|
[networknewsletters]
||
[Date Prev]
[04-2005 Date Index]
[Date Next]
||
[Thread Prev]
[04-2005 Thread Index]
[Thread Next]
[Security-News] April 11, 2005 update
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 12 Apr 2005 16:07:00 -0400
**************************************************************
-- Educational CyberPlayGround Community
http://www.edu-cyberpg.com/
-- Network Newsletters Mailing List ©1994
-- Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
-- Advertise on Network Newsletters Mailing List
http://www.edu-cyberpg.com/Community/Subguidelines.html
-- Mailing Lists
http://www.edu-cyberpg.com/Community/
**************************************************************
SECURITY IN THE NEWS
updated on April 11, 2005
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Administration ends largest counterterrorism exercise ever:
GovExec.com, 2005-04-08
Sidelining Homeland Security's privacy chief:
C-Net News, 2005-04-11
CYBERCRIME-HACKING
Brazil accuses U.S. firm of spying:
Washington Times, 2005-04-08
Medical group: Data on 185,000 people was stolen:
C-Net News, 2005-04-08
Grand National extortion attacks 'unlikely':
ZDNet UK, 2005-04-08
POLITICS-LEGISLATION
Ruling Unlikely to Deter Gaming:
Wired News, 2005-04-09
Congress Eyes Patriot Act Tweaks:
EWeek.com, 2005-04-08
Cleaning Up Disclosure:
Security Focus, 2005-04-11
MALWARE
Virus blocks access to antivirus Web sites:
ZDNet Australia, 2005-04-11
BEST PRACTICES & RISK MANAGEMENT
HIPAA Security Compliance Deadline Draws Near:
CIO Insight, 2005-04-08
CIVIL & CONSUMER ISSUES
New Spam Annoys Mobile Phone Users:
Korea Times, 2005-04-11
IBM calls for patent reform:
ZDNet Australia, 2005-04-11
Napster users sharing passwords to save cash:
The Register, 2005-04-08
House Eyes DRM Interoperability:
ExtremeTech, 2005-04-08
New guide aims to keep bloggers safe from pink slips:
C-Net News, 2005-04-11
Report: Spam Now More Accepted as Part of Internet Life:
NewsFactor, 2005-04-11
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Title: Administration ends largest counterterrorism exercise ever
Source: GovExec.com
Date Written: 2005-04-08
Date Collected: 2005-04-11
The Department of Homeland Security ended the TopOff 3 exercise
April 8, 2005. DHS officials declined to comment on the results
of the exercises until they have been fully processed, but did
say that no "glaring weaknesses" were discovered. The TopOff 3
exercises cost $16 million and took two years of planning. The
exercise began in March with simulated terrorist chatter hinting
at future attacks. Intelligence capabilities were tested to see
if they could disrupt plots discussed in the chatter. While some
plans were disrupted other plots were carried through in order to
test emergency response. The exercise simulated a biological
attack in New Jersey with a nearly simultaneous chemical attack
in Connecticut and a subway bombing in London. The exercise were
overshadowed by a false anthrax alarm at the Pentagon, which led
observers to criticize the Defense Department for its slow
response and failure to notify other agencies.
http://www.govexec.com/dailyfed/0405/040805c1.htm
Title: Sidelining Homeland Security's privacy chief
Source: C-Net News
Date Written: 2005-04-11
Date Collected: 2005-04-11
When the US Congress created the Department of Homeland Security,
it mandated a chief privacy officer to evaluate the impact
departmental programs would have on privacy, but gave the
position no power to investigate alleged privacy violations. The
chief privacy officer lacks the authority to issue subpoenas, so
must rely on voluntary submissions to investigate. Documents
obtained by the Electronic Privacy Information Center show that
chief privacy officer Nuala O'Connor Kelly was unable to get
information from the Transportation Security Administration while
investigating JetBlue's disclosure of passenger data to the
Defense Department; one e-mail states that she was able to get
"better information from outside then we have from our own
folks". The law is also ambiguous on whether the chief privacy
officer can report her finding to Congress, leading her to submit
her 2004 annual report to then-Secretary Tom Ridge for review.
The author suggests strengthening the office by granting subpoena
power, allowing direct reports to Congress, and appointing the
officer to a fixed term.
http://news.com.com/Sidelining+Homeland+Securitys+privacy+chief/2010-1071_3-5660795.html
CYBERCRIME-HACKING
Title: Brazil accuses U.S. firm of spying
Source: Washington Times
Date Written: 2005-04-08
Date Collected: 2005-04-11
The Brazilian government has accused US consultancy Kroll
Associates of spying on Cabinet officials through a combination
of e-mails, wiretaps, and bribes. Federal Police raided Kroll
offices in Sao Paulo and Rio de Janeiro in October 2004, as well
as other US and Italian multinational companies. Kroll markets
itself as a 'risk consulting company'. Kroll had been hired by
Brazil Telecom to investigate suspected insider trading during a
takeover bid by Telecom Italia. Officials say they have
documents suggesting bribery and witnesses claiming they served
as intermediaries in Kroll's efforts to obtain account numbers,
banking codes, and other information. Kroll criticizes
government officials for releasing evidence prior to a trial and
claims that the allegedly stolen information is freely available
on the Internet.
http://washingtontimes.com/world/20050407-105131-7115r.htm
Title: Medical group: Data on 185,000 people was stolen
Source: C-Net News
Date Written: 2005-04-08
Date Collected: 2005-04-11
The San Jose Medical Group, located in California, is notifying
nearly 185,000 current and former patients that their financial
and medical records may have been stolen. On March 28, 2005, two
new Dell computers were stolen, vice president of information
technology Mike Patel said. These two computers contained patient
and financial information, some of which was encrypted, which was
part of a patient billing project and the medical group's 2004
audit. Patel said he believes the computers were targeted because
they were new, not because of their contents, and said there have
been no reports of the information being exploited. The San Jose
Medical Group began notifying patients April 5, as it took some
time to gather the necessary information and distribute it, and
the group has also taken steps to increase the physical security
of the building.
http://news.com.com/Medical+group+Data+on+185%2C000+people+was+stolen/2100-7349_3-5660514.html
Title: Grand National extortion attacks 'unlikely'
Source: ZDNet UK
Date Written: 2005-04-08
Date Collected: 2005-04-11
According to British police, the massive bandwidth extortion
attacks that crippled online gambling websites in 2004 are
unlikely to occur in conjunction with the 2005 Grand National
horse race. The race takes place April 9, and a spokeswoman for
the UK National Hi-Tech Crime Unit said April 8 that those
responsible for last year's attack were arrested in Russia.
Distributed denial-of-service (DDoS) attacks are used to cripple
websites, and have been threatened as a means of extorting money
out of gambling websites on the eve of large sporting events.
http://news.zdnet.co.uk/internet/security/0,39020375,39194300,00.htm
POLITICS-LEGISLATION
Title: Ruling Unlikely to Deter Gaming
Source: Wired News
Date Written: 2005-04-09
Date Collected: 2005-04-11
Despite a World Trade Organization (WTO) ruling that US laws
restricting internet gambling are legitimate measures "to protect
public morals or to maintain public order", the gaming industry
does not expect the American gaming market to slow down. The WTO
case was filed by Antigua and alleged that the United State
discriminated against foreign gaming sites. While the WTO upheld
some of America's anti-gambling laws, it did recognize its laws
restricting horse racing bets to domestic sites as
discriminatory. A number of states, such as Georgia and North
Dakota, are considering laws to legalize internet gambling,
pressuring the federal government not to crack down too hard.
Great Britain has also passed laws to normalize its online
gambling industry. The US Justice Department has long argued that
internet gambling violates the 1961 Interstate Wire Act, which
prohibits betting over interstate phone lines. The lack of
domestic gambling sites has caused many Americans to spend their
money gambling on foreign websites.
http://www.wired.com/news/business/0,1367,67170,00.html
Title: Congress Eyes Patriot Act Tweaks
Source: EWeek.com
Date Written: 2005-04-08
Date Collected: 2005-04-11
Many provisions of the 2001 USA Patriot Act expire at the end of
2005, and Congress is holding a series of hearings in spring 2004
to determine whether they should be extended. One such provision
allows the Federal Bureau of Investigation (FBI) to seize
confidential customer records from businesses without showing
probable cause in a state or federal court. Hotels, apartment-
building owners, and ISPs have been forced to turn over records,
though none of these businesses have protested, possibly because
the Patriot Act forbids them mentioning or challenging such
orders. However, bookstores, libraries, and publishing companies
have spoken out in favor of legislation requiring the FBI to show
probable cause in order to seize records.
http://www.eweek.com/article2/0,1759,1784194,00.asp
Title: Cleaning Up Disclosure
Source: Security Focus
Date Written: 2005-04-11
Date Collected: 2005-04-11
While a number of laws exist mandating certain standards for
protecting personal information, the law with the most impact has
been SB 1386, a California state law that requires companies
doing business in the state to notify customers of cyber attacks
that may have compromised their information so they can take
steps to protect themselves. The law has compelled dozens of
companies, including Lexis-Nexus, Bank of America, Choicepoint,
and Loews Hardware, to disclose major intrusions. What is
important about these incidents is not that they happened, but
that the public knows about them. The law has prompted a number
of companies to strengthen their security simply to avoid the
publicity associated with disclosure. Federal lawmakers are
beginning to explore similar legislation. The Treasury Department
has included such provisions in its interagency guidelines. The
Federal Reserve Board, the Federal Deposit Insurance Corporation,
the Office of Comptroller of the Currency, and the Office of
Thrift Supervision have issued similar regulations for US banks.
US Congress and 27 states are considering disclosure legislation
that may extend the effects of California's SB 1386 nationwide.
http://www.securityfocus.com/columnists/316
MALWARE
Title: Virus blocks access to antivirus Web sites
Source: ZDNet Australia
Date Written: 2005-04-11
Date Collected: 2005-04-11
A new variant of the Crowt worm, Crowt.D, was discovered April
6, 2005 which opens a Google News website and alters the
victim's HOST file to restrict access to websites such as
trendmicro.com, kapersky-labs.com, sophos.com, symantec.com and
us.mcafee.com. Adam Biviano, senior systems engineer at Trend
Micro, said the worm redirects using Windows associations and
therefore is effective regardless of a victim's default browser.
Biviano added that the virus is noteworthy in its potential to
redirect victims to phishing websites, even if users manually
type in a different address.
http://www.zdnet.com.au/news/security/0,2000061744,39187608,00.htm
BEST PRACTICES & RISK MANAGEMENT
Title: HIPAA Security Compliance Deadline Draws Near
Source: CIO Insight
Date Written: 2005-04-08
Date Collected: 2005-04-11
The rules established by the Health Insurance Portability and
Accountability Act (HIPAA) take effect April 20, 2005, affecting
all but the smallest health care providers. Chris Noell, vice
president of business development at Solutionary Inc., says most
providers are at or near full compliance, though some smaller
providers are scrambling to meet the deadline. Noell said it is
common for health care payers and providers to focus on specifics
rather than the big picture, such as installing firewalls without
a policy for whom to contact in case something goes wrong. Noell,
who's company helps customers manage security needs, said there
has been steady demand for compliance services, rather than a last-
minute rush. In order to ease the process of becoming compliant,
a variety of government and business groups are providing
guidelines and resources for compliance.
http://www.cioinsight.com/article2/0,1397,1783904,00.asp
CIVIL & CONSUMER ISSUES
Title: New Spam Annoys Mobile Phone Users
Source: Korea Times
Date Written: 2005-04-11
Date Collected: 2005-04-11
As South Korea's opt-in policy for mass marketing over mobile
phones goes into effect, spammers are adapting their tactics. The
Ministry of Information and Communication (MIC) has vowed to
issue the heaviest fines possible -- 30 million won ($29,540 US)
-- to marketers who send advertisements and promotional calls to
mobile phone users without their permission. However, some
marketers have begun using computers to call mobile phones then
disconnect after a single ring. Recipients, worried they have
missed a call, call the number back and are charged premium
rates, often as high as 10,000 won ($9.85 US) for ten minutes.
Jang Seok-young, directory at the MIC, says marketers using this
tactic will also be fiend the maximum amount under the opt-in
policy and urges phone users to reports such phone calls at
www.spamcop.go.kr. Many of the calls come from the 060 area code;
service provider offer services to block 060 numbers and users
have learned to recognize them and not call back.
http://times.hankooki.com/lpage/200504/kt2005041117153053460.htm
Title: IBM calls for patent reform
Source: ZDNet Australia
Date Written: 2005-04-11
Date Collected: 2005-04-11
Jim Stallings, IBM vice president for intellectual property and
standards, speaking at a media event in New York, said the US
patent process is flawed and called for tighter regulation and a
review of intellectual property issues in software collaboration.
The patent process is strained since individual examiners are
flooded with applications; they cannot review them all properly
and so are inclined to grant patents only to be later challenged.
Stallings also called on industry to stop filing frivolous
applications and hoarding patents. IBM supports software patents,
but only for new technologies, and says companies should share
information to demonstrate the novelty of their patents
technologies. The patent process should also be improved to
examine whether any prior art would invalidate a patent and to
take advantage of internet technologies to streamline processing.
http://www.zdnet.com.au/news/0,39023165,39187609,00.htm
Title: Napster users sharing passwords to save cash
Source: The Register
Date Written: 2005-04-08
Date Collected: 2005-04-11
Napster has raised its revenue predictions to $16.5 to $17
million in its fourth quarter forecast, and now has a total of
410,000 subscribers, one third of which are college students.
However, there is concern that students are sharing their
accounts with friends in order to lower the cost of access. While
Napster states that you cannot maintain two accounts
simultaneously, tests found that multiple users logged onto the
same account were only occasionally signed off. If true and
widespread, these practices would be detrimental to holders of
copyrights, who are receiving less money as a result, and may
cause more difficulties for Napster.
http://www.theregister.co.uk/2005/04/08/napster_password_sharing/
Title: House Eyes DRM Interoperability
Source: ExtremeTech
Date Written: 2005-04-08
Date Collected: 2005-04-11
The US House Judiciary Committee's Subcommittee on Courts, the
Internet, and Intellectual Property listened the week of April 4,
2005 to testimony from industry representatives on Digital Rights
Management (DRM) schemes. The industry representatives included
Napster chief technology officer William Pence, policy director
of the Future of Music Coalition Michael Bracy, Progress and
Freedom Foundation president Ray Gifford, and Mark Cooper,
director of research at the Consumer Federation of America. All
four speakers advocated a market-driven response, rather than
government involvement, though committee chairman Lamar Smith
said the House would investigate the issue in light of Section
116 licenses, which are being updated for the digital era.
http://www.extremetech.com/article2/0,1558,1784078,00.asp
Title: New guide aims to keep bloggers safe from pink slips
Source: C-Net News
Date Written: 2005-04-11
Date Collected: 2005-04-11
The Electronic Frontier Foundation has released a guide on how
bloggers can keep their identities hidden online to avoid such
risks as losing their job or problems with friends and family.
The guide advises bloggers to use a pseudonym and to avoid
giving identifying details such as what city they live in or how
many people work at their company. Bloggers should avoid posting
at work, since it could allow the information technology staff
to identify them. Allowing Google to rank blog posts can also
lead to greater risk of being identified. Finally, when exposing
corporate crime, bloggers should report to law enforcement or
the proper regulatory agency rather than post the details on
their blog.
http://news.com.com/New+guide+aims+to+keep+bloggers+safe+from+pink+slips/2100-1030_3-5662726.html
Title: Report: Spam Now More Accepted as Part of Internet Life
Source: NewsFactor
Date Written: 2005-04-11
Date Collected: 2005-04-11
Though the prevalence of spam e-mails continues to rise, a recent
study by the Pew Internet and American Life Project says people
have learned to cope with it, diminishing its harmful effects.
According to the study, 53% of e-mail users say spam has made
them less trustful of e-mail, down from 62% one year ago.
Similarly, 22% say it has decreased their use of e-mail, down
from 29% the previous year. Report author Deborah Fallows says
people have learned to control their accounts, and that as the
worst forms of spam, such as pornographic spam, have decreased,
users are more tolerant of less offensive spam such as political
solicitations or requests from charities. Nevertheless, more than
half of users considered spam a big problem, and were more
negative about spam than other common Internet issues.
http://www.newsfactor.com/story.xhtml?story_id=32659
The Institute for Information Infrastructure Protection (I3P)
accepts no responsibility for any error or omissions in this e-mail.
The information presented is a compilation of material from various
sources and has not been verified by staff of the I3P. Therefore,
the I3P cannot be made responsible for the factual accuracy of
the material presented. The I3P is not liable for any loss or
damage arising from or in connection with the information
contained in this report. It is the responsibility of the user to
evaluate the content and usefulness of this information.
References in this e-mail to any specific commercial products,
processes, or services by trade name, trademark, manufacturer, or
otherwise, does not constitute or imply endorsement,
recommendation, or favoring by the I3P. I3P is a research, not
operational, organization, and makes its Security in the News
e-mail available as a public service on a best-effort basis.
Security in the News will be sent out on most business days, but
not all.
The Institute for Information Infrastructure Protection
45 Lyme Road, Suite 300
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: listmanager@xxxxxxxxxx
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Copyright statements to be included when reproducing
annotations from Network Newsletter.
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format.
> From Network Newsletter copyright
> Educational CyberPlayGround.
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
