September 10, 2002 New Sept. 11 worm not a threat Buggy Chet comes with attachment named 11september.exe. A programming prankster has released an Internet worm that seeks to tempt victims by promising a message about Sept. 11. Antivirus firm F-secure Corp. rates the worm called Chet a low risk because it is hampered by programming bugs, and doesnt work as its author intended. http://www.msnbc.com/news/806381.asp - - - - - - - - Administration Pares Cyber-Security Plan As the White House moves to finalize a national plan to better secure cyberspace, high-tech firms and other companies are continuing a furious campaign to have some recommendations struck from the document. The administration no longer plans to recommend that Internet service providers such as America Online, MSN and EarthLink bundle firewall and other security technology with their software. Instead, it will ask ISPs to "make it easier" for home users to get access to such protections. http://www.washingtonpost.com/wp-dyn/articles/A59168-2002Sep9.html - - - - - - - - Bill urges rules for policing privacy A House committee on Tuesday approved a bill that would require federal agencies to take privacy more seriously. The Judiciary committee approved the Federal Agency Protection of Privacy Act by voice vote, which means it goes to the full House for a possible floor vote within the next month. http://news.com.com/2100-1023-957419.html - - - - - - - - Post-9/11, 'sanitized' sites aim to shield data Agencies, groups remove information deemed too sensitive. Before September 11, 2001, most federal groups viewed the Internet as a place to store their vast library of public documents and as a way to network with community leaders in a timelier manner. But in the days that followed 9/11, authorities revealed that terrorists also used the Web because they had access to the same technology. http://www.cnn.com/2002/TECH/internet/09/10/ar911.sensitive.sites/index.html - - - - - - - - Virus-ridden UK spread email nasties Public rather than companies responsible for virus activity. The UK is one of the focal points of world email virus activity - and it is members of the public that are causing the problem. A report from antivirus service provider MessageLabs found that UK companies received over 25 per cent of all intercepted email viruses in August, second only to the US. Three per cent of emails monitored contained a potentially harmful payload. About one in 40 emails to retail and leisure companies were infected, with legal and finance companies getting less than one in 400. http://www.vnunet.com/News/1134930 - - - - - - - - VeriSign, Intel team up on secure computing Internet security company VeriSign Inc. and chip giant Intel Corp. Tuesday said they will work together to build content security directly into new computers, potentially saving companies time and money and protecting confidential data from prying eyes. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4043915.htm http://online.securityfocus.com/news/614 http://zdnet.com.com/2251-1110-957096.html http://www.msnbc.com/news/806011.asp - - - - - - - - IE 6 SP1 omits fixes for 20 outstanding flaws Researchers have discovered that inadequate security restrictions in Internet Explorer make it possible for an attacker to execute script on any Web page that containing frames. Grey Magic Software describes the vulnerability as critical, a warning backed up by several proof of concept demonstrations. Because of the way frames (and iframes) are handled by IE version 5.5 and above, attackers are able to get to all sorts of mischief with minimal effort. http://www.theregister.co.uk/content/55/27048.html - - - - - - - - XP Service Pack Said to Fix Major Flaw Security boards are buzzing with warnings of a serious hole, but Microsoft is simply urging users to upgrade. Microsoft always urges users to update programs when it ships a Service Pack, but an easily exploited Windows XP flaw makes it especially important that users of the operating system download and install the newly released SP1 promptly, several security experts warn. The Win XP flaw is described as a still little-known but critical vulnerability, and is described as "trivially easy" to exploit by some who have studied it. It could allow files on any PC running Windows XP to be deleted simply by clicking on a malicious URL, according to bug hunter's reports. http://www.pcworld.com/news/article/0,aid,104810,00.asp - - - - - - - - Blocked China Web users given detour Chinese Internet users trying to access the blocked search engine Google are being routed to an array of similar sites in China, the latest sign of an escalating media clampdown ahead of November's Communist Party congress. Hijacked attempts to log on to the immensely popular Web tool, already blocked more than a week long, triggered a flurry of criticism in Chinese chatrooms and biting disclaimers from beneficiary sites. http://www.cnn.com/2002/TECH/internet/09/10/china.google.reut/index.html - - - - - - - - Surveillance Society Don't look now, but you may find you're being watched These days, if you feel like somebody's watching you, you might be right. One year after the Sept. 11 attacks, security experts and privacy advocates say there has been a surge in the number of video cameras installed around the country. The electronic eyes keep an unwavering gaze on everything from the Golden Gate Bridge to the Washington Monument. http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/09/09/BU.DTL - - - - - - - - Technology Versus Terrorism The Iridium network, developed by Motorola, relays signals between its 66 low-flying satellites. The U.S. military uses Iridium phones for field operations. Satellite-based communications networks can help combat terrorism, according to a new report issued by Datacomm Research. These networks were originally built for ordinary civilian communications, but they failed to compete effectively with land-based cellular networks. However, some are proving to have significant military and security applications. http://www.newsfactor.com/perl/story/19351.html - - - - - - - - US security plagues US emergency alert system The FCC-mandated network that lets officials interrupt radio and television broadcasts in an emergency is wide open to electronic tampering, and the government has no plans to fix it. A national alert system that gives the president the ability to take over the U.S. airwaves during a national crisis may inadvertently extend hackers the same courtesy, thanks to security holes that put radio stations, television broadcasters and cable TV companies at risk of being commandeered by anyone with a little technical know-how and some off-the- shelf electronic components. http://online.securityfocus.com/news/613 - - - - - - - - Who's bluffing whom on cybersecurity? Remember Omar Abdel-Rahman? This blind Egyptian sheik convicted in the 1993 car bombing of the World Trade Center had a long affiliation with terror groups dating back to the assassination of Egyptian President Anwar Sadat in 1981. That didn't bar his entry into the United States, which granted Rahman permanent resident alien status nine years later. Had Rahman's rap sheet been brought to the attention of the Immigration and Naturalization Service, the goof-up might have been avoided. But bureaucracies change slowly. It turns out that information about the Sept. 11 hijackers was available in different federal, state and local databases. http://zdnet.com.com/2100-1107-956847.html - - - - - - - - Security pros: Our defenses are down Though most corporate security professionals see network protection as critical, they have only made modest gains in securing their companies, according to a report published Monday. The Internet Security Alliance's survey of 227 information security professionals worldwide found that nearly 88 percent of participants believed that protecting their business information was essential to their company's survival. But only 56 percent are prepared for cyberterrorism and information threats, up 20 percent since the Sept. 11 attacks. http://zdnet.com.com/2100-1105-957219.html - - - - - - - - Evaluating Network Intrusion Detection Signatures, Part 1 Over the past several years, a number of academic and commercial entities have conducted evaluations of various network intrusion detection (NID) software, to determine the overall effectiveness of each product and to compare the products to each other. Many system administrators and security analysts are also responsible for conducting their own evaluations of NID products, in order to choose a solution for deployment in their environments. http://online.securityfocus.com/infocus/1623 - - - - - - - - Northcom to have joint intell cell The Defense Department's new Northern Command will include a joint intelligence center with representatives from numerous federal civilian, intelligence and DOD agencies, according to the command's chief of staff. Army National Guard Maj. Gen. H. Steven Blum, Northern Command's chief of staff, said the command will house "resident liaisons" from the Federal Emergency Management Agency, the FBI, the CIA, the National Security Agency, the Defense Intelligence Agency and other organizations that will form a "joint intelligence and information fusion center or cell." http://www.fcw.com/fcw/articles/2002/0909/web-intell-09-10-02.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.