To: Milis Hackerlink (SD434033)
From: Rob for the SANS NewsBites service
Re: February 2 SANS NewsBites
Consumer privacy seems to be becoming an ever-hotter topic. Check out
the articles below.
RK
**********************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 2, Number 5 February 2, 2000
Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad,
Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
<[EMAIL PROTECTED]>
*********************************************************************
31 January 2000 NSA Computer Outage
31 January 2000 On Line Banking Security Flaw
31 January 2000 Protecting Your Home Computer
31 January 2000 Most Ignore Chinese Registration Requirements
29 January 2000 More Japanese Government Sites Attacked
28 January 2000 Japanese Government Web Sites Attacked
28 January 2000 Windows 2000 Security Hole Patch
28 January 2000 Visa Acknowledges Security Breach
28 January 2000 Privacy Suit Filed Against DoubleClick
25 January 2000 Privacy Advocates to File Complaint Against DoubleClick
28 January 2000 New Angle in Encryption Debate Surfaced in Mitnick's Case
28 January 2000 Yahoo! Target of Privacy Violation Lawsuit
25 January 2000 How Cookies Work
27 January 2000 Microsoft Visio Virus
27 January 2000 Distributed Denial of Service Attacks
27 January 2000 Y2K Efforts Successful
27 January 2000 Bernstein Case to be Reconsidered
26 January 2000 Cybersecurity Bill Addresses Encryption Concerns
26 January 2000 Security Hole in Corel Linux
26 January 2000 Top Viruses of 1999
26 January 2000 Norwegian Teen's Computers Seized In Connection with DVD Case
26 January 2000 Embarrassing Gaffe for DVD Prosecution
26 January 2000 Music Software Privacy Flaw Could Put Users at Risk of
Legal Action
26 January 2000 China Issues Internet Regulations
26 January 2000 Proof of Echelon's Existence
25 January 2000 Hate Content Targeted by UK Watchdog Group
********** This week's sponsor: Network-1 Security Solutions *********
Embedded NT Firewalls:
CyberwallPLUS-SV is the first embedded firewall for NT servers. It
secures valuable servers with network access controls and intrusion
prevention. Visit http://www.network-1.com/eval/eval6992.htm to receive
a free CyberwallPLUS evaluation kit and white paper.
**********************************************************************
-- 31 January 2000 NSA Computer Outage
Computers used to process collected intelligence at the National Security
Agency (NSA) failed and remained out of commission for three days last
week. Contingency plans were immediately implemented, and organization
reports it has nearly caught up with the information-processing backlog
that the outage created.
http://www.usatoday.com/life/cyber/tech/cth244.htm
http://news.cnet.com/category/0-1009-200-1537774.html
-- 31 January 2000 On Line Banking Security Flaw
A security loophole at an online bank allowed anyone with the information
available on a check to make unauthorized fund transfers.
http://www.currents.net/newstoday/00/01/31/news4.html
http://www.msnbc.com/news/363440.asp?0m=N11P
-- 31 January 2000 Protecting Your Home Computer
Home computers connected to the Internet for extended periods of time,
even those with regular modems, are targets of crackers aiming to co-opt
remote machines to probe and attack other systems. Firewalls provide
protection against such attacks and let users know when their computer
is being probed.
http://www.mercurycenter.com/premium/front/docs/vulnerable31.htm
-- 31 January 2000 Most Ignore Chinese Registration Requirements
Few companies complied with China's stringent new software registration
regulations. http://www.wired.com/news/print/0,1294,33992,00.html
-- 26 January 2000 China Issues Internet Regulations
The Chinese government has issues strict Internet controls to prevent
state secrets from being leaked. Web sites will need to have security
checks, and all software used to transmit sensitive data must be
registered. http://www.wired.com/news/print/0,1294,33910,00.html
http://www.usatoday.com/life/cyber/tech/cth217.htm
http://www.currents.net/newstoday/00/01/27/news6.html
-- 29 January 2000 More Japanese Government Sites Attacked
A cracker set a password for the web site of a Japanese government think
tank, denying access to visitors.
http://www.yomiuri.co.jp/newse/0129cr02.htm
-- 28 January 2000 Japanese Government Web Sites Attacked
Several of Japanese government web sites were attacked, defaced with
anti- Japanese rhetoric and links to adult sites. Several sites were
shut down to guard against further attacks. While a few sites managed
to fend off attacks, others had files erased.
http://www.usatoday.com/life/cyber/tech/cth238.htm
http://sg.dailynews.yahoo.com/headlines/technology/afp/article.html?s=singapore/headlines/000128/technology/afp/Hackers_step_up_raids_on_Japanese_goverment_sites.html
http://news.bbc.co.uk/hi/english/world/asia-pacific/newsid_620000/620399.stm
http://www.yomiuri.co.jp/newse/0127cr08.htm
-- 28 January 2000 Windows 2000 Security Hole Patch
Microsoft has issued a patch for two problems in the Microsoft Index
Server. The security flaw could allow crackers to find the location of
administrative files on the server and to read but not modify them.
http://www.zdnet.com/zdnn/stories/news/0,4586,2429334,00.html?chkpt=zdhpnews01
http://news.cnet.com/category/0-1003-200-1534992.html
-- 28 January 2000 Visa Acknowledges Security Breach
Visa has acknowledged that server security was breached and information
stolen last summer. In December, the company received ransom demands.
Visa says no credit card numbers or customer information was compromised,
and has since installed more intrusion detection systems and called in
an outside firm to conduct a security assessment.
http://www.computerworld.com/home/print.nsf/all/000128E45A
-- 28 January 2000 Privacy Suit Filed Against DoubleClick
A private citizen has filed a lawsuit against DoubleClick, alleging the
company has collected and cross-referenced personal data without the
customer's permission. The suit asks that the company be banned from
collecting personal data without written consent from consumers.
http://www.wired.com/news/print/0,1294,33964,00.html
-- 25 January 2000 Privacy Advocates to File Complaint Against DoubleClick
Privacy advocates intend to file a complaint with the Federal Trade
Commission (FTC) against DoubleClick. The company, which originally
said it would collect information anonymously, has of late been compiling
dossiers of personally identifiable data to personalize Internet
advertisements. DoubleClick will not reveal which sites it works with
to collect the data because "partners frown when their relationships
are disclosed without their permission."
http://www.usatoday.com/life/cyber/tech/cth211.htm
http://news.cnet.com/category/0-1005-200-1531929.html
-- 28 January 2000 New Angle in Encryption Debate Surfaced in Mitnick's Case
A 1998 dispute over encrypted files in Kevin Mitnick's case could set
the stage for future cases involving encryption. Federal agents seized
two of Mitnick's laptops on which some files were encrypted. Because
the prosecution did not have the key to read these files and could not
use them as evidence, they refused to turn them over to Mitnick and his
defense team unless he provided them with the key.
http://www.nytimes.com/library/tech/00/01/cyber/cyberlaw/28law.html
(Note: this site requires registration)
-- 28 January 2000 Yahoo! Target of Privacy Violation Lawsuit
A Texas lawsuit alleges that Yahoo!'s use of "cookies", small files
stored on users' computers which identify them to web sites, violates
the state's anti- stalking laws.
http://www.zdnet.com/zdnn/stories/news/0,4586,2429363,00.html
http://news.cnet.com/category/0-1005-200-1533164.html
-- 25 January 2000 How Cookies Work
Web site use cookies to help customize your visits, and to collect
information about your web surfing habits. Some say the databases of
personal information being compiled are an invasion of personal privacy.
http://www.usatoday.com/life/cyber/tech/cth203.htm
-- 27 January 2000 Microsoft Visio Virus
VIS5/Radiant Angels, a virus that targets Microsoft Visio, does not
harbor a malicious payload, but future incarnations could be altered to
be destructive. http://www.currents.net/newstoday/00/01/27/news2.html
-- 27 January 2000 Distributed Denial of Service Attacks
Distributed Denial of Service Attacks (DDOS) are all but impossible to
trace back to the perpetrator, and successfully defending against an
attack doesn't prevent the cracker from launching a new one. Firewalls
that could be used to catch a DDOS attack would also block important
functions. http://www.theregister.co.uk/000127-000005.html
-- 27 January 2000 Y2K Efforts Successful
The more than $8 billion spent by federal government agencies on Y2K
was money well spent, according to the House Technology Subcommittee.
The Y2K preparation work undertaken by the government has led to
public/private partnerships and "a solid national information technology
infrastructure."
http://www.computerworld.com/home/print.nsf/all/000127E416
http://www.gcn.com/breaking-news/000127170434.html
-- 27 January 2000 Bernstein Case to be Reconsidered
Federal appeals court will reconsider a May 1999 ruling in the Bernstein
encryption case in light on the newly loosened encryption export
regulations.
http://www.zdnet.com/filters/printerfriendly/0,6061,2428386-2,00.html
-- 26 January 2000 Cybersecurity Bill Addresses Encryption Concerns
The Clinton administration is pushing the Cyberspace Electronic Security
Act (CESA) in Congress. CESA aims to balance the new eased encryption
export restrictions with provisions for apprehending electronic criminals.
http://www.fcw.com/fcw/articles/2000/0124/web-securitybill-01-26-00.asp
-- 26 January 2000 Security Hole in Corel Linux
A security hole in Corel Linux allows anyone to perform actions normally
reserved for system administrators. Corel will post a fix on its site.
http://news.cnet.com/category/0-1003-200-1533081.html
-- 26 January 2000 Top Viruses of 1999
Sophos has compiled a list of the top ten reported viruses of 1999; some
of those listed, such as Form and Laroux, are several years old.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_619000/619687.stm
-- 26 January 2000 Norwegian Teen's Computers Seized In Connection with
DVD Case
Police raided the home of and seized two computers belonging to the
Norwegian teenager who helped develop DeCSS, a program that allegedly
allows unauthorized copying of DVDs. The teen claims that DVD encryption
is only playback protection, and DeCSS was developed to allow DVDs to
be viewed on machines running Linux.
http://www.computerworld.com/home/print.nsf/all/000126E3B2
http://news.cnet.com/category/0-1005-200-1531192.html
-- 26 January 2000 Embarrassing Gaffe for DVD Prosecution
The DVD decryption code at the center of several lawsuits was
inadvertently made available in a court document until the judge sealed
it last week. http://www.computerworld.com/home/print.nsf/all/000127E40E
http://news.cnet.com/category/0-1005-200-1533048.html
-- 26 January 2000 Music Software Privacy Flaw Could Put Users at Risk
of Legal Action
Napster software that allows people to trade information about digital
music files exposed Internet Protocol (IP) addresses as well. Copyright
holders could use the information to prosecute people trading music
illegally. Napster, the subject of a lawsuit brought by the Recording
Industry Association of America (RIAA) alleging that it is "facilitating
piracy", says it intends to fix the privacy hole.
http://news.cnet.com/category/0-1005-200-1532962.html
-- 26 January 2000 Proof of Echelon's Existence
A researcher has found evidence to confirm the existence of Echelon,
the program thought to be a major global surveillance network. It
appears to be more limited in scope than previously thought.
http://www.wired.com/news/print/0,1294,33891,00.html
-- 25 January 2000 Hate Content Targeted by UK Watchdog Group
An Internet watchdog group in the UK is expanding its self-regulatory
focus to include hate content. Internet Service Providers (ISPs) would
be immune from prosecution if they comply with the group's request to
remove the offending material.
http://www.wired.com/news/print/0,1294,33906,00.html
== End ==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, e-mail [EMAIL PROTECTED] with
the subject: Subscribe NewsBites
Email <[EMAIL PROTECTED]> with complete instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, add other
digests, or any other comments.
http://www.indolinux.com - Nikmati Layanan Personal INDOLINUX ::
http://techscape.net/ - Webhosting: Dual T3 on Dual Pentium III 450Mhz
Only US$1.95/month -> CGI SSL 5MB Unlimited Traffic & Mail FP2000
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
