October 7,. 2002 Worms turn on Win/Linux users Amid the panic last week about the prolific, and very nasty, BearBug worm two more nasty varmints went largely unnoticed. Hot on the heels of the Slapper, comes the Mighty worm which uses the same well-known OpenSSL exploit to gain access to and infect computers running an Apache Web server on Linux. Mighty uses the same spreading routines as Slapper but with several subtle differences. http://www.theregister.co.uk/content/56/27465.html http://www.nandotimes.com/technology/story/564544p-4438445c.html http://www.usatoday.com/tech/news/2002-10-06-bugbear-worm_x.htm http://www.newsfactor.com/perl/story/19602.html http://www.smh.com.au/articles/2002/10/07/1033538887595.html http://news.zdnet.co.uk/story/0,,t269-s2123436,00.html http://zdnet.com.com/2100-1105-961005.html http://online.securityfocus.com/news/1034 Bugbear side effect hits printers http://www.vnunet.com/News/1135719 - - - - - - - - House votes for Webcasters' reprieve A bill exempting small Webcasters from fees that had threatened to drive many small operations out of business passed the House of Representatives on Monday. The vote followed a weekend of tense negotiations between representatives of record labels, artists and Internet radio stations. The parties ultimately agreed to a deal that would let small Webcasters pay a percentage of their revenues to labels and artists, instead of a flat per-song fee. Large companies, such as America Online or Microsoft, would not be included in the agreement. http://news.com.com/2100-1023-961100.html - - - - - - - - Supreme Court to decide landmark copyright case Wednesday Mickey Mouse's days at Disney could be numbered and paying royalties for warbling George Gershwin tunes could become a thing of the past if the U.S. Supreme Court sides with an Internet publisher in a landmark copyright case this week. The high court will hear the case Wednesday that could plunge the earliest images of Disney's mascot and other closely held creative property into the public domain as early as next year. http://www.nandotimes.com/technology/story/565155p-4443634c.html http://www.usatoday.com/tech/news/techpolicy/2002-10-07-copyright-high-court_x.htm http://www.wired.com/news/business/0,1367,55614,00.html http://www.cnn.com/2002/TECH/biztech/10/07/copyrightchallenge.ap/index.html - - - - - - - - High court hears wireless spectrum case The U.S. Supreme Court is scheduled to hear arguments Tuesday in a case that could determine the future of wireless airwave licenses. The case, FCC v. NextWave, has tied up part of the wireless spectrum for years while courts have tried to decide whether the agency had the right to re-auction the licenses. Wireless carriers say releasing the licenses could relieve a shortage of the airways used to offer cell phone and high-speed wireless Internet service. http://news.com.com/2100-1033-961051.html - - - - - - - - Service providers win one, lose one Internet companies doing business in California won one round and lost another as Gov. Gray Davis signed an e-mail bill and vetoed legislation regulating Internet service providers. The governor late last month signed a bill that requires e-mail service providers to give 30 days' notice before shutting down e-mail accounts. The law, which goes into effect Jan. 1, does not apply in situations where an account holder has violated the terms of service or when service is interrupted for reasons beyond the e-mail provider's control. The governor subsequently vetoed a more sweeping bill that would have enacted the same restriction on ISPs (Internet service providers). The governor called the bill "well intentioned" but said it failed to provide sufficiently for cases of consumer misconduct or technical mishap. http://news.com.com/2100-1023-961001.html - - - - - - - - Report Calls for Plan of Sharing Data to Prevent Terror A bipartisan report by some of the nation's leading information technology and national security experts recommends that the Bush administration develop a system to share intelligence gathered in the United States and abroad among local, state and federal agencies while developing guidelines to protect against abuses. (NY Times article, free registration required) http://www.nytimes.com/2002/10/07/national/07HOME.html - - - - - - - - Calls for EU clampdown on online gambling Europe should introduce new legislation to clampdown on online gambling fraud, according to a top London lawyer. Steven Philippsohn, senior partner in the specialist fraud law firm Philippsohn Crawfords Berwald, says there are lessons to be learnt from a recent botched attempt to outlaw online gambling in Greece. http://www.theregister.co.uk/content/6/27468.html - - - - - - - - When it comes to ticket scalping, the Net's the Wild West Scalping tickets for sporting events has spread from stadium parking lots to cyberspace. A quick glance at eBay, the auction Web site, shows that sellers draw bids several times the face value of tickets. Law enforcement agencies say they monitor the sites to make sure prices are within legal limits, but admit online sales are difficult to police. http://www.usatoday.com/tech/webguide/internetlife/2002-10-07-e-scalping_x.htm - - - - - - - - Managing security mayhem--time to outsource? Innumerable intrusion alarms, rogue remote workers, untamed wireless access. It can all add up to a big, unmanageable mess. That's why Charles Johnson, Symantec's VP of security services, is on a mission to expand his company's managed security services (MSS) business. And for good reason: By 2005, Gartner expects 60 percent of enterprises to outsource some form of perimeter security monitoring. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2882454,00.html - - - - - - - - Insurance coverage for cyberprivacy risks With the exponential growth of the Internet, concerns about privacy violations and related liability are becoming more than just a theory. As a consequence, a variety of federal and state laws have been enacted to protect privacy rights. In this climate, companies need to assess their exposures to privacy claims and ascertain whether they have or need to obtain insurance for these types of risks. http://www.usatoday.com/tech/columnist/ericjsinrod/2002-10-04-sinrod_x.htm - - - - - - - - Beanies bargain site wins domain dispute In the battle over a Beanie Babies domain, the bargain sellers have come out on top. A federal appeals panel has ruled that the operator of Bargainbeanies.com is not violating the trademark of Beanie Babies creator Ty by offering used dolls through the Web address. The case is significant because it supports the ability of second- hand resellers to market and hawk their wares over the Internet without running afoul of trademark laws. Ty had sued Ruth Perryman, arguing that her Bargainbeanies.com site diluted the company trademark. http://news.com.com/2100-1023-961090.html - - - - - - - - Codebusters Crack Encryption Key It took four years, 331,000 participants and a difficult legal case, but the relentless efforts of Distributed.net and its supporters have finally broken a 64-bit encryption key developed by RSA Data Securities. When Distributed.net set up shop in 1997 to test various forms of encryption by essentially breaking through them, organizers figured it could take 100 years to uncover the RC5-64 sequence due to limited computer power and the fact that so many people would have to participate in the effort. Still, they forged ahead. http://www.wired.com/news/technology/0,1282,55584,00.html - - - - - - - - Protesting the Big Brother Lens, Little Brother Turns an Eye Blind Confronted with the unblinking eyes of surveillance cameras, Michael Naimark believes he can hide in plain sight with the aid of a $1 laser pointer. Mr. Naimark, a Silicon Valley artist and technologist, decided to try turning the tables on what he saw as the potential for Big Brother surveillance after the Sept. 11 attacks. His is a Little Brother response: using inexpensive laser pointers to temporarily blind those omnipresent electronic eyes. He plans to post his 13-page, single-spaced treatise on the subject this week on his Web site, www.naimark.net. http://www.nytimes.com/2002/10/07/technology/07ZZAP.html - - - - - - - - Ericsson tech can track you down Ericsson said Monday it has begun offering U.S. wireless carriers its new network equipment that automatically e-mails a cell phone user's exact location to friends or loved ones. The Swedish company's equipment uses software called Where Are They Now, developed by Israeli wireless software maker LocatioNet. The software lets cell phone users create a list of friends or relatives who have permission to receive location information. Users can choose how frequently the e-mails are sent. The service is not yet available, as no cell phone carriers have added the equipment to their network yet, Ericsson said. However, the company said it is in talks with major U.S. carriers. http://news.com.com/2100-1033-961105.html - - - - - - - - Exchange e-mails through handshake Wireless communication may become as easy as a handshake using new technology being developed by Japan's biggest telecommunications company that seeks to harness the human body's ability to conduct electric signals. The technology from Nippon Telegraph and Telephone Corp. is still being researched and there are no plans yet to start using it in products, and no estimate of when it might become available, company spokesman Yo Takahashi said Monday. But Takahashi confirmed data transmission through the body is possible at broadband speeds. Attached to a PDA, the device reportedly developed can transmit weak electrical signals using human bodies as circuits instead of wire. http://www.cnn.com/2002/TECH/ptech/10/07/wirelesstouch.ap/index.html - - - - - - - - Security Tools in Linux Distributions - Part 2 In part one of this article, I talked about some of the different methods you could use to monitor your system, focusing on those included in Red Hat 7.3. Now, we move on to the SuSE distribution. SuSE 8.0's installation program allows the software packages to be viewed as groups or as package sets. To make things easier, one package application group is called security. The only hardening or monitoring tools installed by default is tcp_wrappers. http://www.linuxjournal.com/article.php?sid=6362 Security Tools in Linux Distributions - Part 1 http://www.linuxjournal.com/article.php?sid=6361 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.