September 17, 2002
New Net worm creating drones-in-waiting, experts warn
Computer security experts warned Monday
of a new Internet-borne worm that appears
to be trying to amass an army of computer
drones-in-waiting that could be activated
with a single command. Despite the sci-fi
imagery the malicious program evokes, the
risks are relatively low at this time
because it was not spreading quickly and
was being closely monitored, said Jimmy
Kuo, researcher at the anti-virus
company Network Associates.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4088377.htm
New Internet 'worm' targets Apache Web servers
CERT's "Steps for Recovering from a UNIX or NT
System Compromise" Computer security specialists
at the CERT Coordination Center said Monday the
latest Internet worm targets the popular Apache
Web server platform and could be used to launch
attacks against Web sites. As with last year's
"Code Red" episodes, the Apache/mod_ssl worm -
also called linux.slapper.worm and bugtraq.c
worm - looks for vulnerable computers in which
it can place copies of itself, said Marty Lindner,
team leader for incident handling at CERT, part
of Carnegie Mellon University's Software
Engineering Institute.
http://www.nandotimes.com/technology/story/538628p-4259434c.html
Slapper worm continues to put it about
http://news.zdnet.co.uk/story/0,,t269-s2122386,00.html
- - - - - - - -
Australian court bans hate material
Australia's Jewish community won a landmark
court case Tuesday when a judge ruled a Web
site that denied the Holocaust happened and
vilified Jewish people was illegal under
racial discrimination laws. In the first
Australian court decision on race hate and
the Internet, Federal Court Justice Catherine
Branson ordered Fredrick Toben to remove
offensive material from his Adelaide Institute
Web site within the next seven days.
http://zdnet.com.com/2110-11-958221.html
- - - - - - - -
Credit card scam exposes hole in e-commerce security
A mysterious credit card scam involving more
than 100,000 bogus Internet transactions has
delivered another alarming reminder about
online commerce's security weaknesses.
Although no money was actually transferred
in the scheme, more than 60,000 of the
illicit transactions received authorization
codes during a con job exposed late last
week. The authorization codes verified the
validity of those account numbers, opening
the door for more widespread theft had the
ruse not been detected.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4088286.htm
- - - - - - - -
National cyber-security plan calls for voluntary improvements
A national report on securing computer networks
that will be submitted to President Bush avoids
calls for new federal mandates and encourages
businesses to use security improvements to
reassure worried consumers. The Bush
administration's senior adviser on cyber
security, Richard Clarke, said the proposal's
emphasis on voluntary improvements was based
on a recognition that, "government can't do
it all by itself."
http://www.nandotimes.com/technology/story/539963p-4269023c.html
http://www.theregister.co.uk/content/4/27159.html
http://www.usatoday.com/tech/news/techpolicy/2002-09-16-cyber-plan_x.htm
http://www.cnn.com/2002/TECH/internet/09/17/cybersecurity.ap/index.html
http://www.msnbc.com/news/808897.asp
http://news.com.com/2100-1023-958159.html
http://news.zdnet.co.uk/story/0,,t269-s2122417,00.html
White House Slows Cybersecurity Planning
Government Seeks More Input From Technology Firms
The Bush administration will not unveil the final
version of a national cybersecurity plan this
Wednesday, saying it wants to gather more input
from the technology industry. The White House
had been expected to offer a detailed strategy
for protecting the nation's critical information
infrastructure from attack. Instead, the
administration will release another draft
of the strategy.
http://www.washingtonpost.com/wp-dyn/articles/A26061-2002Sep16.html
http://www.washingtonpost.com/wp-dyn/articles/A31347-2002Sep17.html
Dissension, lobbying narrow administration's cyber plan
http://www.govexec.com/dailyfed/0902/091702td1.htm
White House tackles cybersecurity
The White House's cyberspace security plan,
scheduled to be released Wednesday, envisions
a broad new role for the federal government
in maintaining Internet security. While
couching many concepts as mere suggestions,
a draft of the plan seen by CNET News.com
says the government should improve the
security of key Internet protocols and
spend tens of millions of dollars on
centers to recognize and respond to
"cyber attacks." The draft report,
however, is still in flux. As of late
Monday, one controversial section that
appears to have been deleted would have
required companies to contribute money
to a fund to secure computer networks.
http://zdnet.com.com/2100-1105-958159.html
What will it take to secure our cyberspace?
We're on the brink of a digital Pearl Harbor.
That's what President Bush's top cybersecurity
adviser Richard Clarke wants us to believe.
Cyberterrorists are poised to strike
a crippling blow by decimating the
telecommunications infrastructure or by
wiping out the air traffic control system.
From Clarke's point of view, the government
and private sector need to employ protective
measures quickly to avoid a cyber meltdown.
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2880198,00.html
- - - - - - - -
EU data protection chiefs oppose data retention moves
Europe's Data Protection Commissioners have
voiced concern about EU proposals to mandate
phone companies and ISPs to retain customer
data, questioning the "legitimacy" and cost
of the proposals. At present, service providers
only retain data for billing purposes, but
that is set to change because of plans that
ISPs retain data for up to two years, in the
event of it becoming of interest in police
or security service investigations into
serious crime or terrorism.
http://www.theregister.co.uk/content/6/27155.html
http://news.zdnet.co.uk/story/0,,t269-s2122383,00.html
- - - - - - - -
CD pirates add blow-torches to arsenal
Review copies of CDs welded into player.
A US record company is battling pirates by
issuing reviewers with portable CD players
that are glued shut so that the disc cannot
be removed. Epic Records is sealing CD players
and gluing headphones onto them to stop digital
copies being made from promotional albums.
Many in the record industry believe that
the leak in security comes from journalists
handing music to pirates, or simply leaving
pre-release CDs on their desks.
http://www.vnunet.com/News/1135077
http://www.newscientist.com/news/news.jsp?id=ns99992804
http://news.com.com/2100-1023-958353.html
- - - - - - - -
Chief security officers: In demand yet often misunderstood
Digital Evolution already had a chief technology
officer and plenty of security experts. What the
Web services company lacked was a point person
on security. Or as the man ultimately hired for
the job remarked, clients wanted "one neck to
choke." Erick Herring was hired in August 2001
as chief security officer, a title that hardly
existed two years ago. It's an increasingly
popular job title, particularly with CEOs
showing more interest in security after the
Sept. 11 attacks. "Senior executives, say CEOs,
would call in the head of (information technology)
security and the head of physical security into
his office and say, 'Are we prepared?'" said
Giga Information Group analyst Steve Hunt.
"And the two guys had never met."
http://www.usatoday.com/tech/news/computersecurity/2002-09-16-chief-security-officers_x.htm
- - - - - - - -
Who Are the Hackers?
Company employees and trusted third parties,
such as consultants or suppliers, can cause
enormous damage to corporate systems. "With
complex business partner relationships, this
can be a mess to deal with," Giga's Michael
Rasmussen told NewsFactor. Once there were
"black hat" hackers and "white hat" hackers
-- bad guys who broke into computers to wreak
havoc, and good guys who tried to find and
plug loopholes before the bad guys found
them. Today, as opportunities for hacking
have increased, the ranks of hackers have
grown, and their activities and motivations
are more diverse than ever.
http://www.newsfactor.com/perl/story/19419.html
- - - - - - - -
Does E-Commerce Need a Fiercer Watchdog?
"Millions of credit card numbers have been
compromised because of weak security on e-commerce
sites," GartnerG2 research director Rich Mogull
said. "The real goal should be to stop it before
it hits that level." Detecting and preventing
online fraud is like fighting neighborhood
crime. Residents can put locks on doors and
windows, install a security system to detect
intruders, and train a dog to monitor the yard.
If a break-in occurs despite those precautions,
police will investigate and track down any
suspects. A local organization may help deal
with the loss and provide educational material
to help prepare for the future.
http://www.newsfactor.com/perl/story/19418.html
- - - - - - - -
In wake of attacks, America found friend in technology
When terrorists crashed jets into the World Trade
Center, Pentagon and Shanksville, Pa., last year,
technologies such as e-mail, cell phones and the
Internet helped the nation stay current and
connected with family, friends and work. A year
later, technology continues to play an important
role in helping Americans feel safe and informed.
http://www.usatoday.com/tech/news/techinnovations/2002-09-12-attacks-technology_x.htm
***********************************************************
Search the NewsBits.net Archive at:
http://www.newsbits.net/search.html
***********************************************************
The source material may be copyrighted and all rights are
retained by the original author/publisher. The information
is provided to you for non-profit research and educational
purposes. Reproduction of this text is encouraged; however
copies may not be sold, and NewsBits (www.newsbits.net)
should be cited as the source of the information.
Copyright 2000-2002, NewsBits.net, Campbell, CA.