June 27, 2002 Officials say al-Qaida cyberattack 'a question of when, not if' Imagine this: a major terrorist attack carried out on American soil just as emergency dispatch systems or the power grid go down. That may be where al-Qaida is heading. The Washington Post reports that analysts are becoming increasingly concerned about an attack that uses the Internet either to cause real bloodshed on its own, or to make a conventional attack even worse. http://www.nandotimes.com/technology/story/448989p-3593144c.html Worries Mount Over Terrorist Cyber Assault Worries about terrorist cyber attacks were reinforced this week by surveys indicating that IT professionals believe attacks on government and cyber infrastructure are likely. U.S. officials reportedly are concerned by clues that al Qaeda terrorists have accessed and studied critical infrastructure systems, such as power, communications, water and nuclear, as well as those systems' digital controls and interconnects. http://www.newsfactor.com/perl/story/18426.html U.S. reportedly fears al-Qaeda cyber attacks http://www.usatoday.com/life/cyber/tech/2002/06/27/cyber-attacks.htm http://www.vnunet.com/News/1133033 - - - - - - - - NASA hacker running out of space to hide A hacker alleged to have caused $1m worth of damages at NASA is being investigated in Poland Polish prosecutors say they are searching for a computer hacker believed by the United States to have penetrated the NASA space agency, causing damage reportedly estimated at $1m (around PS660,000). The search was focusing on Poznan in the west of Poland, a country which has a tradition of codebreaking dating back to helping crack Nazi Germany's Enigma encryption machine during World War Two. http://news.zdnet.co.uk/story/0,,t269-s2118076,00.html http://zdnet.com.com/2110-1105-939842.html - - - - - - - - Nimda worm feeds on popular game site Some video game players got a nasty surprise this week when they downloaded software from a popular online gaming site--the Nimda computer virus. The installer for GameSpy Arcade 1.09, the main file exchange and gaming software of GameSpy.com, was infected with the Nimda virus twice this week, GameSpy Chief Executive Mark Surfas told Reuters. Surfas said the virus infected one of their download servers for two hours on Tuesday and five hours Wednesday night, while they were performing routine service. http://news.com.com/2100-1040-940174.html http://zdnet.com.com/2100-1105-940213.html - - - - - - - - Hacking fears delay tax email service Taxpayers left with snail mail option only. The Inland Revenue has stalled plans to introduce an email service for taxpayers because of security fears. The department had planned a national email service, and has already installed more than PS200m worth of computers. But, according to an inter-office memo, the taxman fears that hackers could intercept emails or infiltrate the network and masquerade as Nick Montagu, the department's chairman, for the purposes of reading and sending emails. http://www.vnunet.com/News/1133056 - - - - - - - - House Refines Virtual Porn Ban A second attempt to ban virtual child porn won overwhelming support in the House of Representatives, but critics say the measure is unconstitutional and will harm efforts to end the exploitation of real children. The House approved the "Child Obscenity and Pornography Prevention Act of 2002" (COPPA) Tuesday, 413-8, barely two months after the Supreme Court struck down a similar measure seeking to prohibit computer images of people under 18 engaged in sex. http://www.wired.com/news/business/0,1367,53510,00.html - - - - - - - - Spain passes law to regulate Internet content Spain's parliament on Thursday passed a law regulating electronic commerce which makes Internet service providers more responsible for content on their pages and requires them to store data on clients for at least a year. The legislation, designed to bring Spain into line with European Union guidelines, is expected to take effect after the summer. It still requires the signature of King Juan Carlos and publication in the Official Gazette before becoming law. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3556967.htm - - - - - - - - Software bugs cost billions Poor software is costing US economy a fortune, study finds Software bugs are costing the US economy an estimated $59.5bn a year, according to a new study, which has found that more than half the costs are carried by software users and the remainder bysoftware developers and vendors. The study, conducted by the National Institute of Standards and Technology (Nist), also found that while not all errors can be removed, more than a third of these costs - an estimated $22.2bn - could be eliminated by an improved testing infrastructure that provides earlier and more effective identification and removal of software defects. http://www.vnunet.com/News/1133047 - - - - - - - - NHS uses neural networks to cut fraud Artificial brain to build "fraud map" for investigations. The NHS is to use neural networking technology in a bid to stop fraud by patients and staff. The NHS Counter Fraud Service (CFS) will use the technology to target its investigations more effectively. It has investigated 503 cases of potential fraud in the last year - leading to just 45 prosecutions. Jim Gee, director of the CFS, told vnunet.com that he is looking to reach an agreement with software company SAS to use its tools for the analysis of fraud data. http://www.vnunet.com/News/1133049 - - - - - - - - Companies crack down on MP3s Stash those headphones and trash that file-swapping software: Companies are cracking down on employees who use streaming media and swap MP3s at work. Companies increasingly are blocking access to Internet music and video at firewalls and are issuing sweeping initiatives that ban workplace media usage. The trend is a result of two developments: media usage hogging enormous amounts of corporate bandwidth and threats of legal liability as the entertainment industry aggressively pursues copyright scofflaws. http://zdnet.com.com/2100-1105-939797.html http://news.com.com/2100-1023-939791.html http://news.zdnet.co.uk/story/0,,t269-s2118078,00.html - - - - - - - - Cybersquatters put on the hot seat The organization that oversees Internet domain names floated two proposals on Thursday to help businesses and individuals fight extortion by speculators, known as cybersquatters. ICANN, or the Internet Corporation for Assigned Names and Numbers, said at its quarterly meeting that it was close to adopting a new system to give owners of domain names extra time to renew their contracts and to establish a waiting list for coveted domains that become newly available to the public. http://zdnet.com.com/2100-1106-939819.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3555391.htm http://www.wired.com/news/politics/0,1283,53518,00.html - - - - - - - - Nokia wins first .me.uk domain name dispute Claiming Nokia as a nickname might have worked for one registrant, had he not also registered a raft of other brands. Nokia has won the first .me.uk domain name dispute after the registrant, who claimed that Nokia was his nickname, was found to have registered a raft of other well-known brands. http://news.zdnet.co.uk/story/0,,t269-s2118094,00.html - - - - - - - - MS patches Media Player secure music vulnerability Microsoft has issued a cumulative patch for Windows Media Player designed to patch three vulnerabilities, the most serious of which might permit an attacker to run arbitrary code on a victim's PC. An advisory by Microsoft says that the most serious of the three problems is an information disclosure vulnerability, which it rates as severe. http://www.theregister.co.uk/content/55/25919.html http://news.com.com/2100-1023-940050.html http://zdnet.com.com/2100-1104-940063.html http://online.securityfocus.com/news/504 - - - - - - - - Critical hole found in encryption program A popular open-source program for encrypted communications has a serious flaw that could let Internet attackers slip into servers running the software, said its creators and a security company this week. The program, Open Secure Shell (OpenSSH), is included in many widely used operating system distributions, such as OpenBSD 3.0, OpenBSD 3.1 and FreeBSD-Current, all open-source variants of the Unix OS. Such operating systems appear on networking equipment and security appliances, among other things. http://news.com.com/2100-1001-939988.html OpenSSH hits the fan A serious vulnerability in default installation of OpenSSH on the OpenBSD operating system has come to light. A vulnerability exists within the "challenge-response" authentication mechanism in the OpenSSH daemon (sshd), according to an alert issued today by Internet Security Systems. This mechanism, part of the SSH2 protocol, verifies a user's identity by generating a challenge and forcing the user to supply a number of responses. http://online.securityfocus.com/news/503 - - - - - - - - Spam: An Escalating Attack of the Clones AT 2 a.m., the red squiggle begins to rise. Sharply. The workers sitting in the dimly lighted room barely look up at the white screen on the wall that tracks the deluge of unwanted e-mail to millions of In boxes. They already know it's happening. Their computer monitors are filled with e-mail meant to appeal to the lonely and insecure: Free XXX video. Debt consolidation. Breast enhancement. Viagra. Work from home. Beat cellulite. It is the middle of the night on the West Coast, but spam attacks e-mail messages sent to multiple addresses often lumped together as "undisclosed recipients" are bubbling up from all corners of the Internet. Spam doesn't sleep. (NY Times article, free registration required) http://www.nytimes.com/2002/06/27/technology/circuits/27SPAM.html - - - - - - - - Prevent workstation hacking Hacking isnt limited to the server. In fact, the workstation is often the first place a hacker will try to access because from there, he or she can gain insight into how the network is set up. Often, however, workstation protection is overlooked. To help you safeguard your workstations, I have some examples of how hackers gain access to workstations and some tips on how to keep unwanted guests from breaking into them. http://www.techrepublic.com/article.jhtml?id=r00720020307pos01.htm - - - - - - - - Need a quick security overview? Read Internet Lockdown For IT managers needing a good general background on securing systems, Internet Lockdown may be the book. At 312 pages, it's relatively small, so you can quickly browse and study essential information. The chapters are clearly written, with frequent cross-references to details covered in other chapters. Author Tim Crothers, a security engineer at ITM Technology, has plenty of personal experience to draw on. http://www.techrepublic.com/article.jhtml?id=r00620020626mik01.htm - - - - - - - - CIO Hitch: Justice must focus its IT infrastructure on fighting terrorism The Justice Department must improve its IT infrastructure over the next year if it is to fulfill its new priority of counterterrorism, a senior Justice official said. Vance Hitch, Justices CIO, today said he is facing 39 stovepipes among the branches of the department and over the next year will standardize and consolidate systems to help the department share information more easily and efficiently. http://www.gcn.com/vol1_no1/daily-updates/19158-1.html - - - - - - - - TechXNY: Hunting for James Bond? The head of a government-based venture capital firm pleaded to the information technology industry: Be like James Bond. The fictional British spy used technology to his advantage when tracking down criminal masterminds. But in the real-world fight against terrorism, the situation shouldn't be different, Gilman Louie, chief executive of In-Q-Tel, said during a keynote speech at the TechXNY trade show here. http://zdnet.com.com/2100-1105-940224.html - - - - - - - - Intelligence agencies to link databases with new department The FBI and CIA are looking at ways to develop terrorist databases linked to the proposed Homeland Security Department in an effort to identify and stop terrorists intending to harm the United States, the agencies' directors told a Senate committee Thursday. "We are examining how best to create and share a multi-agency, government-wide database that captures all information relevant to any of the many watch lists that are currently managed by a variety of agencies," CIA Director George Tenet told the Senate Governmental Affairs Committee. http://www.govexec.com/dailyfed/0602/062702td1.htm - - - - - - - - Computerized `Mr. Potato Head' system aids police In Arizona and Los Angeles, police are replacing law enforcement mainstays such as mugshots and lineups of suspects with technology some call Mr. Potato Head. The photographic database and facial recognition systems, called Crime Capture and CrimeWeb, allow investigators to pick different types of facial features to search databases for criminals. It's not unlike the toy famous for allowing kids to change body parts on a potato, police said. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3556711.htm http://www.usatoday.com/life/cyber/tech/2002/06/27/mr-potato-hed.htm http://news.com.com/2100-1017-940006.html http://zdnet.com.com/2100-1104-940139.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.