January 15, 2002 Youth plot to 'take down' internet, FBI claims A group of teen and young adult computer hackers allegedly planned an international conspiracy in which they hoped to "take down the internet" on New Year's Eve, federal agents in Los Angeles said. The Federal Bureau of Investigation said Friday it has seized computers, floppy disks, CD-ROMs and other related equipment for further investigation but have not made any arrests in the United States. http://www.nzherald.co.nz/storydisplay.cfm?storyID=168369 - - - - - - - - Thirty arrested in warez raids US federal investigators are continuing to raid university campuses across the US as part of an ongoing crackdown on software piracy. Federal investigators have turned up roughly 30 suspects and continue to raid college campuses a month after moving to shut down a massive software piracy ring, a Customs Service official said on Monday. http://news.zdnet.co.uk/story/0,,t269-s2102526,00.html - - - - - - - - MoD refuses to account for missing computer equipment Nearly 600 computers have gone missing from the Ministry of Defence in the last five years, and its systems have been hacked 27 times, according to newly released figures. The Ministry of Defence (MoD) is refusing to respond to Parliamentary questions, tabled in late October, which revealed that nearly 600 computers had disappeared from the department in the last five years, according to a Liberal Democrat MP. http://news.zdnet.co.uk/story/0,,t269-s2102540,00.html - - - - - - - - Hacker mag hopes to overturn DeCSS ruling The editor of hacker publication 2600 is asking the full 2nd U.S. Circuit Court of Appeals in New York to review an earlier decision prohibiting the magazine from linking to or posting DeCSS--code that can be used to crack DVD security. In November, a three-judge panel of the court sided with the movie industry, which had sued the publication, saying the posting of DeCSS would lead to rampant piracy. The court is expected to decide whether to review that decision sometime in the spring. http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,5101749,00.html - - - - - - - - DOT sees security short-changed The Transportation Department is working with the Bush administration to ensure that information security is not left behind as increasing amounts of money go to strengthen the other forms of security throughout the department, top information technology officials said Jan. 14. DOT, and particularly the Federal Aviation Administration, received a good portion of the emergency supplemental funding made available by Congress to address homeland security after the Sept. 11 terrorist attacks. But despite numerous requests, none of that money has gone to information security needs, said Eugene Taylor, DOT's deputy chief information officer, at the Transportation Research Board's annual meeting in Washington, D.C. http://www.fcw.com/fcw/articles/2002/0114/web-dot-01-15-02.asp - - - - - - - - Lawmaker Wants Magic Lantern Information From FBI Rep. Ron Paul, R-Texas, in a letter last week told the FBI that he is concerned about the bureau's refusal to provide information about the existence of a computer and e-mail surveillance plan dubbed "Magic Lantern." In the letter, provided to the Politech mailing list by Paul's legislative director Norman Singleton, the Congressman asked FBI Director Robert Mueller to hand over information on the keystroke monitoring program, "or provide me with written justification for the FBI's refusal to share information on this crucial issue." Paul asked for a response within two weeks. http://www.newsbytes.com/news/02/173637.html - - - - - - - - Industry counters criticism of cybersecurity info-sharing bills The heads of eight technology and other industry groups seeking legislation designed to spur the disclosure of cyber-security information are pushing the Bush administration to play a more active role in supporting the measure. http://www.govexec.com/dailyfed/0102/011502td1.htm - - - - - - - - U.S. attorney makes computer crimes a priority Combating cyberterrorism will be a top priority for a new team of federal prosecutors that will focus exclusively on computer crimes, U.S. Attorney Paul McNulty said Monday. The newly created computer crimes unit includes six federal prosecutors and will be active throughout the Eastern District of Virginia. The unit will be headquartered in Alexandria but will also have a presence in Norfolk and Richmond, McNulty told a news conference. http://www.timesdispatch.com/vaapwire/MGBEDHKRGWC.html http://www.nandotimes.com/technology/story/218945p-2114135c.html - - - - - - - - Cybersleuthing solves the case Businesses with intellectual property and online customers to protect are increasingly calling on cyberforensics investigators to get to the bottom of cases of employee wrongdoing and electronic crimes. "People are calling us when they find malicious software installed on their servers, when they're leaking sensitive information, when they suspect employee harassmenteven in cybersquatting cases," says Ed Skoudis, vice president of ethical hacking at Predictive Systems Inc., a technology services firm in New York. http://www.computerworld.com/storyba/0,4125,NAV47_STO67299,00.html - - - - - - - - Does Crime Pay More on the Web? The anonymity of the Internet and the potential for higher rewards for criminals has fueled an alarming increase in cybercrime activity in recent years. Indeed, analysts agree that Internet-savvy lawbreakers may have more to gain and less to lose than their physical world counterparts. "If you're talking about physical assets, you can only steal so much, due to physical limitations," SecurityFocus CEO Arthur Wong told the E-Commerce Times. "When you're talking about just numbers, the quantum of damages [online] can be so much higher." http://www.newsfactor.com/perl/story/15787.html - - - - - - - - AOL warns of ICQ attack risk People chatting with outdated ICQ software are at risk or a potentially damaging buffer overflow exploit, AOL Time Warner cautioned in an alert posted Monday. The buffer overflow vulnerability affects versions of America Online's popular ICQ instant messaging software prior to version 2001b, which was released October. Only versions for Microsoft's Windows operating system are vulnerable. AOL posted a page urging people who haven't already downloaded the latest version of ICQ software to do so. http://www.zdnet.com/zdnn/stories/news/0,4586,5101721,00.html http://www.siliconvalley.com/docs/news/tech/084368.htm http://www.techtv.com/news/hackingandsecurity/story/0,24195,3368228,00.html http://news.zdnet.co.uk/story/0,,t269-s2102520,00.html http://www.usatoday.com/life/cyber/tech/2002/01/15/instant-messaging-flaw.htm - - - - - - - - IE privacy flaw still causing leaks New privacy-enhancing controls in Microsoft's Internet Explorer 6.0 can be rendered useless by a long-known security flaw in Windows Media Player, a noted security expert said Tuesday. http://www.zdnet.com/zdnn/stories/news/0,4586,5101790,00.html http://news.cnet.com/news/0-1005-200-8494180.html http://www.wired.com/news/technology/0,1282,49741,00.html http://www.vnunet.com/News/1128330 Windows Media Player 'Super Cookies' Could Help Track Users A user identification technology built into Microsoft's Windows Media Player could enable Web sites to track users, a privacy watchdog warned today. According to Richard M. Smith, the unique identification number assigned by default to every Windows Media Player user can be captured from the user's system registry using a simple script in a Web page. http://www.newsbytes.com/news/02/173662.html http://www.msnbc.com/news/688421.asp - - - - - - - - Solaris hole opening way for hackers Online vandals are using a two-month-old security hole in Sun Microsystems' Solaris operating system to break into servers on the Internet, a security expert said Tuesday. Researchers witnessed the attack when one intruder broke into a Solaris server under intense observation as part of the Honeynet Project, an initiative to develop ways to turn spare computers into digital fly traps to study and document actual Internet attacks. "One of our honey pots got whacked with it," said Lance Spitzner, project manager for the Honeynet Project. "As far as we know, it was the first time we saw (this flaw) used in the wild." http://news.cnet.com/news/0-1003-200-8495923.html - - - - - - - - Win XP updates stopped by glitch Engineers are working to fix a glitch in a Microsoft Web server that has prevented Windows XP users from down- loading software updates, including a patch for a security hole, a company spokeswoman said Monday. The problem, discovered last Thursday, was created when engineers attempted to update software on a server, she said, adding that it is expected to be corrected before Tuesday. The spokeswoman said she could not confirm the number of people affected by the problem, but said about 8 million people download Windows XP software updates each week. http://www.zdnet.com/zdnn/stories/news/0,4586,5101730,00.html http://www.cnn.com/2002/TECH/internet/01/15/microsoft.security.server.ap/index.html http://www.nandotimes.com/technology/story/219517p-2121371c.html http://www.newsfactor.com/perl/story/15800.html http://www.vnunet.com/News/1128344 .Net problems plague Microsoft After a five-day outage, Microsoft fixed a technician's error Tuesday, allowing Windows users to once again access critical operating system updates on the company's Web site. But the problem--the latest in a series--had .Net analysts questioning whether the software giant can deliver the reliability necessary for its widely touted 24-7 Web services initiative. "Uptime becomes much more critical, and Microsoft has not been concentrating on that," said Daryl Plummer, group vice president for software infrastructure at Gartner, a market research firm. "If they are going to do that with .Net and with .Net My Services, they have to get better." http://www.zdnet.com/zdnn/stories/news/0,4586,5101795,00.html .Net breakdown: More to come? http://news.cnet.com/news/0-1003-200-8494784.html - - - - - - - - Unix Admins Urged To Stop Up Security Hole In CDE Administrators of Unix-based systems that also run a graphical interface known as the Common Desktop Environment (CDE) are being warned that hackers have begun to take advantage of a security hole found some time ago in such systems. The CERT Coordination Center of Carnegie Mellon University's Software Engineering Institute in Pittsburgh, Pa., said in a bulletin today that it had received "credible reports" of Sun Solaris systems being compromised by hackers with the help of a vulnerability in unpatched versions of a CDE component known as the Subprocess Control Service. http://www.newsbytes.com/news/02/173672.html - - - - - - - - F-Secure Fixes Scanner Glitch F-Secure has discovered a bug that can cause system crashes on Windows machines loaded with its antivirus software. In real life, the flaw is very rare - only three customer sightings in a year. Today the company has issued a fix. The flaw involves the way F-Secure Anti-Virus version 5.30 deals with "certain combinations of strange or unusual characters", which can (theoretically) be a problem when a user tries to save a HTML file using Word. http://www.theregister.co.uk/content/55/23689.html - - - - - - - - Europe--the watchdog of the Net? Salesforce.com Chief Financial Officer Andrew Hyde never considered himself an international trade policy guru, so participating in a conference call with U.S. trade officials last month was a bit awkward. The San Francisco-based database marketing company wants to increase revenue from European customers, but Hyde worries that discrepancies between U.S. and European privacy laws could tangle Salesforce.com in an ugly regulatory fight. http://www.zdnet.com/zdnn/stories/news/0,4586,5101787,00.html - - - - - - - - Cryptographic Abundance Cryptography could give us data privacy today. Only no one's asking for it. My 82-year-old mother never was very good at arithmetic. She now has lost the ability to balance her checkbook. Yet this morning, at the touch of a button on her browser, she performed a fairly sophisticated arithmetic operation on her way to establishing a secure session with the e-commerce site where she orders her medications. This operation is called "modular exponentiation." http://www.techreview.com/articles/insight0102.asp - - - - - - - - An Audit of Active Directory Security, Part Five: A Theoretical Attack on the Multi-Master Replication Scheme in a AD-Enabled Network. This is the fifth and final installment in a five-part series on auditing Active Directory security. The first article in the series offered a brief introductory overview of Active Directory. In the second installment we examined some of the security implications of the ADs default settings. The third article looked at LDAP, SASL and Kerberos in the context of AD security. The fourth part looked at some potential security concerns related to the Configuration Naming Context in AD. This article will examine some issues surrounding the multi- master replication scheme. http://www.securityfocus.com/infocus/1535 - - - - - - - - Handhelds join handcuffs at Boston airport in fight against terrorism. A pager-sized device that's more likely to be found in a Wall Street briefcase than on a state trooper's belt may take its place in the war against terrorism. Logan International Airport is the first in the nation to test the BlackBerry as an electronic gateway to state and federal criminal databases, giving law enforcement officers the kind of immediate information resource they've longed for, but lacked. http://www.siliconvalley.com/docs/news/tech/008253.htm http://www.cnn.com/2002/TECH/ptech/01/15/wireless.cops.ap/index.html http://www.wired.com/news/technology/0,1282,49740,00.html http://www.usatoday.com/life/cyber/wireless/2002/01/15/wireless-cops.htm http://www.nandotimes.com/technology/story/219434p-2120674c.html http://www.computerworld.com/storyba/0,4125,NAV47_STO67408,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.