****************** EDITOR's NOTE ****************** NewsBits editions for 7/16 through 7/19 will be available after Noon PST 07/23, on the NewsBits web site at http://www.newsbits.net . I'm sorry for the delay in making them available. RJL *************************************************** July 22, 2002 Spammers hit by Korean fines Six Web sites, including Internet portal Korea.com, have been fined for bombarding Internet users with spam e-mails, according to reports. South Korea's Ministry of Information and Communication (MIC) announced on Monday that penalties of between 4 million Korean won ($3,440) and 5 million Korean won ($4,300) are being imposed on the six companies. http://zdnet.com.com/2110-1106-945453.html http://news.zdnet.co.uk/story/0,,t269-s2119545,00.html - - - - - - - - Cyber-security infrastructure faulted GAO report: At least 50 government organizations involved Years after orders from the White House to beef up the security of the nations most important computer systems, the government is having trouble identifying which organizations should be involved and how they should be coordinated, according to a new report. http://www.msnbc.com/news/784200.asp - - - - - - - - Davis pushes for baseline security standards in HSD markup Rep. Tom Davis wants to see at least some of his IT security bill, HR 3844, rolled into Homeland Security Department legislation. The Virginia Republican, who chairs the Government Reform Subcommittee on Technology and Procurement Policy, has asked Reps. Richard Armey (R-Texas) and Nancy Pelosi (D-Calif.), the leaders of the Select Committee on Homeland Security, to add provisions of his Federal Information Security Management Act to the final bill. http://www.gcn.com/vol1_no1/daily-updates/19403-1.html - - - - - - - - Lawmakers propose volunteer corps to guard nation's technology U.S. lawmakers want to enlist scientists and technology experts into a volunteer defense corps similar to the military's National Guard to protect the nation's communications systems from terrorists. The U.S. Senate on Friday approved legislation to create the National Emergency Technology Guard, teams of experts available to prevent and respond to terror attacks on the nation's communications infrastructure. http://www.nandotimes.com/technology/story/473380p-3783273c.html http://www.fcw.com/fcw/articles/2002/0722/web-vol-07-22-02.asp - - - - - - - - Internet extends legal reach of national governments Police in Italy didn't care that five Web sites they deemed blasphemous and thus illegal were located in the United States, where First Amendment protections apply. The police shut them down anyway in early July, simply by sitting down at the alleged offender's Rome computer. Talk about the long arm of the law. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3709326.htm http://www.cnn.com/2002/TECH/internet/07/22/borderless.internet.ap/index.html - - - - - - - - Hacking in the name of security 'A little odd sometimes, but very, very smart' Barry "The Key" Wels picks locks for the sport of it, but also to make a broader point. He fiddles with tumblers and cracks safes for fun, and to alert the security industry to the weaknesses of many locks, which serve as a bulwark of society's physical safety. Locks, whether keyed or combination, melt like butter in his hands. http://www.cnn.com/2002/TECH/internet/07/20/hackers.meeting.reut/index.html - - - - - - - - MPAA Snooping for Spies Hoping to end the online trading frenzy that has plagued the music business, the movie industry is hunting down digital film swappers and getting their Internet service cut off. The action is part of intensifying efforts by the entertainment industry to control piracy, efforts that include invasive technical measures. The Motion Picture Association of America uses a special search engine to scour the Web for copyright movies, which circulate on the same peer-to-peer software networks as MP3 music files. http://www.wired.com/news/politics/0,1283,54024,00.html - - - - - - - - Scripting flaw threatens Web servers A flaw found in newer versions of the PHP Web server scripting language could allow attackers to crash, and in some cases control, computers over the Internet, an open-source developer group announced Monday. The vulnerability affects versions 4.2.0 and 4.2.1 of PHP, according to the PHP Group. The flaw compromises different computer architectures in different ways: Web servers running on Intel IA-32 hardware could crash, while other systems, including Sun Microsystems' Solaris, could allow the attacker to infiltrate the computer. http://zdnet.com.com/2100-1105-945502.html http://news.com.com/2100-1001-945480.html http://www.theregister.co.uk/content/55/26316.html - - - - - - - - ElcomSoft uncovers Adobe flaw Thumbing its nose at the company that landed one of its employees in jail, ElcomSoft is pointing out new flaws in Adobe Systems' eBook software. The flaws could allow someone to check out every copy of every book in Adobe's new electronic library for an unlimited amount of time by changing the values in the loan form. However, the bugs were discovered on an Adobe test Web site that demonstrates how the software could be used to set up a lending library --not an actual site that offers books--and ElcomSoft gives information about how to fix the flaws. http://zdnet.com.com/2100-1104-945468.html http://news.zdnet.co.uk/story/0,,t269-s2119545,00.html http://news.com.com/2100-1023-945460.html - - - - - - - - IETF puts weight behind Advanced Encryption Standard The Internet Engineering Task Force (IETF) has published standards for improvements to SSL which add support for the recently ratified Advanced Encryption Standard. Request for Comments (RFC) 3268 adds support for AES to the TLS protocol (Transport Layer Security - which was formerly known as SSL). As well as adding support for AES, the revision makes it easier and more efficient to support forward secrecy. http://www.theregister.co.uk/content/6/26311.html - - - - - - - - Tips for preventing spam It's not exactly poisoning village wells, but those who generate the tons of bogus and unwanted e-mail messages known as "spam" ought to suffer ome appropriate punishment in the hereafter - perhaps having a demon devoted to stuffing flaming pine cones up their personal inbox. In the meantime, those of us who originally switched to e-mail to avoid the junk that came with snail-mail can at least do a few things to get the electronic equivalent of a flea infestation down to manageable proportions. http://www.nandotimes.com/technology/story/473884p-3788619c.html http://www.usatoday.com/tech/webguide/internetlife/2002-07-22-avoiding-spam_x.htm - - - - - - - - Liverpool: I Wanna Hold Your Spam A woman in a major British media company recently contacted the company's entire, 30,000- strong staff with an urgent query: "Has anyone got any blu-tack?" This type of "occupational spam" -- in this case, a plea for the kind of adhesive typically used to stick posters to walls -- has clogged up e-mail servers so much that an English city council has banned the use of internal e-mail one day a week. External and personal mail is unaffected by the ban. http://www.wired.com/news/politics/0,1283,53868,00.html - - - - - - - - High-Flying Schmidt Unstoppable viruses, massive blackouts, hacked pacemakers? The government's number two cyber security guy wasn't this apocalyptic when he worked for Microsoft. This month's dose of demented prediction comes to you courtesy of Howard Schmidt, chairman vice of the President's Critical Infrastructure Protection Board. Alleged "zero-day viruses and affinity worms" will sunder business records, as reported in Network World Fusion and credited to a Schmidt speech at an Information Systems Audit and Control Association (ISACA) conference. Brokerage house trading records will be scrambled, corporate networks rendered molten, CEOs humiliated. http://online.securityfocus.com/columnists/97 - - - - - - - - Like it or not--we need Microsoft's security Back in January, the industry's collective jaw dropped when an internal e-mail from Bill Gates, clearly intended for wider circulation, announced to the world that security was now the company's number one priority, even ahead of new features. http://zdnet.com.com/2100-1107-945405.html - - - - - - - - Fingerprinting of UK school kids causes outcry The widespread fingerprinting of UK primary school children has been roundly condemned by watchdog Privacy International. The human rights watchdog today warned that tens of thousands of UK school children are being fingerprinted by schools, often without the knowledge or consent of their parents. This under-reported electronic finger printing is being conducted as part of a cost cutting "automation" of school libraries. Privacy International has condemned the procedure, branding it "dangerous, illegal and unnecessary". http://www.theregister.co.uk/content/4/26305.html - - - - - - - - Do we need a national ID plan? Brad Jansen, an analyst at the Free Congress Foundation, has long been a dogged opponent of national identification cards. In April, Jansen told a Senate panel that a national ID means "a massive bureaucracy that would limit our basic freedoms." In the past, he and the Free Congress Foundation have teamed with the American Civil Liberties Union, forming an ad hoc coalition to oppose federal standards for driver's licenses. http://zdnet.com.com/2100-1107-945373.html http://news.com.com/2010-1079-945347.html - - - - - - - - Face recognition fails in Boston airport Test runs of the Visionics (now Identix) magical face-recognition terrorist finder at Boston's Logan Airport have failed miserably, as expected. According to a story by the Boston Globe, the security firm which conducted the tests was unable to calibrate the equipment without running into one of two rather serious problems. When it's set to a sensitive level, it 'catches' world + dog. When it's set to a looser level, pretty much any idiot can escape detection by tilting his head or wearing eyeglasses. http://www.theregister.co.uk/content/55/26298.html - - - - - - - - FBI fingers problem system The FBI's computer system upgrade is supposed to enable FBI agents to gain electronic access to information in other agencies' databases, but one database is likely to prove troublesome IDENT, the Immigration and Naturalization Service's collection of more than 4.5 million foreign visitors' fingerprints. http://www.fcw.com/fcw/articles/2002/0722/news-fbi1-07-22-02.asp - - - - - - - - First-responders key to strategy Under President Bush's national strategy for emergency preparedness and response, the proposed Homeland Security Department would build and oversee a comprehensive national system for incident management, which would clarify the roles of federal, state and local agencies in responding to terrorist attacks or natural disasters. http://www.fcw.com/geb/articles/2002/0722/web-local-07-22-02.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.