|
Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security In The News - March 3, 2004
- From: Howell, Paul
- Date: Thu Mar 04 10:23:24 2004
Title: Message
Security In The News
LAST UPDATED: 3/3/04
This report is
also available on the Internet at http://news.ists.dartmouth.edu/todaysnews.html
,
Homeland Security & Infrastructure Protection
On one-year anniversary, Bush gives
Homeland Security 'gold star'
- Government
Executive, 3/2/04
El Reg badly misguided on cyber-terror
threat
- The
Register, 3/3/04
Politics-Legislation
Senators Try to Smoke Out Spyware
- Washington
Post, 3/2/04
Lawmaker calls for hearings into delay
in merging of watch lists
- Government
Computer News, 3/2/04
Calls to regulate 'failing' AV
industry
- The
Register, 3/3/04
Hands Off! That Fact Is Mine
- Wired
News, 3/3/04
OMB: Agencies improve IT security, but
many are short of goals
- Government
Computer News, 3/3/04
Malware
Worm authors talk trash
- ZDNet,
3/3/04
- Also - vnunet.com,
3/3/04
- Also - EWeek.com,
3/3/04
Viruses open can of worms for ISPs:
Study
- The
Globe and Mail, 3/3/04
Technology
Government backs quantum
cryptography
- vnunet.com, 3/1/04
PKI vendors wanted
- Federal
Computer Week, 3/3/04
Vulnerabilities & Exploits
E-Vote Glitches Found in Election
- Wired
(AP), 3/2/04
- Also - LA
Times, 3/2/04
Civil & Consumer Issues
Spammers tout banned DVD technology
- ZDNet
UK, 3/2/04
SCO suits target two big Linux users
- news.com.com,
3/3/04
Homeland Security & Infrastructure Protection
- Title: On one-year anniversary, Bush gives
Homeland Security 'gold star'
- Source: Government Executive
- Date Written: March 2, 2004
- Date Collected: March 3, 2004
- President George W. Bush, speaking on March 2, 2004, the first
anniversary of the Department of Homeland Security (DHS), praised the
department's progress in combatting terrorism, citing increased cargo and
border inspections, expansion of the national stockpile of medicine and
vaccines, and the installation of biological sensors in major cities. this,
plus the department's work with critical infrastructures and first
responders, led President Bush to award DHS with a "gold star for a job well
done." Mr. Bush also called on Congress to renew the USA PATRIOT Act when it
expires in 2005, arguing that terrorism does not expire on the country's
schedule.
- http://www.govexec.com/dailyfed/0304/030204gsn1.htm
- Title: El Reg badly misguided on cyber-terror
threat
- Source: The Register
- Date Written: March 3, 2004
- Date Collected: March 3, 2004
- Dan Verton responds to The Register's negative review of his book on
cyberterrorism, "Black Ice," in this interview. While The Register argues
that scant evidence of plans for cyberterrorism has been found, Mr. Verton
says low-level actions, such as probing the SCADA (Supervisory Control And
Data Acquisition) systems of US critical infrastructures, and public
statements indicate that terrorist groups are planning to develop cyber
capabilities. The interviewer doubts the likelihood of an infrastructure
attack, arguing that terrorists would find it too costly with little payout.
Mr. Verton responds that terrorists will evolve over time, and that the
investment for a cyberattack is minimal, but agrees that an attack against
the entire infrastructure is outside terrorist capabilities. Mr. Verton
further argues that some of his detractors have misinformed assumptions
about terrorist behavior.
- http://www.theregister.co.uk/content/55/35983.html
Politics-Legislation
- Title: Senators Try to Smoke Out
Spyware
- Source: Washington Post
- Date Written: March 2, 2004
- Date Collected: March 3, 2004
- Three US Senators, Ron Wyden (D-Oregon), Conrad Burns (R-Montana), and
Barbara Boxer (D-California), have introduced the SPYBLOCK Act to combat the
dangers of spyware. SPYBLOCK would prohibit installing software on a
computer over the Internet without the consent of its owner, require
companies offering software downloads to disclose what the programs do and
what information they collect, and advertisements generated by spyware must
be clearly marked. States could sue violators in federal court, and the
Federal Trade Commission (FTC) would impose fines and civil penalties under
consumer protection laws. Spyware, and its marketing oriented cousin adware,
often come packaged in free downloads, while more malicious spywares come in
"drive-by downloads," installing themselves on a machine without consent
when a user visits a particular website. Ari Schwartz, of the Center for
Democracy and Technology, describes the issue as one about "user control and
transparency." Stewart Baker, of Washington law firm Steptoe & Johnson,
compares the proposed SPYBLOCK to the CAN-SPAM Act, which has had little
effect on unsolicited e-mails ads.
- http://www.washingtonpost.com/wp-dyn/articles/A23307-2004Mar2.html
- Title: Lawmaker calls for hearings into delay
in merging of watch lists
- Source: Government Computer News
- Date Written: March 2, 2004
- Date Collected: March 3, 2004
- US Representative Jim Turner (D-Texas), ranking Democrat on the House
Select Committee on Homeland Security, has called for immediate hearings
into delays in merging twelve separate databases into a single integrated
terrorist watch list. The Department of Homeland Security (DHS) has missed
its deadline for an integrated watch list nine times, while one DHS official
suggested that such a list would be unnecessary. Congress directed DHS to
consolidate twelve databases into a single resource for use by law
enforcement and intelligence agencies; the Bush administration created the
Terrorist Screening Center within the Federal Bureau of Investigation (FBI)
to create the list. Mr. Turner says the "repeated delays and excuses . . .
are hard to comprehend" and calls for the committee to exercise its
oversight powers.
- http://www.gcn.com/vol1_no1/daily-updates/25116-1.html
- Title: Calls to regulate 'failing' AV
industry
- Source: The Register
- Date Written: March 3, 2004
- Date Collected: March 3, 2004
- As virus attacks grow, many anti-virus companies have quoted "alarmist"
statistics in describing the virus threat. The practice has spread to other
companies; for example, Sun Microsystems' Jonathan Schwartz, speaking at the
RSA Conference in San Francisco, suggested that Windows vulnerabilities cost
$100 billion, but did not quote a source for the statistic. Former White
House cybersecurity advisor Richard Clarke argued that regulations should be
considered in dealing with the virus problem. Mr. Clarke says he generally
opposes regulations unless the market has failed--Mr. Clarke notes that the
number of virus attacks is doubling every year. While anti-virus vendors
wish to avoid regulation, alarmist tactics may catch the attention of
lawmakers who seek to regulate them.
- http://www.theregister.co.uk/content/56/35987.html
- Title: Hands Off! That Fact Is Mine
- Source: Wired News
- Date Written: March 3, 2004
- Date Collected: March 3, 2004
- Controversy is brewing over the proposed Database and Collections of
Information Misappropriation Act, which would make it a crime to copy and
redistribute a substantial portion of data collected by commercial
databases. Critics of the bill say its vague requirements could give
companies ownership of facts, contrary to the philosophy of the Copyright
Act. Keith Kupferschmid, of the Software and Information Industry
Association, says that critics are mischaracterizing the bill; any theft
must involve a substantial amount of data, and the plaintiff must prove
injury. Joe Rubin, executive director of technology and e-commerce for the
U.S. Chamber of Commerce, says the bill has a low threshold of injury and
puts no limit on the amount of information someone must steal to violate the
law.
- http://www.wired.com/news/business/0,1367,62500,00.html?tw=wn_tophead_1
- Title: OMB: Agencies improve IT security, but
many are short of goals
- Source: Government Computer News
- Date Written: March 3, 2004
- Date Collected: March 3, 2004
- The Office of Management and Budget (OMB) has published its annual
report to Congress, finding that, while agency information technology
security has improved since 2001, too many are failing to meet the goals of
the Federal Information Security Act. In a review of 8,000 systems, OMB
found 62% have been certified and accredited by the agency's inspector
general or a private sector third-party, short of the goal of 80% by the end
of 2003. OMB will require agencies to fix their problems before spending any
money on development, enhancement, and modernization in 2004. Half of the
agencies do not have a security mediation process. In good news, 78% have
had risk assessments, 73% have up to date security plans, and 68% have
contingency plans, up from 65%, 62%, and 55%, respectively.
- http://www.gcn.com/vol1_no1/daily-updates/25149-1.html
Malware
- Title: Worm authors talk trash
- Source: ZDNet
- Date Written: March 3, 2004
- Date Collected: March 3, 2004
- Antivirus researchers have found that the recent Bagle, MyDoom, and
Netsky variants contain hidden insults in their code, showing a growing
cyberwar in which the authors of MyDoom and Bagle have teamed up against
Netsky. MyDoom.G and Bagle.J insult the quality of Netsky's code, while
Netsky.F responds with "Skynet AntiVirus - Bagle - you are a looser!!!!"
Graham Cluley of Sophos believes the Bagel and MyDoom authors are jealous of
the attention Netsky has received from the media. The war started when an
early Netsky variant removed Bagle and MyDoom from machines it infected.
Mikko Hypponen of F-Secure believes that Netsky comes from a hobbyist group,
while MyDoom and Bagle come from spam groups.
- http://zdnet.com.com/2100-1105_2-5168983.html
- Also - http://www.vnunet.com/News/1153225
- Also - http://www.eweek.com/article2/0,4149,1542019,00.asp?kc=EWRSS03119TX1K0000594
- Title: Viruses open can of worms for ISPs:
Study
- Source: The Globe and Mail
- Date Written: March 3, 2004
- Date Collected: March 3, 2004
- Sandvine Inc., maker of networking products, has released a report
entitled "Worms Gobbling Broadband Profits," stating that worms will
continue to cause problems on residential networks, costing as much as $245
million in 2004. The paper argues that home Internet users are the weakest
point of the internet, impossible to protect en masse with current tools.
Sandvine estimates that 5% of all network traffic is malicious. Service
providers avoid public discussion out of fear that they will lose customers
or that black hats will learn new methods of attack if they do. Sandvine
believes the lack of public discussion is slowing the adoption of broadband.
- http://www.globetechnology.com/servlet/story/RTGAM.20040303.gtsandmar2/BNStory/Technology
Technology
- Title: Government backs quantum
cryptography
- Source: vnunet.com
- Date Written: March 1, 2004
- Date Collected: March 3, 2004
- Britain's Department of Trade and Industry (DTI) and e-Envoy have
announced plans to investigate and encourage quantum cryptography. Speaking
at the e-Crime Congress in London, e-Envoy director of emerging technologies
Bernard Frieder argued that quantum cryptography is "immune to hacking"
giving it the potential to change the way business is done. Attempts to read
quantum encrypted data change the encoding, immediately alerting sender and
recipient of the attempt. Mr. Frieder calls for companies to submit products
to tests by the Royal Society, but Professor Neil Barrett warns that it may
take five to ten years to make quantum cryptography commercially viable.
- http://www.vnunet.com/News/1153117
- Title: PKI vendors wanted
- Source: Federal Computer Week
- Date Written: March 3, 2004
- Date Collected: March 3, 2004
- The General Services Administration (GSA) has announced that a decade of
work on public key infrastructure (PKI) standards will soon make
government-wide authentication a reality. The GSA is ready to create a list
of bidders to supply smart cards based on the X.509 electronic
authentication specification. Smart card must conform to the Government
Smart Card Interoperability Specification, Version 2.1. Agencies will have
to develop applications to make use of digital certificates, but the
"plumbing" will be in place for authentication. The government plans to
start switching to out-sourced PKI starting in 2006.
- http://www.fcw.com/fcw/articles/2004/0301/web-pki-03-03-04.asp
Vulnerabilities & Exploits
- Title: E-Vote Glitches Found in
Election
- Source: Wired (AP)
- Date Written: March 2, 2004
- Date Collected: March 3, 2004
- Voting precincts using electronic voting machines reported scattered
technical problems during the March 2, 2004, Democratic primaries. One
Maryland polling place switched to paper ballots when the electronic
machines failed to work. Voters in Georgia's Effingham County had to use
paper ballots after county officials forgot to encode ballots for the
machines. A Georgia Tech student found Diebold machines in the student
center unlocked and unprotected. Activists and computer scientists have
protested the switch to electronic voting in many districts, since the lack
of a paper trail could make election tampering undetectable, and
insufficient protections make it easy for hackers to break-in and change
voting counts.
- http://www.wired.com/news/politics/0,1283,62505,00.html?tw=wn_tophead_7
- Also - http://www.latimes.com/technology/la-me-votetech2mar02,1,2014513.story?coll=la-headlines-technology
Civil & Consumer Issues
- Title: Spammers tout banned DVD
technology
- Source: ZDNet UK
- Date Written: March 2, 2004
- Date Collected: March 3, 2004
- Following a federal ruling finding DVD copying software illegal, and
instructing 321 Studio to remove the ripping feature from its DVD products,
spammers have begun marketing the forbidden software. One company, called
ProDVDCopy.com, urges customers to act now and buy the last remaining copies
of 321 Studio's software. An attorney for the Motion Picture Association of
America (MPAA) notes that though the injunction applies only to 321 Studios,
the ruling could be used to sue other distributors.
- http://news.zdnet.co.uk/business/legal/0,39020651,39147940,00.htm
- Title: SCO suits target two big Linux
users
- Source: news.com.com
- Date Written: March 3, 2004
- Date Collected: March 3, 2004
- In its continuing legal efforts over the Unix and Linux operating
systems, the SCO Group has filed lawsuits against auto parts dealer AutoZone
and car maker DaimlerChrysler for allegedly violating SCO's copyrights by
running versions of Linux containing code from Unix System V. Mark
Radcliffe, an intellectual property lawyer, says it makes sense for SCO to
go after Linux users, since end-users are less likely to spend money on
legal defense, opting to pressure IBM into providing indemnities instead. In
the AutoZone suit, SCO names libraries of operating systems functions
alleged to have been stolen from Unix System V, including System V static
shared libraries, System V dynamic shared libraries, and System V
interprocess communication.
- http://news.com.com/2100-1014-5168921.html
To change your delivery preferences please go
to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
If you wish to
stop receiving the 'Security in the News' service please go
to:
http://news.ists.dartmouth.edu/substop.html
The Institute for
Security Technology Studies (ISTS) accepts no responsibility for any error
or omissions in this e-mail. The information presented is a compilation of
material from various sources and has not been verified by staff of the
ISTS. Therefore, the ISTS cannot be made responsible for the factual
accuracy of the material presented. The ISTS is not liable for any loss or
damage arising from or in connection with the information contained in this
report. It is the responsibility of the user to evaluate the content and
usefulness of this information. References in this e-mail to any specific
commercial products, processes, or services by trade name, trademark,
manufacturer, or otherwise, does not constitute or imply endorsement,
recommendation, or favoring by the ISTS. ISTS is a research, not
operational, organization, and makes its Security in the News e-mail
available as a public service on a best-effort basis. Security in the News
will be sent out on most business days, but not all.
Institute for
Security Technology Studies
Dartmouth College
45 Lyme Road, Suite
200
Hanover, NH 03755
Tel: (603) 646 0700
E-mail:
dailyreport@ists.dartmouth.edu
|
|
|
