July 11, 2002 Panel adds cybersecurity program to homeland bill The House Energy and Commerce Committee on Thursday passed its version of the bill (H.R. 5005) to establish a new Homeland Security Department with several changes, including the creation of a distinct program on cybersecurity. The committee's bill "maintains the primary functions of the new undersecretary for information analysis and infrastructure protection and elaborates and expands upon his responsibility for cybersecurity," said committee Chairman W.J. "Billy" Tauzin, R-La. http://www.govexec.com/dailyfed/0702/071102td1.htm Alliance Proposes Cybersecurity Agency A cybersecurity agency should be created in the proposed Department of Homeland Security, the Business Software Alliance said. The cybersecurity agency would ensure that significant attention and resources are focused on protecting the nation's public and private information infrastructures, the alliance said in a June 28 letter to Rep. Tom Davis, R-Va., chairman of the House Government Reform subcommittee on technology and procurement policy. http://online.securityfocus.com/news/527 - - - - - - - - OMB orders agencies to report on computer security In an ongoing effort to protect the federal government's information infrastructure, newly released guidelines require the government to bolster security reviews of its information and computer systems. According to updated guidelines released last week by the Office of Management and Budget, federal departments and agencies will have to take additional steps to verify the security of their computers' systems by providing quarterly, detailed information on strategies and progress to repair diagnosed security flaws. http://www.govexec.com/dailyfed/0702/071102td2.htm - - - - - - - - Attack of the Cyber-Terror Studies Last month's Business Software Alliance report on cyber security (pdf) concluded that cyber terrorism was going to be really serious, so everyone should protect themselves by giving more money to the members of the Business Software Alliance. How did it reach this conclusion? No, not by using professional intelligence experts or foreign affairs specialists, but by asking corporate security officers for their opinions. http://online.securityfocus.com/news/525 - - - - - - - - Expect Cyber-Catastrophe, Says Bush Advisor Network flaws must be mended, or IP address overload could cause system collapse within decade. In his keynote address at an information technology auditing conference here, Howard Schmidt, President Bush's advisor on cyber- security, predicted that networks operated in the United States and abroad are likely to be brought down by catastrophic events unless security greatly improves. http://www.pcworld.com/news/article/0,aid,102567,00.asp - - - - - - - - National Information Security: Is Clarke the Right Man For the Job? Does the President's Special Advisor on security really understand the issues security professionals are dealing with? In the effort to protect homes and business against the perceived threats of cyber- terrorism, White House Cyber-Security Czar, Richard Clarke is engaging in a series of meetings with security industry representatives to discuss the nature of information security, particularly after September 11. http://online.securityfocus.com/columnists/94 - - - - - - - - Windows worm rears ugly head Datom.A virus poses as Microsoft update. Windows users are being warned to be on the lookout for a virus disguised as 'copyrighted Microsoft code' and claiming to be a Windows update. One expert has even warned that the Windows worm, Datom.A, "could mark an evolution for viruses' modus operandi". The worm may arrive as an email purporting to be a Microsoft update, but it can also spread through open network shares. The actual worm itself consists of three components: MSVXD.exe, MSVXD16.dll and MSVXD32.dll, created using Borland C++. http://www.vnunet.com/News/1133455 - - - - - - - - ACLU: Don't rat out your customers A clutch of civil liberties groups is asking small Internet service providers to get a backbone and stand up to companies seeking to unveil anonymous critics. A group including the Electronic Frontier Foundation, the American Civil Liberties Union (ACLU), and the Center for Democracy and Technology is urging ISPs to alert customers when they are the targets of so-called John Doe legal actions, which try to unmask the identities of people who anonymously air their companies' dirty laundry. The group has sent letters to more than 100 ISPs, asking them to adopt a written policy promising to let customers know if they're targets. http://news.com.com/2100-1023-943160.html - - - - - - - - Lawmakers: Keep your tunes to yourself Legislators are readying a bill that could sharply limit Americans' rights relating to copying music, taping TV shows, and transferring files through the Internet. At the same time, the draft legislation seen by CNET News.com would place the struggling Webcasting industry on firmer legal footing. Two key House legislators wrote the double-edged proposal in consultation with the Library of Congress' Copyright Office. They appear likely to introduce it this month. http://news.com.com/2100-1023-943134.html http://zdnet.com.com/2100-1104-943153.html - - - - - - - - Linux handheld suffers from security hole Sharp's Linux-based handheld suffers from security holes that could let hackers grab private data off a corporate network, according to researchers at a leading university. In an advisory posted Wednesday to a Syracuse University computer- science Web site, researchers said they had found vulnerabilities in Sharp's Zaurus SL-5500 and Zaurus SL-5000D handhelds. http://news.com.com/2100-1040-943163.html http://zdnet.com.com/2100-1104-943058.html - - - - - - - - IE scripting flaw uncovered Security researchers yesterday released details of a cross domain scripting flaw in Internet Explorer ahead of a fix by Microsoft. The flaw leaves applications that use WebBrowser control, including Microsoft IE, Outlook and Outlook Express (when run outside restricted zones), vulnerable to a variety of attacks, researchers from security consultancy PivX say. Possible exploits include elevating privileges, arbitrary command execution, local file reading and stealing arbitrary cookies. http://www.theregister.co.uk/content/55/26147.html http://www.idg.net/ic_884963_1794_9-10000.html http://www.msnbc.com/news/779130.asp http://news.com.com/2100-1001-943125.html http://zdnet.com.com/2100-1105-943018.html http://online.securityfocus.com/news/526 - - - - - - - - MS SQL Server multiple vulns First up we have a trio of issues, all of which have been fixed with a single cumulative patch. There are two exploitable buffer overrun vulnerabilities, one of which allows an attacker to run arbitrary code, and a registry stuff-up enabling the SQL Server service to write to the registry and specify another account, like LocalSystem, say and have OS-like privies. http://www.theregister.co.uk/content/4/26144.html - - - - - - - - Security holds back Web services Despite the submission of standards to OASIS, some analysts feel that security concerns are still a major stumbling block for Web services. Security issues are the number one roadblock to takeup of Web services, according to one market analyst. Last week industry pundits claimed that the submission of the latest version of the Web Services Security (WS-Security) specification to international standards body Organisation for the Advancement of Structured Information Standards (OASIS) was a move in the right direction. http://news.zdnet.co.uk/story/0,,t269-s2118918,00.html - - - - - - - - China software reclaimed from pirates Mao Yi Ding has the same problem that high-flying dot-com executives had a few years ago: He needs more office space. In a cramped room with no air conditioning on a sweltering Beijing afternoon, nothing could dampen Mao's enthusiasm. His company, an antivirus specialist called Beijing Rising Technology, has 10 times more employees than it had in 1999 and was able to raise prices in June because of high demand. http://zdnet.com.com/2100-1104-943058.html - - - - - - - - Bug Watch: Why did the chicken cross the road? Always remember the Green Cross Code. Each week vnunet.com asks a different expert from the antivirus world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week, Clifford May, principal consultant at Integralis, sees that an old joke is still doing the rounds. http://www.vnunet.com/News/1133471 - - - - - - - - Filtering E-Mail with Postfix and Procmail, Part Three This is the third installment in a four-part series on filtering e-mail with Postfix and Procmail. The first two parts of this series focused on how you can stop receiving spam by configuring Postfix for spam prevention. This segment will introduce you to the methods of stopping spam with Procmail. http://online.securityfocus.com/infocus/1606 Filtering E-Mail with Postfix and Procmail, Part One http://online.securityfocus.com/infocus/1593 Filtering E-Mail with Postfix and Procmail, Part Two http://online.securityfocus.com/infocus/1598 - - - - - - - - Businesses see bonanza in homeland security As government workers browse the booths at a high-tech expo here, a large placard declares, "Homeland Security and Defense is SERIOUS BUSINESS." Unstated is another truth: It's also serious money. The Sept. 11 terrorist attacks on the United States have created a wave of new government spending reminiscent of the space program in the 1960s or the savings and loan bailout of the 1980s. http://www.usatoday.com/life/cyber/tech/2002/07/11/terror-gadgets.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.