_________________________________________________________________
London, Wednesday, April 17, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
IWS Sponsor
National Center for Manufacturing Sciences
http://www.ncms.org
host of the
InfraGard Manufacturing Industry Association
http://trust.ncms.org
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] UK plc reamed online
[2] Argentina rules in favour of hackers
[3] Hackers target Israel
[4] Handhelds now target of virus attacks
[5] (Hungary) New internet legislation outlaws all hacking
[6] Technology: Web site privacy system approved
[7] Net thieves caught in action
[8] Companies watch employees' instant messages
[9] Chipmaker says Microsoft antitrust sanctions would set industry back 20
years
[10] IBM drops Internet patent bombshell
[11] FTC accues 11 online firms of Net fraud
[12] Privacy Worries, Net Activism Top Privacy Show Agenda
[13] The Buck Stops Where?
[14] McAfee Launches SecurityCenter
[15] Can you trust an ethical hacker?
[16] Internet Security Systems profit, revenues fall
[17] Airport security has nowhere to go but up, experts say
_________________________________________________________________
News
_________________________________________________________________
[1] UK plc reamed online
By John Leyden
Posted: 16/04/2002 at 11:22 GMT
A lack of investment in security systems is allowing British companies to
fall victim to increasing severe security breaches.
That's the main finding of the Department of Trade and Industry's (DTI)
annual Information Security Breaches Survey, which concludes that the
average cost of a security breach is ?30,000, with several companies
reporting incidents which cost more than ?500,000.
The survey, led by PricewaterhouseCoopers on behalf of the DTI, shows that
three-quarters of UK businesses believe that they hold sensitive or critical
information, but only one-quarter have a security policy in place to protect
it.
http://www.theregister.co.uk/content/55/24870.html
http://news.zdnet.co.uk/story/0,,t269-s2108453,00.html
----------------------------------------------------
[2] Argentina rules in favour of hackers
Computer hackers may be the scourge of the digital age, hunted down by
police across borders, but in Argentina they have found an unlikely ally -
the very justice system they scorned.
Warning of a "dangerous legal void" making digital crimes hard to prosecute,
a judge has ruled that hacking is legal by default in Argentina. The
decision came in the case of cyberpirates who defaced the Supreme Court's
Web page.
Arguing that the law only covered crimes on "people, things and animals" and
not digital attacks, a federal court declared several Argentines known as
"X-Team" innocent of charges they broke into the high court's Web page to
accuse judges of covering up a human rights case.
http://www.thisislondon.co.uk/dynamic/news/story.html?in_review_id=555517
http://www.theregister.co.uk/content/6/24877.html
----------------------------------------------------
[3] Hackers target Israel
By James Middleton [16-04-2002]
Middle East conflict moves into cyber space
The conflict in the Middle East is being fought in cyberspace as well as on
the ground, showing that hacking is developing into a recognised form of
international warfare, according to a leading security analyst.
http://www.vnunet.com/News/1130941
----------------------------------------------------
[4] Handhelds now target of virus attacks
By Tom Venetis, posted Apr 16, 2002
As wireless handheld devices continue to grow in popularity among
consumers, they are also becoming increasingly popular targets for virus
writers and hackers.
Although there have only been twelve reported cases of viruses that
specifically target handheld devices such as mobile phones and PDAs, many
are predicting that it will only be a short time before many more wireless
viruses begin making an appearance.
http://www.canadacomputes.com/v3/story/1,1017,8377,00.html?tag=81&sb=121
----------------------------------------------------
[5] New internet legislation outlaws all hacking
by Mr. Robert Smyth
New amendments to Hungary's laws on internet crime have drawn criticism from
industry players for not distinguishing enough between minor and major
crimes.
"The law is strict in places it shouldn't be so strict," said Daniel Nemes,
CEO of internet firm telnet Hungary Rt, highlighting the fact that the
amendments to Hungary's Criminal Code, which are effective from April 1,
outlaw any attempt at hacking, even if no damage is caused.
"[Deliberate hacking by the company] can be good for boosting a company's IT
security. It's good to experiment to show systems can be protected," he
said.
http://www.bbj.hu/user/article.asp?ArticleID=146648
----------------------------------------------------
[6] Technology: Web site privacy system approved
NEW YORK (April 16, 2002 4:21 p.m. EDT) - A system for quickly telling
Internet users how well a Web site honors their personal privacy preferences
won final approval Tuesday from the Internet's main standards organization.
The decision by the World Wide Web Consortium seeks to address growing
concerns about how e-commerce sites use e-mail addresses, shopping
preferences and other personal data they collect.
http://www.nandotimes.com/technology/story/363868p-2945714c.html
----------------------------------------------------
[7] Net thieves caught in action
Fraud investigator sets sting, watches thieves swap fake info
By Bob Sullivan
MSNBC
April 15 - Just how long does it take for stolen credit cards to find their
way around the Internet, and the world? About 15 minutes. That's what fraud
investigator Dan Clements found this weekend when he posted a Web page full
of faked credit card data to track how quickly the information would make
its way around the "carder culture." He then planted links to the Web site
in a few Internet chat rooms. Within 15 minutes, 74 carders from 31
different countries arrived to peek at the data.
http://www.msnbc.com/news/739128.asp
----------------------------------------------------
[8] Companies watch employees' instant messages
MATTHEW FORDAHL
AP Technology Writer
FOSTER CITY, Calif. - An instant message exchange might seem as fleeting as
a phone call or face-to-face chat. But, like everything else on the Net, it
can have much more staying power than users think.
Unlike e-mail, the brief IM remarks that pop up on computer screens are not
kept on central servers. But that hasn't stopped companies from developing
software that snags every message - including those unflattering to the
boss.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3051987.htm
----------------------------------------------------
[9] Chipmaker says Microsoft antitrust sanctions would set industry back 20
years
By D. IAN HOPPER
The Associated Press
4/16/02 9:54 AM
WASHINGTON (AP) -- Antitrust remedies sought by nine states against
Microsoft Corp. would set the computer industry back almost 20 years, the
head of a microprocessor maker testified Tuesday.
W.J. "Jerry" Sanders, chairman of Advanced Micro Devices Inc., said that
because Microsoft's Windows operating system is so widely used, it allows
software and hardware makers to innovate freely.
http://www.nj.com/newsflash/washington/index.ssf?/cgi-free/getstory_ssf.cgi?
a0578_BC_Microsoft-Antitrust&&news&newsflash-washington
----------------------------------------------------
[10] IBM drops Internet patent bombshell
By David Berlind
April 16, 2002
A recent IBM patent claim could threaten royalty-free access to a key
Internet standard protocol backed by the United Nations. The
standard--called ebXML--is an XML-based set of definitions for electronic
transactions and business collaboration.
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2861528,00.html
----------------------------------------------------
[11] FTC accues 11 online firms of Net fraud
Reuters
April 16, 2002, 4:20 AM PT
Federal regulators said Monday that they have filed charges against 11
companies that they accused of running--online and off--a variety of scams,
from loans that did not come through to work-at-home schemes that promised
easy riches.
The companies named in a series of complaints sold a range of services to
consumers, the Federal Trade Commission said. Some promised loans or credit
cards that never materialized, while others offered to help consumers set up
their own medical-billing or envelope-stuffing businesses that had long odds
of success.
http://zdnet.com.com/2100-1106-883588.html
----------------------------------------------------
[12] Privacy Worries, Net Activism Top Privacy Show Agenda
By Robert MacMillan, Newsbytes
Apr 16 2002 11:04AM PT
Concern about the gradual erosion of Internet privacy safeguards and the
desire to figure out the legal boundaries of using the Internet as an
activism tool will rank among the most important topics being discussed this
week as Internet civil liberties groups convene at the Computers, Freedom
and Privacy 2002 conference in San Francisco.
As with most facets of American life nowadays, the discussion of what
Internet privacy is in the 21st century is inexorably linked to the
conditions of the post Sept. 11 world, when the very nature of strong
Internet privacy runs counter, some government officials believe, to
insuring a strongly secure country against terrorism.
http://online.securityfocus.com/news/368
----------------------------------------------------
[13] The Buck Stops Where?
Don't blame Microsoft. They gave you the patch; it's your responsibility to
use it.
By Tim Mullen
Apr 15 2002 11:51AM PT
A buddy of mine is the CTO of a big retail chain back east. Just this
morning he was telling me how his Network Admin group was pushing back on
installing the new Microsoft patch that covers ten security vulnerabilities
in IIS, because they heard it broke the server, they didn't have time to
test it, and thought it would be months (if ever) before they even needed to
worry about it. He wanted my advice.
I told him to walk down to IT, give them a swift kick in the pants, and ask
them what part of "Network Administrator" did they not understand. It is the
network administrator's job to administer the network. This includes testing
and installing hot fixes and service packs. If your people can't do that
effectively and efficiently, then get someone who can.
http://online.securityfocus.com/columnists/74
----------------------------------------------------
[14] McAfee Launches SecurityCenter
By Jim Wagner
McAfee.com (NASDAQ:MCAF) is getting a leg up on its competition, announcing
Tuesday its strategy to bring security to distributed computing and Web
services networks.
In what is becoming an industry standard, McAfee.com is launching a free
download to introduce new users to the new strategy before charging for the
service: SecurityCenter, a Web-based application that scans and rates a PCs
security (on a scale of 1 to 10).
Part of McAfee.com's grid security services initiative, the application also
gives user's access to it's virus definition library, with the hope the
service will be enough to convince users to pay for down the road.
http://www.internetnews.com/ent-news/article/0,,7_1010291,00.html
----------------------------------------------------
[15] Can you trust an ethical hacker?
By Madeline Bennett [12-04-2002]
Bill Pepper is head of security risk management at consulting firm CSC, a
role which involves advising clients on security issues and managing the
company's so-called ethical hackers.
He has worked in information security for over 35 years, including time with
the Royal Air Force, and is currently deputy chairman of the British
Computer Society's Certificate in Information Security Management Board.
http://www.vnunet.com/Features/1130851
----------------------------------------------------
[16] Internet Security Systems profit, revenues fall
4/16/02 1:18 PM
Source: Reuters
ATLANTA, April 16 (Reuters) - Computer security software and services
company Internet Security Systems Inc. on Tuesday said first-quarter profit
and revenues fell from a year earlier but met Wall Street expectations as
the company focused on its core business.
http://news.cnet.com/investor/news/newsitem/0-9900-1028-9722708-0.html?tag=a
ts
----------------------------------------------------
[17] Airport security has nowhere to go but up, experts say
By Mark Murray, National Journal
The news was surprising and not very reassuring: In 70 percent of all tests,
undercover government agents were able to sneak knives past airport
screeners; in 60 percent of their attempts, they succeeded in slipping
simulated explosive devices past the screening system; and 30 percent of the
time, they were even able to get guns through. Overall, airport screeners
failed to detect prohibited items in 48 percent of all tests.
Those stunning statistics, first reported last month by USA Today, came from
a confidential inspector general's audit of 32 American airports conducted
from November to early February. Of course, that was before the new
Transportation Security Administration took over screening responsibilities
on February 17, as mandated by the airport security legislation that was
signed into law last year. Nevertheless, the study screamed out an obvious
point: The government has a lot of work to do to improve airport security.
Transportation Secretary Norman Mineta acknowledged as much in a recent
interview with CNN. "This is going to be a continuing work in progress," he
said.
http://www.govexec.com/dailyfed/0402/041502nj1.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
