|
Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security In The News - February 18, 2004
- From: Howell, Paul
- Date: Thu Feb 19 05:35:03 2004
Title: Message
Security In The News
LAST UPDATED: 2/18/04
This report is
also available on the Internet at http://news.ists.dartmouth.edu/todaysnews.html
,
Homeland Security & Infrastructure Protection
DHS sets tech priorities
- Federal
Computer Week, 2/17/04
- Also - Government Executive,
2/17/04
Cybercrime-Hacking
Individual Arrested for Hacking into
Messenger Conversations
- Chosun
Ilbo, 2/18/04
Politics-Legislation
White House calls for less advanced
research
- Government
Computer News, 2/18/04
Move to Block California E-Vote
- Wired
(AP), 2/17/04
Outcry as Chinese Net dissident
arrested
- The Register,
2/17/04
Senators question TSA role in transfer of
passenger records
- Government
Executive, 2/17/04
Anti-spam laws as useful as chocolate
fireguard, says legal profession
- Silicon.com,
2/18/04
Malware
At the Front in the Virus Wars
- Wired
News, 2/18/04
New variant disables antivirus apps,
steals e-mail addresses
- PC
World, 2/18/04
Vulnerabilities & Exploits
Top Three Security Problems Remain Despite
Increased Spending
- Enterprise
Systems, 2/18/04
Code leak flaw may exist, admits
Microsoft
- vnunet.com, 2/18/04
Best Practices & Risk Management
Microsoft Sending Security Patches on a
CD
- Internet News,
2/18/04
Civil & Consumer Issues
AOL Sues Florida Company Again for E-Mail
'Spam'
- Reuters,
2/18/04
So not intimidated
- LA
Times, 2/15/04
Homeland Security & Infrastructure Protection
- Title: DHS sets tech priorities
- Source: Federal Computer Week
- Date Written: February 17, 2004
- Date Collected: February 18, 2004
- The Department of Homeland Security (DHS) Chief Information Officer (CIO)
Council has outlined eight priorities for the department in its information
technology mission: information sharing, information security improvement,
creating one technology infrastructure, mission rationalization, enterprise
architecture, portfolio management, governance, and information technology
human resources. The Council has not prioritized the list, but some areas need
obvious improvement; Lee Holcomb, DHS chief technology officer, notes that the
department received a low score for its IT security. DHS will spend $12
million for 12 to 24 pilot information sharing projects across governments.
Other priorities, such as portfolio management, enterprise architecture,
capital investment, and IT governance, should work hand in hand to streamline
day-to-day business.
- http://www.fcw.com/fcw/articles/2004/0216/web-dhs-02-17-04.asp
- Also - http://www.govexec.com/dailyfed/0204/021704c1.htm
Cybercrime-Hacking
- Title: Individual Arrested for Hacking into
Messenger Conversations
- Source: Chosun Ilbo
- Date Written: February 18, 2004
- Date Collected: February 18, 2004
- Korean police have arrested a man aged 26, identified only by his surname
Kim, for hacking into Instant Messenger (IM) conversations between five fellow
employees and reporting the conversations to his managers. Police say Kim
hacked into the IM conversations sixty times in December using the Radmin
program he downloaded from the Internet. One employee, identified as Mr. Park,
said he suspected that company executives knew details of his conversations, a
suspicion confirmed when he saw his Messenger screen open on Mr. Kim's
computer. Mr. Kim allegedly told executives about the conversations to get the
others fired. Mr. Kim faces up to five years imprisonment or a fine of 50
million won ($43,000).
- http://english.chosun.com/w21data/html/news/200402/200402180019.html
Politics-Legislation
- Title: White House calls for less advanced
research
- Source: Government Computer News
- Date Written: February 18, 2004
- Date Collected: February 18, 2004
- The Bush administration's 2005 budget eliminates all funding for the
National Institute of Standards and Technology's (NIST) Advanced Technology
Program. Since 1990, the program has funded research and development for
long-term projects the private sector considered too risky. Connie Partoyan,
an advisor at the Department of Commerce, says the new budget signals a shift
in research priorities; money that would have gone toward the program has been
diverted to other NIST research programs or Homeland Security research. A
White House summary of the Commerce budget also states that many of the
program's grants go to major corporations that need no subsidies. As of
September 2003, the program had awarded 709 grants worth $2.1 billion. Half of
the projects were related to electronics, computer hardware, or information
technology.
- http://www.gcn.com/vol1_no1/daily-updates/24955-1.html
- Title: Move to Block California E-Vote
- Source: Wired (AP)
- Date Written: February 17, 2004
- Date Collected: February 18, 2004
- Citizens of Solano, Sacramento, San Diego, and Stanislaus counties in
California have requested the Sacramento County Superior Court to issue a
restraining order to keep eighteen counties from using Diebold electronic
voting machines in the March 2, 2004 primary elections. Secretary of State
Kevin Shelley has already ordered random testing of Diebold and Sequoia voting
machines citing concerns that flawed software or malfunctions may yield
inaccurate election results. Ten counties claim that Mr. Shelley is acting
outside his authority and overstating the problem. The court filing, however,
argues that "gaping holes" remain in the machines even if Mr. Shelley's
pre-election orders are followed, citing reports from security professionals
outlining how company insiders and computer hackers could tamper with
elections.
- http://www.wired.com/news/evote/0,2645,62323,00.html?tw=wn_tophead_8
- Title: Outcry as Chinese Net dissident
arrested
- Source: The Register
- Date Written: February 17, 2004
- Date Collected: February 18, 2004
- Such civil liberties groups as Reporters Without Borders are decrying the
recent arrest by Chinese authorities of Du Daobin, 40, who allegedly posted 28
messages on the Internet "inciting subversion of China's state power and [the]
overthrow of China's socialist system." Police in Hubei province say Mr. Du
also accepted money from foreign organizations to help them post articles
"harmful to state security." Reporters Without Borders argues that Mr. Du's
articles were pacifist in nature, supporting democracy and greater freedom of
expression. Mr. Du also campaigned for the release of Liu Di, a student
imprisoned for over a year for posting pro-democracy messages on the Internet.
- http://www.theregister.co.uk/content/6/35619.html
- Title: Senators question TSA role in transfer of
passenger records
- Source: Government Executive
- Date Written: February 17, 2004
- Date Collected: February 18, 2004
- Susan Collins (R-Maine), chair of the Senate Government Affairs Committee,
and ranking member Joseph Lieberman (D-Connecticut) have asked the
Transportation Security Administration (TSA) to explain its role in the
transfer of airline passenger data from JetBlue Airlines to an Army contractor
for a Defense Department database project. The TSA has claimed minimal
involvement in the data transfer, however, Army officials told committee staff
that airlines sought and received TSA approval before transferring the data.
The two Senators believe that in order to obtain public trust, the TSA must be
open about its role in the JetBlue transfer.
- http://www.govexec.com/dailyfed/0204/021704tdpm1.htm
- Title: Anti-spam laws as useful as chocolate
fireguard, says legal profession
- Source: Silicon.com
- Date Written: February 18, 2004
- Date Collected: February 18, 2004
- Anthony Teelucksingh, prosecutor for the US Justice Department, says that
criminal anti-spam laws will have little effect on the amount of spam e-mails
people receive everyday. Though the government is interested in pursuing
criminal prosecutions against spammers--Mr. Teelucksingh says he has taken
calls from many prosecutors asking advice for anti-spam cases--Mr.
Teelucksingh warns that even many prosecutions against spammers may not lower
spam levels. Don Blumenthal, attorney for the Federal Trade Commission (FTC),
says that though the FTC is devoting more resource to spam investigations
under the CAN-SPAM Act, spam will continue to "rule our world in the near
future."
- http://www.silicon.com/research/specialreports/protectingid/0,3800002220,39118479,00.htm
Malware
- Title: At the Front in the Virus Wars
- Source: Wired News
- Date Written: February 18, 2004
- Date Collected: February 18, 2004
- Through late January and early February of 2004, antivirus researchers at
F-Secure in Helsinki, Finland, faced ten virus emergencies without a break for
nearly a month. When F-Secure detects a virus outbreak, one of the researchers
smacks a toy monkey, which then screams to alert other researchers. The
research team gathers and assigns duties: reverse engineering, writing an
initial short description, testing and posting an antivirus update, and
writing a longer description for the Web. Depending on the severity of the
virus, a team may issue an in-house alert; a Level 1 alert, for example,
automatically cancels any meetings for antivirus researchers. Mikko Hyppönen,
director of antivirus research for F-Secure, says that there is no official
antivirus training, and few universities teach assembly code any more,
requiring antivirus companies to hire experts where they can. Predicting which
viruses will become major outbreaks can be difficult; MyDoom, for example, had
none of the tell-tale signs of a major virus.
- http://www.wired.com/news/infostructure/0,1377,62324,00.html?tw=wn_tophead_3
- Title: New variant disables antivirus apps,
steals e-mail addresses
- Source: PC World
- Date Written: February 18, 2004
- Date Collected: February 18, 2004
- Antivirus companies are reporting a new variant of the NetSky worm only
one day after the appearance of the Bagle.B worm. NetSky.B, also known as
Moodown.B, spreads over e-mail and shared network folders, and attempts to
disable antivirus software, steal e-mail addresses, and copy itself to shared
network folders. NetSky.B arrives in an e-mail with a randomly generated
subject line, such as "something for you" or "hello," carrying a .zip file
attachment. Network Associates reports receiving 40 to 50 copies of the virus
each hour. TruSecure reports that most copies seem to come from the
Netherlands or elsewhere in Europe.
- http://www.pcworld.com/news/article/0,aid,114829,00.asp
Vulnerabilities & Exploits
- Title: Top Three Security Problems Remain Despite
Increased Spending
- Source: Enterprise Systems
- Date Written: February 18, 2004
- Date Collected: February 18, 2004
- The Yankee Group reports that security budgets will increase at many
companies, citing its recent survey of 404 decision makers at medium and large
companies. 50% of respondents expect security spending to increase over the
next three years, while only 8% expected a decrease. The top three products
eyed by respondents are antivirus, intrusion detection systems, and firewalls.
40% of Fortune 500 companies plan to buy Web services security products.
Yankee expects outsourced managed security to grow from a $1.5 billion market
in 2002 to $3.7 billion by 2008. Systems administrators continue to focus on
traditional threats--unauthorized servers, intrusions and antivirus,
unauthorized senders, and denial of service attacks--while rating peer-to-peer
and instant messaging as low priority. Companies are also focusing on
regulatory compliance and wireless technologies.
- http://www.esj.com/security/article.asp?EditorialsID=860
- Title: Code leak flaw may exist, admits
Microsoft
- Source: vnunet.com
- Date Written: February 18, 2004
- Date Collected: February 18, 2004
- Microsoft is investigating reports of a flaw found in leaked Windows
source code. Microsoft had originally downplayed the flaw, found in Internet
Explorer 5, saying it had been previously documented and fixed with the
release of Internet Explorer 6 Service Pack 1. However, many users still rely
on Internet Explorer versions 5, 5.1, and 5.5. Microsoft is now examining the
flaw more closely, though it has not announced whether or when a patch would
be released. Companies should consider upgrading to a newer version of
Internet Explorer to guard against the vulnerability.
- http://www.vnunet.com/News/1152858
Best Practices & Risk Management
- Title: Microsoft Sending Security Patches on a
CD
- Source: Internet News
- Date Written: February 18, 2004
- Date Collected: February 18, 2004
- Microsoft will release a security update CD with every critical patch
released up to October 2003 for Windows XP, ME, 2000, and both versions of 98,
as well as trial antivirus and firewall software. The CD release is targeted
toward home users with a dial-up connections, lacking the bandwidth to
download all the security updates. In January 2004, Microsoft released a 317
KB tool to remove the Blaster virus from home computers; 317 KB takes about
three minutes to download over a dial-up connection. Microsoft will distribute
the CDs for free to improve the patch application "ecosystem." Jupiter
research finds that only 30% of homes have migrated to broadband connections,
and expects the number to increase to 40% by 2008.
- http://www.internetnews.com/dev-news/article.php/3314501
Civil & Consumer Issues
- Title: AOL Sues Florida Company Again for E-Mail
'Spam'
- Source: Reuters
- Date Written: February 18, 2004
- Date Collected: February 18, 2004
- America Online (AOL) has sued Florida company Connor Miller Software,
alleging it set up a network for two clients who then sent 35 million spams to
AOL users advertising low-interest mortgages. Charles Henry Miller says his
company set up the network, but did not send out any commercial e-mails. AOL
originally sued the company in 2003 in Virginia, but a federal judge threw out
the suit, ruling that Virginia does not have jurisdiction in the matter. Spam
now accounts for half of all e-mail traffic; AOL says it deals with 2 billion
spams each year. The lawsuit against the two Connor Miller Software clients is
still pending in Virginia.
- http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4385772
- Title: So not intimidated
- Source: LA Times
- Date Written: February 15, 2004
- Date Collected: February 18, 2004
- Many college students are reacting to RIAA (Recording Industry Association
of America) lawsuits not by stopping their illegal music downloads, but by
being more careful how they download songs. One downloader, called Shawn, says
he and his friends consider the lawsuits a joke, and treat them as such.
Jessica notes that the RIAA targets people who upload more than 1,000 music
files, so she only downloads songs, and keeps the number on her computer less
than 1,000. Jessica says she'd buy the CDs, but she doesn't have the money.
RIAA statements that illegal downloads hurt the artist do not carry much
weight with downloaders, who reply that smaller bands which rely on touring
and merchandise get publicity from downloads, while big name artists live
extravagant lifestyles despite their downloads. Many students also see
inconsistencies in the law: they are allowed to tape-record a television show,
or borrow a CD, but not download them from the Internet.
- http://www.latimes.com/technology/la-ca-day15feb15,1,5584243.story?coll=la-headlines-technology
To change your delivery preferences please go
to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
If you wish to
stop receiving the 'Security in the News' service please go
to:
http://news.ists.dartmouth.edu/substop.html
The Institute for
Security Technology Studies (ISTS) accepts no responsibility for any error or
omissions in this e-mail. The information presented is a compilation of
material from various sources and has not been verified by staff of the ISTS.
Therefore, the ISTS cannot be made responsible for the factual accuracy of the
material presented. The ISTS is not liable for any loss or damage arising from
or in connection with the information contained in this report. It is the
responsibility of the user to evaluate the content and usefulness of this
information. References in this e-mail to any specific commercial products,
processes, or services by trade name, trademark, manufacturer, or otherwise,
does not constitute or imply endorsement, recommendation, or favoring by the
ISTS. ISTS is a research, not operational, organization, and makes its
Security in the News e-mail available as a public service on a best-effort
basis. Security in the News will be sent out on most business days, but not
all.
Institute for Security Technology Studies
Dartmouth
College
45 Lyme Road, Suite 200
Hanover, NH 03755
Tel: (603) 646
0700
E-mail: dailyreport@ists.dartmouth.edu
|
|
|
