|
Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security In The News - March 19, 2004
- From: Howell, Paul
- Date: Fri Mar 19 16:37:25 2004
Title: Message
Security In The News
LAST UPDATED: 3/19/04
This report is
also available on the Internet at http://news.ists.dartmouth.edu/todaysnews.html
,
Homeland Security & Infrastructure Protection
US-VISIT needs more staff, GAO says
- Federal
Computer Week, 3/18/04
Cybercrime-Hacking
Internet Makes Drug Traffickers Hard to
Catch, DEA Says
- Reuters,
3/18/04
Hackers make using internet cafes a
risky enterprise in Beirut
- Daily Star
[Lebanon], 3/19/04
One in five Brits not learning ID theft
lessons
- Silicon.com,
3/19/04
Politics-Legislation
Experts recommend early warning network
in case of Internet attacks
- Security Focus (AP),
3/18/04
- Also - Federal
Computer Week, 3/18/04
- Also - Government
Computer News, 3/18/04
E-Vote Snafu in California County
- Wired
News, 3/19/04
Internet industry fears wiretap plan
could chill innovation
- Siliconvalley
(AP), 3/19/04
Technology
AMD announces antivirus chip
- vnunet.com, 3/19/04
Smile! I'm calling police: Camera phones
help nab crooks
- CNN
(AP), 3/19/04
Future of biometrics remains
uncertain
- Government
Computer News, 3/18/04
Finish line in sight for FBI's
Trilogy
- Federal
Computer Week, 3/19/04
Vulnerabilities & Exploits
120,000 Citibank clients' data lost in
transportation
- Mainichi
Shimbun, 3/19/04
AOL Says It Sees Sharp Decline in 'Spam'
E-Mail
- Reuters,
3/19/04
Civil & Consumer Issues
Anti-piracy vigilantes track file
sharers
- Security Focus,
3/18/04
SCO Just Start of Open-Source Lawsuit
Wave, Attorneys Say
- EWeek.com,
3/18/04
A Dual-Edged Sword: Providing
Information, Stealing Privacy
- Security
Pipeline, 3/15/04
Homeland Security & Infrastructure Protection
- Title: US-VISIT needs more staff, GAO
says
- Source: Federal Computer Week
- Date Written: March 18, 2004
- Date Collected: March 19, 2004
- The General Accounting Office (GAO) reported to the House Judiciary
Committee's Immigration, Border Security, and Claims Subcommittee that the
Department of Homeland Security (DHS) does not have adequate staff or a
management plan for the U.S. Visit and Immigrant Status Indicator Technology
(US-VISIT), possibly putting the program at risk. While DHS opened a program
management office in June 2003 with plans for 115 government employees and
117 contractor personnel, the office is far below those numbers. Further,
specific roles and responsibilities have not been defined beyond general
statements. GAO finds that DHS has not implemented processes for acquisition
planning, requirements development and management, and contract tracking and
oversight. GAO is also concerned over US-VISIT's reliance on existing
systems shown to have problems, such as the Student and Exchange Visitor
Information System (SEVIS) to track foreign students.
- http://www.fcw.com/fcw/articles/2004/0315/web-usvisit-03-18-04.asp
Cybercrime-Hacking
- Title: Internet Makes Drug Traffickers Hard to
Catch, DEA Says
- Source: Reuters
- Date Written: March 18, 2004
- Date Collected: March 19, 2004
- Mark Malcolm, intelligence analyst for the United States Drug
Enforcement Administration (DEA), speaking at an international drug
conference in Lima, Peru, said that the Internet and cellular phones are
making it difficult to catch drug traffickers. Such technologies enable
traffickers to communicate and arrange deliveries with little risk of
interception. As surveillance opportunities decrease, law enforcement will
have to rely more on undercover agents, putting lives at risk. Few
traffickers currently use encrypted e-mails services such as Hushmail,
though enforcement difficulties will increase if they start.
- http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4601039
- Title: Hackers make using internet cafes a
risky enterprise in Beirut
- Source: Daily Star [Lebanon]
- Date Written: March 19, 2004
- Date Collected: March 19, 2004
- Internet cafes in Lebanon not only provide Internet access to the
public, but also a place for hackers to hone their skills and teach them to
others. One hacker, calling himself Alichanyo, says he has been hacking for
twelve years, and uses his skills to download softwares he cannot afford to
run his cafe. He also sells pirated copies of Windows XP Professional.
Angelofdeath says he started hacking after someone stole his e-mail address,
and he wanted to get it back. Such hacks are common for revenge, but can
also be a source of revenue, as hackers sell their services to recover
e-mail addresses. Hackers can also steal personal information as people log
on to e-mail or shop online. Alichanyo says he frequently hacks into
American banks, which are easier targets than their European counterparts,
to steal credit card numbers, though he only has a few days before the banks
cancel the cards. Since Internet cafes are open to the public, it is
difficult to trace a hack back to a specific hacker.
- http://www.dailystar.com.lb/19_03_04/art11.asp
- Title: One in five Brits not learning ID theft
lessons
- Source: Silicon.com
- Date Written: March 19, 2004
- Date Collected: March 19, 2004
- According to data released by Experian, a credit data company,
fraudsters can easily get identity information from people with a phone
call. 20% of Britons say they would give their mother's maiden name to
someone who phoned them while 46% said they would reveal their birthdate
after a little prompting. 80% said they would notice irregularities in their
bank accounts while 14% said they would not notice if £500 went missing; 3%
said they would not notice if £1,000 went missing. 11% say they throw out
bank documents without shredding them. Identity theft is estimated to cost
the United Kingdom over £1 billion a year, with over 43,000 victim in 2003.
- http://www.silicon.com/research/specialreports/protectingid/0,3800002220,39119357,00.htm
Politics-Legislation
- Title: Experts recommend early warning network
in case of Internet attacks
- Source: Security Focus (AP)
- Date Written: March 18, 2004
- Date Collected: March 19, 2004
- Computer industry officials participating in the government's National
Cyber Security Partnership have recommended that the Bush administration
establish an early warning network and crisis center to address significant
Internet attacks. The Partnership task forces also recommended a public
awareness campaign to educate users on computer safety, calling for
September to be designated "Cyber Security Month." The recommendations have
some critics, such as the SANS (SysAdmin, Auditing, Network, Security)
Institute's Alan Paller, for focusing too much on user mistakes, and
glossing over vulnerabilities in the vendors' own products. The industry
groups say they function as coalitions rather than official advisory
committees, which would have required the companies to disclose documents
related to their discussions on the recommendations.
- http://www.securityfocus.com/news/8275
- Also - http://www.fcw.com/fcw/articles/2004/0315/web-cybersec-03-18-04.asp
- Also - http://www.gcn.com/vol1_no1/daily-updates/25322-1.html
- Title: E-Vote Snafu in California
County
- Source: Wired News
- Date Written: March 19, 2004
- Date Collected: March 19, 2004
- Election officials in California's Napa County report that after a
recount of over 13,000 paper absentee ballots, they found that an electronic
voting machine missed more than 6,000 votes during the March 2, 2004 primary
elections. The recount was ordered after a manual recount of 1% of votes
discovered discrepancies due to the way the voting machines read different
inks off the ballots. During the recount, officials discovered that the
machine dropped 6,692 votes out of a total 468,001 votes recorded on more
than 13,000 ballots. The dropped votes seem to be random, affecting federal,
state, and county races as well as ballot measures. California legislators
have called for the Secretary of State to decertify touch-screen voting
machines before the November 2004 Presidential elections. Critics of
electronic voting machines say the Napa County problems demonstrate the need
for machines to produce a paper trail to prevent election tampering.
- http://www.wired.com/news/evote/0,2645,62721,00.html
- Title: Internet industry fears wiretap plan
could chill innovation
- Source: Siliconvalley (AP)
- Date Written: March 19, 2004
- Date Collected: March 19, 2004
- Critics of a Department of Justice proposal to require high speed
Internet providers to enable law enforcement to wiretap their networks warn
that the proposal is not only unprecedented and "overzealous," but
"dangerously impractical," and risks chilling innovation, invading privacy,
and driving business out of the United States. The Justice Department,
Federal Bureau of Investigation (FBI), and Drug Enforcement Administration
(DEA) have requested the Federal Communications Commission (FCC) to apply
the Communications Assistance to Law Enforcement Act (CALEA) to Internet
service providers, requiring them to reconfigure their networks for
wiretapping. The agencies argue that the anonymous nature of the Internet
has made it difficult to surveil suspects, hindering investigations. Such a
ruling would require government approval before any new communications
service is launched. The present debate grew out of attempts by states to
regulate the use of VoIP (Voice over Internet Protocol) telephone services.
- http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8228362.htm
Technology
- Title: AMD announces antivirus chip
- Source: vnunet.com
- Date Written: March 19, 2004
- Date Collected: March 19, 2004
- At the CeBIT trade show in Hannover, Germany, AMD (Advanced Micro
Devices) unveiled its Athlon 64 FX53 2.4 GHz processor, capable of running
in 32 bits or 64 bits. The processor includes antivirus hardware. Memory is
marked with page tables as unexecutable; any attempt to run executable code
outside the page tables is blocked. However, the hardware antivirus
protection will only work with Windows XP Service Pack 2. AMD calls 32-bit
processors an "obsolete technology," and markets the 64-bit processor toward
gamers.
- http://www.vnunet.com/News/1153631
- Title: Smile! I'm calling police: Camera phones
help nab crooks
- Source: CNN (AP)
- Date Written: March 19, 2004
- Date Collected: March 19, 2004
- As camera-enabled cellular phones grow in popularity, police find that
the phones are helping to solve a number of cases. One woman helped police
catch a man who exposed himself to her after she took a picture with her
camera. A 15-year old New Jersey boy prevented his own kidnapping by taking
a photo of his would-be abductor. St. John's University basketball players
were cleared of rape charges based on vide evidence from one of the player's
cellular phone. Such use of camera phones raises other legal issues; filming
someone without permission is against the law in many states.
- http://www.cnn.com/2004/LAW/03/19/crime.fighting.camphones.ap/index.html
- Title: Future of biometrics remains
uncertain
- Source: Government Computer News
- Date Written: March 18, 2004
- Date Collected: March 19, 2004
- Monte C. Strait, chief of the FBI (Federal Bureau of Investigation)
Criminal Justice Information Services Division, speaking at the Biometric
Symposium 2004, says the FBI is committed to fingerprints for biometric
identification. The FBI's database of 46.9 million digital prints receives
over 50,000 queries each day, and is the nation's only large biometric
repository. Facial recognition is not yet a proven technology, and there
exists no iris scan database, according to Mr. Strait. Duane M. Blackburn,
an FBI analyst on the National Science and Technology Council, says
biometric technologies must improve, and that directions for collection,
storage, and interoperability need to be decided for the next six to ten
years. Policy makers will have to address social, legal, and privacy issues.
- http://www.gcn.com/vol1_no1/daily-updates/25312-1.html
- Title: Finish line in sight for FBI's
Trilogy
- Source: Federal Computer Week
- Date Written: March 19, 2004
- Date Collected: March 19, 2004
- Federal Bureau of Investigation (FBI) Director Robert Mueller, speaking
before the House Appropriations Committee's Commerce, Justice, State, and
the Judiciary Subcommittee, said that the final piece of the FBI's Trilogy
information technology modernization program should be in place by the
summer of 2004. Trilogy originally had a deadline of December 2003, but
Computer Sciences Corporation failed to complete the Virtual Case File (VCF)
system in time. FBI spokesman Ed Cogswell would not give a specific date for
completion, but said that progress is being monitored with weekly meetings,
to make sure it does not fall behind again. Mr. Mueller says the FBI does
not plan to stop once the project is finished, and is already planning for
the next iteration of VCF. Despite the lag in the project, Mr. Mueller notes
the FBI has made much progress, such as deploying workstations, local area
networks, and wide area networks, and officials are developing an enterprise
architecture.
- http://www.fcw.com/fcw/articles/2004/0315/web-fbi-03-19-04.asp
Vulnerabilities & Exploits
- Title: 120,000 Citibank clients' data lost in
transportation
- Source: Mainichi Shimbun
- Date Written: March 19, 2004
- Date Collected: March 19, 2004
- Citibank officials have announced that a magnetic tape holding account
records of over 120,000 Japanese customers was lost February 21, 2004, while
in transit in Singapore on its way to a backup data center. The records
include customer names, addresses, account numbers, and account balances.
Singaporean police do not believe the tape was stolen or that data was
leaked to a third party. Citibank officials assure customers that the tape's
security is unlikely to be broken, but have promised to compensate account
holders for any losses suffered from the incident. Financial Service Agency
(FSA) chief Heizo Takenaka urges stricter information controls for the
banking industry.
- http://mdn.mainichi.co.jp/news/20040319p2a00m0dm004000c.html
- Title: AOL Says It Sees Sharp Decline in 'Spam'
E-Mail
- Source: Reuters
- Date Written: March 19, 2004
- Date Collected: March 19, 2004
- Internet service provider (ISP) America Online (AOL) reports a 27%
decrease in the amount of spam e-mails entering its networks in the month
since February 20, 2004. Spammers attempted to send 2.6 billion messages to
AOL users on February 20; as of March 17, that number had dropped to 1.9
billion. During the same period, spam complaints dropped from 12.7 million
to 6.8 million. AOL spokesman Nicholas Graham attributes the decrease to
improved filtering and fear of litigation; AOL was among several companies
that announced plans to sue spammers under a new anti-spam law. US Internet
users report decreasing e-mail usage and increasing irritation with spam in
a Pew Internet and American Life Project survey. Spam now accounts for 62%
of all e-mail according to Brightmail.
- http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4608651§ion=news
Civil & Consumer Issues
- Title: Anti-piracy vigilantes track file
sharers
- Source: Security Focus
- Date Written: March 18, 2004
- Date Collected: March 19, 2004
- Two hackers have announced details of a vigilante cyber sting designed
to catch software pirates on peer-to-peer (P2P) networks. Since January
2004, they have been distributing two Trojans disguised as activation key
generators and cracks for such popular softwares as Unreal Tournament 2004,
Pinnacle Studio 9, Norton Antivirus, and the leaked Microsoft source code.
When installed on a machine, pirates get a message chastising them for their
activities, as the Trojans alert a central server, logging the IP (Internet
Protocol) address of the pirate, and a unique identification number, so the
Trojans' writers can track their spread over P2P networks. The two hackers,
Clifton Griffin, a 19-year old college Student in North Carolina, and
"Justin X. B." released their Trojans over Gnutella, and found they have
spread to other P2P networks. Though the Trojans do not open backdoors or
make any other malicious moves, the false pretense of the Trojans may cause
the duo legal problems.
- http://www.securityfocus.com/news/8279
- Title: SCO Just Start of Open-Source Lawsuit
Wave, Attorneys Say
- Source: EWeek.com
- Date Written: March 18, 2004
- Date Collected: March 19, 2004
- A panel discussion of legal experts at the Open Source Business
Conference 2004 warns that the SCO Group's lawsuit against Linux may be just
the first against open source as companies file "creative litigation." Irwin
Gross, partner at law firm Wilson Sonsini Goodrich & Rosati, says that
while the SCO suits target contract and copyright law, other companies may
target patent law, based on a "war chest" of patents bought up from failed
technology companies in the 1990s. Though such cases may be weak, legal
defense would still be costly. Lawrence Rosen, of Rosenlaw.com, argues that
companies should not fear litigation similar to SCO's when considering open
source software, but should take steps to reduce risk. Yusuf Cassim of
Charles Schwab & Co. detailed the company's process for reviewing
requests to use open source and to seek indemnities and other legal
protections from vendors. Open source projects cannot offer financial
support for users in lawsuits, since they do not receive revenue from their
software.
- http://www.eweek.com/article2/0,1759,1550914,00.asp
- Title: A Dual-Edged Sword: Providing
Information, Stealing Privacy
- Source: Security Pipeline
- Date Written: March 15, 2004
- Date Collected: March 19, 2004
- The Multistate Anti-Terrorism Information Exchange (Matrix) connects
databases of driver's licenses, traffic violations, property records,
marriage record, and even images in a number of states for use by law
enforcement, raising concerns among privacy and civil liberties advocates.
However, Jeffrey Hunker points out a number of other flaws with the Matrix
system that should raise public concern. First, with no way to ensure the
accuracy of data within the system, it may be prone to false positives when
trying to predict criminal behavior, putting innocent people under law
enforcement surveillance. Second, such collections of data are likely
targets for malicious hackers. Third, while the Matrix system is nominally
run by the state of Florida, it is managed by a private company, and makes
use of private databases, lacking public oversight or accountability.
Finally, Matrix only marks the beginning of a new set of technologies which
will need effective oversight and independent audits to protect the public
interest.
- http://www.securitypipeline.com/18400971jsessionid=GKZPAMNPQVJHOQSNDBGCKHQ
To change your delivery preferences please go
to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
If you wish to
stop receiving the 'Security in the News' service please go
to:
http://news.ists.dartmouth.edu/substop.html
The Institute for
Security Technology Studies (ISTS) accepts no responsibility for any error
or omissions in this e-mail. The information presented is a compilation of
material from various sources and has not been verified by staff of the
ISTS. Therefore, the ISTS cannot be made responsible for the factual
accuracy of the material presented. The ISTS is not liable for any loss or
damage arising from or in connection with the information contained in this
report. It is the responsibility of the user to evaluate the content and
usefulness of this information. References in this e-mail to any specific
commercial products, processes, or services by trade name, trademark,
manufacturer, or otherwise, does not constitute or imply endorsement,
recommendation, or favoring by the ISTS. ISTS is a research, not
operational, organization, and makes its Security in the News e-mail
available as a public service on a best-effort basis. Security in the News
will be sent out on most business days, but not all.
Institute for
Security Technology Studies
Dartmouth College
45 Lyme Road, Suite
200
Hanover, NH 03755
Tel: (603) 646 0700
E-mail:
dailyreport@ists.dartmouth.edu
|
|
|
