October 25, 2002 Blogger.com survives hack attack update Pyra sparked up its popular Blogger.com site Friday after shutting it down earlier in the day in response to a hacker attack. The hack compromised individual accounts, locking out site users from their blogs. Pyra has taken the machine that was compromised offline and restored the Blogger site from its redundant servers, said Jason Shellen, the company's director of business development. Users whose accounts were compromised should be able to access them again,he said. http://zdnet.com.com/2100-1105-963375.html http://news.com.com/2100-1001-963375.html http://www.msnbc.com/news/826085.asp - - - - - - - - Monday's Attack On Internet Was First Of Two Monday's distributed denial of service (DDOS) attack on the Internet's 13 root domain name servers was the first of two attacks that day, both successfully repelled, the Washington Post reported. The second DDOS attack started at about 11 pm Eastern time, and targeted the name servers for Internet top-level domains including .com, .biz, .info and country-code domains such as .uk for Great Britain and .ca for Canada, the newspaper said. http://www.internetwk.com/story/INW20021024S0005 Under attack! Attackers failed this week in an attempt to cripple the computers that serve as the address books for the Internet; don't feel bad if you didn't notice. A so-called distributed denial-of-service attack sent a barrage of data at the 13 domain-name service root servers on Monday. Traffic from several Internet service providers has been slightly delayed, but because the domain name system, or DNS, is spread out, and because the 13 root servers are the last resort for address searches, the attack had almost no effect on the Internet itself. http://zdnet.com.com/2100-1105-963306.html http://news.com.com/2100-1001-963306.html - - - - - - - - Warning over e-card spam scam Security companies are warning of an e-card company that downloads a spamming application onto visitors' PCs. An e-card outfit has been accused of using a dubious social engineering trick to lure users into spamming all the contacts in their Outlook address book. FriendGreetings.com has been sending out emails containing a link to its site. When a user clicks on it, they are invited to install an ActiveX control in order to view their e-card. http://news.zdnet.co.uk/story/0,,t269-s2124528,00.html Guerilla marketing tactics spawn viral fears http://www.theregister.co.uk/content/6/27794.html - - - - - - - - Spanish Net Law Sparks Protest Times have been hard for Georgeos Diaz- Montexano's online course in Egyptian hieroglyphics. One student in two years and $12 in tuition. But Diaz-Montexano pulled the plug on what he calls the world's only Spanish-language Egyptology site for a different reason: fears of hassle or a hefty fine under Spain's new law regulating cyberspace. http://www.wired.com/news/culture/0,1284,56021,00.html - - - - - - - - NIST sets security checkup standards Federal agencies get their first peek Monday at proposed guidelines that, by spring, will begin to standardize the testing of systems security. The National Institute of Standards and Technology developed the guidelines, to be posted Monday at csrc.nist.gov. Special Publication 800-37 lays out instructions for a security checkup. It is the first in a three-part series designed to bring consistency to certifying and accrediting systems security. NIST will accept public comments on 800-37 for three months. http://www.gcn.com/vol1_no1/daily-updates/20332-1.html - - - - - - - - VA centralizes security control The Department of Veterans Affairs will consolidate its systems security management and budget within the department's Office of the Chief Information Officer. Starting Nov. 1, all information security policy and operations at the VA will operate out of the CIO office, said Bruce Brody, VA's associate deputy assistant secretary for cybersecurity. He was speaking Oct. 24 at a breakfast sponsored by the Bethesda, Md., chapter of AFCEA International Inc. http://www.fcw.com/fcw/articles/2002/1021/web-security-10-25-02.asp - - - - - - - - E-card slimeware delivers pr0n It's no coincidence that one of the most recent Trojan horse programs to enter the FBI's bi-weekly rogues gallery of malicious code is named after an Internet porn company. The program, dubbed "Cytron" by the bureau's National Infrastructure Protection Center (NIPC) and some anti-virus vendors, is a covertbrowser plug-in that gives Internet Explorer users something they probably don't want: more pop-up ads, promoting a slew of adult websites. http://www.theregister.co.uk/content/55/27782.html http://www.msnbc.com/news/826033.asp - - - - - - - - Kerberos bug bites A flaw has been identified in certain implementations of the widely used Kerberos authentication protocol. The flaw could be exploited by crackers to gain root access to authentication servers. The issue is serious, with at least one exploit known to exist in the wild, but there is a patch. All releases of MIT Kerberos 5, up to and including krb5-1.2.6, and all Kerberos 4 implementations derived from MIT Kerberos 4, including Cygnus Network Security (CNS), are affected by the high risk vulnerability. http://www.theregister.co.uk/content/55/27791.html - - - - - - - - Microsoft Patches Lingering Win XP Hole Workaround aims at critics who seek major- vulnerability fix independent of SP1. Microsoft has responded to criticism from users and quietly issued a software patch for a major security vulnerability in Windows XP, reversing its earlier stance that users must install Service Pack 1 to plug the hole. The security hole exists in the Windows XP Help and Support Center and affects the Microsoft Windows XP Home Edition, Professional, and 64-Bit Edition operating systems, according to information posted on Microsoft's product support Web site. http://www.pcworld.com/news/article/0,aid,106290,00.asp - - - - - - - - Closing spyware loopholes I have this terrible recurring nightmare. One night, there is a knock on the door and Bill Gates and Steve Ballmer are there. When I ask why, they reply, "We are here for your kidney. Don't you remember the contract you clicked on when you downloaded the beta version of Internet Explorer? Don't you read those things?" Fortunately, while "clickwrap" contracts are ubiquitous in the realm of e-commerce, a recent decision of a New York federal appeals court may limit how they are employed, even as it injects even more uncertainty into an already confused legal environment. http://www.theregister.co.uk/content/55/27787.html - - - - - - - - Why Hackers Don't Care About Wi-Fi Experts at war driving -- scanning communities for the existence of wireless networks that can be tapped -- routinely exchange location secrets and sniffing tips over the Web, the way gamers trade strategies for reaching new levels. Call them traditionalists, but breaching wireless networks apparently does not hold the same allure for hackers as wreaking havoc on closed systems via the wired Internet -- at least not so far. http://www.newsfactor.com/perl/story/19776.html - - - - - - - - Enhanced 911 calls still far from wide coverage Karla Gutierrez's car was sinking in a murky canal somewhere off the Florida Turnpike. "I'm not sure, I'm not sure where I am," Guttierrez told the 911 dispatcher. "Oh my God, oh my God, my car is sinking." Since she was calling from a cell phone, the dispatcher had no way to know where she was, either. Just 31/2 minutes into her 5:09 a.m. call, her phone went silent. http://www.usatoday.com/tech/news/techpolicy/2002-10-24-e911_x.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.