock trading accounts, but said the risk was small and no user accounts had been accessed. The news, first reported by a Web site specializing in Internet security issues, makes Schwab the second online brokerage to admit to such a vulnerability after E-Trade Group did so last month. http://www0.mercurycenter.com/svtech/news/breaking/internet/docs/725821l.htm - - - - - - - - - FTC, FBI sites leave opening for hacker access A EUROPEAN INFORMATION security specialist says that he discovered a potential security hazard in two U.S. government Web sites that use Netscape Communications Enterprise Server, including the online home of the U.S. Federal Bureau of Investigation (FBI). The specialist, once a hacker and now a member of HIT2000 Information Security, discovered a Web page that offers potential access to the U.S. Federal Trade Commission (FTC) Web site: www.ftc.gov . The IDG News Service later learned that a similar page exists on the FBI Web site: www.fbi.gov . Although it is not exactly clear what can be accessed from the apparent holes, the ex-hacker discovered he was able to access the FBI's Web site manager directory, showing a full directory listing of the FBI Web server. Security experts suggest any hint of a vulnerability can make the sites a target for hackers. http://www.infoworld.com/articles/hn/xml/00/12/08/001208hnfbiftc.xml - - - - - - - - - Nation's cyberspace chief warns of `digital Pearl Harbor' The nation's top cyberspace official Friday called on the next president to shore up the government's computer security to prevent a ``digital Pearl Harbor.'' ``What this presidential election year showed is that statistically improbable events can occur,'' Richard Clarke of the National Security Council said at a Microsoft-organized conference. ``It may be improbable that cyberspace can be seriously disrupted, it may be improbable that a war in cyberspace can occur, but it could happen.'' http://www0.mercurycenter.com/svtech/news/breaking/merc/docs/031212.htm Alliance needed for security war? A “digital Pearl Harbor” might be in the offing for the U.S. government — or even more likely, Internet companies. So technology leaders in industry and government need to immediately set aside their competitive differences and begin swapping war stories. That was the message delivered to hundreds of industry experts who gathered on Microsoft’s campus this week, summoned there by Bill Gates to explore the twin issues of online privacy and security. http://www.msnbc.com/news/500363.asp - - - - - - - - - Computer virus disguised as vaccine A domestic computer security firm yesterday warned against a new malicious program that travels via e-mail disguising itself as a free update of its virus-fighting program. Dr. Ahn's Laboratories said the "Trojan Horse" virus arrives as a new version of its trademarked V3 anti-virus program and, upon its attached file "V3update.com" being opened, it would erase all the data on the target computer's hard disk. The police's cyber investigation team is currently investigating the cases. The infected message says it is sent from Ilchi.net, though the firm says it never dispatched such a letter. http://www.koreaherald.co.kr/SITE/data/html_dir/2000/12/09/200012090043.asp - - - - - - - - - US Chamber Of Commerce Opposes Int'l Cybercrime Treaty The US Chamber of Commerce today urged members of Congress and the Clinton administration to withhold their support for a 41-nation international cybercrime treaty, saying the treaty as written could violate consumer rights and undermine economic growth in the US high-tech sector. "The United States must not agree to any treaty that fails to protect the rights of consumers and places unnecessary and costly burdens on e-Commerce companies," said Rick Lane, the chamber's director of e-commerce and Internet Technology. "The treaty proposed by the Council of Europe goes too far and could undermine the incredible growth we have seen in electronic commerce." http://www.newsbytes.com/news/00/159185.html - - - - - - - - - New site communes against hackers System administrators are joining forces to fight hackers and crackers, using a common Web site to track hacker activity in an effort to build better firewalls. DShield.org is a free service that lets firewall users at home and at work share information about crackers and hackers who are trying to break into other people's computer systems. The Cambridge, Mass.-based Web site, the brainchild of Johannes Ullrich, asks visitors to submit their firewall logs so they can be compared against other logs in order to identify patterns of suspicious behavior. Ullrich said one reason behind building the site was the way hackers plant software on an unsuspecting victim's computer and turn it into a "zombie" machine in order to launch so-called denial-of-service (DDoS) attacks. http://news.cnet.com/news/0-1007-200-4064212.html - - - - - - - - - Encryption tears holes in RIP A group of cryptographers think they have found a way to defeat the RIP Act, by making it impossible to hand over the keys to encrypted information. The section of the act that has caused so much controversy in the UK gives the government the right to the plain text of, or key to, enciphered information. However, if a person has used an ephemeral key, they never know what the key is and so cannot pass it on to a third-party, and it is this vulnerability that the group wishes to exploit. They state that their aim is "to defeat RIP Act Part3 and make it look silly, and to allow UK citizens to communicate and to store information without worrying about it. We are doing this so people can be private elsewhere than in our heads. We object to the idea that people should not be allowed to seek privacy from governments." http://www.theregister.co.uk/content/4/15292.html - - - - - - - - - German officials warn of Net 'Big Brother' German officials in charge of protecting personal data freedom are warning of a threat to Internet users' privacy rights if the country approves a proposal to require Internet service providers to track and store data on Net surfing. Germany's Conference of Interior Ministers proposed the legislation last month. "It's as if the interior ministers had demanded that all the data about postal traffic – senders, addressees, postmarks, etc. – must be stored," Werner Kessel, commissioner for data protection in the state of Mecklenburg-Lower Pomerania, said Wednesday. http://www.cnn.com/2000/TECH/computing/12/08/big.brother.idg/index.html - - - - - - - - - For sale: Your information Clearly, private information isn’t so private anymore. I’m fairly sure I don’t have a criminal record, so it somehow didn’t seem worth plunking down $29.95 to find out if I’d ever been busted. But a friend of mine did want to locate her high school boyfriend, so it seemed a worthy investment to see if I could help her out. http://www.msnbc.com/news/497887.asp - - - - - - - - - Battling ‘cyber-slackers’ at work Recent studies report 36 percent of workers use the Internet at work for personal reasons, businesses and government agencies lose an estimated $52 billion a year in lost productivity due to online games, and 13 percent of all workers believe the Internet makes it harder to focus on work. No wonder there’s a growing industry out there figuring out ways to keep cyberloafers away from the Web while at work. http://www.msnbc.com/news/500581.asp - - - - - - - - - A mouse that remembers fingerprints Siemens has a solution for people who constantly forget computer passwords: a mouse that recognizes fingerprints. Called the ID Mouse, the device uses biometrics to take advantage of the unique features of people's fingerprints. German electronics maker Siemens, which showed off the ID Mouse this week at the ITU Asia Telecom 2000 fair, said the device works by allowing pre-authorized people to retrieve information from their PCs or laptops. By lightly tapping the fingertip sensor located at the top of the mouse, the device verifies the fingerprint against reference templates already input into the PC's system. Once a fingerprint is authenticated, the person can then access the PC's main operating system. http://news.cnet.com/news/0-1006-200-4059984.html - - - - - - - - - Broadband Opens a Back Door One month after David, an attorney who investigates Internet companies for the federal government, signed on to Excite@Home's cable Internet service, his computer was hacked and his family's financial information was used to open a credit line with an online software company. "The thief knew my wife's Social Security number and that we had children, so I believe he or she must have accessed the tax files on our hard drive," says David, who immediately downloaded free firewall software to prevent further hack attacks. http://www.pcworld.com/news/article.asp?aid=36141 - - - - - - - - - The Nexus of Privacy and Security — Trust us. Please? That is the message from leaders of high-technology businesses and advocacy groups at SafeNet 2000, a Microsoft-sponsored conference on computer security and privacy. The stated purpose of the conference, which opened here today, is to reach a consensus on issues like when and how to publicize vulnerabilities in a vendor's software — like, say, Microsoft's — that could compromise privacy or data security. (NY Times aericle, free registration required) http://www.nytimes.com/2000/12/08/technology/08SECU.html - - - - - - - - - Red Team versus the Agents By the time my escort steers me past the armed guards, key-coded doors, and bags of shredded paper into the heart of Sandia National Laboratories, the rematch has already begun. Inside the Advanced Information Systems Lab, six men sit around a large table loaded with laptops and network cables, which snake over to a rack of high-powered machines labeled BORG SERVER CLUSTER. men are the defense--the Blue Team in this high-tech version of capture the flag--and they lean back in their chairs confidently. This past March, they claim, their "agents"--computer programs that autonomously cooperate to protect a networked system--became the first defenders ever to thwart Sandia's esteemed Red Team of professional hackers. http://www.sciam.com/2000/1200issue/1200scicit3.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.