_________________________________________________________________
London, Tuesday, April 02, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
IWS Sponsor
National Center for Manufacturing Sciences
http://www.ncms.org
host of the
InfraGard Manufacturing Industry Association
http://trust.ncms.org
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Past its Prime: Is Anti-Virus Scanning Obsolete?
[2] New antivirus software targets worm holes
[3] Old worms make like spring chickens
[4] A Mickey Mouse Bill
[5] Win-NT, 2K debug process gives up control
[6] Cumulative IE patch for malicious cookies
[7] U.S., Canada to Go After Spammers
[8] Nvidia engineer convicted of fraud
[9] Government trains cyberdefenders, but numbers still small
[10] Getting to the Root of All E-Mail
[11] Online Privacy Increasing, Study Says
[12] (UK) Privacy comes under attack
[13] DMCA case: Sklyarov employers in court
[14] FBI: Global police struggling with cybercrime
[15] Librarians Debate Internet Filters
[16] TruSecure Executives to Speak at Security Tour
[17] Nuclear security agency needs management improvements, panel says
_________________________________________________________________
News
_________________________________________________________________
[1] Past its Prime: Is Anti-Virus Scanning Obsolete?
by Paul Schmehl
The title and topic of this article is clearly controversial. It is
guaranteed to get a strong reaction from the anti-virus industry, which is
firmly convinced it sees clear sailing ahead. So, is anti-virus scanning
obsolete? In a word, yes - but don't throw out your scanner. Its replacement
hasn't been created yet. In this article we will examine the weaknesses of
virus scanning that will cause its eventual downfall.
Anti-virus scanning is based upon the age-old principle of Newton's law; for
every action there is an equal and opposite reaction. Each time a new virus,
or a new viral approach, is discovered, anti-virus scanners must be updated.
To be sure, this isn't always true. Heuristic scanning does have the
capability to recognize some attacks as viral without having specific
detection for the virus it has alerted on. In general, however, each new
virus discovery requires an update of the scanning software's "virus
definition" files in order for the scanner to recognize the new virus.
http://online.securityfocus.com/infocus/1562
----------------------------------------------------
[2] New antivirus software targets worm holes
By Robert Lemos
Staff Writer, CNET News.com
April 1, 2002, 5:25 PM PT
Security company Network Associates unveiled on Monday new antivirus
software designed around the principle "an ounce of prevention is worth a
pound of cure."
The new program, called ThreatScan, is intended to add a proactive tool to
the defensive technology now used by system administrators to protect their
networks.
Current antivirus software scans for malicious code on potentially infected
computers or in e-mail attachments, waiting until a virus or worm has
already attacked a system to react to its presence. ThreatScan instead looks
for the holes worms use to squirm past security and then alerts the network
administrator of any that it finds.
http://news.com.com/2100-1001-873157.html?tag=cd_mh
----------------------------------------------------
[3] Old worms make like spring chickens
By Robert Lemos
Staff Writer, CNET News.com
April 1, 2002, 12:45 PM PT
Two computer worms found last summer topped the charts in March,
highlighting the difficulty of eliminating the more successful digital pests
from the Internet.
Data furnished by e-mail service provider MessageLabs placed the SirCam
virus, which hit the Internet last August, at the top of its list of hostile
attachments. MessageLabs intercepts such attachments for its clients.
Antivirus company Trend Micro's virus-tracking center placed SirCam at No.
3, right after Nimda and a variant of that 6-month-old worm.
http://news.com.com/2100-1001-872822.html?tag=cd_mh
----------------------------------------------------
[4] A Mickey Mouse Bill
The Hollings copyright bill would shoehorn absurd copy-blocking technology
into everything from your Palm Pilot to your digital camera. Is this
progress?
By David Banisar
Apr 1 2002 12:51AM PT
In the name of protecting copyrights, a new bill introduced in the U.S.
Senate threatens to grind to a halt all advancements in electronics,
computing and networking, decimating the consumer's ability to choose how
they wish to listen, watch, and read. The motion picture industry is back on
the Hill.
http://online.securityfocus.com/columnists/71
----------------------------------------------------
[5] Win-NT, 2K debug process gives up control
By Thomas C Greene in Washington
Posted: 01/04/2002 at 14:22 GMT
A security hole in Win-NT and 2K could enable an attacker to take control by
exploiting a flaw in the debugging subsystem (SMSS). Radim "EliCZ" Picha has
demonstrated that it's possible for an unprivileged user to execute debug
processes in the System context.
http://www.theregister.co.uk/content/55/24654.html
http://www.infowarrior.org/articles/2002-04.html
----------------------------------------------------
[6] Cumulative IE patch for malicious cookies
By Thomas C Greene in Washington
Posted: 01/04/2002 at 12:51 GMT
A fairly serious flaw in Internet Explorer which would enable a malicious
Web page or e-mail to drop a cookie containing an HTML script on a victim's
machine and run it in the 'Local Computer' zone rather than the Internet
zone to avoid restrictions has just been patched.
http://www.theregister.co.uk/content/55/24653.html
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,5105583,00.html
----------------------------------------------------
[7] U.S., Canada to Go After Spammers
By Thor Olavsrud
The United States and Canada are planning to get tough on deceptive spam and
Internet fraud. On Tuesday, state, federal and Canadian officials are
expected to raise the curtain on an international law enforcement initiative
targeting those areas.
J. Howard Beales, director of the Federal Trade Commission's Bureau of
Consumer Protection, together with Washington Attorney General Christine O.
Gregoire, Washington State Department of Financial Institutions Securities
Division Director Deborah Bortner, and FTC Northwest Region Director Charles
Harwood are expected to introduce the new "international netforce."
http://www.internetnews.com/bus-news/article/0,,3_1001711,00.html
----------------------------------------------------
[8] Nvidia engineer convicted of fraud
Matthew Yi, Chronicle Staff Writer Saturday, March 23, 2002
A federal jury has convicted an Nvidia Corp. engineer on charges of
securities fraud, lying to authorities and obstruction of justice.
Atul Bhagat, 29, of Mountain View, was among six of the Santa Clara
chipmaker's employees who were criminally indicted on charges of illegally
profiting by using insider information.
Three have struck a plea deal with prosecutors and two are awaiting trial.
http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/03/23
/BU16546.DTL&type=tech
----------------------------------------------------
[9] Government trains cyberdefenders, but numbers still small
By Matthew Fordhal, Associated Press, 04/01/02
MONTEREY, Calif. -- Long before Sept. 11 and last year's virus-like attacks
over the Internet, the U.S. government announced plans to train an elite
corps of computer security experts to guard against cyberterrorism.
http://digitalmass.boston.com/news/2002/04/01/cyber_defenders.html
----------------------------------------------------
[10] Getting to the Root of All E-Mail
By David McGuire, Newsbytes
Apr 1 2002 1:56PM PT
Squatting unobtrusively on the banks of a manmade pond in an unremarkable
corporate subdivision a few miles outside the Beltway, the home of the
Internet's authoritative root server and master registry of dot-com
addresses is virtually indistinguishable from the other red brick office
buildings that surround it.
Despite its humdrum facade, VeriSign's Network Operations Center (NOC), is
one of the most important physical locations in the virtual world, and since
Sept. 11 it has proven irresistible to dozens of government officials who
have sought to assure themselves that the Internet is safe from physical and
electronic attacks.
"Security and stability are like Siamese twins. You cannot have stability
without security," said Mark Rippe, vice president of technical operations
for VeriSign Global Registry Services. VeriSign manages the "A" root server
and dot-com registry under contracts with the Commerce Department and global
Internet addressing authorities. Rippe is in charge of the root server
operation.
http://online.securityfocus.com/news/360
----------------------------------------------------
[11] Online Privacy Increasing, Study Says
Commercial Web sites are gradually collecting less personal data from
visitors and giving them more control over how that information is used,
according to a new study.
http://www.latimes.com/business/la-000023289apr01.story?coll=la%2Dheadlines%
2Dbusiness
----------------------------------------------------
[12] Privacy comes under attack
06:31 Saturday 30th March 2002
Wendy McAuliffe
The right to privacy of correspondence received a disproportionate shake-up
in the aftermath of the terrorist attacks on New York
The events of 11 September provoked a new urgency in the need for powers
that would allow law enforcement officers to retain traffic data for
anti-terrorist investigations. Within a matter of weeks, the privacy rights
of British citizens had been hugely compromised by emergency legislation,
which allowed the automated surveillance of all electronic communications.
http://news.zdnet.co.uk/story/0,,t269-s2107547,00.html
----------------------------------------------------
[13] DMCA case: Sklyarov employers in court
A federal judge on Monday heard arguments in a high-profile criminal
copyright case that pits U.S. prosecutors against a Russian company accused
of hacking Adobe Systems' e-book encryption technology.
?
http://zdnet.com.com/2110-1106-873126.html
----------------------------------------------------
[14] FBI: Global police struggling with cybercrime
March 20, 2002 Posted: 8:17 AM EST (1317 GMT)
HONG KONG, China (Reuters) -- Global law enforcement cannot cope with savvy
cybercriminals, who are quick to exploit technology to create havoc, top
officials at the U.S.'s Federal Bureau of Investigation said on Wednesday.
"Technology permits cybercrimes to occur at the speed of light and law
enforcement must become more sophisticated in uncovering them," FBI
assistant director Ronald Eldon told a conference on fighting organized
crime in Hong Kong.
http://www.cnn.com/2002/TECH/internet/03/20/cybercrime.reut/index.html
----------------------------------------------------
[15] Librarians Debate Internet Filters
Sunday, March 31, 2002
By Jennifer D'Angelo
It's not easy being a Dick, especially at the local library.
As lawyers in federal court this week debated whether Internet filters for
public library computers should be mandatory, librarians argued the law
unfairly blocks out legitimate Web sites like those of House Majority Leader
Dick Armey and pro golfer Fred Couples.
http://www.foxnews.com/story/0,2933,49201,00.html
----------------------------------------------------
[16] TruSecure Executives to Speak at Security Tour
April 1, 2002 -- (WEB HOST INDUSTRY REVIEW) -- TruSecure Corporation, a
leading managed security services provider, announced on Monday that its CEO
and its senior vice president will participate in the Yankee Group's
upcoming three-city enterprise security tour (securingtheenterprise.com).
http://www.findvpn.com/news/tru040102.cfm
----------------------------------------------------
[17] Nuclear security agency needs management improvements, panel says
By Greg Seigle, Global Security Newswire
National Nuclear Security Administration reorganization plans look good on
paper but more needs to be done for the Energy Department agency to
streamline operations and improve performance, according to a three-year
study to be released soon.
Management plans recently announced by NNSA Administrator John Gordon, a
retired Air Force general, could bolster morale and productivity of the
three-year-old agency, but more must be done to meet today's needs,
including the hiring of its own chief financial officer, according to John
Foster, head of a congressionally mandated panel on the U.S. nuclear
weapons.
"The panel's view is that Gen. Gordon has kind of a mess on his hands,"
Foster told the House Armed Service's special oversight panel to assess the
reliability, safety and security of the U.S. nuclear stockpile last week.
"The opinion that you find expressed at the laboratories, and to some extent
at the plants, is that the functional processes that are imposed on them is
worse now than it was when NNSA was established," Foster said. "It's very
disturbing . the panel has difficulty trying to understand why with all the
money and the tasks that need to be done, we can't get on with it."
http://www.govexec.com/dailyfed/0302/032902gsn1.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
