April 5, 2002 Government agency hacked by teenager - again A young computer enthusiast called 'splices' has broken into a database of government contracts, apparently at the US General Services Administration (GSA), due to incredible carelessness with passwords. The necessary information was included in the comments section of a login banner. We won't tell you what the login and password were, but we will tell you that they were absurdly weak and eminently guessable. Broadcasting them made the situation only slightly worse. http://www.theregus.com/content/55/24533.html - - - - - - - - Judges end porn trial on skeptical note A two-week federal trial to determine how far the government can go to protect children from pornography on library computers ended on Thursday with judges openly concerned about whether the latest online smut law from Congress infringes on free-speech rights. The Children's Internet Protection Act, or CIPA, which supporters view as the government's best shot yet at reining in online smut, requires public libraries to install filtering software on all computers or lose federal technology funding. http://www.cnn.com/2002/TECH/industry/04/05/internet.porn.reut/index.html Federal judges to weigh Internet filtering law http://www.nandotimes.com/technology/story/345106p-2841270c.html - - - - - - - - Semantic Attacks a New Wave of Cyber-terrorism Hits Home IN the wake of the terrorist attack on New York on September 11 all forms of national and international security have been dramatically stepped up. Although people mainly associate this with airport and travel- related security, the Internet is also being scrutinised. In addition to the more noticeable attacks made possible across the Internet, several more subtle threats exist. These include attacks on meaning, also known as 'semantic attacks'. Such attacks can go unnoticed on text heavy websites (for example on-line news services and government sites). Sites such as these influence the opinions of the people who read them and changes in the text can convey dangerous and misleading messages. http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=7811 - - - - - - - - Hacking up, disclosure down, FBI survey says Most large corporations and government agencies have been attacked by computer hackers, but more often and more frequently they do not inform authorities of the breaches, an FBI survey finds. The survey released Sunday found about 90 percent of respondents detected computer security breaches in the past year but only 34 percent reported those attacks to authorities. Many respondents cited the fear of bad publicity about computer security. http://www.nandotimes.com/technology/story/347520p-2853392c.html - - - - - - - - More Government, Military Databases Left Exposed For the third time in less than a month, internal databases owned by U.S. government agencies have been found exposed to anyone with a Web browser. The latest government sites that allowed visitors to view private documents include those operated by the Defense Information Systems Agency (DISA), the Department of Commerce's International Trade Administration (ITA), and the U.S. Navy's Distance Support Anchordesk. http://www.newsbytes.com/news/02/175695.html - - - - - - - - SSL encryption weaker in Europe than US UP TO 18 percent of servers using SSL (Secure Sockets Layer) encryption technology for Web site encryption are potentially vulnerable to hackers, with the problem being far more pronounced in Europe than in the U.S., according to the latest monthly survey of Web server usage conducted by Netcraft. http://www.idg.net/go.cgi?id=661386 - - - - - - - - Web-based attacks set to soar Automated scripts now the most significant risk Internet-based threats rose significantly in 2001 and continued to climb through the early months of 2002, according to a new report. Traditional incidents such as virus and Denial of Service attacks remained at or above previous levels, but automated scripts against common vulnerabilities are now the most significant online risk, said Internet Security Systems (ISS). The threats will continue to increase until fundamental internet risk actors are dealt with, the company said in its Internet Risk Impact Summary Report for the first quarter of 2002. http://www.vnunet.com/News/1130673 Server port 80 plagues Internet security THE INTERNET HAS become a riskier place for businesses since the fall of 2001 and doesn't look to be any more secure in the near future, according to security firm Internet Security Systems, which released its security incident figures for the first quarter of 2002 Wednesday. The Sept. 11 terrorist attacks on the U.S. have not prompted any obvious cyberattacks, ISS concluded. http://www.infoworld.com/articles/hn/xml/02/04/03/020403hniss.xml - - - - - - - - Watch out for snooping spam Watch out--the spam choking your e-mail in-box may be loaded with software that lets marketers track your moves online, and you may not even be aware that you've been bugged. Web sites have long planted bits of code called "cookies" on consumers' hard drives to tailor Internet pages for returning visitors and better target ads. Now, enhanced messages that share the look and feel of Web pages are being used to deliver the same bits of code through e-mail, in many cases without regard for safeguards that have been developed to protect consumer privacy on the Web. http://zdnet.com.com/2100-1105-876183.html http://news.zdnet.co.uk/story/0,,t269-s2107807,00.html http://news.com.com/2100-1023-875992.html - - - - - - - - FBI valued career advancement over security, report says FBI management has fostered a culture in which agents view internal security measures as bureaucratic and security investigation duties as a threat to career advancement, a special commission set up in the wake of the Robert Hanssen spying case said Friday. Attorney General John Ashcroft created the commission to review the FBIs security programs shortly after authorities arrested FBI agent Robert Hanssen in February 2001 on espionage charges. William Webster, a former director of the CIA and FBI, chaired the commission and will testify on its findings before the Senate Judiciary Committee Tuesday. http://www.govexec.com/dailyfed/0402/040502m1.htm - - - - - - - - Microsoft Plugs Holes in NT, 2000, XP 'If compromised, [the security hole] would allow anybody to take over the privileges allowed to everybody else,' Aberdeen Group vice president Jim Hurley told NewsFactor. Microsoft has released patches for two security holes that primarily affect Windows NT and 2000, including operating systems and servers. One of the vulnerabilities also affects Windows XP, the software firm said. http://www.newsfactor.com/perl/story/17139.html http://www.idg.net/ic_841639_1794_9-10000.html - - - - - - - - Ross: Systems complexity threatens security At todays National Institute of Standards and Technology conference on continuity of IT operations, Ron S. Ross, director of the National Information Assurance Partnership, said the growing complexity of IT systems has outstripped our ability to protect them. Complexity is the No. 1 enemy of security, Ross said. Also addressing the NIST conference, former House Speaker Newt Gingrich said more basic research is needed to protect the nations information resources. Unless we invest dramatically more in research, we will be unable to sustain our role as a world power, he said. http://www.gcn.com/vol1_no1/daily-updates/18337-1.html - - - - - - - - New vulnerability products are old hat The recent news about new or improved vulnerability assessment products isn't exactly great news for enterprise IT managers. Why? There aren't really any big improvements. Network Associates, for example, introduced ThreatScan, a software package that's designed to proactively search every device on your network and look for holes through which worms could slip. And the recently released FoundScan Vulnerability Management System looks for and tracks vulnerabilities until they're fixed. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2859906,00.html - - - - - - - - Sept. 11's Impact On Data Security Is Limited Big enterprises were hit by hacker attacks in 2001 significantly more than small and medium companies. And despite the focus on corporate data security after Sept. 11, big companies haven't significantly changed their thinking about their approach to data security. Those are two of the key findings in a recent study of 405 corporate LAN managers conducted in February by In-Stat/MDR. http://www.internetwk.com/story/INW20020404S0009 - - - - - - - - Sentencing commission considers hackers' motives The courts may one day treat recreational hackers with a gentler justice than malicious intruders and cyber thieves, depending on the results of a study being spearheaded by a member of the government commission responsible for setting federal sentences. Since 11 September and the passing of the USA Patriot Act into law, hackers have been lumped into an homogeneous and enigmatic category of evildoers, along with terrorists, drug dealers, and arms smugglers. The act provides for a maximum of ten years in jail for first time computer criminals, and the definitions of these crimes are vague at best. http://www.theregister.co.uk/content/55/24721.html - - - - - - - - Celine Dion disc could crash European PCs It's not hard to believe that the voice of Canadian diva Celine Dion might shatter glass -- but will it crash your computer? That's the word from Sony Music Entertainment, the owner of Dion label Epic/Sony, which released a copy-protected version of her new album, "A New Day has Come," in Europe. The discs -- Sony doesn't call them CDs -- include a label warning consumers that they aren't meant to be used with either PCs or Macs. http://news.zdnet.co.uk/story/0,,t269-s2107848,00.html - - - - - - - - Firm warns of NetWare security hole Novell to fix breach as soon as tomorrow. IT managers of NetWare 5.1 and NetWare 6 networks need to be aware of a vulnerability in the operating system that makes it subject to intrusions that could cause the system to crash. IXSecurity.com, an IT security firm, reported Thursday that NetWare 5.1 and 6 are vulnerable to a buffer overflow condition that could affect server operation. http://www.nwfusion.com/news/2002/0404nwpatch.html - - - - - - - - Bertelsmann plans Napster takeover Reports suggest the German giant could be prepared to spend up to PS21m to buy the legal profession's favourite music-swapping service. German media and publishing giant Bertelsmann may be planning to launch a takeover bid for Napster, the MP3 file- sharing company that is still deeply mired in copyright disputes. In an interview with German newspaper Die Welt, Bertelsmann's chief executive Thomas Middelhoff said that despite its ongoing legal battles with the record industry, Napster could become the Internet's most successful music platform ever. http://news.zdnet.co.uk/story/0,,t269-s2107860,00.html Lessig's doomsday look at cyberspace http://news.com.com/2009-1023-877317.html Is digital copying about to die? http://www.msnbc.com/news/734617.asp Piracy pillages music industry http://www.usatoday.com/life/cyber/tech/2002/04/05/music-piracy.htm - - - - - - - - Kazaa upgrade adds filter function Australia-based Sharman Networks released a new version of its popular Kazaa file-trading software Thursday, adding a new look and a few features to the peer-to-peer program. The software now includes a password-locked "family filter" function that allows parents to block downloads of pornography or other material. A recommendations feature has also been added. http://zdnet.com.com/2110-1105-876562.html Morpheus to make redirecting software optional http://news.zdnet.co.uk/story/0,,t269-s2107804,00.html - - - - - - - - Big Blue builds a corporate copy lock IBM will announce new digital rights management (DRM) software on Monday that allows companies to protect everything from music files to videos. IBM's Electronic Media Management software works to digitally protect text, image and video files, as well as Adobe PDF and Open-eBook files. The first version of the software, released last year, only handled music files. http://zdnet.com.com/2100-1106-877247.html - - - - - - - - IM-Based E-Commerce's Missing Link: Security IM will never reach its potential in the e-commerce arena as long as its evolution continues to emulate that of e-mail. Why does there always have to be a catch? E*Trade's recently announced agreement to deliver streaming financial data and trading access through Yahoo's instant messaging (IM) technology shows refreshing promise and optimism. A technophile at heart, I immediately began to imagine IM-based e-commerce scenarios that would revolutionize business and consumer e-commerce. But wait a minute. Haven't we been down this road before? In order for IM to graduate from electronic chitchat to e-commerce, it first must close its egregious security gaps. http://www.ecommercetimes.com/perl/story/17103.html - - - - - - - - Sultans of E-Commerce Security Vulnerability assessment firms give companies a revealing X-ray of their situation before they spend money on products that might prove ineffective, said Forrester's Laura Koetzle. In the world of e-commerce security companies, experts find it impossible to agree on which provider is king. But they agree emphatically that nobody does it all. That is because "all" has become increasingly hard to define as Internet use has increased in recent years. With new threats constantly cropping up -- ranging from hacking threats to new viruses and identity thievery -- the number of security companies getting into the game also has been rising steadily. http://www.newsfactor.com/perl/story/17074.html - - - - - - - - RTFM: WLan security part 1 In the first of a two-part series looking at security issues facing wireless Lan technology, David Ludlow looks into the lengths that crackers will go to when they are trying to infiltrate your network. We've all seen the reports and news stories proclaiming how insecure WLans are. The same comments can go for most technologies; it's just a matter of how you implement and deal with them. WLans provide a cheap and reliable network that can even be used to link buildings together without the need for a leased line. http://www.vnunet.com/Features/1130346 - - - - - - - - Implantable Spy Chip Gets Green Light from U.S. The company said the VeriChip could be combined with a global positioning system and used for security purposes by potential kidnap victims. A Florida company Thursday said that it will begin marketing and selling a microchip that can be implanted under the skin, after receiving the go-ahead from the U.S. Food and Drug Administration (FDA). The FDA advised the company, Applied Digital Solutions, that its biochip, called "VeriChip," is not considered a medical device and therefore is not subject to FDA regulation. http://www.newsfactor.com/perl/story/17127.html - - - - - - - - Skeptics find NASA's anti-terrorism security measures ineffective and annoying Shuttle Atlantis is scheduled to lift off to the international space station today under a partial news blackout that critics are calling needless and ineffective. For the first time, NASA is enforcing new post-Sept.11 anti-terrorism measures approved by the space agency last month. Controversy about the policy surrounds this afternoon's launch of a crucial 11-day shuttle flight, which will kick off the station's third phase of assembly. Atlantis' astronauts plan to install the foundation of a structural beam to support four future sets of massive power-producing solar panels. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3005852.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.