October 30, 2002 Reuters says it wasn't hacking Responding to accusations of "hacking" from Swedish software company Intentia, the Reuters news agency has claimed that it merely downloaded information from a publicly accessible section of the company's Web site. On Saturday, Intentia alleged that Reuters had accessed its computers without authorization. In a company announcement they openly accused the news agency of "breaking in to" its systems. http://zdnet.com.com/2110-1105-963881.html - - - - - - - - Merkur Worm Hits File Swappers There's another new virus on the loose, only this one poses as a fix for other viruses and spreads on popular peer-to-peer (P2P) file sharing networks. The Merkur worm is a Visual Basic script that spreads through file sharing networks such as KaZaA, Bearshare, and eDonkey, as well as through mIRC, an Internet Relay Chat program. It also sends itself out to contacts mined from Outlook address books and targets computers running Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, and Windows Me. http://abcnews.go.com/sections/scitech/TechTV/techtv_merkurworm021030.html - - - - - - - - Verizon settles anti-spam lawsuit Verizon Communications has settled its anti-spam lawsuit against Additional Benefits LLC and its owner, Alan Ralsky. Verizon Online, a division of Verizon, sued the Detroit company and Ralsky in federal court in Virginia in March 2001, alleging the defendants flooded its subscribers with unsolicited commercial e-mail messages in late 2000. Under the terms of the settlement, Additional Benefits and Ralsky have agreed to a permanent injunction barring them from transmitting unsolicited bulk e-mail messages of any kind through Verizon Online's network or to its subscribers. http://www.nandotimes.com/technology/story/597031p-4631298c.html - - - - - - - - Court helps out cable TV pirates A father-and-son pair of cable TV pirates violated the law but a $30 million judgment against them should be reduced, an appeals court said Tuesday. The Seventh Circuit Court of Appeals said in a 15-page decision that the two Chicago-area men were denied crucial information during their trial that could have helped their defense. http://news.com.com/2100-1023-963884.html - - - - - - - - Anti-porn law back in court Congress' most recent attempt to restrict sexual material on the Internet is on trial. Again. This week, the 3rd U.S. Circuit Court of Appeals in Philadelphia heard arguments for the second time in a lawsuit challenging the Child Online Protection Act (COPA). The appeals court had originally overturned the 1998 law, but the case made its way to the Supreme Court. Last May, the high court ruled it was not ready to hear the challenge to COPA and sent it back to Philadelphia for additional proceedings, leaving in place, however, a preliminary injunction prohibiting enforcement of the law. http://news.com.com/2100-1023-963930.html - - - - - - - - Expert warns extremist groups could plot Net attack Governments and corporations remain vulnerable to the potential threat of cyber attacks, particularly those inflicted by organised extremist groups, a leading security expert warned on Wednesday.``We do not have concrete evidence that terrorists are about to carry out sabotage by coming through cyber space,'' said Brian Michael Jenkins, a security adviser for the Santa Monica, Calif. -based RandCorporation. http://www.bayarea.com/mld/mercurynews/4404196.htm - - - - - - - - HHS bolsters security The Department of Health and Human Services has selected Internet Security Systems Inc. to ratchet up cybersecurity protection throughout the department's 12 divisions. The one-year contract, with four one-year options, was awarded Oct. 2. It is part of a General Services Administration task order to ISS' partner Northrop Grumman Information Technology. It will provide round-the-clock monitoring of its production systems and scheduled vulnerability assessments for divisions across the department. http://www.fcw.com/fcw/articles/2002/1028/web-hhs-10-30-02.asp - - - - - - - - Aust police, manufacturers in standoff over device security Australia's law enforcement agencies are refusing to disclose to manufacturers when and how they breach the security systems of embedded devices, to avoid changes being made to those systems, an Australian Federal Police forensic specialist claims. Chris Buttner, a specialist with the AFP's Computer Crime Team, said while most manufacturers of embedded devices are generally helpful when asked how to extract information from their products to assist in a case, cooperation in cracking the security features is less forthcoming. http://www.zdnet.com.au/newstech/security/story/0,2000024985,20269472,00.htm - - - - - - - - Attack of the Mod Squads On September 16, 2002, Microsoft, Sony and Nintendo filed a lawsuit against Hong Kong distributor Lik Sang International Ltd, in the High Court of Hong Kong, alleging that the company had infringed copyrights associated with their various gaming systems. In response, the company shut down, and when it came back up three weeks later, it was no longer selling mod chips. The affair is the strongest demonstration yet of how gaming manufacturers -- with the cooperation of various government agencies -- are cracking down not just on copyright infringement, but also on basic technology itself. http://www.theregister.co.uk/content/54/27834.html - - - - - - - - Studios, broadcasters upset by Microsoft's TV software When it comes to battling video piracy, Microsoft Corp. can't seem to find a happy medium. Last month, the company trotted out a new version of its operating system, dubbed Windows XP Media Center edition, which enables consumers with specially equipped computers to make digital recordings of TV shows. But the software drew catcalls from reviewers because it automatically slapped all recordings with electronic locks that limited their use. http://www.nandotimes.com/technology/story/599099p-4641943c.html - - - - - - - - EMI to Use Audible Magic to Track Web Piracy Looking for more help battling Internet piracy, EMI Recorded Music announced plans Tuesday to work with a Bay Area company that tracks unauthorized copying of music online. The label, home to such artists as the Beatles, the Beach Boys and Garth Brooks, expects to launch an anti-piracy project with Audible Magic Corp. of Los Gatos this year, the companies announced. "We're going to use [the technology] to look at different ways of keeping track of what's going on with our content, whether it's uses that we've authorized or uses that are stealing from our artists," said Jay Samit, senior vice president of new media at EMI. http://www.latimes.com/technology/la-fi-emi30oct30,0,7012262.story - - - - - - - - NSA and NIST complete profiles for security needs The National Institute of Standards and Technology and the National Security Agency have completed profiles for recommended security features for five of the 10 technology areas the agencies have targeted for profile development. The Protection Profiles, when completed, will be included in the evaluation process for Common Criteria certification of IT security products. "There are going to be a lot of profiles coming out in the next six months," said Rex Myers, NSA security architect. http://www.gcn.com/vol1_no1/daily-updates/20373-1.html http://www.fcw.com/fcw/articles/2002/1028/web-nist-10-30-02.asp http://news.com.com/2100-1001-963966.html - - - - - - - - MasterCard to send anti-skimming cards to Australia MasterCard International plans to make available to Australian banks in the first or second quarter 2003 new technology designed to minimise a type of credit card fraud known as card skimming, executives said this week. The Magneprint technology, presently being beta- tested in Kuala Lumpur, Malaysia, is designed to prevent card skimming, whereby a perpetrator fraudulently captures data stored on an electronic device or other media. The data is then used to produce a duplicate or cloned card, which can then be used for fraudulent purchases. http://zdnet.com.com/2110-1106-963931.html - - - - - - - - Security Gets HIP Step aside, intrusion detectionthere's a bigger and badder tool making the security scene. It's HIPliterally. Host intrusion prevention is the name, and it's elbowing those plain-Jane intrusion detection systems aside by keeping intruders from getting past the velvet ropes of the network in the first place. Sure, the IDS market has doubled in the past two years, but the technology is somewhat limited: While IDS tools help collect and manage the data needed to protect the network, the data is gathered only after the intruder is in. http://www.techweb.com/tech/security/20020410_security - - - - - - - - Introducing Network Attached Encryption Application security specialist Ingrian Networks has developed a technology to offload encryption functions from application or database servers onto appliances with the aim of providing more robust security for data in storage. Ingrian, which made its name marketing hardware platforms to speed up the processing of SSL, secure caching, and secure switching (securing data in transit a market that has become commoditised), has developed software service engines to secure data in storage as well. It calls this technology Network Attached Encryption. http://www.theregister.co.uk/content/55/27843.html - - - - - - - - Responsible Disclosure by Corporate Fiat The new Organization for Internet Safety aims to make vulnerability disclosure more responsible. It's a good idea, but is the group too corporate to pull it off? I must have a masochistic streak. Nothing else could explain why I occasionally argue in this space that people should act responsibly when disclosing holes in software. If I even hint that the doctrine of full disclosure has limits, the reaction is overwhelming. Among other things, I've been called a Microsoft lackey, a fascist, and "just a plain dolt." You'd think I was criticizing CISSPs. http://online.securityfocus.com/columnists/120 - - - - - - - - Weak copyrights would kill "fair use" A debate has gathered over the importance of copyright protection in developing nations. That debate was recently stoked by the Commission on Intellectual Property Rights (CIPR), a UK organization which concentrates on the integration of intellectual property rights into development policy. In a recent study, the group advocated a more lax approach to international copyright rules than advocated by TRIPS or WIPO. The argument centers around the notion that strict adherence denies copyright-poor third world nations access to rich world technology information. http://zdnet.com.com/2100-1107-963675.html Digital copyright law on trial http://news.com.com/2100-1023-963975.html - - - - - - - - The Day the Net Nearly Choked On Oct. 21 a cyber-attack threatened to overwhelm it. Here's what happened and what's needed to make sure it doesn't happen again. The newsgroups and chat rooms in the computer- security biz are still buzzing about the Oct. 21 distributed denial of service attack (DDOS) that tried to clog the heart of the Internet. That attack used a constellation of hijacked computers to unleash a surging wave of bogus data traffic aimed at the 13 so-called root-level domain name servers (DNS) that function as the authoritative directory assistance for the Internet. http://online.securityfocus.com/news/1539 - - - - - - - - Is Linux the Key to Securing Cyberspace? The debate over securing cyberspace collided with the rivalry between open source and proprietary technologies Tuesday--but the government still says it's not getting involved. A security summit here Tuesday explored how open source technologies can secure networks and computer systems, particularly in government agencies and offices. http://www.pcworld.com/news/article/0,aid,106488,00.asp - - - - - - - - Rooting Around Site With Intent? The theory of security by obscurity may soon come under legal review. Intentia, a prominent, mid-sized enterprise software vendor, says it filed a complaint on Monday with Sweden's National Criminal Investigation Department. The company claims a reporter from Reuters news service "broke into Intentia's computer systems" to obtain Intentia's third quarter 2002 financial results. http://www.wired.com/news/politics/0,1283,56079,00.html - - - - - - - - Group advises open source for Defense Mitre, a not-for-profit engineering and IT organization that works with the US federal government, has recommended that the US Department of Defense take steps to encourage open-source software in the department's infrastructure. A report published on Monday found that what it terms FOSS (free and open- source software) "plays a more critical role in the DoD than has been generally recognized," and noted that if open source was banned the department's security would plummet and costs would rise sharply. http://zdnet.com.com/2100-1104-963869.html - - - - - - - - Terrorism suspects in bio-database U.S. military catalogs irises, fingerprints, voices, faces the United States is creating digital dossiers of the irises, fingerprints, faces and voices of terrorism suspects seized in Afghanistan and using such material in screening foreigners at U.S. ports of entry. The biometrics data has also been shared with the Federal Bureau of Investigation and military researchers say there are plans to extend the collection process to Iraq in the event of a U.S. invasion. http://www.msnbc.com/news/828230.asp - - - - - - - - DOD budget to see steady rise As the Defense Department fights the war on terrorism and its focus on homeland security evolves, its reliance on information technology will grow and so will the overall DOD budget, according to the Government Electronics and Information Technology Association. GEIA forecasts that the DOD budget will grow steadily at more than 1 percent per year for the next decade. http://www.fcw.com/fcw/articles/2002/1028/web-geia-10-30-02.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.