Collusion E-zine - Recent Security NewsBites

- check out the stylin' NEW Collusion haxor gear at Jinx Hackwear!!! -
- sign up on the Collusion Syndicate's infotainment discussion lists!!! -

Volume 10
Apr 2000

HOME

TechKnow
Media Hack
Parallax
Reviews
Fiction
Humor
Events
Offsite

Mission
Responses
Discussion
#Collusion
NEW!

Submit a Story
Collusioneers
© & TM Info
Contact Us

Join the
Collusion
SETI Team!


Recent Security NewsBites
by The SANS NewsBites service
These security news bites were provided by the SANS Weekly News Service. See subscription information at the bottom of the article. SANS Editorial Team: Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray, Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz 20 March 2000 Company Sues Crackers Who Posted Software to Bypass Content Filter A US Federal District Court Judge in Massachusetts has issued a restraining order against two crackers, one Canadian, one Swedish, who stand accused of reverse engineering a content filtering program, developing software to circumvent its security measures, and posting the software on the Internet. The two claim their intent was not so much to circumvent the blocking, but to demonstrate the fact that the filtering software blocks sites outside the expected realm of violence and adult content. http://www.currents.net/newstoday/00/03/20/news1.html http://www.wired.com/news/politics/0,1283,35038,00.html http://www.currents.net/newstoday/00/03/17/news2.html 18 March 2000 WebTV Newsgroup Flooding: Malicious Code or Virus? Microsoft says that malicious code is responsible for overloading WebTV newsgroups with phony postings and asserts it is not a virus. It looks and behaves like a virus, however, self-replicating by altering signatures on Usenet messages and cross-posts, flooding newsgroups with messages. http://www.wired.com/news/technology/0,1282,35045,00.html 17 March 2000 Disgruntled Programmer Arrested for Wall Street DoS Attack An employee at an online securities trading company has been arrested in connection with a denial of service attack on that company's computer system. The origins of the attack were traced to machines at a copy store in Manhattan and at Queens College in Flushing, NY, where witnesses verified the man had been working on the computer. http://www.computerworld.com/home/print.nsf/all/000317C9F6 http://dailynews.yahoo.com/htx/ao/20000316/cr/20000316002.html http://news.cnet.com/category/0-1007-200-1573627.html 17 March 2000 Brazilian Site Attacked Crackers attacked the web site of Brazil's telecommunications regulatory agency and shut it down for almost six hours. The traffic emanated from the US and Canada. Meanwhile NASA Jet Propulsion Lab removed a network block of Brazil from its web site. http://www.cnn.com/2000/TECH/computing/03/17/brazil.nasa.hackers/index.html http://www.currents.net/newstoday/00/03/18/news1.html 16 March 2000 NASA's Jet Propulsion Lab Sites Attacked NASA's Jet Propulsion Lab was the target of computer attacks seemingly originating from Brazil; the Lab, as a precautionary measure, blocked Brazil from site access. http://www.currents.net/newstoday/00/03/16/news3.html 17 March 2000 Credit Card Numbers Stolen, Hidden on Government Web Site A foreign cracker stole over 485,000 credit card numbers and saved them on a US government agency's web site, according to law enforcement officials. The theft of the numbers occurred more than a year ago. http://www.computerworld.com/home/print.nsf/all/000317CA1A http://www.msnbc.com/news/382561.asp 17 March 2000 EU to Probe Echelon The European Parliament will announce plans to establish a special inquiry committee to look into allegations that the United States uses Echelon, a covert electronic surveillance system, for industrial espionage. http://www.wired.com/news/politics/0,1283,35048,00.html 16 March 2000 FBI Suffers Denial of Service Attack The FBI's web site was attacked and brought down for most of a day last week. A spokesperson said that the computers were not broken into, just overwhelmed with traffic. The attack comes just after the unveiling of the Justice Department's cybercrime web site (see story). http://abcnews.go.com/sections/tech/DailyNews/webattack000316.html 16 March 2000 Microsoft Outlook/Melting.worm The Melting Worm spreads through Microsoft Outlook running on Windows. It puts itself in a directory and replaces files' .exe extensions with .bin extensions. These changes could make the operating system unstable. The worm also propagates by sending itself to every address in the infected machine's Outlook address book, and it randomly executes .exe files. http://www.computerworld.com/home/print.nsf/all/000316C9CA 16 March 2000 GSA and Vendors Discuss FIDNet The General Services Administration (GSA) met with vendors last week to describe what it needs to implement the Federal Intrusion Detection Network (FIDNet). http://www.fcw.com/fcw/articles/2000/0313/web-fidnet-03-16-00.asp 16 March 2000 Amazon.com Outage Amazon.com suffered a brief outage last week; the site was entirely inaccessible. http://news.cnet.com/category/0-1007-200-1574930.html 16 March 2000 DOE Nuclear Lab Security Focus of Proposed Legislation Proposed legislation would increase the frequency of information security systems inspections at the Department of Energy's nuclear weapons laboratories. http://www.fcw.com/fcw/articles/2000/0313/web-doe-03-16-00.asp 16 March 2000 Ethics and the Internet The movement to teach Internet ethics to students, especially young students, is gaining momentum. The Justice Department will this year put $300,000 toward developing curricula, identifying good programs, and promote the agenda of computer ethics. http://www.usatoday.com/usatonline/20000316/2037341s.htm 16 March 2000 Crackers Threaten Army's Web Site Notes in source material comment tags suggest that a hacker group responsible for taking down the New York Times' web site in 1998 is targeting the US Army's web site. The Army has recently taken steps to improve information systems security: new software scripts, web cache proxy servers which divert surfers from primary servers, and a protected domain name system architecture. The absence of pertinent international laws regarding Internet behavior makes prosecution of those outside the US difficult. http://www.fcw.com/fcw/articles/2000/0313/web-armyhac-03-15-00.asp 15 March 2000 DOJ Cybercrime Site The US Department of Justice (DOJ) has created a cybercrime web site that includes DOJ reports, information on encryption, and descriptions of computer crime and how to report it. The USA Today article lists all twelve sections and their URLs. http://www.thestandard.com/article/display/0,1151,12912,00.html http://www.usatoday.com/life/cyber/tech/cth546.htm http://www.cybercrime.gov 15 March 2000 Canadian Government and Military Targets of Computer Attacks A study by security experts says Canadian government and military sites were attacked more than 500 times in two months. Despite the fact that none of the attacks was "successful", the government and military need to be vigilant. The study recommends implementing more intrusion detection systems, and establishing a government attack reporting and response center. http://www.theglobeandmail.com/gam/National/20000315/UHACKN.html 15 March 2000 US and EU Data Privacy Agreement The United States and the European Union (EU) have reached an agreement regarding data privacy which some say protects Europeans' privacy more than Americans'. Other critics point out that any legal action will be brought to court in the plaintiff's home country, and European privacy laws are much stricter than those in the US. http://www.computerworld.com/home/print.nsf/all/000315C966 http://www.usatoday.com/life/cyber/tech/cth552.htm 15 March 2000 Industry Needs to Address Privacy and Security At the Global Internet Summit in Washington, D.C., the Federal Trade Commissioner said the technology industry needs to get serious about data privacy or the government will step in with regulations. The director of the FBI's National Infrastructure Protection Center (NIPC), said the tech industry also needs to take responsibility for systems security. http://dailynews.yahoo.com/htx/zd/20000315/tc/20000315792.html 15 March 2000 Stronger Canadian Privacy Proposed A Canadian senator says pending privacy legislation does not go far enough in recognizing privacy as "a basic human right" and proposes prohibiting the collection and sharing of personal data without explicit approval as well as protecting people from surveillance. http://www.wired.com/news/politics/0,1283,34949,00.html 15 March 2000 Secure Payment Methods The recent rash of Internet credit card theft could hasten the advent of smart cards and other methods of securing transactions. http://www.msnbc.com/news/382141.asp?0m=N11N 15 March 2000 Windows NT Vulnerability Patched A security hole allows any Windows NT users to force any application to run at any time. Microsoft posted a patch for the vulnerability on March 10th. http://www.msnbc.com/news/382794.asp?0m=V17M For a free subscription to the SANS NewsBites service, send email to sans@sans.org with the subject: Subscribe NewsBites or visit http://www.sans.org/sansnews to subscribe instantly to any of several newsletters.