|
[networknewsletters]
||
[Date Prev]
[03-2005 Date Index]
[Date Next]
||
[Thread Prev]
[03-2005 Thread Index]
[Thread Next]
[Security-News] March 21, 2005 update
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 22 Mar 2005 14:43:28 -0500
**************************************************************
-- Educational CyberPlayGround Community
http://www.edu-cyberpg.com/
-- Network Newsletters Mailing List ©1994
-- Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
-- Advertise on Network Newsletters Mailing List
http://www.edu-cyberpg.com/Community/Subguidelines.html
-- Mailing Lists
http://www.edu-cyberpg.com/Community/
**************************************************************
SECURITY IN THE NEWS
updated on March 21, 2005
This report is available on the web at
http://www.thei3p.org/news/today.html
and as an RSS feed at
http://www.thei3p.org/news/today.xml
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Florida cops share data:
Federal Computer Week, 2005-03-18
Vulnerability report on 2008 track:
Federal Computer Week, 2005-03-18
DRM Stripped From iTunes Downloads:
ExtremeTech, 2005-03-18
CYBERCRIME-HACKING
Mac OS X faces hacker threats: Symantec:
ZDNet Australia, 2005-03-21
International Student Files: UNLV server accessed:
Las Vegas Review-Journal, 2005-03-19
Southfield teenager accused in computer attacks:
Oakland Press, 2005-03-19
Hackers target browsers to dodge firewalls:
vnunet.com, 2005-03-21
Britain tops zombie PC charts:
The Register, 2005-03-21
POLITICS-LEGISLATION
ID scheme will be a costly, dangerous failure, says LSE report:
The Register, 2005-03-21
Bank Regulator Says Banks Must Warn of ID Theft:
C-Net (Reuters), 2005-03-18
ID scheme will be a costly, dangerous failure, says LSE report:
The Register, 2005-03-21
TECHNOLOGY
Advisory panel recommends more federal R&D spending:
Government Computer News, 2005-03-18
VULNERABILITIES & EXPLOITS
Hi-tech fax machines an overlooked security risk:
Canoe News, 2005-03-21
BEST PRACTICES & RISK MANAGEMENT
Audit: State voter system left information vulnerable:
Detroit Free Press, 2005-03-18
CIVIL & CONSUMER ISSUES
BitTorrent hubs close after ISP raid:
ZDNet Australia, 2005-03-18
U.K. man threatened with BitTorrent lawsuit:
C-Net News, 2005-03-18
Piracy Row Widens After Swedish Internet Firm Raid:
C-Net (Reuters), 2005-03-18
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Title: Florida cops share data
Source: Federal Computer Week
Date Written: 2005-03-18
Date Collected: 2005-03-21
Florida law enforcement agencies are seeking federal funding for
the Florida Integrated Network for Data Exchange and Retrieval
(FINDER) project to enable information sharing among all 355
agencies. FINDER began in August 2002, and currently has 23
participating agencies with another 22 ready to join. Without
FINDER, investigators must make numerous phone calls to various
agencies to track down details about a suspect. FINDER will allow
agencies to query every police database connected to the system,
potentially saving an estimated $10 million a year. FINDER is
built on Microsoft .Net and SQL server technology using the
Global Justice XML Data Model. FINDER will eventually fund itself
with service fees charged to participating agencies, but in the
meantime will need a federal grant to get started. If FINDER is
successful, it could be used as a model for similar networks in
other states.
http://www.fcw.com/article88341-03-18-05-Web
Title: Vulnerability report on 2008 track
Source: Federal Computer Week
Date Written: 2005-03-18
Date Collected: 2005-03-21
The Department of Homeland Security (DHS) plans to have a
comprehensive assessment of national vulnerabilities and
preparedness by 2008. DHS will release the National Preparedness
Goal and National Preparedness Guidance for state and local
agencies, allocating resources for protecting critical
infrastructures in line with national strategies, as well as
identifying gaps in preparedness and closing them. Such efforts
are coordinated by the Office of State and Local Government
Coordination and Preparedness, responsible for implementing
Homeland Security Presidential Directive 8. Over 5,000
organizations have participated in setting standards for
emergency preparedness and response. So far, DHS has disbursed
$13 billion to local governments.
http://www.fcw.com/article88346-03-18-05-Web
Title: DRM Stripped From iTunes Downloads
Source: ExtremeTech
Date Written: 2005-03-18
Date Collected: 2005-03-21
Jon Johansen has developed a program that strips Digital Rights
Management (DRM) restrictions from iTMS, the software used to
protect Apple's iTunes. The PyMusique utility is available in
Windows and Linux versions, however the software's legal status
is dubious. The software appears to violate Apple's terms of
service, which requires users to access the iTMS code only
through approved Apple software, and prevents iTunes from
applying DRM to music downloaded from Apple's music store, which
would allow it to be freely distributed. The Windows version of
PyMusique requires the Gtk+/Win32 runtime environment, and the
Linux version relies on several Python-specific dependencies.
http://www.extremetech.com/article2/0,1558,1777331,00.asp
CYBERCRIME-HACKING
Title: Mac OS X faces hacker threats: Symantec
Source: ZDNet Australia
Date Written: 2005-03-21
Date Collected: 2005-03-21
In its Internet Security Threat Report, Symantec warns that as
Apple's Mac OS X user base grows, it is attracting more attention
from malicious hackers. Security researchers have discovered 37
flaws in Mac OS X, and the Opener rootkit discovered in October
2004 shows that black-hats are turning their attention to Apple
products. According to James Turner, security analyst at Frost &
Sullivan Australia, Apple users often buy products for looks
rather than function and are not aware of security. Trend Micro's
Adam Biviano says that while few Mac viruses have been found in
the wild, they do exist as proofs-of-concept. The symantec report
also found that viruses are increasingly targeting confidential
information while phishing attacks have jumped 366%.
http://www.zdnet.com.au/news/security/0,2000061744,39185387,00.htm
Title: International Student Files: UNLV server accessed
Source: Las Vegas Review-Journal
Date Written: 2005-03-19
Date Collected: 2005-03-21
University of Nevada, Las Vegas (UNLV) officials announced March
18, 2005 that a hacker had invaded a UNLV server containing
information on thousands of foreign students. UNLV's computer
analysts were conducting routine network activity checks when
they discovered a hacker accessing the Student and Exchange
Visitor Information System (SEVIS), and took the server off-line.
University officials said the hacker could have accessed
information on up to 5,000 former and current international
students, though UNLV information security officer Johnie
Sullivan said it is unknown which information was accessed.
http://www.reviewjournal.com/lvrj_home/2005/Mar-19-Sat-2005/news/26110200.html
Title: Southfield teenager accused in computer attacks
Source: Oakland Press
Date Written: 2005-03-19
Date Collected: 2005-03-21
Jason Saleh Arbo, 18, was arrested March 18, 2005 for allegedly
directing computer attacks against the websites of his online
sportswear business's competitors. Mr. Arbo was arrested in
Detroit and charged with conspiring to transmit a program to
damage a computer, according to federal prosecutors. Federal
Bureau of Investigation Agent Tim Nestor estimated the damage of
the attacks on about 100 websites at $2.5 million, including lost
business and repairs. A 17-year-old boy from New Jersey who
allegedly executed the attacks was arrested and charged with one
count of computer theft by denial of service. The two met online
in June 2004 in a chat room, and Mr. Arabo paid the teen high-end
sportswear and a watch to execute attacks between July and
December 2004. Mr. Arabo faces up to five year in prison and a
fine of up to twice the loss to victims, and the teen may face
prison time, depending on how his case is prosecuted.
http://www.theoaklandpress.com/stories/031905/loc_20050319015.shtml
Title: Hackers target browsers to dodge firewalls
Source: vnunet.com
Date Written: 2005-03-21
Date Collected: 2005-03-21
According to security firm Symantec's six-month Internet Security
Threat Report, hackers are increasingly exploiting browser
vulnerabilities rather than attempting to get through firewalls
and other network protections. The report, which covers July to
December 2004, found that nearly one-half of vulnerabilities
reported by Symantec focused on web applications, up from one-
third the previous year. Symantec director of security services
Olaf Linder said browser-based attacks allow attackers to get
straight to where people input their data, and that firewalls
will not stop individual machines from being compromised.
Information remains the key target for attacks, as more than half
of the malicious code detected in 2004 was designed to capture
personal data.
http://www.vnunet.com/news/1162073
Title: Britain tops zombie PC charts
Source: The Register
Date Written: 2005-03-21
Date Collected: 2005-03-21
According to the latest Symantec Internet Security Threat Report,
covering July to December 2004, Britain has the largest zombie PC
population of any country. 25.2% of all bots are in the UK, with
the US and China in second and third place with 24.6% and 7.8%
respectively. Bots are compromised of computers that are infected
with worms or Trojans, and often used by hackers to execute denial-of-
service (DoS) attacks or to spread spam and malware. Symantec's
research indicates that the number of bot-infected computers fell
from more than 30,000 per day in July to an average of less than
5,000 per day in December.
http://www.theregister.co.uk/2005/03/21/botnet_charts/
POLITICS-LEGISLATION
Title: ID scheme will be a costly, dangerous failure, says LSE report
Source: The Register
Date Written: 2005-03-21
Date Collected: 2005-03-21
http://www.theregister.co.uk/2005/03/21/lse_idcard_report/
Title: Bank Regulator Says Banks Must Warn of ID Theft
Source: C-Net (Reuters)
Date Written: 2005-03-18
Date Collected: 2005-03-21
The US Federal Deposit Insurance Corporation (FDIC) board of
directors has voted five to zero to require banks to notify
customers of suspected identity theft. Banks would have to notify
customers after discovering that sensitive information may have
been illegally accessed and after a reasonable investigation to
determine whether information was misused or could be misused.
Sensitive information includes a customer's name, address, phone
number, Social Security number, driver's license numbers, account
or credit card or debit numbers, and passwords. Bank
notifications must contain details of the security incident,
describe measures taken to protect customers, and provide phone
numbers customers can call for more information. The Federal
Trade Commission estimates that consumers lost $5 billion to
identity theft in 2004.
http://www.reuters.com/newsArticle.jhtml?storyID=7948563
Title: ID scheme will be a costly, dangerous failure, says LSE report
Source: The Register
Date Written: 2005-03-21
Date Collected: 2005-03-21
The London School of Economics' Department of Information Systems
has released a report describing the United Kingdom's Identity
Cards Bill as "too complex, technically unsafe, overly
prescriptive" and finding no foundation of public trust and
confidence in the system. The report finds the necessary
technology immature and unreliable. While the report finds that a
national identity card could offer limited benefits, other means
would be better suited for achieving the bill's stated goals of
combatting identity theft and terrorism. The report also finds
that the program's cost will likely be higher than the Home
Office estimates. The report calls the British plan "a potential
danger to the public interest and to the legal rights of
individuals", and recommends a more citizen-centric approach,
similar to France's e-government initiative.
http://www.theregister.co.uk/2005/03/21/lse_idcard_report/
TECHNOLOGY
Title: Advisory panel recommends more federal R&D spending
Source: Government Computer News
Date Written: 2005-03-18
Date Collected: 2005-03-21
The Presidential Information Technology Advisory Committee
(PITAC) has released a report, titled "Cyber Security: A Crisis
in Prioritization", advising the Bush administration to increase
spending on long-term civilian cyber security research. Current
vulnerabilities in critical infrastructures should be addressed
through new architecture and technologies. However, federal
research funding for cyber security has mostly gone to short-term
military and intelligence projects. Such projects are often
classified, and thus not transferable to the general public.
PITAC has recommended expanding the National Science Foundation's
(NSF) $30 million budget for the Cyber Trust program to $90
million. However, Congress only approved $5.74 billion for NSF in
2005, $60 million less than 2004 and $227 million less than
President Bush's request. The PITAC report identifies ten areas
for long-term research, including protected network protocols,
authentication methodology, cyber forensics, and security-
conscious software engineering.
http://www.gcn.com/vol1_no1/daily-updates/35311-1.html
VULNERABILITIES & EXPLOITS
Title: Hi-tech fax machines an overlooked security risk
Source: Canoe News
Date Written: 2005-03-21
Date Collected: 2005-03-21
Research manager of the Alberta Office of Information and Privacy
Tim Chander says high-tech fax machines and photocopiers can pose
security risks. Such office equipment now are computers with hard
drives and are often connected to the internet, and Mr. Chander
says most businesses, government offices, and health authorities
lease their office equipment without considering the security
ramifications. When leases run out, information still stored on
the machines leaves the office, and the machines are often
outside of company firewalls, leaving them vulnerable to viruses
and hacking attacks.
http://cnews.canoe.ca/CNEWS/TechNews/BizTech/2005/03/21/968041.html
BEST PRACTICES & RISK MANAGEMENT
Title: Audit: State voter system left information vulnerable
Source: Detroit Free Press
Date Written: 2005-03-18
Date Collected: 2005-03-21
Michigan state auditors have released a report finding inadequate
protection on state databases of driver's licenses and voter
registrations. The relevant state agencies agree with that
assessment, but say they have no evidence that the databases have
ever been compromised. The Digital Driver's License System holds
information from 7.2 million licenses and 1 million identity
cards, while the Qualified Voter File holds 6.8 million names and
addresses. The report found "significant vulnerabilities" that
could prevent agencies from "preventing or detecting unauthorized
access." A spokesperson for the Michigan Secretary of State says
most of the security concerns in the report have already been
addressed; for example, the Qualified Voter Files is not
available online.
http://www.freep.com/news/statewire/sw113179_20050318.htm
CIVIL & CONSUMER ISSUES
Title: BitTorrent hubs close after ISP raid
Source: ZDNet Australia
Date Written: 2005-03-18
Date Collected: 2005-03-21
The Australian Music Industry Piracy Investigations (MIPI)
general manager Michael Speck says 50 file-sharing hubs in
Australia were closed the week of March 18, 2005, following the
MIPI's raid on internet service provider Swiftel Communications.
Mr. Speck said 50 of the 63 websites that fell within the MIPI's
investigative threshold had closed, and that there was also a
noticeable decline in the number of users accessing the illegal
hubs. The MIPI expects more closures, and the 13 remaining hubs
have been warned to comply with copyright legislation or risk
court action.
http://www.zdnet.com.au/news/business/0,39023166,39185110,00.htm
Title: U.K. man threatened with BitTorrent lawsuit
Source: C-Net News
Date Written: 2005-03-18
Date Collected: 2005-03-21
Kevin Reid, a British man who runs bds-palace.co.uk, has been
sued for copyright infringement by Paramount Pictures, Twentieth
Century Fox, Universal City Studios and Warner Bros for allegedly
supporting the peer-to-peer (P2P) application BitTorrent in the
past. Though he has yet to be formally named as defendant, Mr.
Reid has been served with legal papers asking him to reach a
settlement. David Harris, an IT and intellectual property lawyer
at UKITLaw.com, representing Mr. Reid, said the lawsuit is
baseless, cynical, and premature. Mr. Harris said that while some
visitors of Mr. Reid's website may have engaged in copyright
infringement, Mr. Reid had no role in it, as the website merely
provided a forum for discussion. He added that Mr. Reid removed
BitTorrent as soon as he became aware of illegal fire copying.
http://news.com.com/U.K.+man+threatened+with+BitTorrent+lawsuit/2100-1032_3-5626029.html
Title: Piracy Row Widens After Swedish Internet Firm Raid
Source: C-Net (Reuters)
Date Written: 2005-03-18
Date Collected: 2005-03-21
After Swedish law enforcement raided the offices of internet
service provider Bahnhof in an anti-piracy investigation, the
government's Data Inspection Office launched an investigation on
whether seizure of suspects' IP (internet protocol) addresses
violates confidentiality rules. The raid has also attracted
criticism from Sweden's technology industry. Jonas Birgersson,
founder of Labs2, alluded to George Orwell's book, "1984", and
argued that users would pay if the entertainment industry offered
content for download at affordable prices. In Sweden it is legal
to download music and film, but illegal to post it online without
the owner's permission. Sweden is considering a law to make
downloading illegal as well, but that law might be unenforceable
if the entertainment industry cannot access user IP addresses.
http://www.reuters.com/newsArticle.jhtml?storyID=7947082
The Institute for Information Infrastructure Protection (I3P)
accepts no responsibility for any error or omissions in this e-mail.
The information presented is a compilation of material from various
sources and has not been verified by staff of the I3P. Therefore,
the I3P cannot be made responsible for the factual accuracy of
the material presented. The I3P is not liable for any loss or
damage arising from or in connection with the information
contained in this report. It is the responsibility of the user to
evaluate the content and usefulness of this information.
References in this e-mail to any specific commercial products,
processes, or services by trade name, trademark, manufacturer, or
otherwise, does not constitute or imply endorsement,
recommendation, or favoring by the I3P. I3P is a research, not
operational, organization, and makes its Security in the News
e-mail available as a public service on a best-effort basis.
Security in the News will be sent out on most business days, but
not all.
The Institute for Information Infrastructure Protection
45 Lyme Road, Suite 300
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: listmanager@xxxxxxxxxx
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Copyright statements to be included when reproducing
annotations from Network Newsletter.
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format.
> From Network Newsletter copyright
> Educational CyberPlayGround.
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
