_________________________________________________________________ London, Wednesday, April 17, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ IWS Sponsor National Center for Manufacturing Sciences http://www.ncms.org host of the InfraGard Manufacturing Industry Association http://trust.ncms.org _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] UK plc reamed online [2] Argentina rules in favour of hackers [3] Hackers target Israel [4] Handhelds now target of virus attacks [5] (Hungary) New internet legislation outlaws all hacking [6] Technology: Web site privacy system approved [7] Net thieves caught in action [8] Companies watch employees' instant messages [9] Chipmaker says Microsoft antitrust sanctions would set industry back 20 years [10] IBM drops Internet patent bombshell [11] FTC accues 11 online firms of Net fraud [12] Privacy Worries, Net Activism Top Privacy Show Agenda [13] The Buck Stops Where? [14] McAfee Launches SecurityCenter [15] Can you trust an ethical hacker? [16] Internet Security Systems profit, revenues fall [17] Airport security has nowhere to go but up, experts say _________________________________________________________________ News _________________________________________________________________ [1] UK plc reamed online By John Leyden Posted: 16/04/2002 at 11:22 GMT A lack of investment in security systems is allowing British companies to fall victim to increasing severe security breaches. That's the main finding of the Department of Trade and Industry's (DTI) annual Information Security Breaches Survey, which concludes that the average cost of a security breach is ?30,000, with several companies reporting incidents which cost more than ?500,000. The survey, led by PricewaterhouseCoopers on behalf of the DTI, shows that three-quarters of UK businesses believe that they hold sensitive or critical information, but only one-quarter have a security policy in place to protect it. http://www.theregister.co.uk/content/55/24870.html http://news.zdnet.co.uk/story/0,,t269-s2108453,00.html ---------------------------------------------------- [2] Argentina rules in favour of hackers Computer hackers may be the scourge of the digital age, hunted down by police across borders, but in Argentina they have found an unlikely ally - the very justice system they scorned. Warning of a "dangerous legal void" making digital crimes hard to prosecute, a judge has ruled that hacking is legal by default in Argentina. The decision came in the case of cyberpirates who defaced the Supreme Court's Web page. Arguing that the law only covered crimes on "people, things and animals" and not digital attacks, a federal court declared several Argentines known as "X-Team" innocent of charges they broke into the high court's Web page to accuse judges of covering up a human rights case. http://www.thisislondon.co.uk/dynamic/news/story.html?in_review_id=555517 http://www.theregister.co.uk/content/6/24877.html ---------------------------------------------------- [3] Hackers target Israel By James Middleton [16-04-2002] Middle East conflict moves into cyber space The conflict in the Middle East is being fought in cyberspace as well as on the ground, showing that hacking is developing into a recognised form of international warfare, according to a leading security analyst. http://www.vnunet.com/News/1130941 ---------------------------------------------------- [4] Handhelds now target of virus attacks By Tom Venetis, posted Apr 16, 2002 As wireless handheld devices continue to grow in popularity among consumers, they are also becoming increasingly popular targets for virus writers and hackers. Although there have only been twelve reported cases of viruses that specifically target handheld devices such as mobile phones and PDAs, many are predicting that it will only be a short time before many more wireless viruses begin making an appearance. http://www.canadacomputes.com/v3/story/1,1017,8377,00.html?tag=81&sb=121 ---------------------------------------------------- [5] New internet legislation outlaws all hacking by Mr. Robert Smyth New amendments to Hungary's laws on internet crime have drawn criticism from industry players for not distinguishing enough between minor and major crimes. "The law is strict in places it shouldn't be so strict," said Daniel Nemes, CEO of internet firm telnet Hungary Rt, highlighting the fact that the amendments to Hungary's Criminal Code, which are effective from April 1, outlaw any attempt at hacking, even if no damage is caused. "[Deliberate hacking by the company] can be good for boosting a company's IT security. It's good to experiment to show systems can be protected," he said. http://www.bbj.hu/user/article.asp?ArticleID=146648 ---------------------------------------------------- [6] Technology: Web site privacy system approved NEW YORK (April 16, 2002 4:21 p.m. EDT) - A system for quickly telling Internet users how well a Web site honors their personal privacy preferences won final approval Tuesday from the Internet's main standards organization. The decision by the World Wide Web Consortium seeks to address growing concerns about how e-commerce sites use e-mail addresses, shopping preferences and other personal data they collect. http://www.nandotimes.com/technology/story/363868p-2945714c.html ---------------------------------------------------- [7] Net thieves caught in action Fraud investigator sets sting, watches thieves swap fake info By Bob Sullivan MSNBC April 15 - Just how long does it take for stolen credit cards to find their way around the Internet, and the world? About 15 minutes. That's what fraud investigator Dan Clements found this weekend when he posted a Web page full of faked credit card data to track how quickly the information would make its way around the "carder culture." He then planted links to the Web site in a few Internet chat rooms. Within 15 minutes, 74 carders from 31 different countries arrived to peek at the data. http://www.msnbc.com/news/739128.asp ---------------------------------------------------- [8] Companies watch employees' instant messages MATTHEW FORDAHL AP Technology Writer FOSTER CITY, Calif. - An instant message exchange might seem as fleeting as a phone call or face-to-face chat. But, like everything else on the Net, it can have much more staying power than users think. Unlike e-mail, the brief IM remarks that pop up on computer screens are not kept on central servers. But that hasn't stopped companies from developing software that snags every message - including those unflattering to the boss. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3051987.htm ---------------------------------------------------- [9] Chipmaker says Microsoft antitrust sanctions would set industry back 20 years By D. IAN HOPPER The Associated Press 4/16/02 9:54 AM WASHINGTON (AP) -- Antitrust remedies sought by nine states against Microsoft Corp. would set the computer industry back almost 20 years, the head of a microprocessor maker testified Tuesday. W.J. "Jerry" Sanders, chairman of Advanced Micro Devices Inc., said that because Microsoft's Windows operating system is so widely used, it allows software and hardware makers to innovate freely. http://www.nj.com/newsflash/washington/index.ssf?/cgi-free/getstory_ssf.cgi? a0578_BC_Microsoft-Antitrust&&news&newsflash-washington ---------------------------------------------------- [10] IBM drops Internet patent bombshell By David Berlind April 16, 2002 A recent IBM patent claim could threaten royalty-free access to a key Internet standard protocol backed by the United Nations. The standard--called ebXML--is an XML-based set of definitions for electronic transactions and business collaboration. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2861528,00.html ---------------------------------------------------- [11] FTC accues 11 online firms of Net fraud Reuters April 16, 2002, 4:20 AM PT Federal regulators said Monday that they have filed charges against 11 companies that they accused of running--online and off--a variety of scams, from loans that did not come through to work-at-home schemes that promised easy riches. The companies named in a series of complaints sold a range of services to consumers, the Federal Trade Commission said. Some promised loans or credit cards that never materialized, while others offered to help consumers set up their own medical-billing or envelope-stuffing businesses that had long odds of success. http://zdnet.com.com/2100-1106-883588.html ---------------------------------------------------- [12] Privacy Worries, Net Activism Top Privacy Show Agenda By Robert MacMillan, Newsbytes Apr 16 2002 11:04AM PT Concern about the gradual erosion of Internet privacy safeguards and the desire to figure out the legal boundaries of using the Internet as an activism tool will rank among the most important topics being discussed this week as Internet civil liberties groups convene at the Computers, Freedom and Privacy 2002 conference in San Francisco. As with most facets of American life nowadays, the discussion of what Internet privacy is in the 21st century is inexorably linked to the conditions of the post Sept. 11 world, when the very nature of strong Internet privacy runs counter, some government officials believe, to insuring a strongly secure country against terrorism. http://online.securityfocus.com/news/368 ---------------------------------------------------- [13] The Buck Stops Where? Don't blame Microsoft. They gave you the patch; it's your responsibility to use it. By Tim Mullen Apr 15 2002 11:51AM PT A buddy of mine is the CTO of a big retail chain back east. Just this morning he was telling me how his Network Admin group was pushing back on installing the new Microsoft patch that covers ten security vulnerabilities in IIS, because they heard it broke the server, they didn't have time to test it, and thought it would be months (if ever) before they even needed to worry about it. He wanted my advice. I told him to walk down to IT, give them a swift kick in the pants, and ask them what part of "Network Administrator" did they not understand. It is the network administrator's job to administer the network. This includes testing and installing hot fixes and service packs. If your people can't do that effectively and efficiently, then get someone who can. http://online.securityfocus.com/columnists/74 ---------------------------------------------------- [14] McAfee Launches SecurityCenter By Jim Wagner McAfee.com (NASDAQ:MCAF) is getting a leg up on its competition, announcing Tuesday its strategy to bring security to distributed computing and Web services networks. In what is becoming an industry standard, McAfee.com is launching a free download to introduce new users to the new strategy before charging for the service: SecurityCenter, a Web-based application that scans and rates a PCs security (on a scale of 1 to 10). Part of McAfee.com's grid security services initiative, the application also gives user's access to it's virus definition library, with the hope the service will be enough to convince users to pay for down the road. http://www.internetnews.com/ent-news/article/0,,7_1010291,00.html ---------------------------------------------------- [15] Can you trust an ethical hacker? By Madeline Bennett [12-04-2002] Bill Pepper is head of security risk management at consulting firm CSC, a role which involves advising clients on security issues and managing the company's so-called ethical hackers. He has worked in information security for over 35 years, including time with the Royal Air Force, and is currently deputy chairman of the British Computer Society's Certificate in Information Security Management Board. http://www.vnunet.com/Features/1130851 ---------------------------------------------------- [16] Internet Security Systems profit, revenues fall 4/16/02 1:18 PM Source: Reuters ATLANTA, April 16 (Reuters) - Computer security software and services company Internet Security Systems Inc. on Tuesday said first-quarter profit and revenues fell from a year earlier but met Wall Street expectations as the company focused on its core business. http://news.cnet.com/investor/news/newsitem/0-9900-1028-9722708-0.html?tag=a ts ---------------------------------------------------- [17] Airport security has nowhere to go but up, experts say By Mark Murray, National Journal The news was surprising and not very reassuring: In 70 percent of all tests, undercover government agents were able to sneak knives past airport screeners; in 60 percent of their attempts, they succeeded in slipping simulated explosive devices past the screening system; and 30 percent of the time, they were even able to get guns through. Overall, airport screeners failed to detect prohibited items in 48 percent of all tests. Those stunning statistics, first reported last month by USA Today, came from a confidential inspector general's audit of 32 American airports conducted from November to early February. Of course, that was before the new Transportation Security Administration took over screening responsibilities on February 17, as mandated by the airport security legislation that was signed into law last year. Nevertheless, the study screamed out an obvious point: The government has a lot of work to do to improve airport security. Transportation Secretary Norman Mineta acknowledged as much in a recent interview with CNN. "This is going to be a continuing work in progress," he said. http://www.govexec.com/dailyfed/0402/041502nj1.htm ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk