October 18, 2001 Russian Security Expose Computer Hackers at Space Rocket Plant The Federal Security Service (FSB) department in Voronezh Region has completed investigation of the criminal case against a programmer of the Energiya research and production enterprise, a spokesman for the department told Interfax Military News Agency on Monday. The programmer was detained following an inspection by an FSB technical intelligence unit. http://www.antionline.com/showthread.php?threadid=120723 - - - - - - - - Hackers Harvest Passwords from DSL Routers Cyberpunks raid Cayman routers for 'disposable' dial-up accounts. Hackers have developed a trick for pilfering DSL account names and passwords right from subscriber's routers, a technique that provides hackers with untraceable Internet access, and potentially exposes subscriber email to interception. http://www.securityfocus.com/news/268 - - - - - - - - 'Redesi' worm reformats hard drives A worm disguising itself as a security patch for Microsoft products will in fact reformat the victim's C: drive. The Redesi worm spreads by e-mail under a number of guises, and is set to trigger on November 11, 2001. But not all PCs are vulnerable to the worst of its effects, and there is an easy way to stop the damage. http://www.zdnet.com/zdnn/stories/news/0,4586,2818442,00.html - - - - - - - - U-Haul Denies Terrorism Claims In E-Mail Hoax Claims in an e-mail chain letter spread virus like around the Internet since the Sept. 11 terrorist attacks have been strongly denied by one of the companies named in the message. U-Haul, in a brief statement to the media late Wednesday, denied any of its trucks had been stolen for terrorist activities, as alleged in the chain letter. http://www.newsbytes.com/news/01/171246.html - - - - - - - - Taliban can't hack - UK govt The head of the UK Government's Computer Emergency Response Team has hit a welcome note of commonsense by stating that the September 11 terrorist attacks have changed nothing in the way the country needs to defend against electronic attack. http://www.theregister.co.uk/content/55/22310.html - - - - - - - - Hacker exploits make PC worms deadlier Computer worms are set to become a more deadly combination of virus writing and hacker exploits, according to security experts at Symantec. Code Red and Nimda marked the demise of socially engineered worms, by combining a blended threat of proven hacker exploits. http://www.zdnet.com/zdnn/stories/news/0,4586,2818419,00.html Security experts see nastier worms http://news.cnet.com/news/0-1003-200-7572730.html - - - - - - - - How White House plans to fight cyberterrorism President Bush has released his long-awaited presidential order creating a high-level board to protect the nation’s critical information systems. Executive Order 13231, published today in the Federal Register, launches a huge administrative apparatus. While it gives somewhat more authority and staff to Richard Clarke, Bush’s cybersecurity adviser, Office of Management and Budget director Mitchell Daniels, Jr. gets overall responsibility for governmentwide security policy and implementation. http://www.gcn.com/vol1_no1/daily-updates/17312-1.html - - - - - - - - Congress Moves Closer To Surveillance Compromise In a closed-door meeting Wednesday, congressional leaders took a big step toward completing a reconciled Senate-House bill that would substantially expand the wiretapping and electronic surveillance capabilities of federal investigators, sources say. The Senate and the House earlier this month each passed anti-terrorism bills that would make it easier for law enforcers to obtain the phone and Internet records of suspected terrorists and would give agencies broad new authority to monitor suspects' real- time phone and electronic movements. http://www.newsbytes.com/news/01/171292.html - - - - - - - - Governor Calls for 'Cyber Court' A government anti-terrorism commission will recommend that Congress create a shadowy court to oversee investigations of suspected computer intruders. Gov. James Gilmore (R-Virginia), the commission's chairman, said Wednesday that federal judges have been far too sluggish in approving search warrants and eavesdropping of online miscreants. http://www.wired.com/news/conflict/0,2100,47676,00.html Coordination urged on cyberterror Calling the Internet and information technology "tools of freedom in the 21st century," Virginia Gov. Jim Gilmore told a House committee Oct. 17 that the nation's cybersecurity efforts to protect those tools need to encompass all levels of government — local, state and federal — as well as the private sector. http://www.fcw.com/geb/articles/2001/1015/web-cyber-10-18-01.asp Does the Net need anti-terrorist protection? An anti-terrorism advisory group called on Congress this week to create a panel to protect against potential attacks on the Internet's infrastructure. Virginia Gov. James Gilmore, chairman of the advisory group known as the Gilmore Commission, outlined recommendations to the House Committee on Science in a hearing Wednesday. http://news.cnet.com/news/0-1005-200-7572793.html Va. Governor Touts State As Cyber-Terrorism Model http://nationaljournal.com/pubs/techdaily/pmedition/tp011017.htm#1 - - - - - - - - Cyber-Terrorism Fears Stoke Industry-Govt. Cooperation Private industry and the federal government for years have been aware of the need to beef up information sharing on cyber-vulnerabilities to help ward off potential terrorist attacks on the nation's most vital computer systems. Yet, it has taken the events of Sept. 11 to really place the issue on the front burner, according to leaders from both sectors. http://www.newsbytes.com/news/01/171281.html - - - - - - - - U.S. Cyberspace Security Office Must Define Its Mission The U.S. government's new Cyberspace Security Office marks an important first step in protecting America's electronic infrastructure. However, the office must immediately establish its responsibility and authority. On 9 October 2001, the U.S. government announced the creation of the Office of Cyberspace Security to advise the president on risks to electronic infrastructure and protective measures. http://www3.gartner.com/DisplayDocument?doc_cd=101748 - - - - - - - - Hackers Put A Price Tag On New Attack Tool A new hacking tool is being actively used by attackers hoping to take remote control of unpatched Unix-based systems, security experts warned today. The tool appears to exploit a known bug in a popular authentication technology called Secure Shell (SSH), according to Simple Nomad, senior security analyst with Bindview Corporation. The security firm's RAZOR team, a research and development group, discovered the flaw in the SSH daemon, which it dubbed the crc32 vulnerability, last winter. http://www.newsbytes.com/news/01/171291.html - - - - - - - - List of attack suspects being sent to Wall Street U.S. securities regulators told Wall Street on Thursday that a list of people the FBI identified as being behind the Sept. 11 attacks will be e-mailed to financial institutions to help with a massive probe into suspicious market trading before the attacks. http://www.siliconvalley.com/docs/news/tech/036390.htm - - - - - - - - Web ads monitored for false anthrax drug claims U.S. agencies and pharmacists are monitoring Internet advertisements for anthrax treatment products to ensure firms are not capitalizing on bioterror fears with misleading or illegal offers. Some Web sites are offering Cipro, the main antibiotic used to treat the anthrax bacteria, without a prescription, urging people to order the drug soon to protect their families. http://www.usatoday.com/life/cyber/tech/2001/10/18/anthrax-web-site-claims.htm - - - - - - - - New Spam Bill Introduced In Congress Rep. Chris Smith, R-N.J., this week reintroduced legislation that would restrict the transmission of unsolicited commercial e-mail, otherwise known as spam. The bill, H.R. 3146, debuted this week, but Smith staffers were unavailable to comment on the legislation following the shutdown of the House of Representatives to sweep for possible anthrax contamination. http://www.newsbytes.com/news/01/171295.html - - - - - - - - Energy Department Issues Microsoft XP/Office Warning The U.S. Department of Energy's own computer security watchdogs have a warning for Microsoft Windows XP and Office users who want to keep their work secret: The Redmond, Wash., software giant might be able to read their PC's minds. The Computer Incident Advisory Capability (CIAC) - whose motto is "Keeping DOE Secure" - this week issued a bulletin warning privacy- conscious users that the Internet-connected bug-reporting capabilities of Windows XP or Office in combination with recent versions of Microsoft's Internet Explorer browser could disclose sensitive data to Microsoft. However, it described the vulnerability as a "medium/low" risk. http://www.newsbytes.com/news/01/171293.html - - - - - - - - Microsoft blames security community for breaches Microsoft, whose software has been at the center of several recent high-profile security incidents, has decided to turn up the heat on those the company considers at least partially responsible: security firms and hackers who release sample programs to exploit software flaws. http://www.usatoday.com/life/cyber/zd/zd10.htm http://www.theregister.co.uk/content/55/22332.html Office XP, IE 5 bug gets personal http://www.zdnet.com/zdnn/stories/news/0,4586,5098483,00.html Office XP hole compromises personal data http://news.zdnet.co.uk/story/0,,t269-s2097597,00.html http://news.cnet.com/news/0-1003-200-7571224.html - - - - - - - - Philippines Lacks Internet, Convergence Laws The Philippines is still in its infancy when it comes to Internet law. Despite last year's passage of Republic Act 8792, better known as the E-commerce Act, the government has yet to resolve issues of security and privacy, trade regulations, intellectual property rights, criminal law, and other pressing problems. http://www.newsbytes.com/news/01/171266.html - - - - - - - - Worried workers turn to telecommuting Telecommuting is in vogue again. Employees concerned that the workplace could be a target of anthrax-tainted mail or another terrorist attack are staying away and using technology to get the job done. But the surge in interest is a new challenge for employers. Some are relaxing policies or launching telecommuting arrangements for the first time, while others are wondering when the fear will subside enough to return jittery employees to the workplace. http://www.usatoday.com/life/cyber/tech/2001/10/17/workers-telecommuting.htm - - - - - - - - Recording industry 'copyright DoS attack' rumored We know the entertainment industry has sought to slip language into current anti-terror legislation which could result in blanket immunity from prosecution for hacking file sharing networks. We know the entertainment industry fervently desires to parlay the secular sacrament of copyright into a monopoly on content production and distribution, and ultimately extend it to extort consumers with some sort of pay-per-use DRM scheme. So it's easy to believe that, after being spurned by Congress in its bid to hack with impunity, the industry would settle for the next best thing: shutting down file-shares with DoS attacks. http://www.theregister.co.uk/content/6/22327.html Why the RIAA owes us all an apology The Recording Industry Association of America (RIAA) should issue a public apology for its attempt last week to lump music swappers together with terrorists--criminals worthy of special efforts and restrictions on civil liberties in order to bring them to justice. http://www.zdnet.com/zdnn/stories/comment/0,5859,2818346,00.html - - - - - - - - In the wake of Sept. 11, encryption is no joke The events of Sept. 11 have caused us to reconsider so many things about the way we live. ``What if?'' scenarios that we could ignore as distant and wholly unlikely just a few weeks ago now seem uncomfortably close to home. And safeguards that seemed paranoid and extreme are beginning to take on a grim new logic of their own. Consider for a moment our attitudes toward encryption. http://www.siliconvalley.com/docs/opinion/daveplot/dp101801.htm - - - - - - - - SafeWeb ain't all that What a total idiot I am. I never asked Web anonymizer SafeWeb exactly what they mean when they say they "collect NO logs or user data beyond what is required for performance tuning and security monitoring of our servers. Any such data is carefully safeguarded, only analyzed statistically, and is destroyed soon thereafter." http://www.theregister.co.uk/content/6/22331.html - - - - - - - - Tech challenges in biodetection For the smuggler of weapons, explosives or drugs, technology presents a formidable barrier. Sensors can help locate contraband inside luggage or in traces on a traveler's documents or clothes. But biological agents, like the anthrax spores that have killed one person and sickened others in past weeks, are much tougher to detect. http://www.cnn.com/2001/TECH/industry/10/18/pathogen.detectors.ap/index.html - - - - - - - - A modest proposal for national ID You could hear the snickering recently when Oracle Chief Executive Larry Ellison and Sun CEO Scott McNealy endorsed the idea of a national identity card. Ever so slyly, the critics suggested these fine gentlemen were just hawking their products -- Ellison with the servicing of a vast database, and McNealy through the sale of new servers. http://www0.mercurycenter.com/premium/business/docs/herhold18.htm http://www.siliconvalley.com/docs/hottopics/attack/014110.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2001, NewsBits.net, Campbell, CA.