From: Mark Neely <[EMAIL PROTECTED]> - - - - - - - - - - - - - - - - - - - - Net-Alert 5 November 1999 If you have any questions, comments or other feedback concerning Net-Alert articles, contact the Editor at <mailto:[EMAIL PROTECTED]> Previous editions of Net-Alert are available at http://www.onelist.com/archive/net-alert Subscription and unsubscription details are available at the end of this newsletter. ____________________ Contents: ## Protecting electronic documents ## Chain letter, hoax and online fraud resource ## Copycat viruses on the rise ## How anonymous are anonymous Web services? ## RealNetwork privacy shock ## Security practitioners fight back ## Test your PC's defences ## Free anti-virus software ## Messaging a new generation ____________________ Protecting electronic documents Distributing documents electronically has always been problematical - you never know where they might turn up or whether they could be altered along the way. Infraworks Corp. thinks it has the solution. Their InTether software allows document authors to impose access limitations on their electronic documentation which apply long after the document leaves their PC. This includes restricting the ability to copy, share or print documents. Unfortunately the system appears to use a proprietary document format that mandates the use of a (free) reader program to access and view secured files. Still, it may catch on - there were doubts about the proprietary Adobe PDF format too! The company seems to be quite security conscious. Their Web site also offers two other utilities of interest: The Sanitizer, which "eliminates all traces of data from hard drives prior to resale, lease return, donation, or disposal" and Shredder, which "ensures that all deleted files are overwritten and completely unrecoverable." URL - Infraworks Corp http://www.infraworks.com/ ____________________ Good chain letter, hoax and online fraud resource Chain letters, hoax email, fraudlent share promotions and scams are on the rise, if the amount of junk that I've received in my email box in the last few weeks is anything to go by. Marcus Zillman, a Net-Alert subscriber, hosts and produces a weekly TV program titled "Internet 101". In addition to offering streaming versions of his show, his Web site also has an extensive list of hoax, spam and fraud links. Worth checking out. URLs - Internet-101 http://internet-101.com/ Hoax, Myth, Fraud, Chain Letter and Anti-Spam Sites http://www.internet-101.com/hoax/ ____________________ Copycat viruses on the rise As predicted in earlier issues, the number of "copycat" viruses based on the Melissa macro virus is also on the rise. In the past, macro viruses were largely spread using wordprocessing documents as hosts. However, some of the new, copycat strains are designed to infect other types of commonly shared files, including spreadsheets. In fact, a recently discovered macro virus, P98M/Corner (thought to be a "proof of concept" virus as it is fairly benign), is capable of infecting both Microsoft Word and Microsoft Project files (an odd combination!). On the trojan horse front, the PrettyPark or W32/Pretty.Worm trojan appears to be the flavour of the month. It replicates by sending copies of itself (PrettyPark.exe) via email to all the addresses recorded in the address book of the infected PC. URLs - W97M.Melissa.u http://vil.mcafee.com/vil/vm10385.asp W97M/Melissa.v http://vil.mcafee.com/vil/vm10386.asp VBS/Freelink http://www.mcafee.com/viruses/freelink/default.asp W97M_MICHAEL.KBD http://www.trendmicro.com.au/vinfo/w97m_michael.htm W2KM_IRCJACK.A http://www.trendmicro.com.au/vinfo/w2km_ircjack.htm PrettyPark http://www.mcafee.com/viruses/prettypark/default.asp P98M/Corner http://www.datafellows.com/news/1999/19991026.htm ____________________ How anonymous are anonymous Web services? As you move from one Web site to the next, the destination Web site is able to capture certain details about you, including your IP address, the type of Web browser and Operating System that you are using, and the address of the Web site that you were visiting immediately before arriving at the Web site. For a demonstration of this, see WhoRU? (URL below) A number of Web sites offer anonymous Web browsing services. While they all position themselves differently, they essentially all work in the same way: you visit the "anonymising" Web site and, using that site, request access to your destination Web site. The anonymizing service, acting as a kind of proxy, contacts the destination Web site and downloads the information, displaying it in your Web browser. In doing so, the destination Web site is unable to see who is accessing its site, or collect the usual identifying details. Such services work well. Well, they work reasonably well. Richard Smith, President of Phar Lap software and a "guerilla privacy" expert (credited with helping track the author of the Melissa virus by uncovering Microsoft's "clandestine" user-identification scheme), conducted a series of tests on several anonymizing services and found that there were a few problems. For more details, see his report. URLs - WhoRU? http://jshelper.pharlap.com/netdiags/wru.htm Richard Smith - Problems with Web Anonymzing Services http://www.tiac.net/users/smiths/anon/anonprob.htm Lucent Personalized Web Assistant http://www.bell-labs.com/project/lpwa/ Anonymouse http://www.in.tum.de/~pircher/anonymouse/ IDZap http://www.idzap.com/ Crowds http://www.research.att.com/projects/crowds/ Anonymizer http://www.anonymizer.com ____________________ RealNetwork privacy shock It seems Richard Smith (see previous article) has been quite busy of late. Smith recently discovered that RealNetwork's free RealJukebox software, which is used on over 12 million PCs around the world to listen to and make copies of music from CDs, secretly monitors details of each user's music preferences and sends the details, including the user's email address, back to RealNetwork in an encrypted form. Although RealNetworks publishes a Privacy Statement on its Web site, it made no mention of this monitoring, nor is it mentioned during the software installation. The Privacy Statement has since been changed, with RealNetworks stating that it monitors this information "to understand the interests and needs of our users so we can offer valuable personalised services." RealNetwork have now published a patch for their software. URL - The RealJukeBox monitoring system http://www.tiac.net/users/smiths/privacy/realjb.htm ____________________ Security practitioners fight back I have mentioned the risks posed by co-ordinated hacker attacks in past issues of Net-Alert. A single user attempting to break into a computer from a single IP address is fairly easy to detect. But when there are multiple users, spread around the globe, each using different techniques in a co-ordinated fashion to attempt to crack a computer's security, then that is both hard to detect and combat. A recent security incident that affected hundreds of sites demonstrates that security practitioners can fightback when faced with co-ordinated attacks. Over 300 individuals contributed to the detection of an Internet-wide Trojan Horse attack, called RingZero, and managed to shut down a Russian-based Web site that was collecting data gathered during the attack. URL - SANS Advisory http://www.sans.org/newlook/resources/flashadv.htm ____________________ Test your PC's defences Steve Gibson, author of the well-known SpinRite hard disk utility software, has published a very useful Web tool for Windows users. When you connect to Gibson's Shields Up! Web site, it will deploy a number of probes to test your PC's defences from Internet-based attacks and then report back on what it found. The test is safe and non-intrusive - no changes are made to your computer. The site features a number of tutorials explaining specific security weaknesses that may be detected and how they can be remedied. URL - Shields Up! http://grc.com/x/ne.dll?bh0bkyd2 ____________________ Free anti-virus software Microsoft Corp. has joined forces with a number of anti-virus product vendors to offer customers access to free, fully functional 90-day trial copies of a number of anti-virus programs in order to stem the potential damage caused by viruses designed to take advantage of the potential chaos caused at the turn of the new year. The free downloads will be available until December 31 1999. URL - Microsoft download site http://www.microsoft.com/y2k/antivirus/AntiVirus.htm ____________________ Messaging a new generation Keo, headed by French artist Jean-Marc Philippe, plans to launch a satellite containing messages from around the world into space, where it will stay in orbit for 50 000 years before descending back to Earth. An open invitation to participate has been issued to the world's population. You can use the Keo Web site to find out more about the project and submit your message (maximum of 4 pages). URL - Keo Project http://www.keo.org ____________________ Send a copy of Net-Alert to a friend. Forwarding this newsletter to friends and colleagues is encouraged, providing the message is forwarded in its entirety, including the copyright notice. ____________________ If you received this copy of Net-Alert from a friend, you can subscribe by visiting the following URL: http://www.onelist.com/subscribe/net-alert or by sending a blank email to [EMAIL PROTECTED] To UNSUBSCRIBE, send a blank email to [EMAIL PROTECTED] ____________________ Net-Alert is copyright (c) Mark Neely 1999. Forwarding this message to friends and colleagues is encouraged, providing the message is forwarded in its entirety, including this copyright notice. - - - - - - - - - - - - - - - - - - - - --------------------------- ONElist Sponsor ---------------------------- Thinking about putting your business on the Web? MindSpring Biz has helped over 100,000 businesses get their .com. Join MindSpring Biz and save $50! <a href=" http://clickme.onelist.com/ad/mindspring4 ">Click Here</a> ------------------------------------------------------------------------
