(Dallas Morning News, 29 March) American businesses are struggling to fill security positions because few IT workers have the skills needed to keep Web sites safe, experts say. Only a handful of universities offer courses or programs in the field. Many people who work in Internet security come from the military or other federal agencies that police cyberspace. Others have learned what they know on the job. And some companies hire "white-hat" hackers who break into systems not to do harm, but to reveal security vulnerabilities. Experts expect more people to enter the field this year, partly because security professionals' salaries are soaring. Many corporations are trying to retrain employees to learn security skills, and recruiting these professionals from the outside will remain hard and costly. (Hacker News Network, 29 March) "@tlana.com," a computer enthusiasts convention (also termed a "hacking/phreaking convention" by Hacker News), is being hosted by the South Eastern 2600 groups in Atlanta, Georgia. It will be held this Friday, Saturday, and Sunday at The Ramada Inn and Conference Center in Midtown Atlanta. It is described at its Web site as a place to learn more about alternative operating systems, a chance to show the public what true hacking is all about, and a place for recruiters and future employees to network. Additional information can be found at <www.atlantacon.org>. (Newsbytes, 29 March) With virtually every major federal agency receiving failing grades on computer security, the GAO on Wednesday became the latest voice calling for a single federal chief information officer (CIO) to oversee the maintenance of federal Web sites and computer networks. The GAO believes that other aspects of government computer systems - including general architecture concerns and information technology investment management - play just as important a role in ensuring network security. According to GAO, at present, no one is accountable for this, and it's not believed that repair of this computer security crisis will be seen until that occurs. (Wired News/ABC News, 29 March) According to multiple media sources, a 19-year-old Houston cracker has agreed to plead guilty to one count of conspiracy for teleconferencing fraud and computer cracking in one of the government's most notorious cyber crime cases, court documents show. Patrick W. Gregory, better known in Internet circles by his alias, MostHateD, is expected to plead guilty sometime next week in U.S. District Court for the Northern District of Texas for his role as a founding member of a hacking ring called globalHell. globalHell is said to have caused at least $1.5 million in damages to various U.S. corporations and government entities, including the White House and the U.S. Army. (FBIS, 29 March) South Korea supreme public prosecutor's office said Wednesday that it has launched an advisory committee to investigate cyber crimes. Commissioning 13 computer experts including Charles Ahn of Dr. Ahn's anti- virus laboratories as advisors, prosecutor General Park Soon-Yong stressed the importance of operation between prosecutors and experts. "Cooperation is important in preventing the growing number of cyber crimes that is causing disturbances in the intellectual and information society," Park said. The committee will provide consulting in mapping out policies related to training computer investigation officials and development of investigation methods, and strengthen cooperation among scholars, computer industry people and related agencies officials. (The Register UK, 30 March) London police are warning banks to look out for cyber terrorist when recruiting staff. Anarchist sympathizers may try to infiltrate companies and sabotage computer systems to help the anti-City protests expected in May, a senior crime prevention officer said. Job applicants who support aims of anarchist umbrella group People's Global Action might help demonstrators enter company building during the forthcoming Stop the City protests. Alternatively, they could insert viruses in computer files or leak passwords to let hackers penetrate computer systems. (Newsbytes, 31 March) F-Secure has issued a warning to its customers about two new wide spread worms, Irok and Kak, that could pose a danger to PC users around the world. The IT security firm said that the two new e-mail worms are currently spreading rapidly in several locations around the world. The Irok and Kak worms are problematic in that they spread via e-mail as electronic chain letters, much like the infamous Melissa virus did exactly a year ago. The worms operate in very different ways, F-Secure said, but both spread via Microsoft Outlook e-mail. The biggest difference to the end user, the firm said, is that Irok arrives in an attachment called IROK.EXE, while Kak arrives in a normal e-mail that apparently has no attachment at all. (Newsbytes, 31 March) A leading privacy advocate attacked the proposed plan of the Securities and Exchange Commission (SEC) to create an automated surveillance system to search Web sites and message boards for investment fraud. The plan announced by the SEC would involve the government agency scanning the Internet for content containing certain "red-flagged" key works or phrases. If found, members of the SEC's newly expanded "Cyberforce" would actually read the content to see if it contained, or led to, evidence of a violation of federal securities law. The technology that the SEC proposes to use is not new. It has been used for years by various clandestine agencies, such as the NSA to monitor international telephone, fax, and data traffic. However, it appears that the proposed use by the SEC of monitoring technology would be the first openly acknowledged use of surveillance directed against American citizens conduct occurring in this country. (FBIS, 30 March) A survey conducted by the Organizers of a Congress of Computer Hackers, which ended yesterday, revealed that 28 percent of Israeli Internet sites are vulnerable to hacking. The survey was carried out over all Israeli Internet addresses, including businesses, Internet providers, universities and others. Testers attempted to penetrate 25,560 Israeli sites, of which 7,519 sites were found to be vulnerable. IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
