August 20, 2002 Stolen data reveal undercover cops Surveillance firms client list is stolen and posted on Internet; undercover police officers, Secret Service names revealed. Computer intruders have allegedly broken into the online files of a Florida company that provides surveillance technology to the U.S. military, federal agencies and local police forces, and posted confidential information, including the names and email addresses of undercover police officers on a public Web site, has learned. - - - - - - - - Tables turned on superhacker group Mass-defacement crew find own site a target. It would seem that the god of hackers has something of a sense of humour. While one of the most prevalent groups on the scene celebrated its 1,000th hacked website by going on a mass defacement spree, someone else vandalised its own homepage. Over the weekend a notorious Brazilian defacement crew known as Hax0rs Lab went on the rampage to celebrate its 1,000th defaced website. - - - - - - - - EU to force ISPs and telcos to retain data for one year European Union proposals on data retention would compel telecom firms to keep customer email logs, details of internet usage and phone call records for at least a year. That's the gist of proposals leaked via civil liberties group Statewatch, which says the plans increase law enforcement powers without adequate civil liberties safeguards. - - - - - - - - ntlhell protest site defends libel allegations Struggling cableco NTL has so far failed to comment on allegations that a rival Web site contains libellous comments concerning some of those behind its site. In April the cableco bought the protest site in a bid to make it an online forum to help improve customer service. - - - - - - - - 9/11 fails to influence disaster recovery strategies - survey Contrary to the marketing push of many security and storage firms, few users believe the events of September 11 should play a part in developing their business continuity strategies. That's the main conclusion of a survey of IT managers responsible for business continuity, which found more than half (52 per cent) believed brand and customer service should be the most important factors in developing business continuity strategies. - - - - - - - - Cracking the hackers' code If your organisation suffered a computer crime in the past few years and reported it to AusCERT, it was probably an attack from outside your walls. Nearly 90 per cent of Australian organisations that reported an incident were attacked externally, according to the 2002 Australian Computer Crime and Security Survey. This is the first time the threat of being attacked from outside surpassed the likelihood of an assault from inside. - - - - - - - - Small ISP fights back over piracy Upset by legislation that would give the entertainment industry broad technical powers to smother online copyright infringement, a small Internet service provider has decided to fight back. Omachonu Ogali, owner of Information Wave Technologies, said he would use techniques similar to a honeypot meant to attract pests. The method would involve placing fake music files on the Gnutella file-sharing network to identify computers that attempt to disrupt that network. Those computers, presumably working on behalf of the movie and music industries, would later be blocked from reaching the Information Wave Technologies network. Net service provider locks horns with music industry DOJ to swappers: Law's not on your side,,t269-s2121102,00.html Spoofing frustrates music pirates Film industry to try movie theater, video messages to combat piracy - - - - - - - - Haiku'da Been a Spam Filter Refined poetry and ruthless legal prosecution have been brought together in the latest effort to stop spam. A hidden scrap of copyrighted poetry embedded in e-mails will be used to guarantee that any message containing the verse is spam free. And if spammers dare to hijack the haiku, they will be aggressively sued for copyright infringement. The service is being offered by "Habeas," a new spam-filtering service headed by anti-spam activist and attorney Anne P. Mitchell.,1282,54645,00.html Spam filters can delete legitimate e-mail - - - - - - - - New Apache flaw adds to Internet woes A recently discovered Apache security hole, along with flaws in Microsoft servers, are putting the Web's security at risk. Web servers and corporate PCs are at risk from vulnerabilities in the popular Apache server software and in a component of Microsoft's Windows 2000. The Apache flaw could allow an attacker to discover sensitive information or execute malicious code, while the Windows bug makes it possible for users to gain privileges high enough to alter files and user accounts.,,t269-s2121059,00.html - - - - - - - - Office XP vs. bugs, round two Microsoft on Wednesday plans to release its second collection of bug fixes, or service pack, to Office XP, the company confirmed Tuesday. Service Pack 2, a 15MB download, is supposed to enhance Office XP's performance, security and stability, while fixing a wide range of glitches, Microsoft said. "This is a very comprehensive service pack," said Simon Marks, Office product manager. The software giant issued the first Office XP service pack in December. - - - - - - - - Security flaw in key Microsoft services Microsoft on Tuesday warned users of a number of its subscription programs, including product testing and volume licensing, of a potential security flaw affecting the software they use for downloads. The Redmond, Wash.-based software giant strongly urged customers using the File Transfer Manager (FTM) program to upgrade to the newest version. Microsoft released the new version, FTM, in late June. Affected customers can download the update from Microsoft's FTM Web site.,,t269-s2121101,00.html - - - - - - - - Quadrasis Delivers Security For XML, Web Services Hitachi's security unit Quadrasis on Monday delivered a new "firewall" platform that sits at the edge of an enterprise network and inspects and secures XML and Web services traffic. Although Web services give enterprises great flexibility to exchange data and integrate application both inside and outside the firewall, XML protocols via the Internet are sent in the clear, and are thus inherently insecure. Analysts like ZapThink have been forecasting a huge market for Web services security and firewall products, one that could grow to $4 billion by 2006. - - - - - - - - BlackBerry to carry DOD security The company that makes BlackBerry handheld devices is working with the National Security Agency to meet the Defense Department's needs for the increased security of the Secure/ Multipurpose Internet Mail Extensions (S/MIME) standard, the company said. The announcement from Research In Motion (RIM) Ltd. that its BlackBerry products will support the standard comes as the Defense Department is nearing the release of its new wireless security policy, possibly as soon as this week. - - - - - - - - Know Your Enemy: Building Virtual Honeynets This article has been contributed to SecurityFocus by the Honeynet Project. For more information on honeypots and honeynets, please visit the Honeynet Project at Over the past several years, honeynets have demonstrated their value as a security mechanism, primarily to learn about the tools, tactics, and motives of the blackhat community. This information is critical for organizations to better understand and protect against the threats they face. Among the problems with honeynets is that they are resource intensive, difficult to build, and complex to maintain. - - - - - - - - Plans emerging for national security data sharing They may not be the Continental Congress, but hundreds of IT experts from the defense and intelligence communities gathered here yesterday to share ideas and plans on emergency responses to a terrorist attack on the nation. Only blocks from the spot where the Founding Fathers signed the Declaration of Independence, more than 900 government and private-sector officials met to discuss efforts to improve collaboration and information sharing among the hundreds of federal, state and local agencies in charge of emergency response in the event of future terrorist attacks.,10801,73624,00.html - - - - - - - - Web links law enforcement nets Federal, state and local law enforcement agencies soon will have a single Web interface linking separate collaborative networks already in place to increase information sharing across all levels of government. The FBI's Law Enforcement Online (LEO) network and the Regional Information Sharing Systems (RISS) network each serve collaborative needs for various levels of the law enforcement community. By bringing them together through a single Web interface, users will have access to computing resources as well as people and expertise across the entire spectrum, said George March, director of the RISS Office of Information Technology. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.