|
Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security In The News - February 23, 2004
- From: Howell, Paul
- Date: Tue Feb 24 07:46:29 2004
Title: Message
Security In The News
LAST UPDATED: 2/23/04
This report is
also available on the Internet at http://news.ists.dartmouth.edu/todaysnews.html
,
Cybercrime-Hacking
Thought for the day: United we stand,
divided we fall
- Computer
Weekly, 2/23/04
Doctored Kerry photo brings anger, threat
of suit
- San
Francisco Chronicle / San Francisco Gate, 2/20/04
DoS and phishing attacks: coming to a
mobile near you?
- Silicon.com,
2/20/04
FTC nets record settlement under COPPA
- Network World
Fusion, 2/19/04
Minneapolis Man Charged with Hacking into
Post Office Web Server
- KARE
11, 2/21/04
Politics-Legislation
Canberra faces up to security
- Australian
IT, 2/24/04
Blackwell wants $128M for voting
machines
- Dayton
Daily News, 2/20/04
U.S. info-sharing program draws fire
- Security Focus,
2/20/04
- Also - Search
Security, 2/23/04
Malware
Summit on Net security: New entrants will
try their hand at battling viruses
- San
Francisco Chronicle / San Francisco Gate, 2/23/04
Technology
Cell Phone Reads User Fingerprint
- Wired
News (Reuters), 2/22/04
New tools help users manage security
events
- Computerworld,
2/16/04
Security Start-up Seeks to Spot, Solve
Compromises
- EWeek.com,
2/20/04
PC Makers Face Array Of Crypto Chip
Choices
- Techweb,
2/19/04
DARPA awards network security deal
- Federal
Computer Week, 2/23/04
Best Practices & Risk Management
Education key to online security
- Australian
IT, 2/24/04
Civil & Consumer Issues
SCO legal action deadline passes
- vnunet.com, 2/23/04
E-Voting Activists: Vote Absentee
- Wired
News, 2/20/04
Music industry's search orders on
trial
- C-Net News,
2/20/04
- Also - Wired News,
2/20/04
China threatens to block junk
e-mailers
- C-Net News,
2/20/04
- Also - PC World,
2/20/04
Judge: DVD-copying software is illegal
- ZDNet, 2/20/04
Cybercrime-Hacking
- Title: Thought for the day: United we stand,
divided we fall
- Source: Computer Weekly
- Date Written: February 23, 2004
- Date Collected: February 23, 2004
- Officials from law enforcement, banks, government agencies, and business
are gathering in London for the E-Crime Congress to discuss cybercrime and
possible ways to combat it. Philip Vargo of British lobbying group Eurim
argues that "The only thing saving the information economy from complete
collapse, is that organised crime wishes to milk the cow and not kill it."
Many at the conference focus on public/private partnerships to combat e-crime.
Chief superintendent Len Hynds, director of the NHTCU (National Hi-Tech Crime
Unit) argues that a partnership between government and industry is necessary
to combat cybercrimes, since the Internet is mostly owned by the private
sector. Chris Painter, deputy chief of computer crime and intellectual
property at the US Department of Justice, says industry and government have
differing skills and experiences regarding e-crime; a partnership could
maximize the chance of success.
- http://www.computerweekly.com/articles/article.asp?liArticleID=128551
- Title: Doctored Kerry photo brings anger, threat
of suit
- Source: San Francisco Chronicle / San Francisco Gate
- Date Written: February 20, 2004
- Date Collected: February 23, 2004
- Ken Light, a professor of journalistic ethics at the University of
California, says he and his former photography agency intend to track down the
source of a doctored photo of Democratic Presidential candidate John Kerry.
Mr. Light took the photograph of Mr. Kerry at a 1971 rally against the Vietnam
War. Someone recently took the photo and one of actress Jane Fonda from a 1972
rally in Miami, Florida, and merged them so the two appear to be standing side
by side. The logo of the Associated Press was then added, and the photo
circulated on the Internet as evidence of Mr. Kerry's "anti-American" views.
Mr. Light says he is outraged that someone would alter the photograph to try
to disrupt discourse during a political campaign.
- http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2004/02/20/MNG4S54RGO1.DTL
- Title: DoS and phishing attacks: coming to a
mobile near you?
- Source: Silicon.com
- Date Written: February 20, 2004
- Date Collected: February 23, 2004
- Recently developed exploit tools for vulnerabilities in the Bluetooth
wireless technology could lead to some sophisticated scams targeting mobile
phone users. For example, an attacker could station himself at a prime
location, such as an airport lounge, and scan for vulnerable phones. The
attacker could then send out a false message, such as "Welcome to Heathrow's
mobile information service," which, if accepted, could allow the attacker to
dial a number from that phone. The attacker could dial a premium rate line and
rack up charges on the victims' phones. Attacker could also deny service to
Bluetooth phones, using a specially constructed message to crash and reset the
phone, though this attack is little more than mischief. While newer phones do
not have these vulnerabilities, older phones from Nokia and Ericsson may be
exploited. Users should turn off Bluetooth to avoid attack, and never accept
business cards unless they are sure of its sender.
- http://www.silicon.com/software/security/0,39024655,39118524,00.htm
- Title: FTC nets record settlement under
COPPA
- Source: Network World Fusion
- Date Written: February 19, 2004
- Date Collected: February 23, 2004
- The Federal Trade Commission has settled with Bonzi Software and UMG
Recordings for $75,000 and $400,000 respectively for charges of violating the
Children's Online Privacy Protection Act (COPPA) by collecting personal
information from children. Under COPPA, companies may not knowingly collect
information from children under 13 years of age without parental consent. UMG
Recordings operates several hundred music sites which collected birthdate
information as part of online registration; their $400,000 settlement is the
largest ever collected under COPPA. Bonzi Software's BonziBuddy also collected
birthdate information in order to download the product. The FTC charged them
with providing incomplete privacy notices and failing to direct notices to
parents. The two companies agreed to consent decrees, which do not constitute
an admission of guilt.
- http://www.nwfusion.com/news/2004/0219ftcnets.html
- Title: Minneapolis Man Charged with Hacking into
Post Office Web Server
- Source: KARE 11
- Date Written: February 21, 2004
- Date Collected: February 23, 2004
- Joshua Linsk, 21, of Minneapolis, Minnesota, has turned himself in to
federal authorities for cracking into a US Postal Service web server. A grand
jury indicted Mr. Linsk on two counts of computer fraud and one count of
possessing 15 or more unauthorized access devices. The grand jury alleges that
Mr. Linsk transmitted code in May 2002, causing damage to a database owned by
the Postal Service's office of inspector general, and stole 15 credit card
account numbers from the Whitney Education Group. If convicted, Mr. Linsk
faces 15 years imprisonment and a $500,000 fine. Mr. Linsk is currently
released on $25,000 unsecured bond.
- http://www.kare11.com/news/news-article.asp?NEWS_ID=59863
Politics-Legislation
- Title: Canberra faces up to security
- Source: Australian IT
- Date Written: February 24, 2004
- Date Collected: February 23, 2004
- The Australian government will fast-track a proposed legislation to
include facial biometrics in passports before a United States deadline in
October 2004. The US visa waiver program requires countries to include facial
biometrics in passports before October in order to continue participating.
Graham Greenleaf of the Australian Privacy Foundation warns that the high
costs of biometrics may lead government agencies to seek other uses for the
technology, resulting in a de facto national identity card. The Cabinet has
not yet made any decision on the bill, or on biometrics in general.
Representatives appointed to a Passports Legislation Consultation Group say
they have little information on the topic to work with, having only received
ministerial statements and a four-page background sheet.
- http://australianit.news.com.au/articles/0,7204,8767093^15841^^nbv^,00.html
- Title: Blackwell wants $128M for voting
machines
- Source: Dayton Daily News
- Date Written: February 20, 2004
- Date Collected: February 23, 2004
- Ohio's Secretary of State J. Kenneth Blackwell will request $128 million
from the Controlling Board to purchase new electronic voting machines to
comply with the Help America Vote Act. Many lawmakers, such as Jeff Jacobson
(R-Butler Township) and Teresa Fedor (D-Toledo) are asking the Board to reject
the request, citing a report identifying 57 security risks with the machines.
Senate President Doug White (R-Manchester) will appoint a committee to look
into the matter. The vendor's contract requires that the holes be fixed and
the machines pass a security audit and state and federal certification before
purchase. If Mr. Blackwell's request is rejected. he intends to push for
optical scan machines which produce a paper record of votes.
- http://www.daytondailynews.com/localnews/content/localnews/daily/0220vote.html
- Title: U.S. info-sharing program draws
fire
- Source: Security Focus
- Date Written: February 20, 2004
- Date Collected: February 23, 2004
- The Department of Homeland Security's (DHS) Protected Critical
Infrastructure Information (PCII) program is drawing fire for the protection
it offers to corporations which submit details about security vulnerabilities.
PCII allows corporations to submit details outlining physical and computer
security vulnerabilities, and keeps the information secret from the public,
even immune from the Freedom of Information Act (FOIA). Howard Schmidt, former
White House cyber security advisor, says that such disclosures have happened
informally and undocumented in the past, but allowed better analysis. Critics,
such as Sean Moulton, analyst for OMB Watch, says the measure removes any
means the government has to compel companies to fix vulnerabilities. Some are
also concerned that companies may use the program to shield negligence.
- http://www.securityfocus.com/news/8090
- Also - http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci951841,00.html
Malware
- Title: Summit on Net security: New entrants will
try their hand at battling viruses
- Source: San Francisco Chronicle / San Francisco Gate
- Date Written: February 23, 2004
- Date Collected: February 23, 2004
- Security professionals are gathering in San Francisco for the RSA
Conference, expected to draw over 10,000 participants. The RSA Conference
began in 1991 to discuss cryptography, but has since branched out to other
areas of computer security. The numerous virus attacks of 2003 will make
malware a major topic at the 2004 conference. While antivirus companies will
make a large presence at the conference, other companies will also address
such issues. Hewlett-Packard, for example, will unveil its Virus Throttler
product, while Microsoft chair Bill Gates will discuss his company's security
strategy.
- http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2004/02/23/BUGD855EUK1.DTL&type=tech
Technology
- Title: Cell Phone Reads User Fingerprint
- Source: Wired News (Reuters)
- Date Written: February 22, 2004
- Date Collected: February 23, 2004
- Atrua Technologies, backed by Ericsson, Nokia, and Intel, has released its
first product, Atrua Wings, a cellular phone with built in fingerprint reader.
The reader also doubles as the scroll bar for navigating through menus. Atrua
marketing director Marc Ostrowski says the phone will be in production
starting in the second quarter of 2004, and on the market by the end of the
year. The fingerprint scanner can be used to protect wireless transactions and
to sign on to websites. Atrua, which has filed eleven patents on the
technology, also plans to sell the phones for gameplay and to attract new cell
service subscribers to mature markets.
- http://www.wired.com/news/wireless/0,1382,62381,00.html?tw=wn_tophead_7
- Title: New tools help users manage security
events
- Source: Computerworld
- Date Written: February 16, 2004
- Date Collected: February 23, 2004
- Multiple security devices on enterprise networks generate volumes of data
for systems administrators, pushing many to demand security event management
software to mine the data for important details. NetForensics will soon
announce its NetForensics 3.1.1 which now includes automated response and
prescribes actions to administrators, walking them through a procedure based
on the SANS Institute's Six Step Incident Response process. NetForensics also
includes data visualization tools. ArcSight 3.0 includes features to archive
and retrieve incident data, with new compression, allowing administrators to
store five times as much data in the same amount of space. Jim Hurley, an
analyst for the Aberdeen Group, believes that security event management tools
will not take off until they can link data to business impact and aid decision
making.
- http://www.computerworld.com/securitytopics/security/story/0,10801,90223,00.html
- Title: Security Start-up Seeks to Spot, Solve
Compromises
- Source: EWeek.com
- Date Written: February 20, 2004
- Date Collected: February 23, 2004
- Intrusic Inc. will unveil its Zephon system at the RSA Conference in San
Francisco, promoting it as a product that picks up where other security
technologies leave off. Rather than blocking scans, attacks, and intrusions,
Zephon gathers evidence of successful attacks, and provides detailed
statistics and recommendations. Zephon sits on a network and records every
packet that crosses its path, and inspects each packet in three different
ways. Data showing evidence of a compromise is moved to a database for a
second analysis. Intrusic chief executive Bruce Linton believes such a
solution will help eradicate security problems rather than just treat their
symptoms.
- http://www.eweek.com/article2/0,4149,1531262,00.asp
- Title: PC Makers Face Array Of Crypto Chip
Choices
- Source: Techweb
- Date Written: February 19, 2004
- Date Collected: February 23, 2004
- PC makers looking to build desktops with hardware security must choose
from a confusing array of trusted platform modules (TPM), chips which hold
digital keys for cryptography. The chips are an essential computer component
for the upcoming Windows operating system, code-named Longhorn. Atmel,
Infineon, National Semiconductor, and STMicroelectronics offer differing TPMs
in differing products. All TPMS must meet specifications from the Trusted
Computing Group (TCG), however, PC makers would like the TPMs to be integrated
onto existing PC chips, resulting in a lower cost. Under the current
selection, PC makers must decide with which products from the various chip
vendors they most desire to interoperate.
- http://www.techweb.com/wire/story/TWB20040219S0014
- Title: DARPA awards network security deal
- Source: Federal Computer Week
- Date Written: February 23, 2004
- Date Collected: February 23, 2004
- The Defense Advanced Research Projects Agency (DARPA) has awarded $8.7
million to Computer Systems Center Inc. (CSCI) to work on the
Information-on-Demand project. Information-on-Demand seeks to develop dynamic
network security applications to enable users to access resources with
multiple security clearances from a single workstation. CSCI's Trusted
Information Infrastructure allows such multi-level security access. The
Defense Department considers dynamic access a top priority for network-centric
warfare.
- http://www.fcw.com/fcw/articles/2004/0223/web-darpa-02-23-04.asp
Best Practices & Risk Management
- Title: Education key to online security
- Source: Australian IT
- Date Written: February 24, 2004
- Date Collected: February 23, 2004
- Antivirus products have matured since their inception, making them easier
to use and to keep up-to-date. Antivirus products can now automatically
download updates, while home broadband connections can provide computers with
up-to-the-minute protection. However, users are still failing to keep their
antivirus updated, allowing viruses to spread. John Donovan of Symantec
Australia-New Zealand argues that the interfaces to virus scanners need to be
made simpler: "The biggest hurdle is not the technology, but people's
understanding and usage of the technology." Antivirus cannot fix every
vulnerability a computer has, so security must come from multiple sources.
Trend Micro's corporate antivirus includes system policies with its virus
definitions, and predicts that such features will become common in end-user
products. Internet service providers are beginning to offer antivirus services
as part of their connection packages.
- http://australianit.news.com.au/articles/0,7204,8746906^15841^^nbv^,00.html
Civil & Consumer Issues
- Title: SCO legal action deadline passes
- Source: vnunet.com
- Date Written: February 23, 2004
- Date Collected: February 23, 2004
- The SCO Group's self-imposed deadline to sue a Linux end-user for
copyright infringement has passed with no such legal action. The SCO Group
originally announced plans to sue a major Linux end-user within 90 days on
November 18, 2003, and promised legal action by early February. Blake Stowell,
public relations director for SCO, says the company is still planning to go
forward with such a lawsuit in a matter of days. Some analysts, such as Ovum's
Gary Barnett, are skeptical of SCO's claims, noting that court action could be
difficult since the company has not proven ownership of Linux code, making it
highly likely a court would throw out the case.
- http://www.vnunet.com/News/1152939
- Title: E-Voting Activists: Vote Absentee
- Source: Wired News
- Date Written: February 20, 2004
- Date Collected: February 23, 2004
- Activists in California and Maryland have launched campaigns to urge
voters to use paper absentee ballots in the March 2004 primaries, citing
security concerns with the electronic voting machines used within those
states. Researchers have found ways to crack machines made by Diebold Election
Systems and alter vote records without detection. California offers voters who
feel uncomfortable using the electronic ballots to cast paper ones instead;
Maryland activists are demanding their state do likewise. A California court
rejected a restraining order against using electronic voting machines, though
Secretary of State Kevin Shelley has ordered that all machines provide a
voter-verified paper record by 2006. Voters are concerned that the machines do
not produce a paper trail, forcing the public to trust vendors and county
officials to follow the law. Activists hope that by casting absentee ballots,
a paper trail can be created.
- http://www.wired.com/news/business/0,1367,62364,00.html?tw=wn_tophead_5
- Title: Music industry's search orders on
trial
- Source: C-Net News
- Date Written: February 20, 2004
- Date Collected: February 23, 2004
- Lawyers for Sharman Networks are fighting record industry representatives
in Australian Federal Court, arguing that Anton Pillar orders for the search
of twelve premises for evidence of copyright infringement should be
overturned, saying that not all appropriate evidence was presented during the
discovery phase. Sharman lawyers also argue that the case against them is
similar to a case in the United States, and should be deferred pending the
results of the American case. Music industry lawyers argue that the two cases
differ, since US law is more concerned about the structure of technology while
Australian law considers its use. Lawyers for Brilliant Digital Entertainment,
another target of the Anton Pillar search orders, point out that evidence was
seized from Brilliant subsidiary Altnet, which was not mentioned in the
orders. The orders also led to the seizure of Altnet source code, possibly
subverting a case over source code in the United States.
- http://news.com.com/2100-1027_3-5162498.html
- Also - http://www.wired.com/news/digiwood/0,1412,62363,00.html
- Title: China threatens to block junk
e-mailers
- Source: C-Net News
- Date Written: February 20, 2004
- Date Collected: February 23, 2004
- The Xinhua news agency reports that China has blacklisted 656 spam servers
worldwide. Most are outside Asia, while 65 are in Taiwan, six in Hong Kong,
and 63 within China itself. These 656 servers will be monitored by the
Internet Society of China and blocked if they continue spamming Chinese users
after March 20, 2004. China also banned 127 e-mail servers in 2003.
- http://news.com.com/2100-1024_3-5162355.html
- Also - http://www.pcworld.com/news/article/0,aid,114867,00.asp
- Title: Judge: DVD-copying software is
illegal
- Source: ZDNet
- Date Written: February 20, 2004
- Date Collected: February 23, 2004
- Judge Susan Illston has granted Hollywood studios an injunction against
321 Studios after eight months of legal battle, finding that the company's
DVD-copying software violates copyright law. Under the injunction, 321 Studios
has seven days to stop distributing DVD-copying software. Judge Illston
recognized the legal use of such software by consumers to make backup copies
of DVDs, but ruled that that cannot be used to defend a technology that breaks
anti-piracy measures on DVDs.
- http://zdnet.com.com/2100-1104_2-5162749.html
To change your delivery preferences please go
to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
If you wish to
stop receiving the 'Security in the News' service please go
to:
http://news.ists.dartmouth.edu/substop.html
The Institute for
Security Technology Studies (ISTS) accepts no responsibility for any error or
omissions in this e-mail. The information presented is a compilation of
material from various sources and has not been verified by staff of the ISTS.
Therefore, the ISTS cannot be made responsible for the factual accuracy of the
material presented. The ISTS is not liable for any loss or damage arising from
or in connection with the information contained in this report. It is the
responsibility of the user to evaluate the content and usefulness of this
information. References in this e-mail to any specific commercial products,
processes, or services by trade name, trademark, manufacturer, or otherwise,
does not constitute or imply endorsement, recommendation, or favoring by the
ISTS. ISTS is a research, not operational, organization, and makes its
Security in the News e-mail available as a public service on a best-effort
basis. Security in the News will be sent out on most business days, but not
all.
Institute for Security Technology Studies
Dartmouth
College
45 Lyme Road, Suite 200
Hanover, NH 03755
Tel: (603) 646
0700
E-mail: dailyreport@ists.dartmouth.edu
|
|
|
