|
Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security In The News - February 6, 2004
- From: Howell, Paul
- Date: Fri Feb 06 16:06:12 2004
Title: Message
Security In The News
LAST UPDATED: 2/6/04
This report is
also available on the Internet at http://news.ists.dartmouth.edu/todaysnews.html
,
Homeland Security & Infrastructure Protection
OMB: Focus on cybersecurity before new
projects
- Government
Computer News, 2/5/04
- Also - Federal
Computer Week, 2/5/04
Official urges strengthening of
anti-terrorism strategies
- Government
Executive, 2/3/04
The Next Big Network-Security Fiasco
- NewsFactor,
2/5/04
- Also - E-Commerce Times,
2/6/04
'We're Making Rapid Progress'
- Washington
Post, 2/4/04
- Also - Government Computer
News, 2/6/04
Cybercrime-Hacking
Phishers improve bait as they target
ISPs
- ZDNet
News, 2/5/04
PayPal virus writing scammer scumbag
pleads guilty
- The Register,
2/5/04
Two charged for Postal Bank hacking
theft
- Haaretz,
2/6/04
Cable modem hackers conquer the co-ax
- Security Focus,
2/5/04
FBI asks computer shops to help fight
cybercrime
- The
Honolulu Advertiser, 2/5/04
Record labels in 'piracy' raids
- BBC,
2/6/04
- Also - C-Net News,
2/6/04
Nature of the internet makes
cybercriminals hard to catch
- The
Age, 2/5/04
Politics-Legislation
Pentagon cancels e-voting experiment
- MSNBC (AP), 2/5/04
- Also - Reuters,
2/5/04
- Also - C-Net News,
2/5/04
- Also - Government Executive,
2/5/04
- Also - CNN,
2/5/04
Justice Department asks FCC to address
VoIP wiretapping
- Siliconvalley
(AP), 2/5/04
Senate passes DHS tech bill
- Federal
Computer Week, 2/5/04
Army backs down on classified data
threat
- ZDNet News,
2/5/04
Malware
Mydoom virus starts to fizzle out
- BBC,
2/4/04
- Also - BBC,
2/3/04
- Also - CNN,
2/4/04
- Also - vnunet.com, 2/5/04
Computer Virus Attacks eBay Customers
- WBAL 11
News, 2/4/04
Dual Curses: Viruses and Spam
- Computerworld,
2/2/04
Vulnerabilities & Exploits
Security Firm Warns Of Holes In Bluetooth
Mobiles
- Techweb,
2/4/04
NYU not alone in its SSN woes
- NYU News,
2/4/04
IPv6 vulnerable to remote
denial-of-service attacks
- SearchSecurity,
2/6/04
Best Practices & Risk Management
Geeks Put the Unsavvy on Alert: Learn or
Log Off
- NY
Times, 2/5/04
Clueless office workers help spread
computer viruses
- The Register,
2/6/04
Civil & Consumer Issues
Linux security site abandoned
- Techworld,
2/3/04
- Also - Security Focus,
1/30/04
- Also - Security
Focus, 2/4/04
Stop the Cash Flow, Kill the Spam
- Wired
News, 2/6/04
- Also - Computerworld
(Reuters), 2/5/04
Homeland Security & Infrastructure Protection
- Title: OMB: Focus on cybersecurity before new
projects
- Source: Government Computer News
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- Speaking at a press briefing on the IT budget in Washington on February 5,
2004, Karen Evans, Administrator for E-Government and IT at the Office of
Management and Budget (OMB), said that 18 government agencies should fix
existing cybersecurity problems before further developing, modernizing or
enhancing their IT systems. Ms. Evans warned that the 18 agencies should not
continue to layer new projects on top of vulnerable IT infrastructures because
this would make securing systems even harder. "The priority of this
administration is cybersecurity," she added. Eight agencies - the Commerce,
Defense and Energy departments and the Environmental Protection Agency (EPA),
NASA, the National Science Foundation (NSF), the Nuclear Regulatory Commission
(NRC) and the Office of Personnel Management (OPM) - are exempt from this
requirement because they have adequate security programs, according to the
OMB. Overall, the 18 agencies requested $8.1 billion for IT development and
modernization and $1.5 billion for IT security in fiscal 2005.
- http://www.gcn.com/vol1_no1/daily-updates/24856-1.html
- Also - http://www.fcw.com/fcw/articles/2004/0202/web-ombsecurity-02-05-04.asp
- Title: Official urges strengthening of
anti-terrorism strategies
- Source: Government Executive
- Date Written: February 3, 2004
- Date Collected: February 6, 2004
- In testimony before the House Government Reform National Security
subcommittee on February 3, 2004, Randall Yim, managing director of homeland
security and justice issues for the General Accounting Office (GAO), said
that, while the Bush administration and Congress had put strategies in place
to fight terrorism, these needed to be strengthened and made more detailed to
have the desired impact and success. Mr. Yim's comments were based on a recent
GAO review of seven national anti-terrorism strategies, which found that for
implementation the strategies must be more clearly articulated, including
"defining purpose, scope and methodology; assessing risks and threats;
defining goals, priorities, objectives and performance measures; integrating
and implementing initiatives with other agencies; and tying a strategy to
resources, investments and risk management." Strategies on cybersecurity and
critical infrastructure protection were among those examined by the GAO.
- http://www.govexec.com/dailyfed/0204/020304tdpm1.htm
- Title: The Next Big Network-Security
Fiasco
- Source: NewsFactor
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- As vulnerabilities and security flaws remain a fact of life in IT,
industry and government officials are assessing possible worst-case scenarios,
such as new superworms that cripple communications or cyber attacks targeted
at the US's critical infrastructures. In most cases, it is impossible to plug
all security holes or defend against all known threats. However, a risk
management approach may help improve an organization's security posture; an
organization can develop defenses based on a good understanding of what its
critical assets are, what vulnerabilities it has and what threats it faces.
Nonetheless, fighting off the next superworm could be problematic unless known
security vulnerabilities are patched more quickly and new security tools and
methods are developed.
- http://www.newsfactor.com/story.xhtml?story_title=The_Next_Big_Network_Security_Fiasco&story_id=23130&category=netsecurity
- Also - http://www.ecommercetimes.com/perl/story/32786.html
- Title: 'We're Making Rapid Progress'
- Source: Washington Post
- Date Written: February 4, 2004
- Date Collected: February 6, 2004
- In this interview, Amit Yoran, head of the National Cyber Security
Division (NCSD) at the Department of Homeland Security (DHS), acknowledged
that cyber attacks such as the recent MyDoom virus continue to pose a threat
to the online community, but added that the government, in partnership with
the private sector, is making progress in protecting the Internet and the US's
information infrastructure. The NCSD has recently launched its National Cyber
Alert System to push out information about security issues, and other efforts
are ongoing to share information and gain a better understanding of
vulnerabilities and threats. According to Mr. Yoran, DHS is considering
abandoning its Patch Authentication and Dissemination Capability (PADC) system
and replacing it with a more effective configuration and patch management
tool. PADC, which is run by DHS' Federal Computer Incident Response Center
(FedCIRC), tests security patches and provides access to them for government
agencies. However, the system is duplicative of private sector efforts.
- http://www.washingtonpost.com/wp-dyn/articles/A12893-2004Feb4.html
- Also - http://www.gcn.com/vol1_no1/security/24857-1.html
Cybercrime-Hacking
- Title: Phishers improve bait as they target
ISPs
- Source: ZDNet News
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- On February 4, 2004, the Anti-Phishing Working Group (APWG) - an entity
created in November 2003 by financial institutions and other businesses to
fight phishing scams - warned that the new generation of online phishing scams
has become so sophisticated and diverse that even technologically savvy users
could fall victim to them. Early versions of the scams, which aim to harvest a
user's credit card and other personal information, were riddled with poor
spelling and grammar and were not convincing. New variants of the scam use
well-designed spoofed websites that look like the real sites of well-respected
enterprises; they also make use of browser flaws that help fool unsuspecting
users. Customers of US Internet service providers (ISPs) have recently been
targeted by phishing scams.
- http://news.zdnet.co.uk/internet/security/0,39020375,39145515,00.htm
- Title: PayPal virus writing scammer scumbag
pleads guilty
- Source: The Register
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- Alec Scott Papierniak, 20, of Mankato in Minnesota pleaded guilty to wire
fraud and using viral code for fraudulent purposes in a federal court in San
Jose on February 3, 2004. For two years, Mr. Papierniak defrauded customers of
online payment service PayPal using a phishing scam that is thought to have
cost victims over $30,000. Using fake PayPal security alerts, he managed to
trick victims into providing him with their usernames and passwords; he also
collected information from users with the help of a keystroke logger that he
had e-mailed to the victims. Mr. Papierniak has agreed to pay restitution and
will also face a prison term when he is sentenced by US District Judge James
Ware on May 10, 2004. Mr. Papierniak was arrested in September 2003 following
an FBI investigation.
- http://www.theregister.co.uk/content/55/35365.html
- Title: Two charged for Postal Bank hacking
theft
- Source: Haaretz
- Date Written: February 6, 2004
- Date Collected: February 6, 2004
- David Sternberg, 26, and 54-year old Adi Aloni were charged at the Haifa
Magistrate's Court in Israel, on February 6, 2004, for hacking into the
computer system of a branch of the country's Postal Bank in Haifa and stealing
hundreds of thousands of dollars. The scheme was uncovered after an
investigation by the Northern District's Fraud Unit, and four people were
arrested in January 2004. It appears that a program was installed on the
system that allowed the attackers to transfer money to their accounts. The
arrests were made when the suspects attempted to withdraw the money.
Authorities believe that the mastermind of the hack remains at large.
- http://www.haaretzdaily.com/hasen/spages/391590.html
- Title: Cable modem hackers conquer the
co-ax
- Source: Security Focus
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- In January 2004, a group of underground coders called TCNiSO released
Sigma, a program that is able to manipulate certain models of Motorola's
Surfboard line cable modems, allowing users to increase bandwidth on the
device or obtain free Internet access through 'unregistered' modems. By
allowing changes to the modem's configuration files, what is called
'uncapping' in the hacking community, Sigma lets users violate their service
agreements and, in some cases, the law. The program also brings with it some
security risks; it could allow a hacker to add code that could let him
eavesdrop on local Internet traffic traveling on the same co-ax cable. This is
only possible when version 1.0 of the DOCSIS standard is used with encryption
turned off.
- http://www.securityfocus.com/news/7977
- Title: FBI asks computer shops to help fight
cybercrime
- Source: The Honolulu Advertiser
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- The Federal Bureau of Investigation's (FBI) Cyber Crime Squad in Hawaii is
taking a proactive approach to cybercrime by seeking the cooperation of local
computer repair specialists, network consultants and software developers.
Cybercrime is now one of the FBI's main areas of focus and many traditional
crimes nowadays have a cyber component. To apprehend cybercriminals, such as
child pornographers, music pirates or even terrorists, the FBI is seeking the
assistance of the local IT community. While most people agree that the
discovery of information relating to child pornography or terrorism clearly
warrants a call to the authorities, privacy advocates fear that a too
intrusive approach to cybercrime could turn into a "fishing expedition" that
"needlessly violates the privacy rights of honest consumers to find the guilty
few."
- http://the.honoluluadvertiser.com/article/2004/Feb/05/ln/ln01a.html
- Title: Record labels in 'piracy' raids
- Source: BBC
- Date Written: February 6, 2004
- Date Collected: February 6, 2004
- The Music Industry Piracy Investigations group, which is owned by major
record companies, has carried out a dozen raids in Australia against Sharman
Networks - the owner of the Kazaa file-sharing system - as well as Internet
service providers (ISPs) and universities. The raids, which were authorized by
Australia's Federal Court, were part of a campaign by the music industry
against Kazaa. The music industry plans to launch legal action against Kazaa
in the Federal Court on February 10, 2004, accusing the service of
facilitating online piracy. Representatives of Sharman Networks called the
raids a "knee-jerk reaction" and the planned legal action "an extraordinary
waste of time."
- http://news.bbc.co.uk/2/hi/entertainment/3465251.stm
- Also - http://news.com.com/2100-1027_3-5154506.html
- Title: Nature of the internet makes
cybercriminals hard to catch
- Source: The Age
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- Security experts like Matthew Yarbrough, a lawyer who heads the Cyber Law
Group in the Dallas office of Fish & Richardson, worry that finding virus
writers and other cybercriminals is extremely difficult because of the
connectivity and anonymity of the Internet. In most cases, it is impossible to
trace a cyber attacker unless he brags about his exploits to friends or in
online chat rooms. Another problem is that most convictions against hackers
and virus writers have been relatively lenient, thereby not providing a
deterrent against future attacks.
- http://www.theage.com.au/articles/2004/02/05/1075853987198.html
Politics-Legislation
- Title: Pentagon cancels e-voting
experiment
- Source: MSNBC (AP)
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- On February 5, 2004, an official from the US Department of Defense,
requesting anonymity, said that the Pentagon won't use the Secure Electronic
Registration and Voting Experiment (SERVE) online voting system for overseas
US citizens in this Fall's presidential elections due to security concerns. A
recent review of SERVE by a panel of security experts had raised concerns that
security flaws could allow "hackers or even terrorists to interfere with fair
and accurate voting." The decision not to use the system was apparently made
by Deputy Defense Secretary Paul Wolfowitz.
- http://msnbc.msn.com/id/4184803
- Also - http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4296284
- Also - http://news.com.com/2100-1029_3-5154321.html
- Also - http://www.govexec.com/dailyfed/0204/020504d2.htm
- Also - http://www.cnn.com/2004/ALLPOLITICS/02/05/elec04.prez.internet.voting/index.html
- Title: Justice Department asks FCC to address
VoIP wiretapping
- Source: Siliconvalley (AP)
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- In a letter to the Federal Communications Commission (FCC), written on
behalf of the FBI, the Drug Enforcement Administration and the US Justice
Department, FBI Deputy General Counsel Patrick W. Kelley urges federal
communications regulators to delay setting rules for Voice-over-Internet
Protocol (VoIP) systems until law enforcement and national security concerns
can be addressed. Law enforcement agencies worry that it may be difficult to
place wiretaps on VoIP systems in the same way as surveillance is possible for
'regular' telephones. VoIP allows voice calls to be placed digitally over
broadband Internet connections. Communications companies would like the FCC to
clarify VoIP rules. Opponents of regulation fear that measures to allow
monitoring of conversations would be costly, could stifle innovation and
jeopardize privacy.
- http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7884914.htm
- Title: Senate passes DHS tech bill
- Source: Federal Computer Week
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- On February 4, 2004, the US Senate unanimously passed the Homeland
Security Technology Improvement Act that would "allow for DHS [Department of
Homeland Security] to provide equipment and technologies to state and local
levels for the improvement of investigations and the prevention of future
terrorist attacks." The Act, sponsored by Senate Governmental Affairs
Committee Chairman Susan Collins (R-Maine) and Ranking Member Joe Lieberman
(D-Conn.), would provide the DHS Office of Domestic Preparedness (ODP) $50
million annually to set up and run the program. The bill now moves to the
House of Representatives for review in committee.
- http://www.fcw.com/fcw/articles/2004/0202/web-counter-02-05-04.asp
- Title: Army backs down on classified data
threat
- Source: ZDNet News
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- The US Army has backtracked and apologized for threatening to prosecute
the Federation of American Scientists (FAS), a group dedicated to open and
accountable government, for putting a document copied from a military website
online. On February 4, 2004, Thomas Harman of the US Army Services and
Operations Agency warned the FAS that publishing the document on acquiring
foreign military hardware was "a serious issue with federal criminal
implications." It appears that, at the time, he had thought that the document
was classified, which turned out to be incorrect. Mr. Harman admitted the
error and apologized as soon as the matter had been cleared up. According to
Steven Aftergood, head of the FAS Project on Government Secrecy, the incident
was symptomatic for "the Pentagon's growing efforts to delete unclassified
documents from the Web."
- http://zdnet.com.com/2100-1105_2-5154210.html
Malware
- Title: Mydoom virus starts to fizzle out
- Source: BBC
- Date Written: February 4, 2004
- Date Collected: February 6, 2004
- The spread of the MyDoom virus is gradually slowing this week as users
secure their systems. MyDoom was first discovered on January 26, 2004, peaked
on January 28 and started slowing down markedly by January 31. Overall,
Internet monitoring firm MessageLabs stopped 21 million copies of the virus,
which infected systems in over 200 countries. MyDoom is the fastest spreading
virus in history and estimates of its cost to businesses range up to $38
billion, although this figure is probably exaggerated. It appears that a
distributed denial of service (DDoS) attack scheduled to be launched by
computers infected with a variant of MyDoom (MyDoom.B) on February 3, 2004
against Microsoft's website failed to have a significant impact.
- http://news.bbc.co.uk/2/hi/technology/3459363.stm
- Also - http://news.bbc.co.uk/2/hi/technology/3454127.stm
- Also - http://www.cnn.com/2004/TECH/internet/02/03/tech.microsoft.reut/index.html
- Also - http://www.vnunet.com/News/1152514
- Title: Computer Virus Attacks eBay
Customers
- Source: WBAL 11 News
- Date Written: February 4, 2004
- Date Collected: February 6, 2004
- WBAL 11 News, an NBC affiliate, reports that a new virus has been
discovered that targets customers of online auction site eBay. The virus
arrives in an e-mail, telling users that they need to add shipping charges to
an item purchased from eBay; as soon as the user clicks on the link provided
in the e-mail, the virus is downloaded. No information is provided about the
name of the virus, the threat it poses, or how widely it has spread.
- http://www.thewbalchannel.com/technology/2818311/detail.html
- Title: Dual Curses: Viruses and Spam
- Source: Computerworld
- Date Written: February 2, 2004
- Date Collected: February 6, 2004
- A survey of chief information officers (CIOs) and IT managers, conducted
by Ferris Research Inc. and Computerworld, found that viruses and spam are the
two biggest managerial concerns regarding e-mail. Statistics show that 2003
was the worst year in history for viruses and spam. The next greatest concerns
identified by the survey were regulatory compliance and coping with denial of
service (DoS) attacks.
- http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801,89637,00.html
Vulnerabilities & Exploits
- Title: Security Firm Warns Of Holes In Bluetooth
Mobiles
- Source: Techweb
- Date Written: February 4, 2004
- Date Collected: February 6, 2004
- Security firm AL Digital has discovered several vulnerabilities in the
"authentication and data-transfer mechanisms" on some Bluetooth-enabled mobile
phones, including phones sold by Nokia and Sony-Ericsson. One flaw, which
makes a phone vulnerable to a 'SNARF attack', allows an attacker to access
data stored on the phone even when it is not in 'visible' mode. A second
vulnerability, a back-door attack, opens up a phone's complete memory contents
to a formerly trusted device. AL Digital says that it has developed several
proof-of-concept tools to validate its findings. Nonetheless, phone vendors
that were notified of the flaws were not responsive and didn't take the matter
seriously, according to AL Digital's director and chief security officer Adam
Laurie.
- http://www.techweb.com/wire/story/TWB20040204S0011
- Title: NYU not alone in its SSN woes
- Source: NYU News
- Date Written: February 4, 2004
- Date Collected: February 6, 2004
- A series of cyber attacks and privacy breaches at universities and
colleges around the US has led to increased emphasis being placed on security
and protection against identity theft. In January 2004, hackers broke into the
University of Georgia's website and stole private information, including
Social Security numbers (SSNs) and credit card details, of 31,000 students and
applicants. Similar incidents have been common in recent months at other
schools. In response, some universities are introducing systems whereby
students are no longer identified by their SSNs, and other security
protections are being introduced to curb the possibility of identity theft.
- http://www.nyunews.com/news/campus/6640.html
- Title: IPv6 vulnerable to remote
denial-of-service attacks
- Source: SearchSecurity
- Date Written: February 6, 2004
- Date Collected: February 6, 2004
- Independent security researcher Georgi Guninski has discovered a security
vulnerability in the OpenBSD implementation (OpenBSD 3.4) of Internet Protocol
version 6 (IPv6) that could allow an attacker to cause a denial of service.
Machines are vulnerable when they are configured to receive ICMPv6 (Internet
Control Message Protocol) and are listening on a TCP port. "A remote attacker
can take advantage of this by setting a small IPv6 MTU (Maximum Transmission
Unit) and then connecting to an open TCP port." Upgrades are available to
resolve the problem. IPv6, the successor to IPv4, is already being implemented
by some organizations and promises significant security benefits, particularly
in the area of authentication.
- http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci949128,00.html
Best Practices & Risk Management
- Title: Geeks Put the Unsavvy on Alert: Learn or
Log Off
- Source: NY Times
- Date Written: February 5, 2004
- Date Collected: February 6, 2004
- The epidemic spread of the MyDoom virus appears to have created some
friction between technophiles and technophobes. MyDoom arrived as an e-mail
attachment; to spread, it required a user to actively click on the attachment
- a clear no-no for well-informed computer users. Computer experts are
beginning to get frustrated that otherwise-intelligent people are unable to
adhere to even basic security precautions, while wanting to enjoy the many
benefits of a networked world. Some even argue for the introduction of
licenses for Internet users, or suggest penalties for those careless enough to
become victims of a virus. Technophobes respond that computer technology is
too complex to make sense to a layperson and should be simplified for the sake
of security. In addition, they say, cyber attackers are the real bad guys
here.
- http://www.nytimes.com/2004/02/05/technology/05VIRU.html
- Title: Clueless office workers help spread
computer viruses
- Source: The Register
- Date Written: February 6, 2004
- Date Collected: February 6, 2004
- A survey of 1,000 office workers in the UK, conducted by market
researchers TNS on behalf of Novell in January 2004, found that employees are
ignorant of basic cyber security measures and don't see security as their
responsibility. Two-thirds of respondents admitted that they were not familiar
with even basic virus prevention methods, 20% of respondents said they were
too busy to download anti-virus updates, and a "vast majority" were unaware of
phishing scams. Password policies also appear to be inadequate. Even more
worrying, 90% of respondents to the survey believe that IT department,
Microsoft or the government, not them, are responsible for preventing the
spread of viruses.
- http://www.theregister.co.uk/content/55/35393.html
Civil & Consumer Issues
- Title: Linux security site abandoned
- Source: Techworld
- Date Written: February 3, 2004
- Date Collected: February 6, 2004
- The Sardonix project, a project aimed at auditing open source code for
security holes, will soon be abandoned due to lack of participation. The
project, which was initially funded by the Pentagon's Defense Advanced
Research Projects Agency (DARPA) and run by computer scientist Crispin Cowan,
sought to provide open source software users with a resource where code that
had undergone a security review would be made available for download.
Volunteer code auditors were to be ranked according to the volume of code they
examined and the number of security holes they discovered. However, too few
auditors took part to make the project a success. The security community
culture and poor marketing have been made responsible for Sardonix's demise.
"The Bugtraq model is: find a bug, win a prize -- a modest amount of
fame...Our model is: review a whole body of code, eventually finding no bugs,
and receive a deeper level of appreciation from people who use the code...It
seems the Sardonix lesson is people don't want to play this game, they want to
play the Bugtraq game," Mr. Cowan said.
- http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=971
- Also - http://www.securityfocus.com/news/7947
- Also - http://www.securityfocus.com/columnists/218
- Title: Stop the Cash Flow, Kill the Spam
- Source: Wired News
- Date Written: February 6, 2004
- Date Collected: February 6, 2004
- Those battling the deluge of unsolicited commercial e-mail, or spam,
appear to agree on one thing: the most effective solutions will focus on money
- making spammers or advertisers using spam pay. As spam techniques become
ever more sophisticated, using open proxies, open relays or zombies on other
peoples' machines for instance, it is increasingly difficult to trace
spammers. Therefore, one solution could be to put pressure on advertisers to
give up the identity of spammers. Others call for greater involvement and
effort from Internet service providers (ISPs). Microsoft is also getting
involved in the battle against spam. For example, the Penny Black research
project at Microsoft seeks to make computers solve problems before being
allowed to send e-mail messages. This would require massive processing power
to send large quantities of spam. Whichever solution(s) is adopted, the battle
against spam will require a coordinated effort by the government, ISPs and
vendors.
- http://www.wired.com/news/infostructure/0,1377,62177,00.html
- Also - http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801,89900,00.html
To change your delivery preferences please go
to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
If you wish to
stop receiving the 'Security in the News' service please go
to:
http://news.ists.dartmouth.edu/substop.html
The Institute for
Security Technology Studies (ISTS) accepts no responsibility for any error or
omissions in this e-mail. The information presented is a compilation of
material from various sources and has not been verified by staff of the ISTS.
Therefore, the ISTS cannot be made responsible for the factual accuracy of the
material presented. The ISTS is not liable for any loss or damage arising from
or in connection with the information contained in this report. It is the
responsibility of the user to evaluate the content and usefulness of this
information. References in this e-mail to any specific commercial products,
processes, or services by trade name, trademark, manufacturer, or otherwise,
does not constitute or imply endorsement, recommendation, or favoring by the
ISTS. ISTS is a research, not operational, organization, and makes its
Security in the News e-mail available as a public service on a best-effort
basis. Security in the News will be sent out on most business days, but not
all.
Institute for Security Technology Studies
Dartmouth
College
45 Lyme Road, Suite 200
Hanover, NH 03755
Tel: (603) 646
0700
E-mail: dailyreport@ists.dartmouth.edu
|
|
|
