Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security In The News - February 12, 2004
- From: Howell, Paul
- Date: Thu Feb 12 19:03:21 2004
-----Original Message-----
From: dailyreport@ists.dartmouth.edu
To: subscriber (2554)
Sent: 2/12/2004 4:49 PM
Subject: Security In The News - February 12, 2004
Security In The News
LAST UPDATED: 2/12/04
This report is also available on the Internet at
http://news.ists.dartmouth.edu/todaysnews.html
<http://news.ists.dartmouth.edu/todaysnews.html> ,
Homeland Security & Infrastructure Protection
Software Bug Contributed to Blackout
Security Focus, 2/11/04 <http://www.securityfocus.com/news/8016>
Cybercrime-Hacking
DDoS attacks go through the roof
The Register, 2/12/04
<http://www.theregister.co.uk/content/55/35531.html>
Politics-Legislation
Government rethinks ID database plans
vnunet.com, 2/12/04 <http://www.vnunet.com/News/1152725>
Foes Assault Passenger Screening
Wired News, 2/12/04
<http://www.wired.com/news/privacy/0,1848,62259,00.html?tw=wn_tophead_3>
Also - Federal Computer Week, 2/12/04
<http://www.fcw.com/fcw/articles/2004/0209/web-cappsII-02-12-04.asp>
FCC: 'Pure' VoIP not a phone service
ZDNet, 2/12/04 <http://zdnet.com.com/2100-1104_2-5158105.html>
Malware
Adware ploy dupes IMers with bin Laden 'news'
news.com.com, 2/11/04
<http://news.com.com/2100-7349-5157632.html?tag=nefd_hed>
Nachi.B virus sweeps up after MyDoom
PC Pro, 2/12/04 <http://www.pcpro.co.uk/news/news_story.php?id=53533>
Also - vnunet.com, 2/12/04 <http://www.vnunet.com/News/1152735>
Firms put the SWAT team on viruses
The Globe and Mail, 2/12/04
<http://www.globetechnology.com/servlet/story/RTGAM.20040212.wkapi0212/B
NStory/Technology>
Technology
DOD is building foundation for network-centricity
Government Computer News, 2/12/04
<http://www.gcn.com/vol1_no1/daily-updates/24932-1.html>
Vulnerabilities & Exploits
Sophos anti-virus protection bypassed
Techworld, 2/12/04
<http://www.techworld.com/news/index.cfm?fuseaction=displaynews&newsid=1
023>
Best Practices & Risk Management
Overseas Outsourcing Leads To Identity Theft Risks
Security Pipeline, 2/11/04
<http://www.securitypipeline.com/17603278jsessionid=V5PBJSINYEXTAQSNDBCS
KHY>
Civil & Consumer Issues
Net libel open to higher damages
The Globe and Mail, 2/11/04
<http://www.globetechnology.com/servlet/story/RTGAM.20040211.gtrinternet
libel10/BNStory/Technology>
Homeland Security & Infrastructure Protection
Title: internal13174Software Bug Contributed to Blackout
Source: Security Focus
Date Written: February 11, 2004
Date Collected: February 12, 2004
A code audit has uncovered a software flaw in General Electric Energy's
XA/21 energy management system which may have contributed to the August
14, 2003, blackout in the northeastern United States and Canada,
affecting 50 million people. The flaw caused the failure of the alarm
system at FirstEnergy's Akron, Ohio control center, failing to alert
technicians of mounting problems with electric transmission. The backup
system failed under the wait of unprocessed events from the main system.
Further, since technicians were unaware of the alarm failure, they did
not realize their information was outdated. Many speculated that the
blackout may have been caused, or at least contributed to, by the
Blaster worm, which was hitting computers the same day. The task force
investigating the blackout discounts that theory, citing instead a
combination of factors, including FirstEnergy's failure to trim trees
near high-voltage power line.
http://www.securityfocus.com/news/8016
<http://www.securityfocus.com/news/8016>
Cybercrime-Hacking
Title: internal13168DDoS attacks go through the roof
Source: The Register
Date Written: February 12, 2004
Date Collected: February 12, 2004
According to Paul Lawrence, a general manager for security firm Top
Layer, too many companies are not protecting themselves against
cyberattackers until after they've been victimized, straining the
resources of security companies. As more online gambling sites are
targeted by organized crime for extortion, Top Layer is being called in
to protect systems with its Attack Mitigator intrusion prevention
system. Denial of service attacks usually start with a SYN flood, but if
the target does not give in to the extortion, quickly escalate into UDP
(user datagram protocol) floods, NB-Gets, ICMP (Internet control message
protocol) ping floods, and UDP fragment attacks. Most companies have
antivirus and firewall protection, which Mr. Lawrence says is not
comprehensive enough to protect against traffic floods. Currently, most
attacks target online gambling sites, which have lots of competition to
pick up any lost customers, but may soon move to insurance firms,
payment companies, and Internet service providers.
http://www.theregister.co.uk/content/55/35531.html
<http://www.theregister.co.uk/content/55/35531.html>
Politics-Legislation
Title: internal13171Government rethinks ID database plans
Source: vnunet.com
Date Written: February 12, 2004
Date Collected: February 12, 2004
The United Kingdom government has scrapped plans to use passport and
driver's license databases to build a national identity card system,
possibly increasing the cost of the plan. The Information Commission
warned the government that the two databases may not be accurate enough
for data protection requirements. The UK Home Office is now looking into
building a new database specifically for the national identity card.
Martyn Thomas, spokesman for the Institute of Electrical Engineers, is
concerned that the cost of building such a database, estimated to be as
high as £3.2 billion, along with the cost of including biometric data in
the cards, could be a waste of tax-payer money. The Passport Agency is
negotiating with credit companies to improve the accuracy of its data,
but the Information Commissioner warns that such measures may not be
sufficient.
http://www.vnunet.com/News/1152725 <http://www.vnunet.com/News/1152725>
Title: internal13172Foes Assault Passenger Screening
Source: Wired News
Date Written: February 12, 2004
Date Collected: February 12, 2004
Privacy groups, business travelers, and members of Congress have asked
the Bush administration to reconsider its Computer-Assisted Passenger
Pre-Screening Program (CAPPS II) airline passenger profiling system,
citing privacy concerns and questioning its effectiveness in catching
terrorists. The legislators, in a letter to President George W. Bush,
urge the adoption of a policy clarifying the role of airlines in sharing
passenger data, noting that the public have no assurances that medical,
religious, political, or racial data will be used. Another letter asked
the House Committee on Transportation and Infrastructure to look into
the transfer of passenger data from JetBlue and Northwest airlines to
federal agencies. Public interest groups Common Cause, the Electronic
Frontier Foundation, and the Free Congress Foundation have joined in the
letter writing campaign. A General Accounting Office report on CAPPS II
gives the system a failing grade on seven out of eight criteria,
including database accuracy, search tool accuracy, a security plan to
guard against abuse and unauthorized access, oversight, privacy
policies, and an appeals process for those impacted by the system.
http://www.wired.com/news/privacy/0,1848,62259,00.html?tw=wn_tophead_3
<http://www.wired.com/news/privacy/0,1848,62259,00.html?tw=wn_tophead_3>
Also -
http://www.fcw.com/fcw/articles/2004/0209/web-cappsII-02-12-04.asp
<http://www.fcw.com/fcw/articles/2004/0209/web-cappsII-02-12-04.asp>
Title: internal13176FCC: 'Pure' VoIP not a phone service
Source: ZDNet
Date Written: February 12, 2004
Date Collected: February 12, 2004
The Federal Communications Commission (FCC) has made a partial ruling on
the status of VoIP (Voice over Internet Protocol) services, declaring
that such services running entirely over the Internet are not
telecommunications services, and thus not subject to pertinent
government regulations. However, the decision does not rule on VoIP
services which also connect with analog telephone lines; the FCC will
begin a public comment period on such services. Officials in the VoIP
industry are hailing the ambiguous decision, saying it makes it clear
that states cannot create a patchwork of differing rules for IP
services. States are concerned the migration to IP could lead to a
decline in revenue from traditional phone taxes. The ruling does not
address Justice Department requests that VoIP be accessible to
wiretapping by law enforcement.
http://zdnet.com.com/2100-1104_2-5158105.html
<http://zdnet.com.com/2100-1104_2-5158105.html>
Malware
Title: internal13165Adware ploy dupes IMers with bin Laden 'news'
Source: news.com.com
Date Written: February 11, 2004
Date Collected: February 12, 2004
Users of America Online's instant message service are being hit by an
adware Trojan called BuddyLinks through a social engineering attack.
Users receive an instant message claiming to provide a link to a news
story about the capture of al Qaeda head Osama bin Laden. When users
follow the link, a dialog box appears saying the user must install a
"news player" program. Once users install the program, they discover it
is really an animated game. The game also sends the fake news link to
users on the victim's buddy list, repeating the process. Once on a
machine, it delivers advertisements to users. America Online officials
strongly oppose the adware tactic, and say they may sue the adware's
maker. The adware makers attempt to protect themselves legally by having
a terms of service agreement implicit in the download of the program,
worrying some legal experts that future viruses may come with click-wrap
licenses. This particular adware can be uninstalled through the Windows
"Add/Remove Hardware" feature.
http://news.com.com/2100-7349-5157632.html?tag=nefd_hed
<http://news.com.com/2100-7349-5157632.html?tag=nefd_hed>
Title: internal13169Nachi.B virus sweeps up after MyDoom
Source: PC Pro
Date Written: February 12, 2004
Date Collected: February 12, 2004
A new variant of the Nachi worm, Nachi.B, has followed in the wake of
the MyDoom worms attempting to clean up after it. Nachi.B removes
variants A and B of MyDoom from infected machines, and closes the
backdoor opened by those viruses, currently being exploited by the
Doomjuice virus. Graham Cluley, of antivirus firm Sophos, warns that no
virus should be considered "saintly"; the original Nachi worm attempted
to clean up after the Blaster worm, but flooded networks with spurious
traffic, crashing ATMs (automatic teller machines) and preventing one
Canadian airline from booking passengers. Nachi.B drops a file onto
computers with the headline "LET HISTORY TELL FUTURE!" listing several
dates between 1931 and 1945, including the dates of the two nuclear
attacks against Japan during World War II.
http://www.pcpro.co.uk/news/news_story.php?id=53533
<http://www.pcpro.co.uk/news/news_story.php?id=53533>
Also - http://www.vnunet.com/News/1152735
<http://www.vnunet.com/News/1152735>
Title: internal13170Firms put the SWAT team on viruses
Source: The Globe and Mail
Date Written: February 12, 2004
Date Collected: February 12, 2004
The article describes the procedures two antivirus companies use in
their day-to-day operations, and in the face of the MyDoom worm. McAfee,
a division of Network Associates, maintains an antivirus emergency
response team (AVERT) of 120 experts worldwide. AVERT receives virus
notifications from McAfee VirusScan users, which are then analyzed to
determine whether they are documented or newly discovered malwares.
Symantec also keeps a network of virus experts, but collects data from a
network of 200 honeypots, computers designed to collect viruses, but
keep them from spreading. Symantec discovers fifteen new viruses a day,
up from ten new viruses a day in 1999. At the beginning of the MyDoom
attack, Symantec received 150 reports of the virus an hour, then the
rate climbed to around 6,000 over a 24 hour period. Antivirus companies
can release a definition for a new virus in about two hours, but they
say it is getting harder to keep up as attacks become more
sophisticated.
http://www.globetechnology.com/servlet/story/RTGAM.20040212.wkapi0212/BN
Story/Technology
<http://www.globetechnology.com/servlet/story/RTGAM.20040212.wkapi0212/B
NStory/Technology>
Technology
Title: internal13175DOD is building foundation for network-centricity
Source: Government Computer News
Date Written: February 12, 2004
Date Collected: February 12, 2004
Officials from the Defense Department testified before the House Armed
Services Subcommittee on Terrorism, Unconventional Threats, and
Capabilities about the information technology architecture being
developed for the Global Information Grid (GIG). The GIG is designed to
provide warfighters with a common, network-centric access to
interoperable systems. Representative Jim Saxton (R-New Jersey) praised
the GIG effort, but noted that Defense must also change people,
processes, and services to achieve net-centricity, and avoid redundant
and stovepiped systems. The GIG integrates such legacy systems as the
Army's Future Combat Systems, the Air Force's Command and Control
Constellation, the Navy's ForceNet initiative, and the Defense
Information Systems Agency's Net-Centric Enterprise Services, prompting
Defense officials to describe it as a "private World Wide Web" for the
military.
http://www.gcn.com/vol1_no1/daily-updates/24932-1.html
<http://www.gcn.com/vol1_no1/daily-updates/24932-1.html>
Vulnerabilities & Exploits
Title: internal13167Sophos anti-virus protection bypassed
Source: Techworld
Date Written: February 12, 2004
Date Collected: February 12, 2004
Antivirus company Sophos has disclosed that virus e-mails without MIME
(Multipurpose Internet Mail Extensions) boundary definitions can slip
past their antivirus filters. Such e-mails must come from infected qmail
servers (the second most popular mail server) set up to generate
Delivery Status Notifications that include the content of original
e-mails. Another flaw can be exploited through certain MIME headers to
crash a computer scanning for viruses. Both flaws are found in version
3.78; the updated 3.78d is now available to patch affected machines.
http://www.techworld.com/news/index.cfm?fuseaction=displaynews
<http://www.techworld.com/news/index.cfm?fuseaction=displaynews&newsid=1
023> &newsid=1023
Best Practices & Risk Management
Title: internal13166Overseas Outsourcing Leads To Identity Theft Risks
Source: Security Pipeline
Date Written: February 11, 2004
Date Collected: February 12, 2004
As many companies outsource information processing overseas, they must
protect their data against identity theft. Many hospitals, accounting
firms, and insurance companies are sending sensitive customer data
overseas, increasing the possibilities for identity theft. Some
companies, such as tax preparer SurePrep, say their overseas contractors
are as secure as their American offices. "If the processes and systems
are identical, then the security should be identical," according to
SurePrep chief executive David Wyle. Mark Albrecht, chief executive of
Xpitax, describes the overseas offices as paperless, and says that
computers have no hard, floppy, or CD drives; the office has no
printers. Despite such precautions, some problems do occur. For example,
a Pakistani medical transcriber threatened to post patients' medical
records online over a monetary dispute with the University of California
- San Francisco Medical Center's subcontractor's subcontractor. Benjamin
Jun, vice president of Cryptography Research, argues that the best
defense against identity theft is a clear definition of who in the
business process is liable for fraud.
http://www.securitypipeline.com/17603278jsessionid=V5PBJSINYEXTAQSNDBCSK
HY
<http://www.securitypipeline.com/17603278jsessionid=V5PBJSINYEXTAQSNDBCS
KHY>
Civil & Consumer Issues
Title: internal13173Net libel open to higher damages
Source: The Globe and Mail
Date Written: February 11, 2004
Date Collected: February 12, 2004
Madame Justice Adéle Kent of the Canadian Court of Queen's Bench in
Alberta has ruled that anonymous e-mails have the power to multiply the
impact of defamatory remarks, and should lead to higher damages in libel
suits. According to Judge Kent, a reader is more likely to believe
defamatory remarks in an anonymous e-mail, while they can filter out
political biases in e-mails whose authors have identified themselves.
University of Ottawa law professor Michael Geist says such a ruling
could prevent people from posting anonymous messages for legitimate
purposes, such as blowing the whistle on corporate misdeeds. The case in
question involved several postings to the Stockhouse.ca website
criticizing Vaquero Energy Ltd. and comparing its chief executive to
Adolf Hitler, Saddam Hussein, and Osama bin Laden. Mr. Geist questions
Judge Kent's assertion that people are more likely to believe anonymous
statements; most people lend little credence to such posts, since they
cannot judge the credibility of its author.
http://www.globetechnology.com/servlet/story/RTGAM.20040211.gtrinternetl
ibel10/BNStory/Technology
<http://www.globetechnology.com/servlet/story/RTGAM.20040211.gtrinternet
libel10/BNStory/Technology>
To change your delivery preferences please go to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
If you wish to stop receiving the 'Security in the News' service please
go to:
http://news.ists.dartmouth.edu/substop.html
The Institute for Security Technology Studies (ISTS) accepts no
responsibility for any error or omissions in this e-mail. The
information presented is a compilation of material from various sources
and has not been verified by staff of the ISTS. Therefore, the ISTS
cannot be made responsible for the factual accuracy of the material
presented. The ISTS is not liable for any loss or damage arising from or
in connection with the information contained in this report. It is the
responsibility of the user to evaluate the content and usefulness of
this information. References in this e-mail to any specific commercial
products, processes, or services by trade name, trademark, manufacturer,
or otherwise, does not constitute or imply endorsement, recommendation,
or favoring by the ISTS. ISTS is a research, not operational,
organization, and makes its Security in the News e-mail available as a
public service on a best-effort basis. Security in the News will be sent
out on most business days, but not all.
Institute for Security Technology Studies
Dartmouth College
45 Lyme Road, Suite 200
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: dailyreport@ists.dartmouth.edu
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
