Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security In The News - March 4, 2004
- From: Howell, Paul
- Date: Thu Mar 04 17:43:27 2004
-----Original Message-----
From: dailyreport@ists.dartmouth.edu
To: subscriber (2554)
Sent: 3/4/2004 4:58 PM
Subject: Security In The News - March 4, 2004
Security In The News
LAST UPDATED: 3/4/04
This report is also available on the Internet at
http://news.ists.dartmouth.edu/todaysnews.html
<http://news.ists.dartmouth.edu/todaysnews.html> ,
Politics-Legislation
Intel CTO to meet Chinese officials over WLAN security standard
Computer Weekly, 3/4/04
<http://www.computerweekly.com/articles/article.asp?liArticleID=128868&l
iArticleTypeID=1&liCategoryID=2&liChannelID=22&liFlavourID=1&sSearch=&nP
age=1>
Also - news.com.com, 3/4/04
<http://news.com.com/2100-7351_3-5170025.html?part=rss&tag=feed&subj=new
s>
OMB to agencies: fix it or suffer the consequences
Government Computer News, 3/4/04
<http://www.gcn.com/vol1_no1/daily-updates/25156-1.html>
States Push for Net Sales Taxes
Wired (AP), 3/3/04
<http://www.wired.com/news/business/0,1367,62526,00.html?tw=wn_tophead_1
1>
Sweden Adopts EU Ban on Spam
EWeek (AP), 3/4/04 <http://www.eweek.com/article2/0,1759,1542577,00.asp>
Politician: Govts. Should Not Set Internet Policy
Reuters, 3/4/04
<http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4498
905>
Technology
Navy researcher has novel security visualization technique
Government Computer News, 3/4/04
<http://www.gcn.com/vol1_no1/daily-updates/25155-1.html>
EarthLink to test sender authentication for e-mail
Computerworld, 3/3/04
<http://www.computerworld.com/softwaretopics/software/groupware/story/0,
10801,90746,00.html>
How Tiny Swiss Cellphone Chips Helped Track Global Terror Web
NY Times, 3/4/04
<http://www.nytimes.com/2004/03/04/international/europe/04PHON.html?hp>
Best Practices & Risk Management
Profiling network administrators
Network World Fusion, 3/1/04
<http://www.nwfusion.com/research/2004/0301hackerslamo.html>
Civil & Consumer Issues
Employees still swapping at work
ZDNet (Reuters), 3/3/04 <http://zdnet.com.com/2100-1105_2-5169508.html>
Court orders SCO to show more code
ZDNet, 3/3/04 <http://zdnet.com.com/2100-1104_2-5169444.html>
Kazaa fails to stall copyright case
Sydney Morning Herald, 3/4/04
<http://www.smh.com.au/articles/2004/03/04/1078378902003.html>
Politics-Legislation
Title: internal13437Intel CTO to meet Chinese officials over WLAN
security standard
Source: Computer Weekly
Date Written: March 4, 2004
Date Collected: March 4, 2004
Pat Gelsinger, chief technology officer of Intel, will meet with
officials from the Standardization Administration of China to discuss
industry concerns over China's national wireless local area network
(WLAN) standard and the deadline for its implementation. China requires
that all WLAN products sold within the country comply with the
home-grown GB15629.11-2003 standard, similar to the IEEE's (Institute of
Electrical and Electronics Engineers) 802.11 wireless standard, but with
an incompatible security standard called WAPI (WLAN Authentication and
Privacy Infrastructure). The Chinese government has only released the
technology to twenty Chinese companies, forcing foreign companies to
enter into licensing agreements or be shut out of the Chinese market.
http://www.computerweekly.com/articles/article.asp?liArticleID=128868
<http://www.computerweekly.com/articles/article.asp?liArticleID=128868&l
iArticleTypeID=1&liCategoryID=2&liChannelID=22&liFlavourID=1&sSearch=&nP
age=1>
&liArticleTypeID=1&liCategoryID=2&liChannelID=22&liFlavourID=1&sSearch=&
nPage=1
Also - http://news.com.com/2100-7351_3-5170025.html?part=rss
<http://news.com.com/2100-7351_3-5170025.html?part=rss&tag=feed&subj=new
s> &tag=feed&subj=news
Title: internal13439OMB to agencies: fix it or suffer the consequences
Source: Government Computer News
Date Written: March 4, 2004
Date Collected: March 4, 2004
The Office of Management and Budget (OMB) has told the Government Reform
Subcommittee that agencies should face tougher consequences for failing
to meet project performance measures, to fix information technology
security, or to fix project management problems in their business cases.
OMB suggests making the release of funding dependent on how agencies
address these problems. OMB put 621 projects worth $22 billion on a
special watch list for failing in at least one of three requirements: IT
security, a qualified full-time project manager, or defined performance
measures. Representative Adam Putnam (R-Florida) believes OMB will only
have to halt funding once or twice before agencies start meeting
requirements.
http://www.gcn.com/vol1_no1/daily-updates/25156-1.html
<http://www.gcn.com/vol1_no1/daily-updates/25156-1.html>
Title: internal13441States Push for Net Sales Taxes
Source: Wired (AP)
Date Written: March 3, 2004
Date Collected: March 4, 2004
New York and California have joined a group now counting twenty states
who are adding a line to tax forms requiring citizens to declare their
out-of-state purchases. Most states have generally required people to
pay taxes on goods purchased out of state, but have rarely enforced the
rule. However, Internet commerce had made taxes on out of state sales a
major issue, as the National Governors Association estimates that states
will lose $35 billion in taxes to undeclared Internet sales. However,
states expect few consumers to declare their Internet purchases; New
York expects to make only $2.5 million from such taxes, while California
expects to see only $13 million of the $1.2 billion it estimates should
be paid.
http://www.wired.com/news/business/0,1367,62526,00.html?tw=wn_tophead_11
<http://www.wired.com/news/business/0,1367,62526,00.html?tw=wn_tophead_1
1>
Title: internal13444Sweden Adopts EU Ban on Spam
Source: EWeek (AP)
Date Written: March 4, 2004
Date Collected: March 4, 2004
Lawmakers in Sweden have adopted a European Union (EU) ban on
unsolicited e-mails after the Eu issued a warning to nine countries,
including Sweden, that had not implemented the ban. Under the law,
companies may not send unsolicited e-mail, harvest personal data from
websites, or track the location of users with satellite-linked mobile
phones, but no measure is specified for countries to punish spammers.
Sweden passed the ban in the Riksdag 253 to 49, with 47 absent. The law
takes effect April 1, 2004.
http://www.eweek.com/article2/0,1759,1542577,00.asp
<http://www.eweek.com/article2/0,1759,1542577,00.asp>
Title: internal13446Politician: Govts. Should Not Set Internet Policy
Source: Reuters
Date Written: March 4, 2004
Date Collected: March 4, 2004
Lucio Stanca, Italian minister for innovation and technologies, argues
that giving governments full powers to set Internet policies would be a
"gigantic mistake," saying it is not government's role to manage the
Internet or interfere in its development. Mr. Stanca made the remarks at
a gathering of technology officials in Rome to discuss the role of ICANN
(Internet Corporation of Assigned Names and Numbers) in Internet
governance. Many governments have criticized the pro-business nature of
the Internet, arguing that it keeps the poor from accessing cyberspace.
The United Nations formed a task force in December 2003 to investigate
Internet policy, and possibly transfer governance from ICANN to the
International Telecommunication Union (ITU). Stanca spoke in favor of
ICANN, arguing that the success of the Internet stems from the fact that
no single entity controls it.
http://www.reuters.com/newsArticle.jhtml?type=internetNews
<http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4498
905> &storyID=4498905
Technology
Title: internal13440Navy researcher has novel security visualization
technique
Source: Government Computer News
Date Written: March 4, 2004
Date Collected: March 4, 2004
David Ford, a senior research coordinator for the Defense Information
Systems Agency, has posted a paper in Cornell University's electronic
repository describing how principles from thermodynamics could be used
to simplify data produced by intrusion detection systems (IDS). IDSs
often overwhelm systems administrators with data. Many companies have
developed products to visualize the data, however, Mr. Ford is looking
to apply procedures from an established science to the problem, and
compares network traffic to the behavior of molecules in a cup of coffee
or the charge of a magnet. The Defense Department has used these
concepts to develop Therminator, available as an add-on to Lancope's
StealthWatch IDS.
http://www.gcn.com/vol1_no1/daily-updates/25155-1.html
<http://www.gcn.com/vol1_no1/daily-updates/25155-1.html>
Title: internal13442EarthLink to test sender authentication for e-mail
Source: Computerworld
Date Written: March 3, 2004
Date Collected: March 4, 2004
EarthLink will begin testing a number of sender authentication
technologies, including Microsoft's Caller ID and the Sender Policy
Framework (SPF), to protect its e-mail traffic. As the threat of spam
and e-mail scams grows, many have begun proposing measures to check
whether e-mails come from where they say they do. Many spammers and scam
artists spoof Internet addresses to make their e-mails appear
trustworthy. Other e-mails providers, such as Yahoo!, have been
developing their own authentication technologies. EarthLink plans to
test a number of technologies, but is focusing on SPF and Caller ID,
which do not require new software to work.
http://www.computerworld.com/softwaretopics/software/groupware/story/0,1
0801,90746,00.html
<http://www.computerworld.com/softwaretopics/software/groupware/story/0,
10801,90746,00.html>
Title: internal13447How Tiny Swiss Cellphone Chips Helped Track Global
Terror Web
Source: NY Times
Date Written: March 4, 2004
Date Collected: March 4, 2004
European and American officials are now revealing details of an
investigation called Mont Blanc, which tracked al Qaeda cells on three
continents, disrupting operations in Saudi Arabia and Indonesia, through
a cellphone chip produced by Swisscom of Switzerland. Criminals and
terrorists have long favored the Swisscom chip because they could buy it
without revealing their identity. This lulled the terrorists into
thinking they could communicate anonymously. German police intercepted a
phone call between two terrorists shortly before the bombing of a
Tunisia synagogue; a raid later found a log of cellphone numbers that
police, working with Swisscom, were able to map to individual chips,
giving a larger picture of al Qaeda operations. Al Qaeda operatives
often used different phones but kept the same chip. Al Qaeda has since
stopped using the cellphones, suspecting they have been compromised.
http://www.nytimes.com/2004/03/04/international/europe/04PHON.html?hp
<http://www.nytimes.com/2004/03/04/international/europe/04PHON.html?hp>
Best Practices & Risk Management
Title: internal13438Profiling network administrators
Source: Network World Fusion
Date Written: March 1, 2004
Date Collected: March 4, 2004
Hacker Adrian Lamo looks at some security breaches, discussing how
administrators' focus on protecting their network perimeters led them to
overlook other vectors. Most administrators secure their perimeters,
taking measures against scans, buffer overflows, and other such attack
patterns, ignoring indirect means of intrusion. Job seekers waiting in
the lobby of one high-tech company were provided with public
workstations to check job listings--workstations connected to the
company's internal network. Another company's web mail service allowed
employees to redirect e-mail to another address using their name and
Social Security number; a quick search found an employee directory with
names and Social Security numbers, including those of the chief
executive. Attackers bypassed America Online's (AOL) SecurID system by
redirecting their Internet traffic through employee workstations, masked
as web connections, creating private gateways throughout AOL's network,
compromising hundreds of high profile accounts.
http://www.nwfusion.com/research/2004/0301hackerslamo.html
<http://www.nwfusion.com/research/2004/0301hackerslamo.html>
Civil & Consumer Issues
Title: internal13436Employees still swapping at work
Source: ZDNet (Reuters)
Date Written: March 3, 2004
Date Collected: March 4, 2004
Blue Coast Systems has released a survey finding that 42% of 300
respondents continue to trade music files over peer-to-peer (P2P)
networks despite legal risks; 38.6% trade files over their companies'
networks. 70% of the file-sharers say they spend more than sixteen
minutes a day sharing files, while 16% spend more than an hour. 60% of
employees were unconcerned that the Recording Industry Association of
America (RIAA) might take legal action against their employers. The RIAA
argues that P2P piracy is responsible for a three year slump in CD
sales, though revenues are starting to climb again with the introduction
of legal paid download services, such as Apple iTunes.
http://zdnet.com.com/2100-1105_2-5169508.html
<http://zdnet.com.com/2100-1105_2-5169508.html>
Title: internal13443Court orders SCO to show more code
Source: ZDNet
Date Written: March 3, 2004
Date Collected: March 4, 2004
Magistrate Judge Brooke Wells has ordered both the SCO Group and IBM to
provide more information in the legal battle over the Linux and Unix
operating systems. SCO must identify the specific lines of proprietary
Unix code IBM is alleged to have contributed to Linux, repeating an
order she issued in December 2003. Judge Wells also ordered IBM to
provide memos between chief executive Sam Palmisano and Irving
Wladawsky-Berger, a top Linux executive, and documents related to its
Linux strategy. The move is expected to restore momentum to a case many
view as central to the future of Linux and SCO suits against AutoZone
and DaimlerChrysler seeking damages for their use of Linux.
http://zdnet.com.com/2100-1104_2-5169444.html
<http://zdnet.com.com/2100-1104_2-5169444.html>
Title: internal13445Kazaa fails to stall copyright case
Source: Sydney Morning Herald
Date Written: March 4, 2004
Date Collected: March 4, 2004
File-sharing network Kazaa has lost its appeal in Australian federal
court to delay proceedings for copyright infringement until a similar
case in the United States has been resolved. The Music Industry Piracy
Investigation (MIPI) raided twelve premises on February 6, 2004 to
gather evidence against Kazaa. MIPI general manager Michael Speck
praises the decision as "a massive victory for the copyright owners."
The case has adjourned until March 23.
http://www.smh.com.au/articles/2004/03/04/1078378902003.html
<http://www.smh.com.au/articles/2004/03/04/1078378902003.html>
To change your delivery preferences please go to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
If you wish to stop receiving the 'Security in the News' service please
go to:
http://news.ists.dartmouth.edu/substop.html
The Institute for Security Technology Studies (ISTS) accepts no
responsibility for any error or omissions in this e-mail. The
information presented is a compilation of material from various sources
and has not been verified by staff of the ISTS. Therefore, the ISTS
cannot be made responsible for the factual accuracy of the material
presented. The ISTS is not liable for any loss or damage arising from or
in connection with the information contained in this report. It is the
responsibility of the user to evaluate the content and usefulness of
this information. References in this e-mail to any specific commercial
products, processes, or services by trade name, trademark, manufacturer,
or otherwise, does not constitute or imply endorsement, recommendation,
or favoring by the ISTS. ISTS is a research, not operational,
organization, and makes its Security in the News e-mail available as a
public service on a best-effort basis. Security in the News will be sent
out on most business days, but not all.
Institute for Security Technology Studies
Dartmouth College
45 Lyme Road, Suite 200
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: dailyreport@ists.dartmouth.edu
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
