|
Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security In The News - March 24, 2004
- From: Howell, Paul
- Date: Wed Mar 24 17:06:23 2004
Title: Message
Security In The News
LAST UPDATED: 3/24/04
This report is
also available on the Internet at http://news.ists.dartmouth.edu/todaysnews.html
,
Homeland Security & Infrastructure Protection
Building the energy internet
- The
Economist, 3/11/04
Clarke book cites management,
info-sharing problems at DHS
- Computerworld,
3/23/04
Cybercrime-Hacking
Feds Charge Calif. Man for Using
Keystroke Logger
- Reuters,
3/23/04
Dutch Internet blackmailer gets 10
years
- The
Register, 3/24/04
Security breach delays Gnome 2.6
release
- ZDNet UK,
3/24/04
55% of UK child abuse content traced to
US
- The
Guardian Unlimited, 3/22/04
German Police Raid Online Neo-Nazi Music
Sharers
- Reuters,
3/24/04
Politics-Legislation
Panel: Industry, government must
cooperate on privacy
- Government
Computer News, 3/23/04
Senators seek to define, then ban,
spyware
- ZDNet (Reuters),
3/24/04
Malware
Virus warning: UK wakes up to
Netsky.Peak
- Silicon.com,
3/24/04
Technology
Shredder sales soar on fears of identity
theft
- CNN
(Reuters), 3/23/04
Pentagon tries fingerprint sign-on
- Government
Computer News, 3/24/04
Best Practices & Risk Management
Bugwatch: Taking security home
- vnunet.com, 3/24/04
Big four accounting firms join in
cyber-risk effort
- Computerworld,
3/22/04
Homeland Security & Infrastructure Protection
- Title: Building the energy internet
- Source: The Economist
- Date Written: March 11, 2004
- Date Collected: March 24, 2004
- Robert Schainker, a researcher at the Electric Power Research Institute
(EPRI), warns that more blackouts like the August 2003 blackout of the
northeast United States and Canada and the nationwide Italy blackout will
occur, unless the power grid is made more resilient. Though natural forces
will always knock down powerlines, strong grids should be able to reroute
electricity around such line breaks. Most grids are based on 1950s
technology designed to shutdown in emergencies, leading to cascade failures.
New technologies promise to make grids more resistant to such blackouts. New
sensors can help monitor the network in real time. New controls can help
keep blackouts from spreading, while a distributed system that keeps power
production close to consumers can reduce transmission problems. The article
describes a number of such technology efforts and research projects, and how
they might shape future electrical grids.
- http://www.economist.com/displaystory.cfm?story_id=2476988
- Title: Clarke book cites management,
info-sharing problems at DHS
- Source: Computerworld
- Date Written: March 23, 2004
- Date Collected: March 24, 2004
- "Against All Enemies," a book by former White House cybersecurity
advisor Richard Clarke, accuses the Bush administration of mismanaging
Homeland Security and cybersecurity efforts due to an inability to realize
that national security threats have changed and require new defenses. The
book portrays the administration as so focused on deposing former Iraqi
dictator Saddam Hussein that many officials charged with setting up the
Department of Homeland Security (DHS) quit in frustration. Mr. Clarke also
criticizes the Federal Bureau of Investigation (FBI) for its poor use of
information technology and information sharing, describing the New York
office of the FBI Joint Terrorism Task Force as strewn with piles of files
on the floor with only one overworked filing clerk. Mr. Clarke asserts that
the creation of DHS was flawed from the start, and that the administration
ignored homeland security as they focused on Iraq.
- http://www.computerworld.com/securitytopics/security/story/0,10801,91561,00.html?SKC=news91561
Cybercrime-Hacking
- Title: Feds Charge Calif. Man for Using
Keystroke Logger
- Source: Reuters
- Date Written: March 23, 2004
- Date Collected: March 24, 2004
- Larry Lee Ropp, 46, has been indicted on a single charge of wiretapping
for planting a keystroke logger on a computer used by secretaries and senior
executives at his employer, Bristol West Insurance Group of California. An
affidavit contends that Mr. Ropp was trying to gather information for
lawyers suing the company in a class action case. Police arrested Mr. Ropp
after he was fired from the company, and asked another employee to remove
the malware. If convicted, Mr. Ropp faces a maximum of five years
imprisonment.
- http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=4639860??on=news
- Title: Dutch Internet blackmailer gets 10
years
- Source: The Register
- Date Written: March 24, 2004
- Date Collected: March 24, 2004
- A Dutch court has sentenced a 46 year old chip programmer to ten years
imprisonment on charges of blackmail and five counts of attempted murder.
The blackmailer put agricultural poison in Campina Stracciatella desserts to
extort ?200,000. He instructed Campina to open a bank account and deposit
the money. Campina was issued a credit card to access the money, but the
blackmailer instructed the company to purchase a credit card reader and send
the information from the magnetic strip electronically, using steganography
to encode the data in a picture. The blackmailer used the data to make his
own copy of the card so he could withdraw the cash. He also used
Anonymizer.com to access the picture to conceal his tracks. However, police
worked with Anonymizer.com, and found that the blackmailer accessed the
service from his home computer. The blackmailer also used his PayPal account
to pay for the service, revealing his personal e-mail address.
- http://www.theregister.co.uk/content/55/36485.html
- Title: Security breach delays Gnome 2.6
release
- Source: ZDNet UK
- Date Written: March 24, 2004
- Date Collected: March 24, 2004
- A security breach of the Gnome Foundation's computer systems may delay
the release of Gnome 2.6, the Foundation's newest version of the popular
Linux desktop and development environment. Jeff Waugh, head of the Gnome
Release Team, says that although the breach was not that serious, they are
investigating the compromise before making a final release decision. Mr.
Waugh describes the intruder as a "dumb cracker" who probably did not
realize what system they had attacked, and does not believe the attacker
accessed the central code repository.
- http://news.zdnet.co.uk/0,39020330,39149840,00.htm
- Title: 55% of UK child abuse content traced to
US
- Source: The Guardian Unlimited
- Date Written: March 22, 2004
- Date Collected: March 24, 2004
- According to the Internet Watch Foundation (IWF), 55% of child abuse
images reported in Britain in 2003 originated from the United States, a 3%
rise compared to 2002. The IWF also found rapid growth in such material
originating from Russia, which accounted for 5% of such images in 1997, but
now accounts for 23%. John Carr, Internet safety advisor for children's
charity NCH argues that the United States' failure to crack down on child
abuse images is hampering international efforts, and blames US
evidence-heavy requirements for search warrants. The US peaked at 77% in
1999, but fell as more countries started using the Internet extensively. The
number of reports of child abuse images decreased for the first time in
2003, from 16,183 reports in 2002 to 15,652.
- http://www.guardian.co.uk/online/story/0,3605,1175373,00.html
- Title: German Police Raid Online Neo-Nazi Music
Sharers
- Source: Reuters
- Date Written: March 24, 2004
- Date Collected: March 24, 2004
- Germany's Federal Crime Office reports that police have raided the homes
of over 300 people suspected of posting neo-Nazi music files on the
Internet. Inciting racial hatred, displaying Nazi symbols such as the
swastika, and performing the stiff-armed Hitler salute are all crimes under
German law, punishable by imprisonment. The songs contain lyrics encouraging
people to attack Jews and foreigners. More than 100 people have been killed
in racist violence in Germany since its reunification in 1990. Most
synagogues have 24-hour police guards.
- http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=4647828??on=news
Politics-Legislation
- Title: Panel: Industry, government must
cooperate on privacy
- Source: Government Computer News
- Date Written: March 23, 2004
- Date Collected: March 24, 2004
- According to a panel of public policy professionals, speaking at the
FOSE 2004 conference, government agencies and information technology
companies must work together to address privacy ethics as the federal sector
begins to use new technologies, especially for intelligence and security.
Frank Reeder, an information policy consultant, named handling of personal
data, business confidentiality, assurance and availability of systems,
integrity, intelligence property laws, and access as major issues. Scott
Hastings, chief information officer (CIO) of the Visitor and Immigrant
Status Indicator Technology (US-VISIT) Program Management Office under
Homeland Security, says that new technologies have brought a new policy
focus to CIOs. Allan Paller of the SANS Institute argues that agencies
should issue clear regulations for technology purchases, rather than relying
on vendors to outline potential security threats.
- http://www.gcn.com/vol1_no1/daily-updates/25376-1.html
- Title: Senators seek to define, then ban,
spyware
- Source: ZDNet (Reuters)
- Date Written: March 24, 2004
- Date Collected: March 24, 2004
- Senator Conrad Burns (R-Montana) has sponsored a bill requiring a user's
permission before installing software on the user's computer, and as well as
an easy way to remove it, in a bid to stem the spread of spyware. However,
Jerry Berman, president of the Center for Democracy and Technology, warns
that such bills must precisely define the problem to avoid outlawing
harmless technologies such as pop-up advertisements and peer-to-peer (P2P)
file-sharing programs. Some P2P softwares monitor web use to gather
marketing data or use processors for other activities. However, some
spywares are more malicious, and log user's keystrokes to steal passwords.
Pop-up advertisers defend their tactics, arguing that pop-ups are less
intrusive because they do not gather data about users. Avi Nader says his
WhenU.com pop-up software is easily removable, prompting Senator Burns to
argue that guidelines need to be established for legitimate uses of such
software.
- http://zdnet.com.com/2100-1104-5178434.html
Malware
- Title: Virus warning: UK wakes up to
Netsky.Peak
- Source: Silicon.com
- Date Written: March 24, 2004
- Date Collected: March 24, 2004
- Systems in the United Kingdom are struggling under inordinate amounts of
Internet traffic due to the spread of the P variant of the Netsky worm. Many
users find the number of e-mail delivery failure notifications in their
inboxes to be the most problematic aspect of the outbreak. Simon Perry,
divisional vice president of security strategy at Computer Associates says
the Netsky.P worm is peaking. Netsky is one of a growing number of viruses
managing to make it to the later letters of the alphabet for variant names,
where most viruses stop around B or C.
- http://www.silicon.com/software/security/0,39024655,39119504,00.htm
Technology
- Title: Shredder sales soar on fears of identity
theft
- Source: CNN (Reuters)
- Date Written: March 23, 2004
- Date Collected: March 24, 2004
- As identity thefts increase, retailers are reporting a surge in the
sales of paper shredders. Shredder sales at Staples have jumped 50%, while
Office Max has seen a 30% increase. The Federal Trade Commission (FTC)
estimates that 27.3 million Americans have been victims of identity theft
since 1999, with 10 million in 2003 alone. Commercial shredding has also
grown as companies seek to protect sensitive data. New privacy legislation
and corporate fraud cases, such as the Enron scandal, are prompting many
companies to institute shred-everything policies to be on the safe side.
- http://www.cnn.com/2004/TECH/ptech/03/23/shredder.sales.reut/index.html
- Title: Pentagon tries fingerprint
sign-on
- Source: Government Computer News
- Date Written: March 24, 2004
- Date Collected: March 24, 2004
- The Defense Department's CIO (Chief Information Officer) Office has been
running a pilot program enabling around 1,300 employees to sign on to eight
applications with the U.are.U Pro fingerprint recognition system from
DigitalPersona. The project, managed by EyeIT.com, gives users one-touch
sing-on plus automates sign-ons for Common Access Cards, which hold digital
certificates for signing documents and e-mails. Users are mostly senior
Defense employees in the CIO Office. Since the pilot was deployed, help desk
calls concerning lost passwords have dropped 90%, though calls related to
the biometric sign-on rose 0.05%. Microsoft plans to adopt DigitalPersona
software in future products, and recommends it for Active Directory
deployments.
- http://www.gcn.com/vol1_no1/daily-updates/25381-1.html
Best Practices & Risk Management
- Title: Bugwatch: Taking security home
- Source: vnunet.com
- Date Written: March 24, 2004
- Date Collected: March 24, 2004
- Opinion piece by Simon Perry, vice president of security strategy at
Computer Associates. Most information technology managers only monitor and
support employee computer use at the office, but not at home. From a
management viewpoint, an employee's recreational home Internet use seems
irrelevant to the company, since only personal computers and data are at
risk. However, these home computers can be harnessed by malicious hackers to
launch distributed denial of service (DDoS) attacks, possibly threatening
the company. The United Kingdom's Office of National Statistics finds that
34% of home users have suffered some kind of virus attack. While Mr. Perry
believes protecting the Internet is a common responsibility for the good of
all, such a scenario demonstrates a case for corporations to offer basic
protection for employees' home computers, such as software and education.
- http://www.vnunet.com/News/1153781
- Title: Big four accounting firms join in
cyber-risk effort
- Source: Computerworld
- Date Written: March 22, 2004
- Date Collected: March 24, 2004
- The Global Security Consortium (GSC), which includes
PricewaterhouseCoopers, Ernst & Young LLP, Deloitte & Touche LLP,
KPMG International and insurance company AIG International Inc., is
developing a Risk Preparedness Index (RPI) to measure cybersecurity risks at
large enterprises for use within insurance and accounting. The GSC has been
talking with other industry groups, such as the Open Group standards body,
to gain endorsements and support. A GSC spokesman declined to comment on the
efforts, but sources confirm that the RPI should be available by summer
2004. Auditors can use the RPI to assess cybersecurity practices; insurance
companies could view organizations with high RPI scores as "highly desirable
risks," according to AIG vice president Robert A. Parisi Jr., while some
standards exist for assessing computer risks, such as ISO 7799, ISO 1799,
and some from the National Institute of Standards and Technology (NIST), few
are comparable to widely accepted accounting and auditing standards used for
financial services.
- http://computerworld.com/securitytopics/security/story/0,10801,91450,00.html
To change your delivery preferences please go
to:
http://news.ists.dartmouth.edu/cgi-bin/change.cgi
If you wish to
stop receiving the 'Security in the News' service please go
to:
http://news.ists.dartmouth.edu/substop.html
The Institute for
Security Technology Studies (ISTS) accepts no responsibility for any error
or omissions in this e-mail. The information presented is a compilation of
material from various sources and has not been verified by staff of the
ISTS. Therefore, the ISTS cannot be made responsible for the factual
accuracy of the material presented. The ISTS is not liable for any loss or
damage arising from or in connection with the information contained in this
report. It is the responsibility of the user to evaluate the content and
usefulness of this information. References in this e-mail to any specific
commercial products, processes, or services by trade name, trademark,
manufacturer, or otherwise, does not constitute or imply endorsement,
recommendation, or favoring by the ISTS. ISTS is a research, not
operational, organization, and makes its Security in the News e-mail
available as a public service on a best-effort basis. Security in the News
will be sent out on most business days, but not all.
Institute for
Security Technology Studies
Dartmouth College
45 Lyme Road, Suite
200
Hanover, NH 03755
Tel: (603) 646 0700
E-mail:
dailyreport@ists.dartmouth.edu
|
|
|
