October 17, 2002 DOJ responds to House on Patriot Act The public on Thursday got a look at the most extensive report to date on how the U.S. Justice Department has used a 2001 anti-terrorism law to conduct Internet and electronic surveillance. In four letters to Congress, totaling 61 pages, Assistant Attorney General Daniel Bryant said the USA Patriot Act has "provided critical assistance to the efforts of the department and the administration against terrorists and spies in the U.S." http://news.com.com/2100-1023-962468.html - - - - - - - - Senate passes bill to bolster cybersecurity research The Senate late Wednesday passed by voice vote a bill that would authorize $903 million over five years for cybersecurity research in what proponents said is an attempt to address a deficiency in expertise in that area. - - - - - - - - MasterCard bites back on credit card hacking A rise in credit card transactions via the Internet, phone and mail-order is prompting card heavy-weights to push tougher data security standards for merchants, MasterCard said today. MasterCard executives said the increase in so-called "card-not-present" transactions was one of the key reasons for card heavyweights to promote tougher security standards for merchants. http://zdnet.com.com/2110-1106-962458.html - - - - - - - - The Tech Industry Rescue Squad What makes CERT/CC unique is that it functions as an independent security reporting center that assumes anonymity with each client unless it receives permission to use the client's identity. When officials at Carnegie Mellon University's CERT Coordination Center (CERT/CC) noticed unusual scanning activity on the Internet's port 80 -- the conduit for Web traffic -- in July 2001, they knew something was wrong. http://www.newsfactor.com/perl/story/19702.html - - - - - - - - Handy future for online security Will the Quizid card provide solution to digital identity? A credit-card sized device, which could potentially be issued to thousands of citizens, is being heralded as a major breakthrough in the search for establishing secure identification on the internet. Currently buying something on the net, using banking or government services requires users to enter a password and username that are potentially insecure. http://news.bbc.co.uk/2/hi/technology/2334491.stm - - - - - - - - Security hole discovered in Symantec firewalls A flaw discovered in a common component of Symantec Corp.'s firewall technology leaves a number of that company's products vulnerable to denial of service (DoS) attacks, according to a bulletin released by the company and by Advanced IT Security AS, a security services firm with headquarters in Copenhagen, Denmark. http://www.idg.net/ic_957063_5055_1-2793.html - - - - - - - - Microsoft steps on three more bugs Microsoft issued three security warnings late Wednesday affecting its popular SQL Server database, Windows XP operating system, and Word and Excel applications. The SQL Server flaw, which Microsoft deemed critical, is the most serious of the lot. Exploitation of the flaw would "allow a low-privileged user the ability to run, delete, insert or update Web tasks," according to Microsoft's security warning. The flaw affects SQL Server 2000 and SQL Server 7, as well as Microsoft Data Engine 1.0 and Microsoft Desktop Engine 2000, which are used by developers building software using Microsofts Visual Studio development tools. http://zdnet.com.com/2100-1104-962409.html http://news.zdnet.co.uk/story/0,,t269-s2124053,00.html http://news.com.com/2100-1001-962409.html http://www.computerworld.com/securitytopics/security/holes/story/0,10801,75167,00.html - - - - - - - - DARPA developing info awareness The Defense Advanced Research Projects Agency is developing a total information awareness system to enable national security analysts to detect, classify, track, understand and pre-empt terrorist attacks against the United States. The system, parts of which are already operational, will bring together other systems and technologies to help military and intelligence analysts make decisions related to national security, said Robert Popp, deputy director of DARPA's Information Awareness Office, which is heading up the effort. http://www.fcw.com/fcw/articles/2002/1014/web-darpa-10-17-02.asp - - - - - - - - Energys e-gov plans advance with new e-signature software With the flourish of an electronic signature, Energy secretary Spencer Abraham yesterday took the wraps off the departments action plan for e-government. The strategy describes progress in the departments Idea program for launching 19 e-government projects as well as several other programs. Abraham used a plug-in from Entrust Inc. of Dallas to sign the document in Adobe Acrobat. Users across the federal government will be able to use the plug-in for digital signatures under Energys license with Entrust. http://www.gcn.com/vol1_no1/daily-updates/20276-1.html http://www.fcw.com/fcw/articles/2002/1014/web-energy-10-17-02.asp - - - - - - - - Trio vying for encryption work The National Security Agency recently selected three vendor teams to compete to develop Gigabit Ethernet encryptors (GigEE) supporting the secure exchange of top-secret information at speeds of at least 1 gigabit/sec over commercial Internet Protocol wide-area networks. ViaSat Inc., L-3 Communications and General Dynamics C4 Systems recently were awarded 30-month, $10 million development contracts, and are all competing for future production awards, said Bruce Rowe, ViaSat's director of marketing and communications. http://www.fcw.com/fcw/articles/2002/1014/web-nsa-10-17-02.asp - - - - - - - - Finns Declare: Don't Thread on Me Last week's bomb blast in a suburban Helsinki shopping mall may have given message boards a bad name, but it's doubtful it will slow down their burgeoning popularity in Finland or elsewhere. Finnish authorities believe that a chemical engineering student, Petri Gerdt, 17, acted alone in triggering the blast, which killed him and six others and left another 70 injured. Police believe Gerdt learned his bomb-building skills at a small Finnish message board called the Forum for Home Chemistry. http://www.wired.com/news/culture/0,1284,55861,00.html - - - - - - - - Polymorphic Macro Viruses, Part One Polymorphic viruses change their code in fundamental ways with each replication in order to avoid detection by anti-virus scanners. This may mean changing the encryption routine, the sequence of instructions, or other such changes in the behaviour of the virus. This article is the first of a two-part series that will offer a brief overview of the use of polymorphic strategies in macro viruses. This installment will focus on some early examples of polymorphic techniques. http://online.securityfocus.com/infocus/1635 - - - - - - - - Navy computer upgrade buffeted For years, the worst technological enemy facing Navy servicemen and women hasnt been on the open seas. Its been on their desktops. The Navys out-of-date computer systems have created a confusing and inefficient patchwork that has made it difficult to share electronic information. http://www.msnbc.com/news/822505.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.