High Tech "NewsBits" for 02/04/02

February 4, 2002 Global summit hit by cyberattack An invisible cyber assault has cut off access for the second day running to the Web site of the World Economic Forum, organizers of the gathering of the world's political and business elite confirmed on Friday. The flood of Internet traffic to the Web site began on Thursday afternoon, the first day of a five day conference, and continued through Friday, with only intermittent let-up, a conference organizer said. http://zdnet.com.com/2100-1105-828589.html http://www.usatoday.com/life/cyber/tech/2002/02/04/virtual-sit-in.htm http://www.theregister.co.uk/content/55/23928.html - - - - - - - - US Company Denies Link To Alleged Pakistani Kidnappers A Tennessee-based Internet firm said it was "absolutely a coincidence" that it registered last week a Web address formerly used by a radical Muslim group suspected of kidnapping a Wall Street Journal reporter. According to domain records, Popular Enterprises registered the address harkatulmujahideen.org on Jan. 28, the same day that the newspaper announced correspondent Daniel Pearl had been kidnapped in Pakistan. http://www.newsbytes.com/news/02/174194.html - - - - - - - - Computer Sleuths Confident About Finding Deleted Enron Data The job of recovering lost e-mail could involve looking at about 100 hard drives plus e-mail servers -- and could take up to four months of investigative work. The head of the company hired to retrieve the electronic records destroyed by Arthur Andersen LLP concerning Enron Corp. was guarded but confident last week as he talked about the task already under way in Houston, protected by armed guards. http://www.newsfactor.com/perl/story/16143.html - - - - - - - - MIRC Chat Users Vulnerable To New Attack A serious security flaw in the popular mIRC online chat program could enable a remote attacker to run malicious programs on the computers of millions of users. The buffer over-flow flaw, present in mIRC versions 5.91 and earlier, lies in the program's code for establishing the user's nickname when connecting to an Internet relay chat (IRC) server, according to James Martin, a software developer in Ireland who discovered how to exploit the bug. http://www.newsbytes.com/news/02/174185.html - - - - - - - - Bush Budget Could Leave Security Databases Stranded Gartner's Caldwell noted that Bush's proposed budget for fiscal 2003 is simply Round One of a battle that generally does not conclude before the end of the year. News sources reported late Sunday that the Bush administration intends to cancel a US$1 million program known as "Cal-Photo," a networked security database that holds millions of digitized photos and mug shots. The database, which helped the Federal Bureau of Investigation locate a suspected terrorist after the September 11th attacks on the Pentagon and World Trade Center, is considered to be a critical anti-terrorism tool. http://www.newsfactor.com/perl/story/16153.html http://www.usatoday.com/life/cyber/tech/2002/02/04/fbi-tech-program.htm - - - - - - - - FTC Launches Program To Ease ID Theft Reporting The Federal Trade Commission (FTC) will launch a program on Tuesday that should make it easier for victims of identity theft to alert creditors and merchants to fraudulent activity on their accounts. The FTC hopes its ID Fraud Affidavit will simplify the reporting process by allowing victims to send the same form to dozens of credit issuers and merchants that have agreed to participate in the program. http://www.newsbytes.com/news/02/174206.html http://www.nandotimes.com/technology/story/237001p-2265508c.html - - - - - - - - Rumsfeld: Cyberwar among possible threats The vulnerability of U.S. information networks and a belief that a future attack against the U.S. may be launched in cyberspace is high in the mind of U.S. Secretary of Defense Donald Rumsfeld as he plots to change the U.S. armed forces so they can better defend against unconventional threats. http://www.cnn.com/2002/TECH/internet/02/04/military.preparation.idg/index.html - - - - - - - - 1s and 0s Part Of New U.S. Arsenal Out on an Army firing range, in a conversation punctuated by machine-gun bursts, Staff Sgt. Michael Land describes how he and his soldiers are preparing to engage and destroy the enemy using an even deadlier weapon: digital information. The most obvious difference between his unit - a new rapid-deployment infantry brigade - and conventional ones isn't that their armored vehicles are propelled by wheels instead of tank tracks. Rather, Land said, it "is all the information we're being given" by computers that pull in data from satellites, drone aircraft and intelligence analysts far from the front lines. http://www.newsbytes.com/news/02/174202.html http://www.washingtonpost.com/wp-dyn/articles/A11471-2002Feb1.html - - - - - - - - National Guard extends secure net to states Spurred by the events of Sept. 11, the Defense Department last month initiated a plan to connect Army National Guard bureaus across the country with the Pentagon via the high-speed, highly secure network that DOD uses for classified communications. The effort will establish a secure communications link between the Pentagon and the National Guard's adjutant general (TAG) offices in 54 states and territories via the Secret Internet Protocol Router Network (SIPRNET), which military personnel use for accessing classified applications and databases and for secure messaging. http://www.fcw.com/fcw/articles/2002/0204/news-net-02-04-02.asp - - - - - - - - 'Dangerous' hole discovered in Morpheus MP3 fans using the Morpheus file-swapping service risk having their personal details exposed online, according to security experts. Morpheus in now the most popular file-swapping service on the Internet. The security hole means that the personal details of millions of people are now at risk of exposure. According to the Web site of MusicCity--the company that created Morpheus--more than nine million copies of the client have been downloaded. http://zdnet.com.com/2100-1106-828592.html http://news.zdnet.co.uk/story/0,,t269-s2103659,00.html http://www.newsbytes.com/news/02/174203.html - - - - - - - - Studios close the door on DVD copying An anonymous hacker known online as "Tron" is Hollywood's latest villain. Tron is the author of a piece of software called SmartRipper, which allows DVDs to be copied fairly easily to a computer hard drive, and from there burned onto recordable DVDs. So far, it's hardly a threat on the level that Napster once was. But cross Tron and his peers with rapidly falling prices of DVD burners, and it's easy to see why Hollywood executives are nervous. http://zdnet.com.com/2100-1103-828476.html http://news.zdnet.co.uk/story/0,,t269-s2103686,00.html http://news.com.com/2100-1023-828449.html - - - - - - - - Justice revs up cybercrimefighting efforts The Justice Department by April will beef up its focus on cybercrime deterrence by staffing what will become its largest computer crimefighting unit. Jack Hanly, supervisor of the cybercrime team for the Eastern District of Virginia in Alexandria, said his group would assign seven assistant U.S. attorneys, five from Alexandria and one each from Richmond and Norfolk, to form a team. http://www.gcn.com/vol1_no1/daily-updates/17915-1.html - - - - - - - - - Cell phones: Key accessories to crime 'Your voice is like your fingerprint' They're used in Brazil to organize prison riots, kidnappings and murders, while in Vietnam they're a drug dealer's best friend. Up in the remote Scottish highlands, they serve as an early warning device for vandals keen to avoid the village constable. Cell phones are fast becoming a favored accessory for crooks. http://www.cnn.com/2002/TECH/ptech/02/03/cell.phone.crime.ap/index.html - - - - - - - - - Unauthorized practice of law on the Net A decision issued in late December 2001 by the Ohio Board of Commissioners on the Unauthorized Practice of the Law (the Board) helps to define whether certain online conduct by non-lawyers is tantamount to impermissible legal practice. The decision, in the case Office of Disciplinary Counsel v. Palmer, may be worth a read by lawyers and non-lawyers alike. http://www.usatoday.com/life/cyber/ccarch/2002/02/01/sinrod.htm - - - - - - - - - Online symposium tackles security Citing security as a major focus of its research this year, Public Technology Inc., in collaboration with the Public Entity Risk Institute, is offering a Web-based symposium this week about cybersecurity issues for local governments. Each day, a paper written by a PTI member will be posted on the PERI Web site, followed by an electronic dialogue that will be moderated by Costis Toregas, president of PTI. The symposium, "Safe and Secure: CyberSecurity and Local Government," is free. http://www.fcw.com/geb/articles/2002/0204/web-pti-02-04-02.asp - - - - - - - - More Spam-Friendly Holes Found In Popular Web Software "Below is the result of your feedback form..." That's the first sentence found in many unwanted e-mail messages these days - from spam missives promoting "X-rated Web cams" to bogus technical support bulletins designed to steal the Internet passwords of the unwary. But the familiar-sounding introductions originate, not from a single spammer, but from a single program that is practically standard equipment on smaller Web sites and which security experts say is full of spam-friendly holes. http://www.newsbytes.com/news/02/174174.html - - - - - - - - Asylum seekers get UK's first biometric ID cards The Home Office has issued biometric cards containing the bearer's fingerprint to asylum seekers in Croydon. Asylum seekers in Croydon have become the first people in Britain to be issued with high-tech biometric cards by the Home Office. The Application Registration Card (ARC) will contain the bearer's fingerprint, as well as their photograph, name, date of birth and nationality. The card will also contain a secure updatable chip for additional information such as the holder's address. http://news.zdnet.co.uk/story/0,,t269-s2103696,00.html - - - - - - - - Will you be using this Dell PC for world terror (y/n)? Dell UK is dutifully doing its bit in the war against terrorism, as evidenced by the Export Compliance section of the company's online order form. Says Question 4: "Will the product(s) be used in connection with weapons of mass destruction, i.e. nuclear applications, missile technology, or chemical or biological weapons purposes?" http://www.theregister.co.uk/content/28/23930.html - - - - - - - - HP Challenges Security Companies with Free Privacy Software The free package features a 'cookie' manager that enables a user to block malicious text files planted on the user's hard drive by advertisers. Hewlett-Packard has started pre-loading free security and privacy software onto Pavilion desktop computers it sells in North America, including a feature that automatically blocks Internet advertising. http://www.newsfactor.com/perl/story/16147.html - - - - - - - - Symantec in demand - Viruses, Security Create Huge Need. The high-tech recession hit Symantec just as hard as its fellow software companies. But then the bad news came, and things got better. A vicious computer worm attacked a White House Web site. Terrorists attacked the World Trade Center towers and the Pentagon. A new type of digital menace, known as a ``blended threat'' for its multiple methods of attack, struck repeatedly throughout the fall and winter. http://www0.mercurycenter.com/premium/business/docs/symantec04.htm - - - - - - - - Former Playmate Wins Next Round In Playboy Web Suit An appeals court has upheld the right of a former Playboy Playmate to use the trademarked "Playboy" moniker on her own Web site, and endorsed a lower court's ruling two years ago that allowed Terri Welles to advertise her association with the entertainment giant through HTML meta tags. Welles, a former centerfold who was Playmate of the Year in 1981, has been battling Playboy in court since February of 1998, when the Chicago-based publisher filed a trademark infringement lawsuit in a California federal District Court. http://www.newsbytes.com/news/02/174200.html - - - - - - - - WLAN Security on the Rise Ask a room full of IT managers to identify the biggest impediment to wireless LAN deployment and it's a safe bet more than half of them will put security at the top of their lists. That's a big problem, not only for users who are itching to gain wireless access to enterprise information resources but also for vendors that are trying to sell wireless infrastructure and applications. http://www.networkcomputing.com/1303/1303ws2.html - - - - - - - - The encrypted jihad We can't stop terrorists from using uncrackable codes. So we shouldn't even try. Here's a tip for Treasury Department agents tracking al-Qaida's finances: You might want to pay a visit to the volume discount department at Dell Computer. Al-Qaida, it seems, has been an avid consumer of computers over the last several years, and is especially fond of laptops. It isn't hard to understand why. With his hectic, on-the-go lifestyle, no self-respecting terrorist can function without a computer that fits comfortably on an airplane tray table. http://www.salon.com/tech/feature/2002/02/04/terror_encryption/index.html - - - - - - - - Heuristic Techniques in AV Solutions: An Overview Heuristic technologies can be found in nearly all current anti-virus (herein referred to as AV) solutions and also in other security- related areas like intrusion detection systems and attack analysis systems with correlating components. This article will offer a brief overview of generic heuristic approaches within AV solutions with a particular emphasis on heuristics for Visual Basic for Applications based malware. http://www.securityfocus.com/infocus/1542 - - - - - - - - Windows more secure than Linux? Windows suffered fewer security vulnerabilities than Linux last year, according to figures released by vulnerability tracker SecurityFocus. Although the statistics so far only go up to August 2001, aggregated distributions of the Linux operating system suffered 96 vulnerabilities while Windows NT/2000 suffered only 42. Breaking the figures down by distribution, Mandrake Linux 7.2 notched up 33 vulnerabilities, Red Hat 7.0 suffered 28, Mandrake 7.1 had 27 and Debian 2.2 had 26. http://www.vnunet.com/News/1128907 - - - - - - - - 9/11 workers on right wavelength A new report reveals that most local public safety agencies initially responding to the attack on the Pentagon Sept. 11 had little difficulty communicating with one another. The report, "Answering the Call: Communications Lessons Learned from the Pentagon Attack," was released Feb. 1 by the Public Safety Wireless Network (PSWN) Program, a joint initiative sponsored by the Justice and Treasury departments. The program's goal is to help the public safety community improve wireless radio interoperability. http://www.fcw.com/geb/articles/2002/0204/web-pswn-02-04-02.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.