|
[networknewsletters]
||
[Date Prev]
[04-2005 Date Index]
[Date Next]
||
[Thread Prev]
[04-2005 Thread Index]
[Thread Next]
[Security-News] April 20, 2005 update
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Thu, 21 Apr 2005 15:40:28 -0400
**************************************************************
-- Educational CyberPlayGround Community
http://www.edu-cyberpg.com/
-- Network Newsletters Mailing List ©1994
-- Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
-- Advertise on Network Newsletters Mailing List
http://www.edu-cyberpg.com/Community/Subguidelines.html
-- Mailing Lists
http://www.edu-cyberpg.com/Community/
**************************************************************
******************************************************************
ARE YOU CRANKY? SCANKY? ARE YOU INFECTED??
Everyone Needs Security Information
http://www.edu-cyberpg.com/Technology/SECURITY.html
FREE and it checks your computer to see if you're
vulnerable and/or have been infected by a virus or Trojan Horse.
******************************************************************
SECURITY IN THE NEWS
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Lawmaker calls for boost in passenger screening technology:
GovExec.com, 2005-04-19
EU task force to study IT critical infrastructure:
Network World Fusion, 2005-04-18
CYBERCRIME-HACKING
High-tech crime investigators tackle BigPond assault:
ZDNet Australia, 2005-04-19
Symantec wins piracy judgment:
C-Net News, 2005-04-20
POLITICS-LEGISLATION
House OKs Family Copyright Bill:
Wired News, 2005-04-19
VULNERABILITIES & EXPLOITS
No patch for critical Windows flaw:
SearchSecurity, 2005-04-20
Watching the Watchers:
Security Focus, 2005-04-18
BEST PRACTICES & RISK MANAGEMENT
Teenagers struggle with privacy, security issues:
Security Focus, 2005-04-18
CIVIL & CONSUMER ISSUES
Security Concerns Boosted VeriSign's Dot-Net Bid:
Washington Post, 2005-04-18
Aussie lawyer wants 'clearer' GPL:
ZDNet Australia, 2005-04-19
ChoicePoint Division Changes Tack:
Wired News, 2005-04-20
Sony Gets Real on Virtual Goods:
Wired News, 2005-04-20
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Title: Lawmaker calls for boost in passenger screening technology
Source: GovExec.com
Date Written: 2005-04-19
Date Collected: 2005-04-20
US House Transportation and Infrastructure Aviation Subcommittee
chair John Mica (R-Florida) has called for more spending on
airline passenger screening technology to cut down on the number
of personnel needed at airports. He also recommends shifting away
from a federally operated system to one managed by private
contractors. A recent report from the Government Accountability
Office has found that airports with private screeners tend to
operate more smoothly than those with federal screeners.
Representative Mica argues that as the creation of a centralized
bureaucracy has only decreased efficiency while doing little to
improve security. A number of airports have expressed interest in
moving to private screeners with federal liability protection.
http://www.govexec.com/dailyfed/0405/041905cdpm2.htm
Title: EU task force to study IT critical infrastructure
Source: Network World Fusion
Date Written: 2005-04-18
Date Collected: 2005-04-20
The European Union has created a Critical Information
Infrastructure Research Coordination (CI2RCO) task force to
examine what measures its 25 member states are taking to protect
critical infrastructures from cyber attacks. The task force will
face difficulty getting member states to voluntarily disclose
information they consider vital to national security. In addition
to investigating the current state of infrastructure protection,
the task force will also gather data on the current needs of
member states. The CI2RCO will work for two years, but will
provide preliminary data to Brussels for consideration in the
Seventh Framework Program covering the next five years of EU
research and development spending. The task force will also work
with security experts from the US, Canada, Australia, and
possibly Russia.
http://www.nwfusion.com/news/2005/0418eutask.html
CYBERCRIME-HACKING
Title: High-tech crime investigators tackle BigPond assault
Source: ZDNet Australia
Date Written: 2005-04-19
Date Collected: 2005-04-20
Australian internet service provider BigPond has asked the
Australian High Tech Crime Centre to investigate attacks against
its Domain Name Service (DNS). BigPond has resorted to
disconnecting customers whose computers are infected with a
malware to attack the DNS. BigPond says other ISPs are suffering
similar attacks and says it is working on an "engineering
solution" to address the attacks. BigPond declined to name other
ISPs affected by the attack but says it has been communicating
with these other companies. BigPond also reassures it customers
that it has made solving this problem its top priority.
http://www.zdnet.com.au/news/security/0,2000061744,39188769,00.htm
Title: Symantec wins piracy judgment
Source: C-Net News
Date Written: 2005-04-20
Date Collected: 2005-04-20
Symantec has been granted a $3.1 million default judgement
against an alleged pirate that court documents identify as 'Sam
Jain'. Symantec alleges Sam Jain ran a piracy ring that sold
counterfeit Symantec software. Jain and his codefendants
allegedly created pop-up advertisement and e-mails that told
users their Symantec software was about to expire and directed
them to a spoof website to purchase counterfeit software as
renewals. The group sold fraudulent copies of Norton SystemWorks,
Norton AntiVirus, Norton Ghost, and PC Anywhere.
http://news.com.com/Symantec+wins+piracy+judgment/2110-7350_3-5677940.html
POLITICS-LEGISLATION
Title: House OKs Family Copyright Bill
Source: Wired News
Date Written: 2005-04-19
Date Collected: 2005-04-20
The US House of Representatives has passed the Family
Entertainment and Copyright Act of 2005, creating criminal
penalties for the use of camcorders in movie theaters and
permitting the use of technologies to help parents screen out sex
and violence from movies they watch with their families. The bill
is welcomed by ClearPlay, maker of software designed to skip
objectionable scene on DVDs; ClearPlay was sued by movies
studios, the Directors' Guild of America, and 13 directors for
altering their content. The National Association of Theatre
Owners also supports the bill for enabling them to crack down on
those who attempt to record movies in theatres for digital
piracy. President George W. Bush has signaled that he would sign
the bill into law.
http://www.wired.com/news/politics/0,1283,67269,00.html
VULNERABILITIES & EXPLOITS
Title: No patch for critical Windows flaw
Source: SearchSecurity
Date Written: 2005-04-20
Date Collected: 2005-04-20
Israeli security firm GreyMagic Software has released details of
a critical flaw in Windows Explorer for various flavors of
Windows 2000 that could allow a remote attacker to take control
of a vulnerable machine. The preview pane of Windows Explorer
displays the creator of a file as a mailto link if it looks like
an e-mail address. However, it does not filter the creator data
for certain control character, which could allow an attacker to
inject malicious code. Such an attack would not require the user
to open or run a file, but merely to select it in Explorer.
GreyMagic calls the vulnerability critical due to the major
damage that an effective exploit could do, but admits that its
attack vectors are limited. GreyMagic says it informed Microsoft
of the vulnerability on January 18, 2005, but decided to release
the details since Microsoft has not yet released a patch. Users
can work around the flaw by enabling the "Use Windows classic
folders" option.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1081511,00.html
Title: Watching the Watchers
Source: Security Focus
Date Written: 2005-04-18
Date Collected: 2005-04-20
While recent security breaches have brought privacy and and data
aggregators into the headlines, some smaller stories have gone
unnoticed. One Florida woman received a letter from her local
sheriff at her home address with her full name after she wrote a
negative editorial for the local paper; the sheriff used his
access to the state driver's license registry. In another story,
a college student broke into the school's computer system and
changed her grades; she gained access by stealing her professors'
passwords from the local insurance company where she worked. Both
cases demonstrate insiders abusing their access privileges to
violate customer privacy. Security professional often focus an
large attacks while ignoring smaller ones -- someone reading a
coworker's e-mail or a systems administrator viewing a
celebrity's phone camera pictures, for example -- which can build
into major issues over time. However, such small violations are
usually amortized in the cost of business. Guarding against such
small trespasses requires personal vigilance on the part of
everyone who holds sensitive information.
http://www.securityfocus.com/columnists/318
BEST PRACTICES & RISK MANAGEMENT
Title: Teenagers struggle with privacy, security issues
Source: Security Focus
Date Written: 2005-04-18
Date Collected: 2005-04-20
A group of high school students, speaking at the Computers,
Freedom and Privacy Conference in Seattle, Washington, said they
understand internet security without input from their parents or
teachers, but would like to see school courses on the subject.
The students say they learned the dangers of the Internet on
their own and as part of growing up. Youths would like to have
talks with their parents about the dangers of the Internet, but
believe they understand the dangers better than their parents do.
However, the students speaking also believed they were more aware
of security and privacy than most of their friends: some friends
blog under their real names and reveal private details to
strangers online. The students also described their parents'
attempts to invade their online piracy as annoying and
ineffective; many kids keep a secret e-mail address their parents
do not know about.
http://www.securityfocus.com/news/10940
CIVIL & CONSUMER ISSUES
Title: Security Concerns Boosted VeriSign's Dot-Net Bid
Source: Washington Post
Date Written: 2005-04-18
Date Collected: 2005-04-20
ICANN (Internet Corporation for Assigned Names and Numbers) has
renewed VeriSign's contract to administer the .net top level
domain, sparking heavy criticism within the Internet community.
Many were surprised since the review board tasked with evaluating
VeriSign's fitness as .net administrator was designed to break
VeriSign's near-monopoly on domain administration. However,
observers say VeriSign has conducted an effective lobbying
campaign to convince officials that they must consider not only a
competitive market but also the security and stability of the
Internet. The decision is also surprising given VeriSign's and
ICANN's mutual history of hostility. VeriSign widely publicized
its history of managing the .net domain and won the support of
such companies as Microsoft, Sun Microsystems, and MCI. VeriSign
also argued that competition mattered more at the retail level
rather than the consumer level.
http://www.washingtonpost.com/wp-dyn/articles/A62302-2005Apr18.html
Title: Aussie lawyer wants 'clearer' GPL
Source: ZDNet Australia
Date Written: 2005-04-19
Date Collected: 2005-04-20
Australian open source lawyer Brendan Scott, speaking at the
Australian Unix Users Group's Open Computing in Government
Conference, called for changes in the upcoming third version of
the GNU General Public License (GPL). Version 2 makes GPL
difficult for lawyers since it uses terms inconsistently and
relies on terms that do not apply in many jurisdictions. For
example, Australian law has no analogue to the term 'derivative
work'. Sometimes terms in the GPL are inconsistent even in its
home country, the United States, since circuit courts have
different interpretations of certain terms. Scott argues that
clarifying the language would make the GPL a more effective open
source license.
http://www.zdnet.com.au/news/software/0,2000061733,39188778,00.htm
Title: ChoicePoint Division Changes Tack
Source: Wired News
Date Written: 2005-04-20
Date Collected: 2005-04-20
Rapsheets, a subsidiary of data aggregator ChoicePoint, has
announced that it will notify any person about whom negative
information is disclosed to a third party. Rapsheets is a
Tennessee company that conducts criminal background checks for
potential employers. Whenever a background check uncovers a
criminal record, Rapsheets will automatically notify the
individual concerned and provide the name and address of the
company that requested the data. The new policy brings the
company into compliance with the Fair Credit Reporting Act.
Rapsheets portrayed the new policy as merely an alignment with
ChoicePoint's policies following its June 2004 purchase. Privacy
advocates note that it is still a hassle for consumers to address
false information: one has 30 days to file a complaint, and
background checkers have 30 days to respond by either updating
their records or explaining why they are correct. Many
aggregators take the simple route of informing people when they
give someone damaging data rather than verifying that the data is
correct and up to date.
http://www.wired.com/news/privacy/0,1848,67276,00.html
Title: Sony Gets Real on Virtual Goods
Source: Wired News
Date Written: 2005-04-20
Date Collected: 2005-04-20
Sony Online Entertainment, operator of the multiplayer online
games 'Everquest' and 'Star Wars Galaxies', has announced a site
called "Station Exchange", an online auction site where players
can sell digital game goods, such as swords, armor, and high-
level characters. Sony has previously been a vocal opponent of
the trade of virtual game items, which has also earned criticism
from many gamers who believe it diminishes the gaming experience.
However, Sony believes it is better to provide a legitimate
market for virtual goods while also opening new revenue streams
in the process. According to John Smedley, president of Sony
Online, 40% of customer support labor is spent dealing with
fraud. IGE, a seller of virtual goods, welcomes Sony's Station
Exchange since it recognizes the real-world market for virtual
goods, even though it may cut IGE's business.
http://www.wired.com/news/games/0,2101,67280,00.html
The Institute for Information Infrastructure Protection (I3P)
accepts no responsibility for any error or omissions in this e-mail.
The information presented is a compilation of material from various
sources and has not been verified by staff of the I3P. Therefore,
the I3P cannot be made responsible for the factual accuracy of
the material presented. The I3P is not liable for any loss or
damage arising from or in connection with the information
contained in this report. It is the responsibility of the user to
evaluate the content and usefulness of this information.
References in this e-mail to any specific commercial products,
processes, or services by trade name, trademark, manufacturer, or
otherwise, does not constitute or imply endorsement,
recommendation, or favoring by the I3P. I3P is a research, not
operational, organization, and makes its Security in the News
e-mail available as a public service on a best-effort basis.
Security in the News will be sent out on most business days, but
not all.
The Institute for Information Infrastructure Protection
45 Lyme Road, Suite 300
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: listmanager@xxxxxxxxxx
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Copyright statements to be included when reproducing
annotations from Network Newsletter.
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format.
> From Network Newsletter copyright
> Educational CyberPlayGround.
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
