September 17, 2002 New Net worm creating drones-in-waiting, experts warn Computer security experts warned Monday of a new Internet-borne worm that appears to be trying to amass an army of computer drones-in-waiting that could be activated with a single command. Despite the sci-fi imagery the malicious program evokes, the risks are relatively low at this time because it was not spreading quickly and was being closely monitored, said Jimmy Kuo, researcher at the anti-virus company Network Associates. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4088377.htm New Internet 'worm' targets Apache Web servers CERT's "Steps for Recovering from a UNIX or NT System Compromise" Computer security specialists at the CERT Coordination Center said Monday the latest Internet worm targets the popular Apache Web server platform and could be used to launch attacks against Web sites. As with last year's "Code Red" episodes, the Apache/mod_ssl worm - also called linux.slapper.worm and bugtraq.c worm - looks for vulnerable computers in which it can place copies of itself, said Marty Lindner, team leader for incident handling at CERT, part of Carnegie Mellon University's Software Engineering Institute. http://www.nandotimes.com/technology/story/538628p-4259434c.html Slapper worm continues to put it about http://news.zdnet.co.uk/story/0,,t269-s2122386,00.html - - - - - - - - Australian court bans hate material Australia's Jewish community won a landmark court case Tuesday when a judge ruled a Web site that denied the Holocaust happened and vilified Jewish people was illegal under racial discrimination laws. In the first Australian court decision on race hate and the Internet, Federal Court Justice Catherine Branson ordered Fredrick Toben to remove offensive material from his Adelaide Institute Web site within the next seven days. http://zdnet.com.com/2110-11-958221.html - - - - - - - - Credit card scam exposes hole in e-commerce security A mysterious credit card scam involving more than 100,000 bogus Internet transactions has delivered another alarming reminder about online commerce's security weaknesses. Although no money was actually transferred in the scheme, more than 60,000 of the illicit transactions received authorization codes during a con job exposed late last week. The authorization codes verified the validity of those account numbers, opening the door for more widespread theft had the ruse not been detected. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4088286.htm - - - - - - - - National cyber-security plan calls for voluntary improvements A national report on securing computer networks that will be submitted to President Bush avoids calls for new federal mandates and encourages businesses to use security improvements to reassure worried consumers. The Bush administration's senior adviser on cyber security, Richard Clarke, said the proposal's emphasis on voluntary improvements was based on a recognition that, "government can't do it all by itself." http://www.nandotimes.com/technology/story/539963p-4269023c.html http://www.theregister.co.uk/content/4/27159.html http://www.usatoday.com/tech/news/techpolicy/2002-09-16-cyber-plan_x.htm http://www.cnn.com/2002/TECH/internet/09/17/cybersecurity.ap/index.html http://www.msnbc.com/news/808897.asp http://news.com.com/2100-1023-958159.html http://news.zdnet.co.uk/story/0,,t269-s2122417,00.html White House Slows Cybersecurity Planning Government Seeks More Input From Technology Firms The Bush administration will not unveil the final version of a national cybersecurity plan this Wednesday, saying it wants to gather more input from the technology industry. The White House had been expected to offer a detailed strategy for protecting the nation's critical information infrastructure from attack. Instead, the administration will release another draft of the strategy. http://www.washingtonpost.com/wp-dyn/articles/A26061-2002Sep16.html http://www.washingtonpost.com/wp-dyn/articles/A31347-2002Sep17.html Dissension, lobbying narrow administration's cyber plan http://www.govexec.com/dailyfed/0902/091702td1.htm White House tackles cybersecurity The White House's cyberspace security plan, scheduled to be released Wednesday, envisions a broad new role for the federal government in maintaining Internet security. While couching many concepts as mere suggestions, a draft of the plan seen by CNET News.com says the government should improve the security of key Internet protocols and spend tens of millions of dollars on centers to recognize and respond to "cyber attacks." The draft report, however, is still in flux. As of late Monday, one controversial section that appears to have been deleted would have required companies to contribute money to a fund to secure computer networks. http://zdnet.com.com/2100-1105-958159.html What will it take to secure our cyberspace? We're on the brink of a digital Pearl Harbor. That's what President Bush's top cybersecurity adviser Richard Clarke wants us to believe. Cyberterrorists are poised to strike a crippling blow by decimating the telecommunications infrastructure or by wiping out the air traffic control system. From Clarke's point of view, the government and private sector need to employ protective measures quickly to avoid a cyber meltdown. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2880198,00.html - - - - - - - - EU data protection chiefs oppose data retention moves Europe's Data Protection Commissioners have voiced concern about EU proposals to mandate phone companies and ISPs to retain customer data, questioning the "legitimacy" and cost of the proposals. At present, service providers only retain data for billing purposes, but that is set to change because of plans that ISPs retain data for up to two years, in the event of it becoming of interest in police or security service investigations into serious crime or terrorism. http://www.theregister.co.uk/content/6/27155.html http://news.zdnet.co.uk/story/0,,t269-s2122383,00.html - - - - - - - - CD pirates add blow-torches to arsenal Review copies of CDs welded into player. A US record company is battling pirates by issuing reviewers with portable CD players that are glued shut so that the disc cannot be removed. Epic Records is sealing CD players and gluing headphones onto them to stop digital copies being made from promotional albums. Many in the record industry believe that the leak in security comes from journalists handing music to pirates, or simply leaving pre-release CDs on their desks. http://www.vnunet.com/News/1135077 http://www.newscientist.com/news/news.jsp?id=ns99992804 http://news.com.com/2100-1023-958353.html - - - - - - - - Chief security officers: In demand yet often misunderstood Digital Evolution already had a chief technology officer and plenty of security experts. What the Web services company lacked was a point person on security. Or as the man ultimately hired for the job remarked, clients wanted "one neck to choke." Erick Herring was hired in August 2001 as chief security officer, a title that hardly existed two years ago. It's an increasingly popular job title, particularly with CEOs showing more interest in security after the Sept. 11 attacks. "Senior executives, say CEOs, would call in the head of (information technology) security and the head of physical security into his office and say, 'Are we prepared?'" said Giga Information Group analyst Steve Hunt. "And the two guys had never met." http://www.usatoday.com/tech/news/computersecurity/2002-09-16-chief-security-officers_x.htm - - - - - - - - Who Are the Hackers? Company employees and trusted third parties, such as consultants or suppliers, can cause enormous damage to corporate systems. "With complex business partner relationships, this can be a mess to deal with," Giga's Michael Rasmussen told NewsFactor. Once there were "black hat" hackers and "white hat" hackers -- bad guys who broke into computers to wreak havoc, and good guys who tried to find and plug loopholes before the bad guys found them. Today, as opportunities for hacking have increased, the ranks of hackers have grown, and their activities and motivations are more diverse than ever. http://www.newsfactor.com/perl/story/19419.html - - - - - - - - Does E-Commerce Need a Fiercer Watchdog? "Millions of credit card numbers have been compromised because of weak security on e-commerce sites," GartnerG2 research director Rich Mogull said. "The real goal should be to stop it before it hits that level." Detecting and preventing online fraud is like fighting neighborhood crime. Residents can put locks on doors and windows, install a security system to detect intruders, and train a dog to monitor the yard. If a break-in occurs despite those precautions, police will investigate and track down any suspects. A local organization may help deal with the loss and provide educational material to help prepare for the future. http://www.newsfactor.com/perl/story/19418.html - - - - - - - - In wake of attacks, America found friend in technology When terrorists crashed jets into the World Trade Center, Pentagon and Shanksville, Pa., last year, technologies such as e-mail, cell phones and the Internet helped the nation stay current and connected with family, friends and work. A year later, technology continues to play an important role in helping Americans feel safe and informed. http://www.usatoday.com/tech/news/techinnovations/2002-09-12-attacks-technology_x.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.