September 16, 2002 Slapper worm spanks Apache servers A virulent Linux worm is creating an attack network on the Internet, security clearing house CERT warned this weekend. Slapper exploits a previously-disclosed OpenSSL vulnerability, to create an attack platform for distributed denial-of-service (DDoS) attacks against other sites. The worm also has backdoor functionality, according to, security tools vendor ISS. It describes the malicious code as a variation of the much less virulent Apache "Scalper" BSD worm.,1411,55172,00.html Linux worm creating P2P attack network Australia warned to brace for Linux worm attack,2000024985,20268229,00.htm - - - - - - - - White House to unveil initiative for protection against cyberattacks Using Silicon Valley as the backdrop, the White House this week will unveil its most comprehensive plan yet to protect the nation's computer users from cyberattacks. Industry officials who have seen drafts of the plan and White House briefing documents describe a strategy that will rely heavily on voluntary efforts of home computer users and employers and sets new security standards for government agencies, which have been roundly criticized for ignoring computer security. What will it take to secure our cyberspace?,14179,2880198,00.html - - - - - - - - New bill targets Internet sites showing clothed child models The photos on the Web sites portray neither nudity nor sex, yet men by the thousands pay to ogle them shots of preteen girls posing in bikinis and halter tops. Defended as free speech by some, such pictures are being blasted as a "fix for pedophiles" by a congressman who is waging an uphill campaign to banish them from the Internet. The pool of such photos is growing "at an unabated pace," said U.S. Rep. Mark Foley, Florida Republican. - - - - - - - - Schools grapple with installation of filtering software Dale Alexander, the information technology director for Albuquerque public schools, was not exactly a fan of filtering software for blocking pornography and other Web sites deemed inappropriate for children. But when Congress required it of schools that receive certain technology grants, Alexander had no trouble deciding whether to install the software up to $14.7 million was at stake. - - - - - - - - Web sites reinforce security and privacy policies, review finds A Brown University analysis of government Web sites found that more federal and state sites are taking security and privacy seriously compared to last year. The Center for Public Policy at Brown analyzed 1,265 federal and state sites, measuring available features, variations between state and federal sites, and responsiveness to citizens information requests. - - - - - - - - Internet as Weapon Experts Fear Terrorists May Attack Through Cyberspace Intelligence experts worry that the next terrorist strike on the United States will be what they call a "swarming attack" a bombing or suicide hijacking combined with a hit on computers that will make it make tougher for law enforcement and emergency teams to respond. To deal with such a threat, the Bush administration is finalizing a strategy to guard against cyberterrorism. - - - - - - - - Australian researcher uncovers XP vulnerability Unwary Windows XP users can have entire directories emptied of files simply by clicking on a hyperlink, according to an Australian security researcher. The vulnerability occurs when a particular request (in the form of a command in the URL address box) is sent to the Win-XP Help Centre, which then runs a script to delete a file which is derived from the URL. The vulnerability has been posted on security sites.,2000024985,20268254,00.htm - - - - - - - - Video-Conferencing Hole Exposed Malicious hackers are no longer limited to looking at private data -- now they can also see their victims. Even a relatively unskilled attacker can transform some video-conferencing systems into video-surveillance units, using the devices to snoop, record or publicly broadcast presumably private video conferences.,1282,55145,00.html - - - - - - - - Mozilla bug leaks Web surfing data Netscape and other Web browsers based on the Mozilla development project contain a bug that leaks people's Web surfing data, according to a new report. The bug reveals the URL of the page someone is viewing to the Web server of the site last visited. This allows a Web server to track where people go after they leave the site, even if the next Web address comes from a bookmark or is manually typed into the browser. - - - - - - - - A Call to Shutter the Spammers It's a torrent, a flood, an avalanche. It clogs servers and makes gigabit fibers perform like dialup modems. It's a cross between the postal service and Darth Vader. Studies routinely show spam accounting for as much as 50 percent of all e-mail traffic on the Internet. Sadly, spam is everywhere.,1284,54982,00.html - - - - - - - - The front door's unlocked ...and there's an escaped convict in the neighborhood! "Critical" security holes in Windows and Pretty Good Privacy may expose credit cards and allow a system's takeover. Plus, there's a new rash of would-be attackers. - - - - - - - - The Coming Virus Armageddon In addition to being stealthy, experts said, the ultimate computer virus would be polymorphic -- able to change its code, message and form to avoid detection. Computer virus writers are known for building on each other's work to create ever- deadlier malware. In the future, a truly malicious code might not create an immediate uproar by hitting the Internet with a big bang. Instead, it could slowly and quietly seize control of a vast number of computers, doing significant but not immediately apparent damage to data. - - - - - - - - New AES crypto standard broken already? Theoretical attacks against AES (Advanced Encryption Standard) winner Rijndael and runner-up Serpent have been published. They might work in the practical world; they might not. That's about all we can say from the latest edition of Bruce Schneier's CryptoGram newsletter, which seeks to simplify the issues discovered by researchers Nicolas Courtois and Josef Pieprzyk, and elaborated in a paper entitled "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations". - - - - - - - - Privacy Losses Around the World One year after September 11, personal privacy is an international casualty in the war on terror. It has now been one year since the horrific events of September 11th, 2001. It is often said that "everything has changed." That includes privacy, and the changes are not limited to the United States. - - - - - - - - Justice, Treasury award $3 billion data-sharing contract Jointly, Justice and Treasury have awarded six contracts, worth $3 billion over five years, for standard land mobile radio subscriber units. Open lines of communication are vital to tapping into all of the governments resources when investigating illegal activity and protecting the homeland," said Treasury undersecretary for enforcement Jimmy Gurule. This contract is another step toward increased cooperation and communication between law enforcement components. - - - - - - - - Intell chief calls for knowledge base Data authored and tagged in Extensible Markup Language (XML) and combined with search capabilities across governmental databases is a key element in ensuring that the types of intelligence lapses associated with last year's terrorist attacks do not repeat themselves, according to the Marine Corps' top intelligence official. *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.