News Pages - Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 |





Links page

Contact Us!

Privacy & Security News July 2001

California hack points to possible IT surveillance threat
The revelation that hackers broke into computer systems owned by California's primary electric power grid operator and remained undetected for 17 days this spring highlights a growing concern of federal officials that such intrusions could be part of long-term intelligence-gathering activities. ComputerWorld

Third of U.S. Employees' Web Use Monitored - Study
WASHINGTON (Reuters) - More than one-third of U.S. employees who browse the Web and use e-mail at work have their Internet use systematically monitored by their employers, a privacy group said on Monday.
The Privacy Foundation found employee monitoring to be growing rapidly, spurred by the cheap price of surveillance software and concerns about productivity and sexual-harassment liability. Daily News

ERASER (Free Software)
Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
The patterns used for overwriting are based on Peter Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" and they are selected to effectively remove magnetic remnants from the hard drive. Click Download

Creative Labs sound cards have been spying on 20 million users
Irate users are accusing Creative Labs, the maker of popular soundcards and music players, of spying on them. The dispute revolves around a piece of software called newsupd.exe, installed with the software that comes with most Creative products, which many users say is connecting to the Internet without their authorization and relaying data secretly back to Creative servers. Security News Portal

Overview of Triangle Boy Network (UPDATE)
Please see figures (1) and (2) for reference. Figure (1) shows the basic SafeWeb network topology, while figure (2) shows how triangle boy (TB) prevents blocking of the SafeWeb service.
Corporations, governments, and other entities can (and frequently do) act as gatekeepers of the Web by blocking access to certain sites that they deem "inappropriate," "offensive," or "objectionable." Triangle Boy

Technology: Want to surf the Web anonymously? The CIA will help
A California software developer is offering a free Internet service to bring back the halcyon days of anonymous surfing, allowing Net users to evade Web bugs designed to spy on them and to get around programs that employers use to track what workers are doing online. NandoTimes

Have you been smart tagged? WinXP IE6 has a little list (How it Works)
Recent builds of the Internet Explorer 6 beta have included the IE implementation of Microsoft's smart tag technology, prompting choruses of disapproval from the media. Which is of course understandable - smart tag technology parses its way through a web page, underlines the words it's been pre-programmed to react to, and inserts its own hyperlinks. The Register

Does Europe Covet Own Echelon?
BRUSSELS, Belgium -- Maurizio Turco, an Italian member of the European Parliament, shook up the last scheduled meeting of the temporary committee investigating the Echelon interception system in more ways than one Wednesday afternoon.
Turco, who describes himself as a "radical," charged that the committee's year-long investigation may have raised international awareness about the satellite-based surveillance system, but it was in effect nothing more than a smokescreen. Wired

Some Free AOL IM Tools

Can Privacy Rights Survive?
When it comes to privacy, ever more intrusive collection technologies are being rolled out, such as online tracking mechanisms, spyware, face recognition systems, location tracking devices and even thermal imaging, a Senate Commerce Committee panel was told today.
And, Jason Catlett, president of and a visiting fellow at the Kennedy School of Government at Harvard, said in a written statement that "advances in 'cloaking' technologies are always outstripped by advances in collection technologies, both in capabilities and degree of adoption." Internet News

DoubleClick Reworks Privacy Policy
Online advertising giant DoubleClick, which last year faced controversy over its privacy policies and practices, has a new version of the document that started it all. Internet News

Privacy Debate Swirls Around iTV Advertising
As interactive TV firms beef up their efforts to develop advertising on the new medium, one consumer group is voicing concerns about the privacy ramifications.
On Tuesday, the Washington, D.C.-based Center for Digital Democracy released a report criticizing iTV providers' targeted marketing efforts.
The nonprofit's report, entitled "TV That Watches You: The Prying Eyes of Interactive Television," maintains that through tracked, addressable set-top boxes, personal video recorders and other devices, consumers will be as traceable as they are on the Internet -- and perhaps more so. Internet News

Amazon Wins Privacy Victory won a major victory today when the Federal Trade Commission rejected a petition from privacy advocates claiming that Amazon violated the law by making changes in its privacy policy last year.
In a letter to President Jason Catlett and Marc Rotenberg, president of the Electronic Privacy Information Center, FTC Consumer Protection Director Jodie Bernstein wrote that its staff believes that Amazon's revised privacy policy "does not materially conflict with representations Amazon made in its previous privacy policy and that it likely has not violated Section 5 of the FTC Act." Internet News

Trial Date Set in DoubleClick Case
Alley-based DoubleClick likely will be heading to court in January, over alleged abuses of its "cookie" policies.
On Wednesday, lawyers for California resident Hariett Judnick received word from state Judge Lynn O'Malley Taylor approving a January 2002 trial date -- despite DoubleClick's earlier efforts to have the case thrown out.Internet News

Amazon Dodges Another Bullet (NASDAQ:AMZN) dodged another FTC probe today when the agency's staff concluded that although the online retailer likely engaged in some deceptive business practices regarding the privacy of users of its Alexa service, no enforcement action is contemplated.
The mistake occurred when Amazon said that it did not keep personally identifiable information in Alexa's database of surfing patterns, the FTC said in a recent letter to Amazon's lawyers. The letter was signed by C. Lee Peeler, associate director of the Federal Trade Commission's Division of Advertising Practices. Internet News

Default Vulnerability Discovered in W2K SMTP Service
Friday, July 06, 2001 � Microsoft Corp. Thursday night issued a fix to patch a new vulnerability that could give an attacker user-level privileges on Windows 2000 systems running its Simple Mail Transfer Protocol (SMTP) service.
SMTP is installed by default along with IIS 5.0 on Windows 2000 Server systems. SMTP can be installed on Windows 2000 Professional systems, as well. ENT online

Hacker posts code to exploit MS bug
A Japanese hacker has posted a program on the Net giving attackers complete control of servers running Microsoft's popular Web server software. Experts say patch early and often. ZDnet

Microsoft Could Hold Passport to Net
The Internet is by its nature adaptive, chaotic and creative, a virtual territory that no one owns and with no central point of control. Could Microsoft change that?
The software giant's competitors think so. Rivals are marshalling arguments to influence upcoming settlement talks with the government and block Microsoft from becoming a de facto centralized power on the Internet. Yahoo Newss

Hole found in Check Point's FireWall-1 and VPN-1
A vulnerability in Check Point Software Technologies' Firewall-1 and VPN-1 firewalls may allow intruders to tunnel illegitimate traffic into or out of corporate networks. NWfusion

Security concerns prompt Safe Harbor site changes
Security concerns prompted a U.S. government agency to remove two features from its Web site designed to aid the flow of personal information and commerce between the U.S. and the European Union, according to a notice posted on the site. NW fusion

Study: Monitoring of employee e-mail, Web use escalates
According to a study released today by the Denver-based Privacy Foundation, 14 million employees, or just over one-third of the online workforce in the U.S., have their Internet or e-mail use monitored by their employers.
Worldwide, the number of employees under such surveillance is about 27 million, the study reports. NW fusion

A Security Warning for Windows 2000
Microsoft Corp. has issued a security bulletin for Windows 2000 users and a patch to resolve a flaw that could allow a malicious user to authenticate to the service using improper credentials for e-mail relaying.
The company said that an SMTP service installs by default as part of Windows 2000 server products, and can be selected for installation on Windows 2000 Professional. The flaw could allow an unauthorized user to authenticate to the service using incorrect credentials. An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server, Microsoft said.
The patch is available here.    Story at Internet News

Time Cover Story: Internet Insecurity
The identity thieves are out there � and someone could be spying on you. Why your privacy on the net is at risk, and what you can do Time Magazine

CIA Official: Hackers Are Too Fast
WASHINGTON (AP) - The CIA cannot predict computer attacks on U.S. systems before they happen, as the agency is expected to do with political and military events, a top CIA official told Congress on Thursday.
Despite a major increase in intelligence efforts dedicated to computer security, attackers still develop new tools and techniques faster than the CIA can keep up, Lawrence K. Gershwin said. ITtoolBox

Foistware: New Net, Inc. (NewDotNet) DLL
NewDotNet is company that sells domain names for "nonstandard" top-level domains such as .free, .porn and .shop. While several such nonstandard TLDs are currently implemented by a number of organizations and under consideration by ICANN, this particular implementation smacks of an attempt to overthrow more legitimate pioneers of alternate domain-names (e.g. OpenNIC, AlterNIC) for a quick buck. The multiple systems offering the alternate TLDs will ultimately result in widespread namespace overlap, meaning that multiple sites can be using the exact same address, and what site comes up when you enter, say,, will depend on whose DNS server gets queried first! (As if the lawyers aren't having a field day with domain-name registrations already...)
Infection method:
The NewDotNet software is surreptitiously bundled with unrelated software and ISP setup utilities in typical Foistware fashion. This software consists of a browser "plug-in" DLL (e.g. newdotnet2_78.dll), which is placed in the user's Windows folder. The file is normally placed in C:\Windows\ and run silently at start-up (via Rundll32) by a Run key placed in the Windows registry. According to the NewDotNet Web site, a New Net affiliate gets 5 cents for each system the plugin is successfully installed on. See Warning Bottom of their page

Document Tracker Features: allows you to keep tabs on your documents once you have released them to the world.

  • Know exactly when someone looks at your documents.
  • Know how many times your documents are viewed.
  • Know from where your documents are being viewed (by IP address).
    Practical uses:
  • Resumes - know if and when your resumes are looked at.
  • Internal, confidential documents - track your internal documents and know when they are leaked outside of your organization.
  • Press Releases - watch your press releases and better understand your companies PR.
    A new twist on the old Web Bug Story.. Check it out..

    Default Vulnerability Discovered in W2K SMTP Service
    Microsoft Corp. Thursday night issued a fix to patch a new vulnerability that could give an attacker user-level privileges on Windows 2000 systems running its Simple Mail Transfer Protocol (SMTP) service.
    SMTP is installed by default along with IIS 5.0 on Windows 2000 Server systems. SMTP can be installed on Windows 2000 Professional systems, as well. Here

    Will Big Brother Track You By Cell Phone?
    The FCC requires cell phone companies to track you, in order to find you when you call 911--but what about your privacy?
    Your next cell phone may be able to tell your mobile carrier--and possibly others--exactly where you are and where you've been. Starting in October, new cell phones will contain Global Positioning System units for use with location services offering emergency help, traffic and shopping aids, and more. PC World

    Should a Web Site's Privacy Policy be Set by Law?
    Tech leaders say they want the flexibility to write their own, but Congress leans otherwise.
    WASHINGTON, D.C. -- Respecting customers' privacy doesn't have to be the law, it's simply good business, some dot-com executives say. But a Congressional subcommittee is concerned about the less-conscientious companies. PC World

    Windows XP Is Nosy, Privacy Groups Complain
    Advocacy groups urge FTC to force Microsoft to change Windows XP, possibly delaying launch. As they threatened, a handful of consumer advocacy and privacy organizations have asked the Federal Trade Commission to force changes in Microsoft Windows XP that could delay the product's release.
    The groups are concerned that Microsoft's Passport authentication system has "the potential to track, profile and monitor users of the Internet ... [with] far-reaching and profound implications for privacy," according to the formal complaint, filed Thursday. PC World

    Nation's Cybercops Criticized
    Just days after the Code Red Worm crawls toward the White House, a Senate committee complains.
    WASHINGTON -- As the Code Red worm lies dormant awaiting its next attack, the federal agency that is supposed to protect the nation against cyberterrorism took heat for not doing its job. PC World

    FBI Required to Report on E-Mail Wiretaps
    Use of the controversial monitoring system formerly known as Carnivore must be detailed, Congress says.
    The U.S. House of Representatives passed a measure on Monday that would require the Federal Bureau of Investigation to report how it uses the controversial e-mail wiretap system formerly known as Carnivore.
    Although the bill places no restrictions on how the FBI could use its monitoring system, now known as DCS1000, it would require the federal law-enforcement agency to provide a detailed report every year on how it was used. PC World

    Russian Adobe Hacker Busted
    LAS VEGAS -- FBI agents have arrested a Russian programmer for giving away software that removes the restrictions on encrypted Adobe Acrobat files.
    Dmitry Sklyarov, a lead programmer for Russian software company ElcomSoft, was visiting the United States for the annual Defcon hacker convention, where he gave a talk on the often-flawed security of e-books.
    This would be the second known prosecution under the criminal sections of the controversial Digital Millennium Copyright Act, (DMCA) which took effect last year and makes it a crime to "manufacture" products that circumvent copy protection safeguards. Wired News

    Rallies planned for arrested hacker
    LOS ANGELES, California (Reuters) -- The arrest this week of a 26-year-old Russian software programmer accused of violating U.S. copyright law has sparked protests and pledges of support from a wide range of free speech advocates, defense lawyers and consumer groups.
    Dmitry Sklyarov, who was arrested on Monday in Las Vegas after a major hacker convention there, is the first person to be prosecuted under the controversial 1998 Digital Millennium Copyright Act, federal law enforcement officials said.

    Hacker supporters ask Adobe to aid in defense
    SAN FRANCISCO, California (Reuters) -- Supporters of a jailed Russian software programmer called for Adobe Systems Inc. Wednesday to contribute to a legal defense fund. "Adobe made the mess so they should help clean it up," said Don Marti, an organizer for the Coalition to Free Dmitry. "I think it would be an opportunity for Adobe to put their money where their mouth is," said Robin Gross, an attorney at the Electronic Frontier Foundation. CNN

    Protest Prompts Adobe to Drop Charges
    Programmer's release likely, so next target is reviled copyright law.
    Adobe has dropped charges against a Russian programmer arrested for copyright infringement of its products, but the incident has nevertheless reinvigorated opposition to a digital-rights law that affects all PC users. PC World

    Double Trouble: Code Red and Sircam Plagues Continue
    Computer users face high-profile threats from multiple sources
    Computer users continue to face attacks on two fronts as the impersonal Code Red worm persists in infecting Web servers and the extremely personal Sircam virus keeps replicating in e-mail in-boxes worldwide.
    Code Red doesn't directly attack PCs, but it has the potential to impact online access and Web site performance, according to security experts who have seen more than 200,000 additional Web servers hit by the latest round of Code Red infestation.
    During the first wave, which began in mid-July, the worm infected about 250,000 servers running Microsoft's Internet Information Service software. Code Red's wild card is what will happen when it is due to switch to attack mode on August 20. PC World

    Consumers Are Key to Privacy Protection
    Government and industry officials still disagree over regulation of online privacy, but agree that users need knowledge. WASHINGTON, D.C. -- When it comes to regulating online privacy protection, there seems to be only one thing that everyone here on Capitol Hill can agree on: Consumers need to be better informed. PC World

    Win2K becomes a spam relay
    A flaw in the Win-2K SMTP (Simple Mail Transfer Protocol) authentication scheme allows unauthorized users to access the system using bogus credentials and bounce spam and death threats off unwitting users' machines with impunity. The Register

    Read your firewall logs!
    Installing a firewall, configuring its rule-set, and letting it pass or deny traffic is not good enough. You also need to continuously monitor your firewall's log files. By reviewing your firewall logs, you can determine whether new IP addresses are trying to probe your network, and whether you want to write new and stronger firewall rules to block them, or trace the probes and take some sort of management action. ZDnet

    Privacy: Win XP activation 'innocuous'
    A German copy-protection company has published details of Microsoft's technology for preventing casual copying of Windows XP but concluded the technology allows for reasonable upgrades and doesn't threaten customers' privacy.
    "We contribute technical facts to a discussion that is currently characterized by uncertainty and speculation about XP," Thomas Lopatic, chief technology officer for the company and an active member of the security community, said in a statement.
    Microsoft's product-activation technology--included in the new Office XP software package and slated to appear in the new Windows XP operating system--requires people to activate their PC online or by telephone to continue using the software. It has attracted criticism from both privacy advocates and customers. ZDnet

    Can Privacy Rights Survive?
    When it comes to privacy, ever more intrusive collection technologies are being rolled out, such as online tracking mechanisms, spyware, face recognition systems, location tracking devices and even thermal imaging, a Senate Commerce Committee panel was told today.
    And, Jason Catlett, president of and a visiting fellow at the Kennedy School of Government at Harvard, said in a written statement that "advances in 'cloaking' technologies are always outstripped by advances in collection technologies, both in capabilities and degree of adoption."
    Also today, the American Civil Liberties Union and House Majority Leader Dick Armey, R-TX, issued a joint statement calling on all state and local governments to stop using cameras and the Internet to intrude on citizens before privacy in America "is so diminished that it becomes nothing more than a fond memory." Internet News

    U.S. government wants a few good hackers
    LAS VEGAS--We're from the government and we want you to help us.
    That was the message from a seven-member "Meet the Fed" panel, where government officials answered the questions of a roomful of hackers at the Def Con conference here Saturday. Including members of law enforcement, a congressman and security experts, the panel illuminated the problems the government has in securing systems and appealed to hackers not to make it any harder--both to help the government and to help themselves. Cnet

    Half of U.S. Broadband Users Unprotected
    Are you practically begging hackers and Internet thieves to attack?
    Up to half of U.S. broadband users are leaving themselves wide open to attack by Internet thieves and hackers. Why? Because subscribers to "always on" Net connections aren't using any protection--like a firewall or antivirus software--to keep the black hats from gaining access to their PCs. PC World

    Cable internet security blown wide open
    Millions of people accessing the internet through broadband cable connections risk having their computers taken over by malicious hackers, can exclusively reveal.
    Israeli Security Company Checkpoint revealed today that the devastating security vulnerability is caused by the shared architecture of the data channel that carries internet traffic within cable companies' fibre networks. This means groups of subscribers share a single cable connecting them to the local neighbourhood node. Each subscriber's signal is multiplexed on to this single cable by frequency division multiplexing (FDM). VNUnet Technology News

    "Jam Echelon Day" doomed to failure, say experts
    Activists are planning an international day of protest. Their aim? To jam Echelon. But privacy experts warn that "trigger words" will not outsmart the global surveillance system.
    A group of Internet activists are hoping to bring attention to the US-led communications spy network, on 21 October, with a "Jam Echelon Day", but privacy experts are certain that the protests will have a minimal effect on the sophisticated surveillance system. ZDnet


    W32-Leaves.worm Exploits Compromised PCs
    The W32-Leaves.worm apparently seeks out PCs compromised with the SubSeven trojan, plants additional code onto the machines and synchronizes their internal clocks with the US Naval Observatory clock, leading experts to surmise crackers are preparing the machines to launch a distributed denial-of-service attack. Cnet NIPC

    Sprint Denial-of-Service Attack
    Sprint officials confirmed that the company's network was hit with a "low-impact" denial of service attack. Engineers contacted the Internet service providers (ISPs) where the attacking addresses originated, and the ISPs blocked those addresses. Computer World

    Microsoft Windows Function Affects Norton Anti-Virus
    Changing the value of the registry key NAV 2001 disables Norton Anti- Virus, according to Peter Kruse of Scandinavian telco Telia. Symantec maintains that the problem affects only the on-demand scanner and not AutoProtect, but plans to change the way its anti-virus product uses PC registries.
    Note: This widely reported story is completely specious. Being able to change a Registry key in Windows systems to disable some function or executable is commonplace. If anything, it represents a weakness in Windows systems, not a weakness in any program. This is not Symantec's problem at all. [Sometime you should ask me about the Norton's Utilities problems created by the (Mijenix/OnTrack) Fix-It program..]

    Vendor Group to Coordinate Vulnerability Reporting
    A coalition of security and other software vendors plans to form an industry group that will establish standards for reporting vulnerabilities. The group would disclose vulnerability and exploit information to members first, then to the public, and only after fixes are available. The proposed procedure raises the debate over vulnerability disclosure: some maintain it's best not to publicize security holes before a fix is available, while others contend immediate disclosure keeps vendors honest. ZDnet

    "Serious" Vulnerability In Check Point Firewalls
    A hole has been discovered that allows outsiders to snoop inside networks that are protected by Check Point Firewalls. The vulnerability exploits the fact that RDP packets traverse Check Point firewall gateways. Representatives of CERT/CC called the problem serious. Computer World Advisory Patch

    NSA's Windows 2000 Security Guides Have Moved
    Everyone who tried (and failed) to download NSA's Windows 2000 security guides will be happy to know the guides are now more fully available. There are five valuable inf files and sixteen guides (including the first update to the "Secure Configuration and Administration of IIS" guide) Here

    Security Vendors' Revenue Slows
    Financial results reported by ISS, Check Point, Symantec, Certicom, Watchguard and Baltimore disappointed analysts and caused stock prices to fall. Computer World

    Eli Lilly Exposes Customer E-Mail Addresses
    Eli Lilly and Co. mistakenly sent messages containing more than 600 e-mail addresses to customers of a reminder service. Many of the customers are taking medication for depression, bulimia, or obsessive- compulsive disorder. Washington Post

    Shopping Cart Software Flaw Still Prevalent
    Although a flaw in PDG shopping cart software has been public knowledge since April, some e-commerce sites still have not repaired the hole, leaving customer credit card data and merchant identification numbers available to crackers. Lists of vulnerable sites have been appearing in chat rooms. MSNBC

    Canada Aims for Secure E-Government
    The Canadian government hopes to have its on line network running by 2004. They hope to allow Canadian citizens to pay their taxes, apply for benefits and conduct other government business on line with assured privacy and security. Here

    The Serious Underbelly of Cyber Attacks
    High profile cyber crimes like defacements and denial-of-service attacks distract from the greater threats of backdoors and cryptoviruses, say information warfare specialists. Wired

    Crackers May Have Tested Distributed Spamming
    Crackers have apparently used a worm-generating tool to create a program that turns infected PCs into zombie spammers. ZDnet
    Note: This represents an extremely serious threat in that virtually everyone who downloads e-mail could potentially (and unwittingly) be turned into a spammer. This reinforces the need for virus walls at network gateways as well as other measures.

    Firewall Appliances Outsold Software Firewalls In 2000
    IDC reports that, for the first time, more money was spent on pre- configured hardware firewalls than on software firewalls in 2000. Lack of trained staff to monitor and configure the software firewalls has led to the switch, according to IDC.

    Visa Announces Authentication Specs
    Visa International, Inc. has announced technical specifications for payment authentication services. The 3-D Secure 1.0 specifications will allow e-merchants to use their own processing systems while establishing a connection between customers, card issuers, and themselves to authenticate transactions. Computer World

    Breaking News:
    New "Code Red" worm is spreading rapidly through systems running Microsoft IIS. Both ISS 4.0 and 5.0 are affected. CRN Defaced
    The web site was defaced on Friday morning. The site was taken off line immediately. It was brought back up Sunday evening. Forensic analysis is ongoing. MSNBC
    Note: This has been a startling reminder of just how devastating an Internet attack can be. Every single program and setting has to be reviewed and in many cases, redesigned so that they can safely operate, not just in today's attacks, but also in the face of the threat level we will experience two years down the road. Some services may not be available for days.
    SANS Note: Though we would have greatly preferred not to have been attacked, the subsequent analysis is reaping far more fruit than we expected or hoped. We will provide a complete report of the lessons learned. We are gratified and humbled by the outpouring of active, unsolicited assistance being provided by many of the most experienced people in security. It helps a lot!

    Leave Worm Variant Disguised as Microsoft Security Bulletin
    A variant of the W32-Leave worm is wending its way about the Internet pretending to be a Microsoft security bulletin. The worm, which affects only machines previously infected with the SubSeven Trojan, downloads components from web sites and could potentially be used to plant denial-of-service software on infected machines. Computers with current antivirus software and firewall protection should be safe from infection. Computer World

    Honeynet Expansion Planned
    The founders of the Honeynet project (that uses fake web sites to track and fingerprint attackers) are proposing mechanisms that will greatly expand the number of honeypots, making them more difficult for the attackers to recognize. Cnet
    Note: A few years ago you could track nearly all the sting sites but it's getting ever more difficult.

    New Mailing List To Improve Speed and Accuracy Of Security Bug Reports
    Three well-known vulnerability researchers, Rain Forest Puppy, Weld Pond, and Steve Manzuik, have formed a new vulnerability mailing list for reporting new vulnerabilities and threats. The new site, at is designed to improve both the timeliness and quality of bug reports over what has been provided by Bugtraq and NTBugtraq. News Byte

    Outlook E-Mail Vulnerability
    Georgi Guninski has reported an ActiveX control flaw in Outlook 98, 2000, and 2002 e-mail software that could allow an attacker to alter calendar information, delete e-mail, or run malicious code on the affected computer. Users can be exposed to the vulnerability either by viewing a specially crafted web page or by opening specially crafted HTML e-mail. Microsoft Corp. has issued a security bulletin, and a company security manager indicates that they would have preferred having had time to prepare a fix before the vulnerability became public knowledge. Computer World MSNBC Microsoft

    Microsoft Speaks Out On Raw Sockets
    Microsoft's Security Program Manager, Scott Culp, tells why he believes raw socket support is useful for effective security in Windows XP and why taking raw sockets out would not stop DDOS attacks. The interview was presented by the Register as a rebuttal to claims made by Windows guru Steve Gibson. The Register
    Note: Gibson does not "say necessary and sufficient," and as Culp suggests. He merely says useful, that it will so lower the cost that it will result in a dramatic increase.

    The I-Worm.Mari spreads, as many do, via Outlook address books when uses click on e-mail attachments. The worm does no harm to computers, but spreads a short polemic in favor of legalizing marijuana, and sets Internet Explorer's start page to Though the site asserts it has nothing to do with the worm, angry victims have launched denial of service attacks in retaliation. Wired

    Easing the Security Headache for Users
    Because security measures are generally tacked on after computer systems are designed, users often find them cumbersome and develop methods for bypassing permissions, virus filters, digital certificates and the like. Unfortunately, passwords on post-its and disabled filters undermine security. Computer World

    S1 Corp. Computer Intrusion
    Intruders who broke into a computer at web-based banking services company S1 Corp. may have been able to access sensitive customer data, according to one source. Federal law enforcement authorities are investigating. MSNBC

    Stopping Distributed Denial of Service Attack's
    Shawn McCarthy offers a brief tutorial on types of DDOS attacks and how your ISPs can help you counter them. GCN

    Bureaucrats Urge Legislators to Strengthen Cyber Security Oversight
    A panel of bureaucrats told the Joint Economic Committee that all the attention paid to defacements, hacking and other minor cyber threats distracts from the larger risk of cyber warfare launched by foreign governments. The panel urged the legislators to strengthen federal security oversight. GCN

    Research Report: How Americans Use The Internet
    The Pew Foundation Internet and American Life Foundation just released a study of the amount of time spent and the activities performed on the Internet. Also compares veteran Internet users with newcomers. Report

    If you or anyone you know has an IIS server, please get it patched, now! The patch is posted at: Yes this is a real Microsoft site

    INFORMATION SECURITY POLICIES MADE EASY V8 is a practical, easy-to-use reference tool offering 1100+ already-written security polices. Quickly customize these definitive, up-to-date security policies covering the latest threats and technologies -- saving thousands of hours and dollars. This is the most comprehensive collective of security policies available anywhere. Recently updated to help with HIPAA and GLBA regulations.
    Note: In order to obtain a Sample Policy you are required to provide your Full Name, Full Address, Telephone Number and Email Address. Read the Privacy Policy and decide for yourself.. If you just want to borrow mine, contact me.

    White House Averts Code Red Denial of Service Attack
    Thwarting the attempts of the Code Red worm to launch a denial of service attack against, system administrators moved the site to an alternate IP address. Code Red takes advantage of a known Microsoft IIS buffer overflow vulnerability and evades antivirus scanners because it runs entirely in memory. Computer World Cnet GCN CERT
    Note: This was the single most successful worm in a decade, and it used only professionally managed systems. In a week, it starts over again. Anyone want to assert that we have destroyed all of more than 200K copies? Anyone want to assert that it has exhausted the address space and that are simply no more systems for it to attack? How about that we have responded to the attack and finally gotten around to patching all the vulnerable systems?

    SirCam Worm
    The SirCam worm propagates via Outlook when users open infected attachments. The accompanying e-mail address will have a randomly chosen subject line and will add a document from the infected computer to the attachment, possibly exposing personal or proprietary information. The worm also plays a sort of roulette, which may result in all unused space on an infected machine's hard drive being filled with random text. It also may delete all files on an infected computer. NWFusion ZDnet Wired

    CIS Consensus Benchmark For Minimum Security Settings
    By developing a consensus minimum security benchmark and offering free testing tools, the Center for Internet Security (CIS) hopes to pressure vendors into releasing products that are securely configured. Gartner analyst John Pescatore observes that the CIS benchmark will be extremely valuable and an easy way to get an increase in security, versus just reading about threats. CIS is a consortium of 160 large businesses, government agencies and academic institutions in 17 countries. Internet Week Reuters

    Phony Microsoft Security Bulletins
    Two spurious Microsoft security bulletins trick people into infecting their machines with viruses; their attendant web sites have been shut down. ZDnet
    Note: I think I mentioned my definition of having the user do-it-to-himself as Social Engineering.. An old trick was "[email protected] or and then post it around the NGs and see who came caling..

    IDSes Require Fine-Tuning
    Federal security managers speaking at a conference about intrusion detection systems (IDSes) say there's a lot more to the systems than simply installing the boxes. You must know your network traffic patterns well enough to determine what is out of the ordinary and be careful not to set the threshold too low or you will flood your own system. Additionally, monitoring the IDS results can consume a lot of resources. GCN Note: "Setting the threshold too low" refers to a capability to adjust IDSs to either have more false alarms with the gain of fewer misses (detection failures) or have fewer false alarms with the gain of more misses. (Multiple*) Firewalls also require tuning and you have to know your security policy to install them effectively. The fact that any security system requires knowledge, skills, hard work, and tuning should not be a surprise. Sadly, federal agencies are asking people with little or no training to take responsibility for securing major systems. *Crash Crash and Burn Here Some Days!!

    FBI's Missing Laptops
    The FBI began tracking its laptops only last year. In the last 11 years, 184 of 13,000 laptops have disappeared; at least 13 were stolen and three contained sensitive or classified data. Legislators are unhappy, and Attorney General John Ashcroft has requested an inventory of Bureau laptops and other items. FCW

    Security Firm's Action Irresponsible, Say Critics eEye Digital security, the company that apparently discovered the Code Red worm, has been criticized by security experts for publishing exploit information that could potentially be used by crackers. Computer World

    CERT/CC Advisory for Home Users
    CERT/CC has issued a security alert urging home users to protect their computers with antivirus software, firewalls, and good practices. CERT
    Note: The CERT/CC bulletin is long overdue, but still useful. It is questionable, however, whether this bulletin will get to the people who need it most.

    Feds Meet with Hackers
    A panel of government officials spoke with hackers and voiced hopes that they will put their talents to good and ethical uses. ZDnet

    A Very Real and Present Threat to the Internet: July 31 Deadline For Action

    Summary: The Code Red Worm and mutations of the worm pose a continued and serious threat to Internet users. Immediate action is required to combat this threat. Users who have deployed software that is vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they have not done so already, a vital security patch.

    How Big Is The Problem? On July 19, the Code Red worm infected more than 250,000 systems in just 9 hours. The worm scans the Internet, identifies vulnerable systems, and infects these systems by installing itself. Each newly installed worm joins all the others causing the rate of scanning to grow rapidly. This uncontrolled growth in scanning directly decreases the speed of the Internet and can cause sporadic but widespread outages among all types of systems. Code Red is likely to start spreading again on July 31st, 2001 8:00 PM EDT and has mutated so that it may be even more dangerous. This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, email and entertainment.

    Who Must Act? Every organization or person who has Windows NT or Windows 2000 systems AND the IIS web server software may be vulnerable. IIS is installed automatically for many applications. If you are not certain, follow the instructions attached to determine whether you are running IIS 4.0 or 5.0. If you are using Windows 95, Windows 98, or Windows Me, there is no action that you need to take in response to this alert.

    What To Do If You Are Vulnerable?

    a. To rid your machine of the current worm, reboot your computer.
    b. To protect your system from re-infection: Install Microsoft's patch for the Code Red vulnerability problem: Windows NT version 4.0 Windows 2000 Professional, Server and Advanced Server
    Step-by-step instructions for these actions are posted at

    Microsoft's description of the patch and its installation, and the vulnerability it addresses is posted at: (cut and paste if required)
    Because of the importance of this threat, this alert is being made jointly by:
    The National Infrastructure Protection Center
    Federal Computer Incident Response Center (FedCIRC)
    Information Technology Association of America (ITAA)
    CERT Coordination Center
    SANS Institute
    Internet Security Systems
    Internet Security Alliance


    PacketStorm Security Site

    Index  About  Future  C-Dilla  Links page  Contact Us! 
    News Pages -  1 2 3 4 5 6 7 8 9

    Copyright � 1996-2004 by PrivacyandSpying Com