(03/09/00, 12:33 p.m. ET)
By Reuters
WASHINGTON, D.C. -- A top cyber security expert blasted
software developers Thursday for marketing flawed products
that he said boosted the Internet's vulnerability to high-tech
hacker attacks.
"There is little evidence of improvement in the security features
of most products," said Rich Pethia, director of a federally funded
computer emergency response operation at Carnegie Mellon
University in Pittsburgh. "Developers are not devoting sufficient
effort to apply lessons learned about the sources of vulnerabilities."
Pethia made his comments to a congressional panel looking into
the denial of service attacks that disrupted access to popular
websites last month for a few hours at a time.
He said his organization, which responded to more than 8,000
computer security incidents last year, up from 132 in its first full
year of operation 10 years earlier, had found the same types of
security defects in newer versions of products as in earlier ones.
FULL STORY:
http://www.techweb.com/wire/story/reuters/REU20000309S0005
*********************************************************************
*********************************************************************
*********************************************************************
Chinese web site hit by hacker
By James Kynge in Beijing - 10 Mar 2000 15:08GMT
A computer hacker has inflicted China's first serious attack on
a domestic website, in a development that is expected to fuel the
debate on internet security and regulation.
Chen Yongjian, chief executive of IT163.com, a large e-commerce
website that sells goods from 50 of China's top stores, said his
website had been inoperable since Thursday morning.
"It is just like the recent hack attack that shut down Amazon.com
and the other US sites. He bombarded the site with so many
messages, the system could not cope," said Mr Chen.
"The police have launched an investigation. They have found his
IP (internet protocol) address but he seems to have been using
some public computers and so it may not be easy to catch him,"
he added.
FULL STORY:
http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT32PMMUN5C
&li
ve=true&tagid=ZZZC00L1B0C&subheading=information%20technology
*********************************************************************
*********************************************************************
*********************************************************************
Credit-card numbers stolen via known security hole
By Ann Harrison
03/10/2000
A 2-year-old security hole in Microsoft Corp.'s Internet
Information Server (IIS) software let a computer cracker download
thousands of credit-card numbers from e-commerce sites recently
and post them on the Internet.
A patch for that hole has been available for 18 months. But
webmasters at small companies say they don't have the resources
to keep up with all of the patches needed to keep out malicious
hackers, also known as crackers.
FULL STORY:
http://www.idg.net/servlet/ContentServlet?global_doc_id=148407&page_id=7
12&
content_source_id=5&return_spot=ts2&logger_loc=front_pages%2Fenglish
*********************************************************************
*********************************************************************
*********************************************************************
French Banks Hacked
By Sylvia Dennis, Newsbytes
March 11, 2000
An unknown hacker or group of hackers caused havoc in French
banking circles late this week after the 96-digit encryption algorithm
underlying the Cartes Bancaires system was posted on the Internet.
Some sources suggest that the code was posted to several
Usenet group conferences, with widespread pickups by the
media and other interested parties in France.
Cartes Bancaires (CB) has assured its customers - which include
the majority of banks and their smart card bank card users in
France - that the system is still safe.
However, Newsbytes' sources suggest otherwise. The release of
the encryption code effectively allows fraudsters to create dummy
smart card bank cards that contain account details that match the
checksum system applied to the interbank card system.
FULL STORY:
http://www.currents.net/newstoday/00/03/11/news4.html
*********************************************************************
*********************************************************************
*********************************************************************
For the Internet age, China builds 'Great Firewall'
Censors block 'politically sensitive' Web sites: No New York Times, but
porn is deemed okay
MIRO CERNETIG
China Bureau
Saturday, March 11, 2000
Beijing -- Two thousand years ago, China's emperors built the
Great Wall to keep out unwanted influences. In the age of the
Internet, however, the Communists are constructing a different
barrier: the Great Firewall, a top-secret censorship system that
is an attempt to control what 1.3 billion people do in cyberspace.
China's nine million wangren (net citizens) run into it every time
they log onto Chinanet, the state-controlled Internet service provider
that is the country's main portal to the digital universe.
The Great Firewall -- which gets its name from the computer
firewalls that close off Web sites -- blocks entry into the home
pages of The International Herald Tribune and The New York
Times, of falun gong, the sect deemed a criminal cult by Beijing,
and of hundreds of other "politically sensitive" sites.
"Your computer just freezes," said Ricky Chu, who tried to pull
up the Times home page while surfing in one of Beijing's Internet
caf�s. "As soon as you are downloading something politically
forbidden, the Great Firewall comes and cuts the flow of data."
FULL STORY:
http://www.globeandmail.com/gam/International/20000311/UCHINN.html
*********************************************************************
*********************************************************************
*********************************************************************
Historic Online Primary in Ariz.
March 13, 2000
ASSOCIATED PRESS
PHOENIX (AP) -- Thousands of voters in Arizona's Democratic
presidential primary showed the world Internet voting can work
on a small scale. Now, the question is whether much bigger
groups can join in.
One way or the other, critics and supporters agree that eventually,
most Americans will have the option of voting for their leaders by
clicking a computer mouse.
"We opened up the gates today to people who might not otherwise
have voted," state Rep. Leah Landrum said after Internet voting
ended Saturday. "This is something I know is going to stick around."
Vice President Al Gore defeated former New Jersey Sen. Bill Bradley
by a nearly 4-to-1 margin in the Arizona Democratic primary, the
nation's first binding election for public office using the Internet.
FULL STORY:
http://www.lasvegassun.com/sunbin/stories/tech/2000/mar/13/031300236.htm
l
*********************************************************************
*********************************************************************
*********************************************************************
Former CIA Director Says US Economic Spying Targets "European Bribery"
Duncan Campbell 12.03.2000
"We have spied on that in the past. I hope ... that the United States
government continues to spy on bribery."
Former United States Central Intelligence Agency director James
Woolsey confirmed in Washington this week that the US steals
economic secrets "with espionage, with communications [intelligence],
with reconnaissance satellites", and that there was now "some increased
emphasis" on economic intelligence.
He claimed that economic spying was justified because European
companies had a "national culture" of bribery and were the "principle
offenders from the point of view of paying bribes in major international
contracts in the world".
Responding to the European Parliament report on interception
capabilities and the Echelon satellite surveillance system, Woolsey
said that the "Interception Capabilities 2000" report which had been
presented to the parliament's Citizens' Rights Committee on 23
February, was "intellectually honest". In two cases cited in the report,
"the fact [is] that the subject of American intelligence collection was
bribery."
FULL STORY:
http://www.heise.de/tp/deutsch/special/ech/6662/1.html
*********************************************************************
*********************************************************************
*********************************************************************
"Hactivists" plan DDoS Web attack
By Bob Sullivan
MSNBC
March 9 Borrowing a page from the headline-grabbing Web
attacks last month, a group of Internet activists is set to release
its own software tool designed to cripple Web sites. The distributed
denial of service attack tool to be released by the "Electrohippies"
group will allow thousands of protesters to aim their computers at
a single Web site, effectively jamming a company's Internet presence.
But the attacks will be fundamentally different from last month's
crippling of Yahoo, eBay and other major sites. The victims will be
warned before the attacks, according to the tool?s authors.
FULL STORY:
http://www.msnbc.com/news/380065.asp?cp1=1#BODY
*********************************************************************
*********************************************************************
*********************************************************************
Cyber Patrol Censorware Reverse Engineered
Posted By [EMAIL PROTECTED]
===========
March 11, 2000 - ANNOUNCEMENT
Cyber Patrol(R) 4, a "censorware" product intended to prevent users
from accessing undesirable Internet content, has been reverse engineered
by youth rights activists Eddy L O Jansson and Matthew Skala. A
detailed report of their findings, titled "The Breaking of Cyber Patrol
(R) 4", with commentary on the reverse engineering process and
cryptographic attacks against the product's authentication system, has
been posted on the World Wide Web at this address:
http://hem.passagen.se/eddy1/reveng/cp4/cp4break.html
===========
*********************************************************************
*********************************************************************
*********************************************************************
(The Associated Press, 14 March) Singapore's military will step up
efforts to deal with new, 21st-century threats such as "cyber-attacks."
According to Defense Minister Tony Tan, "the wealthy city-state's armed
forces and government will "enhance Singapore's capabilities to deal
with a range of non-conventional threats, such as terrorism, piracy and
cyber-attacks." "Both our security and economic well-being will become
even more susceptible to any instability in our environment," Tan added.
(Newsbytes, 14 March) As a part of its continuing effort to combat the
rising tide of Internet attacks, the U.S. Justice Department today
rolled out a new Website designed to serve as a
clearinghouse of cybercrime information and resources. Located at
http://www.cybercrime.gov, the new Computer Crime and Intellectual
Property Section (CCIPS) Web site contains links to a number of
cybercrime documents and sites and includes a list of phone numbers for
whistle-blowers to use in reporting online attacks. "The main thing is
we want the information to be easily accessible to the public," CCIPS
attorney David Goldstone said.
(The Associated Press, 14 March) The Alabama Legislature's web site was
temporarily shut down Friday night by an apparent hacker who left a
calling card saying the "Fox" did it. The web site provides information
about legislators, the status of bills, state laws, and numerous other
reference points. Assistant House Clerk Don Ladner said the web site
was revived and was operating normally on Monday.
(Newsbytes, 13 March) The distributed denial-of-service mystery is
starting to unravel. A German university found an agent for the Tribal
Flood Network hacking tool on one of its servers and quickly took the
server offline, according to a company that is providing a free scanning
service. Separately, the University of California at Santa Barbara has
also reported that it found hacking software installed on one of its
servers. MyCIO.com, is a new online business unit of security giant
Network Associates Inc. NETA-news is providing a free service that
allows companies to scan their own networks for the agents that are
necessary to run a DDoS attack. The
service, called Zombie Scan, can be found at www.mycio.com. About 2,5000
companies and Universities have used it so far, said Zach Nelson,
president and CEO of MyCIO.com.
(AAP, 13 March) Australia faces more power blackouts over the next few
months because of increased solar activity and storms. Adelaide
University physicist Roger Clay said the sun was
entering its most active phase, called "solar maximum," in which it sent
out bursts of high-energy particles called coronal mass ejections at
speeds of up to 500km per second. The solar storms could overload power
lines and trip them and then we don't have power for a period of time.
The most recent solar occurred on 18 February with no major disruptions
to satellites or power systems reported.
(Newsbytes, 13 March) Russian IT security firm Kaspersky Lab has issued
a warning over a new type of worm called I-Worm.melting. As the name
implies, the worm carries a screen saver that "melts" the PC's screen
image, but the bad news is that it also locks up the user's machine. The
anti-virus company said that the worm has been reported "in-the-wild" by
its customers in Eastern Europe. The advisory said that I-Worm.melting
is a worm-style virus spreading via the Internet. The worm itself is
Win32 executable file about 18 kilobytes in length, written in
VisualBasic, and is transferred via the Internet in e-mail messages with
an infected attached file with the "MeltingScreen.exe" name.
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read
easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
