From: Mark Neely <[EMAIL PROTECTED]> - - - - - - - - - - - - - - - - - - - - Net-Alert April 22, 1999 If you have any questions, comments or other feedback concerning Net-Alert articles, contact the Editor at <mailto:[EMAIL PROTECTED]> Previous editions of Net-Alert are available at http://www.onelist.com/arcindex.cgi?listname=net-alert ____________________ Contents: ## CIH Virus to strike on April 26 ## eBay security concerns ## Terrorists are cyber-savvy ## Who's reading your email? ## Microsoft releases security patches for IE ____________________ CIH Virus to strike on April 26 ____________________ The CIH 1.2 virus (also known as W32.cih.spacefiller or W32/CIH) only infects Windows 95 and Windows 98 systems. It is a particularly nasty virus as it is capable of overwriting the Flash-BIOS - found on most modern computers and used to store important computer settings - which may leave the computer unusable. It is also capable of overwriting the hard disk with garbage. CIH is programmed to activate on the 26th of each month. Some variants are specifically programmed to trigger on April and June 26 in each year. All Windows 95/98 users are urged to check their systems for this virus. In recent times there have been catastrophic reports of CIH infection. However, in a somewhat ironic twist, due to the recent Melissa macro virus scare, the damage caused by this virus is likely to be minimal this time, due to the steps both home and corporate users took to protect themselves from viral infection at the height of the Melissa crisis. Data Fellows has released a free CIH scanner - F-CIH - which users can download to check for and eradicate this virus. URLs: DataFellows CIH Info site http://www.DataFellows.com/cih/ ____________________ eBay security concerns ____________________ A security hole has been identified in the popular Web-based auction site, eBay. The vulnerability involves the insertion of malicious javascript code as part of an auction item's description. When an eBay user places a bid for the item, the code sends his/her eBay username and password to the item's owner. Once these details are known, the perpetrator can pose as the victim, and take full control of his/her eBay account. This would allow the perpetrator to submit bids on his/her behalf and accept any bid made for the victim's items. URLs: Ebayla Bug explanation - http://www.because-we-can.com/ebayla/default.htm Wired article - http://www.wired.com/news/news/email/explode-infobeat/technolog y/story/19207.html ____________________ Terrorists are cyber-savvy ____________________ US government think-tank, the Rand Corporation, has released a report concluding that terrorists and terrorist activities are moving onto the Internet. While this should come as no surprise to anyone, the report does contain an interesting recommendation: that the US government should halt the modernisation of its computer and communications systems. The report's authors fear that the use of modern technology may be exposing the government to new risks, for which it is - at present - ill-prepared. The report's authors also fear that old-style terrorism, rooted in military confrontation and target destruction, may soon give way to information-based systemic "disruption". An interesting read. URls: Rand Corporation report - http://www.rand.org/publications/MR/MR989/MR989.pdf/ (only available in .pdf format) ____________________ Who's reading your email? ____________________ The American Management Association recently published the results of its 1998 survey of its 1000 members concerning their employee monitoring practices. It found: Two-thirds of respondent firms perform some sort of electronic monitoring or surveillance, but much of this includes simple security surveillance against intrusion or theft, or simple record-keeping of numbers called and time spent on the phone. A more accurate figure for employee monitoring via video or audio taping and/or storage and review of computer files (including electronic mail) is 43%, compared with 35% found in 1997. Few companies subject all employees to ongoing surveillance or monitoring; the greater share do routine checks on employees in identified positions. (p.3, Summary of Key Findings) Employers are increasingly worried about their exposure to law suits as a result of employee activities - including sexual harassment and defamation - as well as the ease with which electronic communications systems can be used to pilfer confidential or sensitive information. However, while these are certainly legitimate concerns for company management, it appears that few companies stop to consider the privacy implications of their monitoring. URL: American Management Association reports - http://www.amanet.org/research/reports.htm (only available in .pdf format) ____________________ Microsoft releases security patches for IE ____________________ Microsoft Corp. has released security patches to fix recently publicised security vulnerabilities in Internet Explorer versions 4.x and 5.x. More information is available at the Internet Explorer Security Updates Web site. When you visit the URL listed below, your copy of IE will be tested for the vulnerability. If your version requires the patch, download details will be displayed. URL: Internet Explorer Security Update - http://www.microsoft.com/windows/ie/security/mshtml.asp ____________________ If you received this copy of Net-Alerts from a friend, you can subscribe to Net-Alert by visiting the following URL: http://www.onelist.com/subscribe/net-alert ____________________ Net-Alert is copyright (c) Mark Neely 1999. Forwarding this message to friends and colleagues is encouraged, providing the message is forwarded in its entirety, including this copyright notice. - - - - - - - - - - - - - - - - - - - - ------------------------------------------------------------------------ Looking to expand your world? http://www.ONElist.com ONElist has over 115,000 e-mail communities from which to chose!
