November 20, 2002 EBay: Some accounts compromised has begun sending notices out to some customers, with a warning that their accounts with the online auctioneer have been compromised. The e-mail notices tell recipients to create a new password for the service in one case, a recipient was told to fax a copy of his drivers license to eBay for reinstatement. EBay spokesperson Kevin Pursglove confirmed Tuesday that the online firm began sending such warning notices about three months ago, but wouldnt say how many accounts had been compromised. - - - - - - - - Senate Passes Homeland Security Bill President Bush won congressional approval for his proposal to create a Department of Homeland Security as the Senate last night joined the House in launching the largest government reorganization since the Defense Department was created in 1947. In one of the final acts of the 107th Congress, the Senate voted 90 to 9 to fold 170,000 employees from 22 agencies into a new department charged with the responsibility of shoring up the nation's defenses against terrorism.,1283,56496,00.html Homeland Security Department shapes up Homeland Security employees will retain whistleblower rights - - - - - - - - Internet damage from Sept. 11 attacks minor The Internet performed well under the strain of the Sept. 11 attacks, but more planning is needed to ensure another disaster doesn't cause greater disruption, according to a National Academy of Sciences report released Wednesday. - - - - - - - - Pentagon balks at Big Brother talk The Pentagon, which is obsessed with keeping secrets, is developing new technology which could ultimately open every one of yours. But Wednesday, while saying the new technology being researched by the Pentagon would theoretically make it easier to track down unidentified terrorists before they strike, United States Under Secretary of Defense Pete Aldridge denied claims the project smacks of Big Brother. - - - - - - - - Military pushes for wireless security Military leaders agree that wireless communication is the wave of the future, but they also agree that it needs far greater security features to become deployable and reliable on the battlefield. Air Force Maj. Gen. John Bradley, deputy commander of U.S. Strategic Command's joint task force for computer network operations, said the Defense Department not only needs more secure wireless tools, it also needs them to be smaller with solid encryption and authentication features. - - - - - - - - Left gets nod from right on copyright law U.S. Appeals Court Judge Richard Posner, one of America's most prominent jurists, warned Tuesday of an "enormous expansion" of intellectual-property law, adding a conservative voice to a chorus of criticism that's so far come from the left. During a lecture organized by the American Enterprise Institute and the Brookings Institution., Posner criticized a 1998 law extending the duration of U.S. copyrights. He also attacked the Patent and Trademark Office for granting "very questionable" business method patents. Copyright law gets a second look - - - - - - - - MS bug exposes millions to attack A software bug in a common component of Microsoft Web servers and Internet Explorer could leave millions of servers and home PCs open to attack, security researchers said Wednesday. The vulnerability, found by security company Foundstone and confirmed by Microsoft, could allow an Internet attacker to take over a Web server, spread an e-mail virus or create a fast-spreading network worm. - - - - - - - - Check out new Microsoft security bulletins With more companies using the Internet as a backbone for building a virtual private network, any security holes in the underlying VPN software can be a major threat to vital services and to the network itself. A new Microsoft Security Bulletin, MS02-063, describes and addresses a flaw in PPTP, the most popular VPN protocol used in Windows networks. Another recently patched flaw (MS02-064) allows a Trojan horse attack on Windows 2000-based systems, and a third new security bulletin (MS02-062) addresses a number of problems with Microsofts Internet Information Server (IIS).,1377,56481,00.html - - - - - - - - Caught in a BIND How did one of the Internet's most ubiquitous software packages grow up to be chronically insecure? History offers a lesson. Weinberg's second law, a decades-old programmers' joke, states, "If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization." There may be no better example of that principal in action than the BIND name server software. - - - - - - - - Consultant tightened security two ways after 'Needlepoint' virus attack Heard of the Needlepoint virus? You probably havent, because it isnt the typical virus youre accustomed to hearing about in alerts or on your favorite news portal. Its a term I coined to describe a virus that $3 million of security didnt catch. I was the division director of a $300 million consulting company that had nearly 50 offices throughout the United States. I had total profit and loss responsibility of a locally run office with a $10 million budget and more than 120 consultants. - - - - - - - - Tech Insider: Total information unawareness In the past week, privacy advocates and media commentators have sounded an alarm, saying that the Defense Department is building a new computer system to spy on personal transactions such as credit card purchases and e-mails. Their fears are unfounded and overblown. At issue is a project called the Total Information Awareness (TIA) system, run by the Defense Advanced Research Projects Agency (DARPA), the research and development arm of the Pentagon that takes technologies in their prenatal stage and turns them into prototypes, usually over the course of three to four years per project. - - - - - - - - Is IT overspending on security? Our network and Internet security programs are generally failing. While viruses, worms and hacking attacks continue to evolve, the costs of security failure have about doubled for each of the last five years. It has been standard practice for too long for companies to counter this trend by investing in additional security technology. In the end, however, they still lag the hackers and the malefactors of malicious code. All that's left is a rapidly growing budget with no end in sight to a growing security headache for IT departments. - - - - - - - - Smart-card ticketing goes Underground Smart cards using radio frequency ID chips have begun mass trials on London Underground in preparation for a consumer launch next year. The London Underground has begun rolling out a smart-card ticketing system in what is billed as a major new showcase of contactless smart-card technology in Europe. This month 80,000 of the cards were issued to staff of London Underground and Transport for London under the "Oyster" smart- card programme, a PS1.2bn, 17-year project intended to ultimately replace current ticketing systems. TranSys, a consortium of companies led by Electronic Data Systems (EDS) and Cubic Transportation Systems (CTS), designed the system and has so far outfitted 6,000 buses and 255 Tube stations to use the cards.,,t269-s2126235,00.html *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2002,, Campbell, CA.