Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security In The News - March 18, 2004
- From: Howell, Paul
- Date: Thu Mar 18 18:18:15 2004
-----Original Message-----
From: dailyreport@ists.dartmouth.edu
To: subscriber (2554)
Sent: 3/18/2004 4:39 PM
Subject: Security In The News - March 18, 2004
Security In The News
LAST UPDATED: 3/18/04
This report is also available on the Internet at
http://news.ists.dartmouth.edu/todaysnews.html
<http://news.ists.dartmouth.edu/todaysnews.html> ,
Cybercrime-Hacking
SDSU says computer server was infiltrated
San Diego Union-Tribune, 3/17/04
<http://www.signonsandiego.com/news/computing/20040317-9999-news_7m17hac
ker.html>
Credit agency reports security breach
Computerworld, 3/17/04
<http://www.computerworld.com/securitytopics/security/story/0,10801,9131
9,00.html>
Fake escrow sites on the rise
vnunet.com, 3/18/04 <http://www.vnunet.com/News/1153586>
Softbank says insider leaked personal data
Security Focus (AP), 3/18/04 <http://www.securityfocus.com/news/8268>
Politics-Legislation
NEC Cracks Down on Illegal Cyber Campaigning
The Korea Times, 3/18/04
<http://times.hankooki.com/lpage/nation/200403/kt2004031816522111950.htm
>
China Shuts Down Two Internet 'Blog' Sites
Reuters, 3/18/04
<http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4595
852§ion=news>
Norton raises CAPPS II liability fears
Federal Computer Week, 3/17/04
<http://www.fcw.com/fcw/articles/2004/0315/web-capps-03-17-04.asp>
Malware
Hackers Embrace P2P Concept
Washington Post, 3/17/04
<http://www.washingtonpost.com/wp-dyn/articles/A444-2004Mar17.html>
Also - EWeek.com, 3/17/04
<http://www.eweek.com/article2/0,1759,1550393,00.asp>
Cashing In on Virus Infections
Wired News, 3/18/04
<http://www.wired.com/news/infostructure/0,1377,62558,00.html?tw=wn_toph
ead_3>
Virus warning: Bagle return exploits Outlook flaw
Silicon.com, 3/18/04
<http://www.silicon.com/software/security/0,39024655,39119317,00.htm>
Vulnerabilities & Exploits
China Becomes World's Second Biggest Spam Target
Reuters, 3/18/04
<http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4593
895§ion=news>
Multiple Cisco products among those clobbered by OpenSSL flaw
SearchSecurity, 3/18/04
<http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci
955895,00.html>
Also - ZDNet, 3/18/04 <http://zdnet.com.com/2100-1105-5174911.html>
Civil & Consumer Issues
Airlines OK Security Plan
Wired (AP), 3/18/04
<http://www.wired.com/news/privacy/0,1848,62701,00.html?tw=wn_tophead_5>
Lessig: Be wary of 'IP extremists'
InfoWorld, 3/17/04
<http://www.infoworld.com/article/04/03/17/HNlessig_1.html>
Cybercrime-Hacking
Title: internal13604SDSU says computer server was infiltrated
Source: San Diego Union-Tribune
Date Written: March 17, 2004
Date Collected: March 18, 2004
San Diego State University (SDSU) is warning over 178,000 students,
employees, and alumni that malicious hackers have accessed a server
containing names and Social Security numbers, and advises those affected
to review their credit histories for suspicious activity. The hackers
broke into an Office of Financial Aid and Scholarships server to store
mp3 music files and send spam messages in late December 2003. The server
was taken off the network after the break-in was discovered in February
2004. This is the second time SDSU has suffered such a breach; officials
notified 1,000 individuals after a library server was compromised in
December. Under Californian law, any organization holding data on
Californian residents must notify those residents if a security breach
compromises their data.
http://www.signonsandiego.com/news/computing/20040317-9999-news_7m17hack
er.html
<http://www.signonsandiego.com/news/computing/20040317-9999-news_7m17hac
ker.html>
Title: internal13608Credit agency reports security breach
Source: Computerworld
Date Written: March 17, 2004
Date Collected: March 18, 2004
Credit reporting company Equifax Canada has notified 1,400 Canadians,
primarily in the Alberta and British Columbia provinces, of a security
breach that may have compromised their detailed credit histories,
including such data as social insurance numbers, bank account numbers,
credit histories, and home addresses. Equifax has labeled affected
credit records "lost or stolen identification" to alert potential
creditors to check a consumer's identity more carefully, to avoid
identity theft. Equifax is working with Royal Canadian Mounted Police to
track down the culprits, and will give affected customers a free one
year subscription to its Credit Alert service.
http://www.computerworld.com/securitytopics/security/story/0,10801,91319
,00.html
<http://www.computerworld.com/securitytopics/security/story/0,10801,9131
9,00.html>
Title: internal13609Fake escrow sites on the rise
Source: vnunet.com
Date Written: March 18, 2004
Date Collected: March 18, 2004
Britain's National High-Tech Crime Unit (NHTCU) is warning consumers of
the growing number of fake online escrow sites. Escrow sites offer
consumers a measure of protection in online shopping and auctions by
holding payments until goods are delivered, charging a small percentage
of the selling price, usually around 2.5%. Many fraudsters, however, are
creating fake online escrow sites, to trick users into entrusting
payment to them, then never delivering the purchased items. Eddie St.
Clare, of the legitimate escrow service AuctionPix, estimates that there
are ten times as many fake escrow sites as legitimate ones. Little money
is to be made from escrow services, and most companies only offer it to
customers as a valued service. Fake escrow sites are shut down every
day, but it is easy for scammers to set up new ones. Buyers should be
wary of escrow sites recommended by sellers, and vice versa.
http://www.vnunet.com/News/1153586 <http://www.vnunet.com/News/1153586>
Title: internal13616Softbank says insider leaked personal data
Source: Security Focus (AP)
Date Written: March 18, 2004
Date Collected: March 18, 2004
Japanese Internet company Softbank says its investigation into the leak
of 4.5 million customer records finds that the leak was perpetrated by
an employee, rather than by a malicious hacker. In February 2004, police
arrested four men for trying to extort money from Softbank, threatening
to release the customer data if the company did not pay. The records
contained names, addresses, e-mail addresses, and phone numbers, but not
such sensitive information as credit card numbers, bank account numbers,
or transaction data. Softbank's report ruled out the possibility of a
hacker, suggesting that an employee or temporary worker used a password
to gather the data, though investigators had no concrete evidence
against specific employees. Softbank executives gave up part of their
paychecks, and set aside $37.3 million to offer free services to
customers to make up for the breach.
http://www.securityfocus.com/news/8268
<http://www.securityfocus.com/news/8268>
Politics-Legislation
Title: internal13603NEC Cracks Down on Illegal Cyber Campaigning
Source: The Korea Times
Date Written: March 18, 2004
Date Collected: March 18, 2004
South Korea's National Election Commission has been cracking down on
illegal Internet campaigns ahead of the April 15, 2004 general
elections. The NEC counts 6,241 illegal electioneering cases since
October 2003, including propaganda, slandering, and pre-election
campaigning--an average of 35 cases each day. The NEC crackdown is
intended to prevent an "exponential increase" in such activity as
election day approaches. Political debate over the Internet has become
especially heated following the impeachment of President Roh Moo-hyun.
The NEC promises to use all means available against illegal
electioneering, ranging from filing complaints to investigations by law
enforcement.
http://times.hankooki.com/lpage/nation/200403/kt2004031816522111950.htm
<http://times.hankooki.com/lpage/nation/200403/kt2004031816522111950.htm
>
Title: internal13605China Shuts Down Two Internet 'Blog' Sites
Source: Reuters
Date Written: March 18, 2004
Date Collected: March 18, 2004
Chinese officials have shut down two "blog"--online 'weblog'
diary--websites for allegedly carrying "objectionable" content. Blogbus,
with over 15,000 Chinese users, was shut down March 11, 2004, while
Blogcn, said to be the biggest blog site in China, was shut down March
14. Some users say the sites were shut down because a number of personal
pages posted a copy of a letter from a well known doctor to Chinese
authorities, urging them to reverse a ruling that the 1989 Tiananmen
Square pro-democracy protests were a "counter-revolutionary rebellion."
Blogdriver and Chinanewsman were also closed, but have reopened after
removing illegal content.
http://www.reuters.com/newsArticle.jhtml?type=internetNews
<http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4595
852§ion=news> &storyID=4595852§ion=news
Title: internal13613Norton raises CAPPS II liability fears
Source: Federal Computer Week
Date Written: March 17, 2004
Date Collected: March 18, 2004
During a hearing of the House Aviation Subcommittee, Eleanor
Holmes-Norton, the Washington, DC, delegate to the House of
Representatives, argued that business travelers could miss important
business meetings with large financial consequences if flagged and
detained by the Computer-Assisted Passenger Prescreening System (CAPPS
II). Ms. Norton criticized the CAPPS II project for failing to consider
liability should a mistake in the system cause major financial losses.
Transportation Security Administration (TSA) acting administrator David
Stone argued that CAPPS II may actually shorten security screenings, but
did not offer a solution to the liability problem. Representative Peter
DeFazio (D-Oregon) was highly critical of the project, and expected it
to be disbanded only after large cost to the taxpayers. The General
Accounting Office recommended in February 2004 that Homeland Security
develop schedules, cost estimates, oversight policies, and a way for
passengers to seek a redress of grievances.
http://www.fcw.com/fcw/articles/2004/0315/web-capps-03-17-04.asp
<http://www.fcw.com/fcw/articles/2004/0315/web-capps-03-17-04.asp>
Malware
Title: internal13607Hackers Embrace P2P Concept
Source: Washington Post
Date Written: March 17, 2004
Date Collected: March 18, 2004
Security researchers and government officials are monitoring the spread
of a malware called Phatbot, which sets up a network based on
peer-to-peer (P2P) technology and includes a "Swiss Army knife" of
attack tools. According to Joe Stewart of security firm Lurhq, Phatbot
can polymorph during installation to evade antivirus scanners, steal
usernames and passwords, harvest e-mail addresses from spammers, and
sniff network packets for PayPal cookies. Phatbot uses a number of
infection vectors, including vulnerabilities in Microsoft Windows and
backdoors installed by other malwares, leading some investigators, such
as F-Secure's Mikko Hypponen, to estimate that it may have already
infected hundreds of thousands of computers worldwide. The P2P network
can be used for spams or distributed denial of service (DDoS) attacks.
The P2P element means the network could still operate even if a
significant number of infected machines are cleaned. While many
antivirus scanners can detect Phatbot, the malware shuts them down after
infection.
http://www.washingtonpost.com/wp-dyn/articles/A444-2004Mar17.html
<http://www.washingtonpost.com/wp-dyn/articles/A444-2004Mar17.html>
Also - http://www.eweek.com/article2/0,1759,1550393,00.asp
<http://www.eweek.com/article2/0,1759,1550393,00.asp>
Title: internal13610Cashing In on Virus Infections
Source: Wired News
Date Written: March 18, 2004
Date Collected: March 18, 2004
Following the Netsky, Bagle, and MyDoom worm attacks, many security
experts are questioning the usefulness of the signature model of
antivirus protection, suggesting that antivirus companies are holding
back other technologies to protect their profits. The signature model
requires users to buy a subscription for signature file updates, either
on a monthly or yearly basis. Other technologies, such as heuristic
scans and integrity checking, can guard against virus activity and even
undocumented viruses, but would not require frequent updates like
signature files. Antivirus companies counter that signature files can
run in the background, requiring less user intervention, and are do not
require users to be tech-savvy. Other technologies either require some
degree of technical skill, or produce too many false positives to be
attractive to the average user. Antivirus companies also point out that
e-mail program such as Microsoft Outlook provide many exploits for
viruses, and that cutting these out would cut down the number of
successful virus attacks.
http://www.wired.com/news/infostructure/0,1377,62558,00.html?tw=wn_tophe
ad_3
<http://www.wired.com/news/infostructure/0,1377,62558,00.html?tw=wn_toph
ead_3>
Title: internal13615Virus warning: Bagle return exploits Outlook flaw
Source: Silicon.com
Date Written: March 18, 2004
Date Collected: March 18, 2004
Bagle now comes in three new variants--Q, R, and S--and now exploits on
old Outlook flaw, making it unnecessary for users to click on an e-mail
attachment for their computers to become infected by the virus. Previous
versions depended on users opening the attachment. The Bagles do not
even come as attachments, but come as the e-mail itself. If users have
Outlook's preview pane open, the virus can infect the machine
automatically. Since many people have not patched the Outlook flaw,
antivirus researchers expect that these Bagles could spread quickly. The
new variants target a list of 600 Internet addresses gathered by
previous Bagle variants, and then send themselves from there.
http://www.silicon.com/software/security/0,39024655,39119317,00.htm
<http://www.silicon.com/software/security/0,39024655,39119317,00.htm>
Vulnerabilities & Exploits
Title: internal13606China Becomes World's Second Biggest Spam Target
Source: Reuters
Date Written: March 18, 2004
Date Collected: March 18, 2004
China has climbed to the number two spot on the list of spam targets,
with over 150 billion spams received in 2003, second only to the United
States. The Internet Society of China estimates that one third of all
e-mail is spam, according to Xinhua news agency. Chinese officials have
targeted the spam problem, calling its anti-Communist messages and
pornography subversive. Internet experts have often criticized China as
a source of spam sent to other countries.
http://www.reuters.com/newsArticle.jhtml?type=internetNews
<http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4593
895§ion=news> &storyID=4593895§ion=news
Title: internal13614Multiple Cisco products among those clobbered by
OpenSSL flaw
Source: SearchSecurity
Date Written: March 18, 2004
Date Collected: March 18, 2004
Cisco switches, routers, and firewalls are vulnerable to denial of
service attacks due to two flaws in the OpenSSL implementation of the
Secure Sockets Layer (SSL) and Transport Layer Security (TLS). An
attacker could craft a special SSL/TLS handshake to create a null
pointer assignment, crashing or rebooting products with HTTPS (hypertext
transfer protocol, secure) running. Such products include Cisco IOS,
Cisco PIX, Cisco Firewall Services Module for the Cisco Catalyst, Cisco
MDS Multilayer Switch, Cisco Content Service Switch, Cisco Global Site
Selector, CiscoWorks Common Services, CiscoWorks Common Management
Foundation and Cisco Access Registrar. Other vendors using
OpenSSL--Debian, SuSE, FreeBSD, and Kerberos, for example--are also
affected. OpenSSL has released patches for the flaws.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci9
55895,00.html
<http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci
955895,00.html>
Also - http://zdnet.com.com/2100-1105-5174911.html
<http://zdnet.com.com/2100-1105-5174911.html>
Civil & Consumer Issues
Title: internal13611Airlines OK Security Plan
Source: Wired (AP)
Date Written: March 18, 2004
Date Collected: March 18, 2004
The Air Transport Association (ATA), a trade group representing major
American airlines, has announced support of the concept behind the
Computer-Assisted Passenger Prescreening System (CAPPS II), but demands
the government follow seven privacy principles. The ATA argues that the
Transportation Security Administration (TSA) should only collect data
related to aviation security, store it securely, and delete it after
travel is completed. Passengers should also be allowed to see what
information is collected, and have the opportunity to correct any
errors. CAPPS II would collect the names, addresses, and dates of birth
for airline passengers, and compare the data to government and
commercial databases, giving each passenger a color-coded rating. Red
passengers would be forbidden to fly, yellow passengers would get extra
security screening, and green passengers would be let through after
normal security screening.
http://www.wired.com/news/privacy/0,1848,62701,00.html?tw=wn_tophead_5
<http://www.wired.com/news/privacy/0,1848,62701,00.html?tw=wn_tophead_5>
Title: internal13612Lessig: Be wary of 'IP extremists'
Source: InfoWorld
Date Written: March 17, 2004
Date Collected: March 18, 2004
Stanford law professor Lawrence Lessig, speaking at the Open Source
Business Conference in San Francisco, argued that Silicon Valley must
protect the open traditions that drove the development of the Internet,
or intellectual property (IP) extremists could stifle innovation. Mr.
Lessig argues that some groups, such as the Recording Industry
Association of America (RIAA), have polarized the IP debate, portraying
the matter as maximum copyright protection versus anarchy. American
history, however, shows a middle-of-the-road approach to IP law. The
United States ignored international copyright laws until 1891, and most
IP was uncopyrighted before 1976. The abdication of some IP rights has
led to great innovations, such as the Human Genome Project and the
Internet. Mr. Lessig argues that "IP extremists" have defined the debate
to make a balanced approach seem extreme.
http://www.infoworld.com/article/04/03/17/HNlessig_1.html
<http://www.infoworld.com/article/04/03/17/HNlessig_1.html>
To change your delivery preferences please go to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
If you wish to stop receiving the 'Security in the News' service please
go to:
http://news.ists.dartmouth.edu/substop.html
The Institute for Security Technology Studies (ISTS) accepts no
responsibility for any error or omissions in this e-mail. The
information presented is a compilation of material from various sources
and has not been verified by staff of the ISTS. Therefore, the ISTS
cannot be made responsible for the factual accuracy of the material
presented. The ISTS is not liable for any loss or damage arising from or
in connection with the information contained in this report. It is the
responsibility of the user to evaluate the content and usefulness of
this information. References in this e-mail to any specific commercial
products, processes, or services by trade name, trademark, manufacturer,
or otherwise, does not constitute or imply endorsement, recommendation,
or favoring by the ISTS. ISTS is a research, not operational,
organization, and makes its Security in the News e-mail available as a
public service on a best-effort basis. Security in the News will be sent
out on most business days, but not all.
Institute for Security Technology Studies
Dartmouth College
45 Lyme Road, Suite 200
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: dailyreport@ists.dartmouth.edu
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
