******* You may leave the list at any time by sending an email to [EMAIL PROTECTED] with the text "SIGNOFF SECURITYPORTAL-L" in the body of the email. We will miss you! ******* Vendor Corner ******* Sponsored by Axent - Security that Means Business How to Establish and Maintain an Effective e-Security Program Learn about SNCi's integrated approach to lifecycle security, including risk assessment, security roadmaps, incident response & recovery, security policies, standards, procedures, and more. Now through September 17, download your FREE copy, "The Guide to Lifecycle Security" at http://www.axent.com/email/2449/ SNCi is a subsidiary of AXENT, the leading provider of e-security solutions for your business, delivering integrated products and expert services to 45 of the Fortune 50 companies. ******* What's New With SecurityPortal ******* Anyone with a Screwdriver Can Break In! This article will discuss the second weakest layer of computer security, Physical Security. As we'll see, any attacker with physical access to a computer, a little ingenuity, and sufficient time can compromise the system. By way of example, I'll demonstrate attack and defense on a Red Hat Linux box and show how you might slow down, or even prevent, these kinds of attacks. You don't need a Linux machine, or even technical responsibility, for this article to be useful. This problem is independent of operating system and this article is general enough to be useful to every level of computer user. Be warned, though - you'll probably only be able to slow down a determined attacker. Read the full story here: http://securityportal.com/cover/coverstory20000828.html Ask Buffy Overflow Do you have questions about information security? Buffy has the answers. Every Thursday Buffy will post answers to your questions about security issues. Please send your questions to: [EMAIL PROTECTED] Want to read Buffy's answers to this week's questions? http://securityportal.com/topnews/buffy20000824.html ******* Vendor Corner ******* VeriSign - The Internet Trust Company Secure all your Web servers now - with a proven 5-part strategy. The FREE Server Security Guide shows you how: * DEPLOY THE LATEST ENCRYPTION and authentication techniques * DELIVER TRANSPARENT PROTECTION with the strongest security without disrupting users. And more. Get your FREE Guide now: http://www.verisign.com/cgi-bin/go.cgi?a=n061210400003000 ******* Top News ******* Welcome to SecurityPortal - The Focal Point for Security on the Net(tm) Recent postings in our top news http://www.securityportal.com/topnews: Aug 28, 2000 Weekly Axent Security Roundup - The author who was lined up to compile this week's digest is enjoying a well deserved vacation. So, in light of the sparse Axent Raptor mailing list during the last 7 days, we have republished four Technical Tips from the Trench, courtesy of Firetower, that relate to the new 6.5 version of the Raptor firewall. http://securityportal.com/topnews/weekly/axent20000828.html Weekly BSD Security Roundup - There were no updates from BSD vendors this week, so if you're using Netscape make sure you have disabled Java. It seems to me that the ports tree could be a little better maintained, mostly with regard to the timeliness of updates for popular programs such as Netscape. If you are using PGP, be aware there is a serious problem - see below for more information. http://securityportal.com/topnews/weekly/bsd20000828.html Weekly Checkpoint Security Roundup - List topics were fairly widespread this week. Discussion areas included such disparate topics as industry best practice configurations, high availability architectures, perceived user confidence in 4.1 SP2, SecuRemote problems with WINS interaction, and general systems administration. http://securityportal.com/topnews/weekly/checkpoint20000828.html Weekly Executive Digest - RSA's patents are expiring in September, an Internet banking heist bears the fingerprints of organized crime, and the U.S. releases healthcare security and privacy rules. Also, do your techies know about the tools to secure the Sun Solaris operating system? http://securityportal.com/topnews/weekly/exec20000828.html Weekly Linux Security Roundup - Not bad at all. Most vendors are just cleaning up problems from the last week or two (you try packaging Netscape so it doesn't crash every fifteen minutes). The big announcement this week is of course PGP - more on that later. Helix GNOME's installer has a root hack; Gopherd probably has more root hacks (sadly enough, there are still many gopher servers around). A nasty hole has been found in minicom, a popular modem program. Debian 2.2 is finally out (officially, too). A number of minor bugs in third-party software for Linux have also been found. I'll list them, although I doubt many people are using them. http://securityportal.com/topnews/weekly/linux20000828.html Weekly Microsoft Security Roundup - Microsoft seems to have been busy fixing things this week. It's too bad they like to release bulletins late on Fridays. It's good that they're releasing them, of course, but that leaves a whole weekend with many people running unpatched. Three new Microsoft security bulletins, one for a problem in their virtual machine that ships with all version of Windows and Internet Explorer, more cross site scripting problems, and finally, a problem in MS Money. A couple of security advisories from NTBugtraq, one for IIS 5.0, another for a Frontpage DOS. Read the tip of the week for information on enterprise security best practices. http://securityportal.com/topnews/weekly/microsoft20000828.html Weekly Solaris Security Roundup - Solaris Patches: Java Web Server. Vulnerabilities in applications: CGI Script Center, RealSecure, Gopherd, Netauth. Tools: OpenCA, Snort. Articles: PAM, Solaris 8 Role-Based Access control, Secure Enterprise Computing with Solaris 8. Discussions summary: YASSP & Focus-Sun. "Tip of the Week" presents two Solaris auditing scripts. http://securityportal.com/topnews/weekly/solaris20000828.html Aug 27, 2000 NWFusion: Surfing the Tsunami - A large Southeastern university IS team fights off a massive distributed denial-of-service attack and lives to tell about it. http://www.nwfusion.com/research/2000/0828feat2.html Aug 26, 2000 Freshmeat: Six Reasons Not to Use an ASP - Application Service Providers bring the mainframe + dumb terminals model to the Web, and users get all the benefits of a centrally-maintained system. Unfortunately, the distance from your house to my.service.com is longer than that from your office to the admin down the hall, and it can be harder to hold your provider accountable. In today's editorial, Paul Reiber points out the downsides of ASPs. http://freshmeat.net/news/2000/08/26/967348799.html CNN.com: Vote-Selling Web Site to be Revived, Possibly Offshore - An Internet site designed to auction U.S. presidential votes could reopen days after New York authorities convinced its creator to shut it down, said a maverick Austrian businessman who bought the domain name. http://www.cnn.com/2000/TECH/computing/08/24/internet.vote/index.html FCW.com: Jersey Taking Hard Look at Computer Crime - Two New Jersey agencies are calling for the state to strengthen its computer crime laws, enhance law enforcement training, and beef up education programs to combat computer-related crime. http://www.fcw.com/civic/articles/2000/0821/web-nj-08-25-00.asp FreeVeracity: New Free Intrusion Detection Tool for Tree Platforms - FreeVeracity is a general-purpose data integrity tool for free platforms (e.g. GNU/Linux, FreeBSD, NetBSD, OpenBSD) that uses cryptographic hashes to detect changes in files. FreeVeracity can be deployed in a wide variety of applications including network intrusion detection and firewall monitoring. By installing FreeVeracity integrity servers on your computers, you can actively monitor the integrity of your entire network. http://freeveracity.org/ ComputerWorld: Sun Admits to Memory Problem - Problems with a memory component that Sun Microsystems Inc. has been quietly trying to fix for the past several months are continuing to plague some large users of Sun�s Ultra Enterprise Unix servers. And Sun has gone to extraordinary lengths to keep its customers quiet about the issue. The problem involves an external memory cache. http://www.computerworld.com/cwi/story/0,1199,NAV47_STO49055,00.html Aug 25, 2000 IDG.net: Security Flaw Discovered in Network Associates PGP Software - European cryptographic researchers have uncovered a serious security flaw in both the Unix and Windows versions of Network Associates PGP software 5.5 through 6.5.3 - a flaw that allows a savvy attacker to alter the victim's PGP public certificate and read any message encrypted with the altered certificate. http://www.idg.net/ic_229831_1794_9-10000.html ZDNet: Expiration of RSA Patents Opens up Net Security - A unique moment in the history of high tech will occur next month when RSA Security Inc.'s key patents, which are fundamental to most Internet security, expire. http://www.zdnet.com/eweek/stories/general/0,11011,2620278,00.html CNet: Most Consumers not Ready to Manage Secure Email - Encrypted-email services for consumers, such as the remote services Yahoo will provide through ZixIt, target people's concerns over Internet privacy and security, which continue to grow. http://news.cnet.com/news/0-1005-200-2613005.html?tag=st.ne.1430735..ni InfoWorld: RSA Upgrading Security Software - RSA SECURITY NEXT week will unveil an upgraded version of its PKI (public key infrastructure) software, adding support for digital certificates from multiple vendors and making it easier for security administrators to register users to receive certificates through an automated download process. http://www.infoworld.com/articles/hn/xml/00/08/25/000825hnrsa.xml ZDNet: The Next Era for Internet Security - Security insiders have had the date circled on their calendars for years. What's going to happen when RSA's encryption and decryption patents expire next month? http://www.zdnet.com/zdnn/stories/news/0,4586,2620278,00.html InternetNews: Security Company Sets Crosshairs on TRUSTe - Interhack Corp. a Web security tools company, this week accused Internet privacy organization TRUSTe of violating its own privacy policy, because of its use of a third-party visitor counter from internet.com Corp.'s thecounter.com. http://www.internetnews.com/bus-news/article/0,2171,3_446061,00.html Reuters: Canada Probing Alleged Computer Spying - Canadian police said on Friday they were investigating allegations that unknown agents had used rigged computer software to hack into Canada's top secret intelligence files and thereby endanger national security. http://dailynews.yahoo.com/h/nm/20000825/tc/canada_spying_dc_1.html IDG: TrustE Breaks Privacy Rule - Nonprofit Internet privacy organization TRUSTe allowed an outside company to track visitors to its Web site without visitors' permission or knowledge, said Interhack, a Internet security firm. http://www.idg.net/ec?content_source_id=25&idgnet_page=1&page_id=2058&channe l_id=1-1474&remote_addr=206%2E10%2E20%2E51&doc_id=230162&site_id=366&referer =http%3A%2F%2Fwww%2Eidg%2Enet%2Fenglish%2Fchannel_menus%2Ftop_security_news% 2Ehtml CNET: Yahoo to Offer Encrypted e-Mail Option - Yahoo plans to let its email account holders use data scrambling to protect the privacy of their messages, marking a potentially significant advance for the mainstream use of encryption. http://news.cnet.com/news/0-1005-200-2605437.html?tag=st.ne.1002.tgif.ni Are Open Source Operating Systems Unsafe? - Recently I have noticed a rash of uninformed articles being posted about the inherent faults of Open Source programs specifically, the risks that a business runs when they decide to run an Open Source or GPLed operating system on their production systems. The gist of these arguments stem from questions like: "If anyone can read the source code, then what stops someone from modifying the source in a malicious fashion?" and "When modifications are made, how can we possibly guarantee that they will not adversely affect the existing environments?" http://securityportal.com/topnews/opensourcesafe20000825.html TheRegister: Egg Hackers Were Disorganised Crime - More details have emerged about the so-called "Great Internet Robbery" at online bank Egg.com. This was not the great Hack that everyone thought it was yesterday, just a set of fraudulent applications for loans and bank accounts with free overdrafts. http://www.theregister.co.uk/content/6/12822.html Aug 24, 2000 Civic.com: Pa. Linking Patrol Cars to Databases - Police officials say computer technology could liberate patrolmen from bureaucratic requirements so they can spend more time enforcing the law. http://www.fcw.com/civic/articles/2000/0821/web-copcar-08-24-00.asp ZDNet: Microsoft Disses JOLAP Initiative - Deriding it as 'misguided' and anti-Redmond, Microsoft says it wants nothing to do with the new Java-based standard. http://www.zdnet.com/zdnn/stories/news/0,4586,2618858,00.html Wired: 'Pocket' Virus Targets Kids - This virus has been around for several months but it has only recently been pick up by the media. Only systems running Outlook are affected and the worm will not run on Outlook Express. If your antivirus software is up to date you should be fine since most major venders have had plenty of time to mount a defense that is now in all their products. http://www.newsnow.co.uk/cgi/NGoto/2290678?-750 UK.Internet.com: Email Security Blown Open By Critical Path Bug - Millions of email users were today warned of a potentially devastating security flaw that allows malicious hackers to take control of their accounts. http://www.uk.internet.com/Article/100448 CRN.com: Security Experts Discuss Hacking Trends - When it comes to the underground computer scene, there's a lot more to be worried about than "script kiddies"--young people who follow cookbook instructions to attack a computer, security experts say. http://www.crn.com/Sections/BreakingNews/dailyarchives.asp?ArticleID=19466 CNET: Microsoft Glitch Leaves IM Contact Lists Vulnerable. - Microsoft is investigating complaints that its MSN Instant Messenger usernames and contact lists can be taken over through lapsed Hotmail accounts. http://dailynews.yahoo.com/h/cn/20000824/tc/microsoft_glitch_leaves_im_conta ct_lists_vulnerable_4.html NetworkWorld: Sigaba Tries to Simplify Encrypted e-Mail - Experts have long contended that encrypted e-mail can become an everyday occurrence only when end users need only push a button to securely send messages. Start-up Sigaba thinks it has developed that button. http://www.nwfusion.com/news/2000/0824sigaba.html?nf Cryptome: Serious Bug in PGP - Versions 5 and 6 - Ralf Senderek has found a horrendous bug in PGP versions 5 and 6. It's of scientific interest because it spectacularly confirms a prediction made by a number of us in the paper on `The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption' that key escrow would make it much more difficult than people thought to build secure systems. http://cryptome.org/pgp-badbug.htm Nikkei BP: Sony Europe to Use Certicom's Encryption Technology in Internet Mobile Phones - Certicom Technology Corp. of the United States and Sony Digital Telecommunications Europe said Sony will use Certicom's security technology in Internet-enabled mobile phones for the European and Asian markets. http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/moren/110240 ComputerUser: Internet Privacy Hashed Out At Aspen Summit - Maybe John Palafoutas said it best. "People are not concerned about privacy, they're hysterical about privacy," the head of the American Electronics Association said during a spirited debate at the Aspen Summit Monday night. http://www.computeruser.com/news/00/08/23/news7.html InformationWeek: Broadbeam's Deal With Palm Boosts Security For Mobile Users - Wireless platform vendor Broadbeam Corp. has reached an agreement with Palm Inc. to provide systems integrators with tools to develop secure bridges that enable mobile professionals to access enterprise applications via the Palm VII device. http://www.informationweek.com/story/IWK20000823S0011 CNNfn: 'Pokey' Virus Hits U.S. - A computer virus featuring the cuddly Japanese cartoon character Pikachu has been found in computers in the United States, leaving some operating systems devastated, an anti-virus software firm said on Thursday. http://cnnfn.cnn.com/2000/08/24/technology/wires/virus_wg/ InformationWeek: METASeS Shares Security Expertise In New Guidebook - Security looms large in the Internet economy, and METASeS, the security services firm spun off last year by Meta Group, has taken a step to help companies be more proactive in protecting their information systems. Four METASeS execs have combined their vast experience in the security field into a guidebook that makes it clear that security is about more than putting up firewalls. http://www.informationweek.com/story/IWK20000823S0008 Aug 23, 2000 Silicon.com: US Security Restrictions Lifted - The US government has permitted RSA Security to export strong encryption products to foreign governments, without a licence. http://www.silicon.com/public/door?REQUNIQ=967063661&6004REQEVENT=&REQINT1=3 9284&REQSTR1=newsnow ZDNet: Will 3G Devices be Secure? - While anticipating the delights of 3G, be aware of the inherent dangers. According to computer security experts, all this connectivity and functionality will inevitably mean an increased risk of attack by mobile viruses and worms as well as malicious hackers. http://www.zdnet.co.uk/news/2000/33/ns-17466.html VNUNet: Ticketmaster Hacked by Music Fans - Online ticket seller Ticketmaster has become the latest victim of a hack attack after a group of rap music supporters defaced its website. http://www.vnunet.com/News/1109453 Bloomberg: Clinton Clears NTT Purchase of Internet Company Verio - President Bill Clinton will allow Nippon Telegraph and Telephone Corp. to go ahead with plans to acquire Internet service provider Verio Inc., saying the Japanese company has satisfied U.S. national security concerns. http://quote.bloomberg.com/fgcgi.cgi?ptitle=Technology%20News&s1=blk&tp=ad_t opright_tech&T=markets_fgcgi_content99.ht&s2=blk&bt=ad_bottom_tech&s=AOaQjGx ZBQ2xpbnRv TechWeb: How Secure Are You? - While IT managers spent huge amounts of time and resources to thwart the threat of year 2000 problems, information security breaches in the Internet economy are an even bigger threat. And unlike the millennium rollover bug, security is not a one-time,easy-to-identify issue. http://www.techweb.com/wire/story/TWB20000823S0006 GCN: Linux Not Ready for DOD Prime Time - The Linux open-source operating system so far is a nonstarter in the command and control market, although it has reached the commercial big leagues through its adoption by several major hardware vendors, including Compaq Computer Corp., Dell Computer Corp., Hewlett-Packard Co., Intel Corp., IBM Corp. and SGI. But Linux does not meet the Defense Information Infrastructure's Common Operating Environment Kernel Platform Compliance requirements for a Posix-compliant application programming interface, Posix-compliant commands and utilities, the Motif X Window System interface, the Common Desktop Environment and Network File System sockets. http://www.gcn.com/vol1_no1/daily-updates/2769-1.html ZDNet: A New National Army: MS, GE, GM? - U.S. security coordinator Richard Clarke says a new kind of civil defense -- led by corporations -- is needed to protect the nation's infrastructure and information systems http://www.zdnet.com/zdnn/stories/news/0,4586,2618582,00.html CNet: U.K. Police Crack Plans to Rob Net Bank Egg - British police have arrested three men suspected of attempting a robbery in cyberspace of Internet bank Egg--a sign that organized crime is turning to the computer rather than the gun in bank raids http://news.cnet.com/news/0-1005-200-2591604.html?tag=st.ne.1002.thed.ni ZDNet: Protect Your Internet Privacy ... By Lying - Web researchers are shocked! Shocked to find that savvy surfers fake their e-mail IDs to remain anonymous online and avoid deluges of spam http://www.zdnet.com/zdnn/stories/news/0,4586,2618490,00.html Virus Top Twenty Report - A comprehensive ranking of the 20 most important viruses to be aware of and watch out for this week, including profiles, links, and other timely information. http://securityportal.com/research/virus/virustop20.html SJ Mercury: MasterCard Forms Group to Work on Digital ID's - Credit card network MasterCard International says it has formed a group to develop digital identification that will protect cardholders against fraud when making purchases over cell phones or on the Internet http://www.sjmercury.com/svtech/news/breaking/reuters/docs/334310l.htm InfoWorld: High-tech Players Warm to Privacy Legislation - Fearing a slew of privacy bills from state governments responding to the public outcry over the issue, a group of high-tech giants are signaling that they might be amenable to new federal legislation if given a big enough stake in the process http://infoworld.com/articles/hn/xml/00/08/22/000822hnfedregs.xml InfoWorld: Secure Messaging Offered - Verisign and Slam Dunk Networks are teaming up to offer a message delivery infrastructure that will guarantee business-to-business transaction participants that their messages will be protected, delivered, and properly accepted at their rightful destinations http://www.infoworld.com/articles/hn/xml/00/08/22/000822hnverslam.xml Aug 22, 2000 Technology Evaluation: Study Shows: FBI Alienates Industry Security Experts - A new study by Technology Evaluation reveals that private sector and community security experts are reluctant to help the FBI in ongoing cybercrime investigations. Seven case studies describe common problems reported, which collectively paint a portrait of a Bureau that is fragmented, out-of-touch, and at times arrogant. Your mileage may vary, of course. http://www.technologyevaluation.com/Research/ResearchHighlights/Security/200 0/08/news_analysis/NA_ST_LPT_08_21_00_1.asp Ananova: Watches Could be the Key to IT Security - A US firm has devised a plan using wristwatches to help in the struggle for PC privacy. http://www.ananova.com/news/story/world_technology-us-pc-world_942524.html InformationWeek: Computer Associates Weighs In On Security Integration - Computer Associates will begin offering a bundled package of its eTrust product line, positioning the company to more effectively compete with rivals Network Associates Inc. and the recently beefed-up Symantec Corp. http://www.informationweek.com/story/IWK20000822S0001 PC World: ZoneAlarm Firewall Spreads to Nets - Zone Labs released on Monday a version of its ZoneAlarm personal firewall for networks in small offices and homes that features more protection against Internet-borne viruses. http://www.pcworld.com/pcwtoday/article/0,1510,18172,00.html TechWeb: McAfee Ships Antivirus Software For Handhelds - McAfee is shipping antivirus software that aims to protect corporate networks from viruses transmitted via handhelds. The software, McAfee VirusScan Handheld, protects the Palm OS, PocketPC, Windows CE and Symbian EPOC mobile platforms http://www.techweb.com/wire/story/TWB20000822S0005 TheRegister: HSBC Online Sets Users Take Blame For Security Issues - HSBC has said that it will review the wording of its terms and conditions for its Internet banking service... Currently the Ts&Cs leave it wide open for HSBC to blame the customer entirely for any problems resulting from breached security. http://www.theregister.co.uk/content/1/12741.html TheAge: Computer Experts Working to Counter Any Olympic Attack - A crack team of computer experts will be working around the clock at next month's Olympics to counter a new type of attack - cyber terrorism. While computer hackers who change finals results and play around with medal winners may not be perceived to be as dangerous as armed terrorists, there is no doubt they could cause havoc and serious embarrassment for games organisers. http://www.theage.com.au/breaking/0008/22/A20499-2000Aug22.shtml Firewalls - Overview - A firewall is generally a separator and protector between one thing and another. Traditionally used in building to help contain fires and prevent their rapid spread, the modern firewall is a computer running software allowing it to filter information passing through. A firewall can work at several layers of the network - at the highest level, application, and at the lowest usually the datalink layer (MAC hardware address). http://www.securityportal.com/topnews/fw20000822.html Preventing Information Loss - Strengthening a Weak Link - So you think your network is secure? You?ve hardened your firewalls and briefed the employees on what is fair use of the computer systems. You patch security holes as quickly as they are found, and you?ve disabled every single service that is not mission critical. Heck, you?ve even switched over to an encrypted file system to prevent valuable data from making it outside the company if a machine is stolen. So why should you worry? http://www.securityportal.com/topnews/infoloss20000822.html Wired: Top Guns Want to Probe Carnivore - An eminent group of security experts has offered to undertake an independent review of the FBI's controversial Carnivore surveillance system http://wired.com/news/politics/0,1283,38329,00.html ComputerWorld: Government Standards Released for Health-Care Data - The new rules would speed electronic claims, while privacy and security claims are still to come http://www.computerworld.com/cwi/story/0,1199,NAV47_STO48802,00.html ZDNet: Simplifying How You Protect e-Mail - Several small firms believe they have created simple, clever alternatives to PKI for securing messages http://www.zdnet.com/zdnn/stories/news/0,4586,2617314,00.html Aug 21, 2000 Kurt Seifried: Response to Fred Moody - I have been misquoted before, but never quite this badly. I am posting this response because I tried to contact Fred Moody several hours ago via email at his Hotmail address, and I have received no response yet. I also filled out a comment on the abcNEWS website, with my email address and phone number, which has yielded no response either. http://www.securityportal.com/topnews/fmoody20000821.html ABC News: Linux Revisited, by Fred Moody - Two weeks ago, I had the temerity to suggest that Linux is overrated. Citing statistics posted on BugTraq, SecurityFocus.com's computer security mailing list which tracks vulnerabilities in operating systems, and relying on the testimony of security experts, I wrote that Linux systems are weaker than the state of the art in operating systems. I also noted that the number of its reported vulnerabilities, when measured against its market share, was, in essence, higher than the number of Windows NT reported vulnerabilities when measured against its market share. http://abcnews.go.com/sections/tech/FredMoody/moody.html FCW.com: Stolen Laptop Sparks Anti-Theft Technology - "There's car security. There's home security. But really nothing has been done with computer security," said Hariprasad, 24, chief executive officer of the company, which was re-named Lucira Technologies Inc. on Aug. 14. "There has never been an elegant, easy-to-use solution." http://www.fcw.com/fcw/articles/2000/0821/web-idg-08-21-00.asp InfoWorld: Internet Security Packaged Unveiled - Computer Associates International Monday released eTrust Internet Defense, an integrated software package designed to protect companies doing business online from attacks and security breaches, a growing problem for IT departments. http://www.infoworld.com/articles/hn/xml/00/08/21/000821hncasecurity.xml TechnologyEvaluation: Study Shows: FBI Alienates Industry Security Experts - Though the FBI thrives on reaping assistance from industry security professionals, many industry security experts are reluctant to help the Federal law enforcement agency when it comes to cybercrime. Though it makes it a lot more difficult for the FBI to track cybercriminals without the help and cooperation of private industry, savvy security experts are not lining up to help. This lack of respect that industry professionals have for the FBI results in cases taking longer to crack, and many going unresolved. It also often leaves the Department of Justice looking like a three-ring circus. http://www.technologyevaluation.com/Research/ResearchHighlights/Security/200 0/08/news_analysis/NA_ST_LPT_08_21_00_1.asp TheRegister: Post Office Ready for Digital Signatures - The Post Office is on the verge of signing a digital signature deal - just one of a slew of Net-based plans it has thrown out recently. The deal will almost certainly be with its partner of old, VeriSign. http://www.theregister.co.uk/content/1/12718.html AP: 'Love Bug' Charges Dismissed - Prosecutors on Monday dismissed all charges filed against a former computer college student accused of having released the ``ILOVEYOU'' computer virus that crippled e-mail systems worldwide. The Department of Justice said the charges filed by investigators either did not apply to computer hacking, or there was insufficient evidence to back them up. http://wire.ap.org/APnews/center_story.html?FRONTID=ASIA&STORYID=APIS76GGK80 0 Reuters: Web Surfers Worry About Privacy, Take Few Steps - U.S. Internet users dislike having their movements tracked when they go online but few currently bother to take steps to protect their privacy, a survey released on Sunday found. http://dailynews.yahoo.com/h/nm/20000820/wr/interprivacy_dc_1.html Interview with Jean Chouanard - Jean Chouanard is the main developer behind the Solaris hardening tool known as YASSP (Yet Another Solaris Security Package). http://securityportal.com/cover/coverstory20000821.html ******* What's New With SecurityPortal ******* Security Techniques and Survivability I've seen a lot of discussion recently of various computer security techniques. It seems everyone has their own favorite solution, which they feel is the correct one, and all other solutions are of course flawed and inferior. But the truth is even simpler: all security techniques are flawed. Read the full story at: http://securityportal.com/closet/closet20000823.html ******* New at SecurityPR.com, a Vendor Press Release Site ******** CyberSafe Introduces ActiveTRUST Web Agent - Standards-based software enables fast, simple and secure access to Web-based applications. http://securityportal.com/pr/pr.20000825110918.html Cylink Corporation to Acquire Celotek Corporation to Expand Its Leadership in ATM Network Security - Cylink today announced a definitive agreement to acquire Celotek Corporation, a privately held developer of high-performance Asynchronous Transfer Mode (ATM) network security appliances used to secure voice, video and data transmissions over high-speed public and private wide area networks. http://securityportal.com/pr/pr.20000823005858.html Celotek Corporation Announes Spin-Off of NetOctave, Inc. - Celotek, a leader in high-performance network security, announced today the spin off of a new company focused on the rapidly growing Internet device market. The company, named NetOctave, Inc., will develop high-performance Internet security solutions targeted at network appliance, switch and server vendors. http://www.celotek.com/Press/r8_22_00.html Enter your own Press Releases directly at SecurityPR.com. http://securitypr.com ******************************************* You may leave the list at any time by sending an email to [EMAIL PROTECTED] with the text "SIGNOFF SECURITYPORTAL-L" in the body of the email. We will miss you! Tell us how we're doing. Send any other questions or comments to [EMAIL PROTECTED] Tony Chapman SecurityPortal -- The Focal Point for Security on the Net [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
