September 18, 2002 Arrests made in Web 'rape' drug sale In a clamp down on Internet drug dealers, federal, state and local authorities said Wednesday they have made arrests and conducted searches in dozens of U.S. cities where traffickers have used computers to sell the "date rape" drug GHB. Investigators conducted more than 150 searches and made a number of arrests in a law enforcement sweep in more than 70 U.S. cities, marking the first-ever probe of its kind involving the Internet and GHB, said a federal law enforcement official. http://www.nandotimes.com/technology/story/541446p-4279683c.html - - - - - - - - Sprint cleared of negligence in vice hacks The Nevada Public Utilities Commission pulled the plug Thursday on a Las Vegas adult entertainment operator's claim that telephone calls meant for his stable of private dancers are being blocked by hackers with access to local phone company Sprint of Nevada's systems, closing an eight-year-old legal battle that pitted the vanquished brokers of Sin City's competitive sex trade against the corporate legal muscle of a telecom giant. http://www.theregister.co.uk/content/55/27161.html - - - - - - - - SparkList confirms e-mail address theft E-mail management company SparkList.com has confirmed that customer e-mail addresses were stolen from its database, allowing some customers' mailing lists to be bombarded with spam. An internal investigation into complaints about spam revealed that the lists were compromised in March 2002, SparkList COO Steven Brown said in an e-mail to clients on Tuesday. "This incident does not appear to be a technical, widespread compromise of SparkList servers, due to the fact that most lists were not compromised," Brown said. http://news.com.com/2100-1023-958544.html - - - - - - - - Judge to WorldCom: Block Kid Porn WorldCom, the bankrupt long-distance voice and data services company, was ordered by a judge to deny access to five child pornography sites to its Pennsylvania customers, the state Attorney General said Wednesday. Montgomery County Judge Lawrence Brown gave WorldCom five business days to comply with the order, which was the first court action taken under a new state law to protect children from exploitation by blocking access to sites with child pornography. http://www.wired.com/news/politics/0,1283,55248,00.html - - - - - - - - Slapper worm spreads its disease Internet on yellow alert. The Internet Storm Centre (ISC), the early warning system from the Sans Institute, is on yellow alert for the first time in months as the Slapper worm continues its infection of Apache web servers. The worm was first spotted in the wild at the end of last week, entering systems by exploiting a vulnerability in the open Secure Socket Layer (SSL) library used in SSL-capable programs. http://www.vnunet.com/News/1135137 http://online.securityfocus.com/columnists/109 - - - - - - - - U.S. cybersecurity strategy faulted Computer security experts denounced a White House panel's eagerly awaited strategy on defending the nation's critical systems from cyberattacks, assailing Wednesday's report for not being tough enough. Instead of proposing bold government actions, the "National Strategy to Secure Cyberspace" stresses voluntary cooperation and education. It says users - from home PC buyers to corporate technology officers - need to know of vulnerabilities so that they can assess the risks in their own corner of cyberspace. http://www.nandotimes.com/technology/story/541318p-4279028c.html http://www.nandotimes.com/technology/story/540961p-4277063c.html http://www.theregister.co.uk/content/6/27169.html http://www.cnn.com/2002/TECH/internet/09/18/cybersecurity.ap/index.html http://www.vnunet.com/News/1135140 http://www.msnbc.com/news/809656.asp http://www.washingtonpost.com/wp-dyn/articles/A31347-2002Sep17.html http://techupdate.zdnet.com/techupdate/filters/specialreport/0,14622,6023471,00.html http://www.fcw.com/fcw/articles/2002/0916/web-strat-09-18-02.asp Plan To Protect Computer Systems Expected Today http://www.newsfactor.com/perl/story/19442.html Let The Lobbying Begin http://www.washingtonpost.com/wp-dyn/articles/A33365-2002Sep18.html Combating cyberterrorism http://news.com.com/2009-1023-958333.html Cybersecurity Plan Offends No One http://online.securityfocus.com/news/677 White House panel's cybersecurity plan avoids calls for new government rules http://online.securityfocus.com/news/670 Cybersecurity and You: Five Tips Every Consumer Should Know It's no accident that the Bush administration's draft cybersecurity strategy begins with an appeal to home users and small businesses, arguably the least computer security- conscious group of Internet users. http://www.washingtonpost.com/wp-dyn/articles/A30681-2002Sep17.html A Cybersecurity Primer: Links and Resources for Computer Users creating a Password: DO NOT use your username as your password. Don't use easily guessed passwords, such as "password." Do not choose passwords based upon details that may not be as confidential as you'd expect, such as your birth date, your social security or phone numbers, or names of family members. http://www.washingtonpost.com/wp-srv/technology/articles/cyberprimer_091802.htm Feds' cyberspace plan should appeal to control freaks Security in the online world has never been much more than an afterthought. A useful new federal document, to be officially unveiled today, aims to change that mindset. But the much-ballyhooed, much-revised ``National Strategy to Secure Cyberspace'' looks alarmingly like a recipe for the world's control freaks -- the people who view security as a way to help big government and big business regulate the way we use technology. http://www.siliconvalley.com/mld/siliconvalley/4097316.htm - - - - - - - - House panel backs bill to make agencies protect data A bill to protect privacy of people and businesses that provide information to government statistical agencies cleared a House Government Reform subcommittee Tuesday. The legislation (H.R. 1152) was approved by voice vote in the Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations and sent on to the parent committee. Only the chairman, Rep. Stephen Horn, R-Calif., and Rep. Janice Schakowski, D-Ill., were present among the nine subcommittee members. http://www.govexec.com/dailyfed/0902/091802njns1.htm - - - - - - - - Watchdogs launch attack on filter law Free speech proponents are stepping up their fight against Internet filtering in schools, waging a grass-roots campaign against a law that requires Web blocking as a condition of federal funding. The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) are asking people to send letters to their public school board members and congressional representatives, urging them to fight the Children's Internet Protection Act (CIPA). http://news.com.com/2100-1023-958518.html - - - - - - - - Computer attacks by insiders deemed most dangerous Strange things began to happen at AskIt.com in February. The e-mail servers of the Manhattan computer consulting company were flooded with thousands of messages containing pornographic images. Some customers calling into the voice mail system were directed to a telephone sex service. What caused the chaos? Computer virus? Software bug? http://www.usatoday.com/tech/news/computersecurity/2002-09-18-inside-job_x.htm - - - - - - - - MS addresses Hotmail spam blizzard. At last Microsoft today signed up Brightmail to tackle the junk mail bombarding Hotmail accounts. It is to install Brightmail Solution Suite at the SMTP gateway, to hoover up junk mail before it reaches the user. According to Rick Holzli, general manager of MSN Hotmail, "unsolicited junk e-mail is a global problem in the industry today that affects not just Hotmail users, but e-mail users everywhere." Yes but... anyone who has ever used Hotmail knows that junkmail is much, much worse on its service than with other ISPs. http://www.theregister.co.uk/content/6/27178.html - - - - - - - - SQL Yukon a major security concern Users advised to hold off on Microsoft's next SQL Server Users should hold off deploying Microsoft's next version of SQL Server until the first service pack because of major security concerns, analysts have warned. Yukon, the company's next SQL release, is due next year, but analyst Gartner has said that it expects it to contain a high number of security flaws. http://www.vnunet.com/News/1135116 - - - - - - - - Millennium Challenge IDs systems The recently completed Millennium Challenge identified a pair of key concepts and some information technology-heavy systems as warranting "immediate investment," while others are promising but need more work, according to the commander who led the experiment. Millennium Challenge, or MC 02, was the largest-ever joint military experiment designed to see how well the individual services' critical systems link with one another. The goal was to have the systems operate jointly to support ground, sea and air forces. http://www.fcw.com/fcw/articles/2002/0916/web-mill-09-18-02.asp - - - - - - - - DISA picks 3 for enterprise antivirus The Defense Information Systems Agency last week awarded contracts to a trio of vendor teams for a Defense Department and Coast Guard enterprise antivirus software initiative. The following companies were awarded contracts Sept. 13 to help protect more than 3 million DOD computers from viruses for users at work and at home: * Network Associates Inc. * Northrop Grumman Information Technology, with partner Symantec Corp. * GTSI Corp. with partner, Trend Micro Inc. http://www.fcw.com/fcw/articles/2002/0916/web-disa-09-18-02.asp - - - - - - - - Four agencies achieve interoperable PKI After five years of work, the General Services Administrations Federal Bridge Certification Authority has made the public-key infrastructures of four agencies interoperable. For the first time in history, federal agencies will accept each others digital certificates through the bridge. That is where the rubber meets the road, said Judith Spencer, chairwoman of the Federal PKI Steering Committee. They can communicate in a trusted fashion, verify each others credentials in different trusted domains. http://www.gcn.com/vol1_no1/daily-updates/20056-1.html - - - - - - - - Experts fear broken crypto standards But no need to panic. Yet. Two of the most widely used encryption standards - Advanced Encryption Standard (AES) and Serpent - may have been broken, but the theoretical attacks will not be a reality for at least 10 years. It is also unclear whether the attacks actually work. Bruce Schneier, chief technology officer at Counterpane and renowned crypto expert, said: "In either case, there's no need to panic. Yet. But there might be soon. Maybe." http://www.vnunet.com/News/1135115 - - - - - - - - IBM steps up Web services security IBM on Wednesday said it plans to add to its products new software that should make Web services applications more secure. IBM said that it is building a new software component into version 5 of its WebSphere application server, which is scheduled for release in the next quarter, and into future releases of its Tivoli Access Manager, which will secure Web services transactions. http://zdnet.com.com/2100-1106-958453.html - - - - - - - - Biometric trials point to passport fraud Biometric technology has been used in Australia to find out if individuals are fraudulently holding multiple passports - and it is getting results. The Australian federal government is poised to crack down hard on identity fraud amid indications that trials of biometric technology are already unveiling instances of individuals illegally securing multiple passports. http://news.zdnet.co.uk/story/0,,t269-s2122448,00.html http://zdnet.com.com/2100-1105-958422.html - - - - - - - - Warchalking is theft, says Nokia Geek 'pioneers' slammed as bandwidth thieves Warchalking, the technique of highlighting areas where wireless networks can be accessed freely, has been blasted as theft. And the practitioners of warchalking are being slammed as bandwidth thieves in an advisory issued by mobile and wireless vendor Nokia. Over the last few months, geeks have been drawing chalk symbols on walls and pavements in cities to mark points where signals from nearby office wireless networks can be tapped into to access the internet. http://www.vnunet.com/News/1135130 - - - - - - - - Finding the Security Budget Sweet Spot Companies must first determine which threats they are vulnerable to, then figure out how much damage a breach could inflict, and finally sift through the abundance of security products on the market. Allocating precious budget dollars is always a challenge in a down economy, and with security threats seeming to loom at every turn, chief information officers are struggling mightily to gauge risks and decide how to counter them. http://www.ecommercetimes.com/perl/story/19431.html - - - - - - - - Five steps for keeping hackers at bay Many businesses seem to think they have an invisible cloak of invincibility when it comes to computer security. But saying "It won't happen to me" is simply not enough. Harm to your systems and data can be a fatal blow at the heart of your company, affecting your daily operations and your credibility with customers and the public. It is not just large companies that need protection against security breaches. Every business needs a strategy for keeping hackers at bay. http://zdnet.com.com/2100-1107-958397.html - - - - - - - - Detecting and Removing Trojans and Malicious Code from Win2K The amount of malicious code directed at Windows systems seems to be increasing on a continual curve [1]. IRC bots, backdoor Trojans and worms abound. It seems that few Windows systems, particularly Win2K, are immune from infection, regardless of how diligent the user or administrator may be. Many posters to public lists continue to report Code Red and Nimda scans, as well as port scans for popular Trojan applications, on an almost weekly basis. http://online.securityfocus.com/infocus/1627 - - - - - - - - Leading Tory moots electronic tracking for UK paedos The UK's shadow home secretary Oliver Letwin has called for the setting up of a government working party to investigate the feasibility of electronically monitoring paedophiles. Letwin, who is frequently categorised as one of the more sensible components of the Conservative Party high command, cites the "success" of Florida's use of electronic monitoring as reason enough for the UK to look at it. http://www.theregister.co.uk/content/6/27175.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.