|
[networknewsletters]
||
[Date Prev]
[04-2005 Date Index]
[Date Next]
||
[Thread Prev]
[04-2005 Thread Index]
[Thread Next]
[Security-News] April 25, 2005 update
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 26 Apr 2005 10:38:36 -0400
**************************************************************
-- Educational CyberPlayGround Community
http://www.edu-cyberpg.com/
-- Network Newsletters Mailing List ©1994
-- Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
-- Advertise on Network Newsletters Mailing List
http://www.edu-cyberpg.com/Community/Subguidelines.html
-- Mailing Lists
http://www.edu-cyberpg.com/Community/
**************************************************************
**************************************************************************
National Children's Folksong Repository Project
http://www.edu-cyberpg.com/NCFR/
An historic electronic online archive of children's folk songs.
A public folklore project built by the children of the United States
and territories.
Children pick up the Phone and SING OR CHANT (SAY) THEIR SONG. It's simple.
Children are our unknown culture makers and they get to record and
save their songs, then submit them into the database so that they
can hear themselves on the net. They collect history, and they will
make history at the same time. Contributions make them netizens.
They are doing this for the world. Using the internet and technology
allows them to record their personal knowledge. This is their contribution.
And we all know what's personal is political, so we all help to raise
future citizens who will care about the net.
Teachers can get the idea by watching the streaming video.
For More Information contact
Educational CyberPlayGround
http://www.edu-cyberpg.com
**************************************************************************
SECURITY IN THE NEWS
updated on April 25, 2005
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Florida Planning Son of Matrix:
Wired News, 2005-04-25
CYBERCRIME-HACKING
Hushmail hit by DNS attack:
The Register, 2005-04-25
Hackers attack IT conference:
Silicon.com, 2005-04-25
POLITICS-LEGISLATION
Shopping for data:
Federal Computer Week, 2005-04-25
European Parliament Debates IT Patent Proposal:
EWeek.com, 2005-04-22
Defending DeLay's Internet assault:
C-Net News, 2005-04-25
MALWARE
Viruses 'a thing of the past':
SearchSecurity, 2005-04-25
Group Aims to Develop Guidelines to Define Spyware:
EWeek.com, 2005-04-22
TECHNOLOGY
Firewall to zap XML viruses:
ZDNet Australia, 2005-04-25
Microsoft: 'Trusted Windows' still coming, trust us:
C-Net News, 2005-04-25
College freshmen less interested in tech:
C-Net News, 2005-04-22
CIVIL & CONSUMER ISSUES
Slain Marine's email raises legal issues:
Sydney Morning Herald, 2005-04-25
Forgent sues Microsoft, alleging JPEG patent infringement:
Computerworld, 2005-04-22
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Title: Florida Planning Son of Matrix
Source: Wired News
Date Written: 2005-04-25
Date Collected: 2005-04-25
Florida has released an official request for information to
create Matrix (Multistate Anti-Terrorism Information Exchange)
II, a collection of commercial and government records for law
enforcement. The original Matrix shut down on April 15, 2005,
after federal funding for the project ran out. Privacy advocates
criticized the original Matrix as overly invasive; the American
Civil Liberties Union called it part of a growing surveillance
society. Matrix began as a $12 million program with 13 states
participating, but that number dropped to four as states withdrew
citing concerns over cost and civil liberties. Matrix gave law
enforcement access to criminal history, driver's license photos,
property deeds, and fishing licenses, as well as commercial
records. Matrix II will expand that coverage to financial and
insurance records. Matrix director Mark Zadra says the intent of
the program was never to profile potential terrorists, but to
give police better access to public data in order to follow clues
more effectively. Matrix was queried 1,866,202 times between July
2003 and April 2005.
http://www.wired.com/news/privacy/0,1848,67313,00.html
CYBERCRIME-HACKING
Title: Hushmail hit by DNS attack
Source: The Register
Date Written: 2005-04-25
Date Collected: 2005-04-25
Users of the encrypted e-mail service Hushmail were redirected to
another website after its domain registrar, Network Solutions,
suffered a DNS (domain name service) attack. The destination
website only carried a prank message, telling users "The Secret
Service is watching. Agent Leth and Clown Jeet 3k Inc." Hushmail
users could have been struck by a more serious attack if the
attacker had set up a spoof site to collect users' Hushmail
passwords. Hush Communications released a statement assuring
users that the hackers did not access Hush servers or any private
data, though e-mails sent to Hush users during the attack have
been lost. Hush promises to update its users as it learns more
information and advises users not to login if their browser is
unable to verify Hushmail's certificate.
http://www.theregister.co.uk/2005/04/25/hushmail_dns_attack/
Title: Hackers attack IT conference
Source: Silicon.com
Date Written: 2005-04-25
Date Collected: 2005-04-25
Hackers infiltrated computers at the Wireless LAN Event in
London April 20, 2005 and spread viruses using a new wireless
attack. Hackers created a website that looked like a genuine log-
in page for a Wi-Fi network, but which downloaded 45 random
viruses to computers that accessed it, according to Spencer
Parker, director of technical solutions at AirDefense. By
randomizing the viruses, anti-virus software did not recognize
the signatures and could not block them. The technique is a form
of the evil twin attack, where hackers host fake log-in websites
at commercial Wi-Fi hotspots.
http://software.silicon.com/malware/0,3800003100,39129840,00.htm
POLITICS-LEGISLATION
Title: Shopping for data
Source: Federal Computer Week
Date Written: 2005-04-25
Date Collected: 2005-04-25
US Congressional lawmakers are examining the largely unregulated
data aggregation industry following the high profile security
breaches at ChoicePoint and LexisNexis. Officials from the
Federal Bureau of Investigation (FBI) testified before the Senate
Judiciary Committee that data aggregators are a vital service for
law enforcement; the Bureau spent $75 million in 2004 on data
from aggregators. However, privacy experts testified that
aggregators allow federal agencies to circumvent their
requirements under the Privacy Act and that officials cannot be
certain about the accuracy of the data. Law enforcement officials
find data aggregators convenient, saving the time of research and
travel to courthouses to collect important documents. The FBI
does not verify the data it purchases, but compares the results
it gets from several data brokers as a measure of accuracy.
Senator Russel Feingold (D-WI) expressed concerns that that no
guidelines govern responsible use of private data. Senator
Patrick Leahy (D-VT) accused data aggregators of sloppy business
practices and Senator Arlen Specter (R-PA) called for
comprehensive regulation of the data aggregation industry.
http://www.fcw.com/article88676-04-25-05-Print
Title: European Parliament Debates IT Patent Proposal
Source: EWeek.com
Date Written: 2005-04-22
Date Collected: 2005-04-25
The European Parliament (EP) held a debate April 21, 2005 on the
proposed IT patenting legislation. Software patents are
currently unenforceable in the European Union (EU), and patent
legislation would bring the EU's legal structure more in line
with those of the US and Japan. The current lack of patenting is
also seen as giving the EU's open source economy a competitive
advantage. At its first reading, the EP removed software patents
from the legislation, but these changes were thrown out by the
EU Council. The EP may be able to muster enough votes to
reintroduce the changes, but the second reading carries higher
voting requirements and the EP's legal committee is divided over
the issue.
http://www.eweek.com/article2/0,1759,1788805,00.asp
Title: Defending DeLay's Internet assault
Source: C-Net News
Date Written: 2005-04-25
Date Collected: 2005-04-25
US Representative Tom DeLay has criticized Supreme Court Justice
Anthony Kennedy for conducting research over the Internet. While
the Internet can provide access to such legal tools as
LexisNexis, Federal Register notices, and government agency
decisions, judges' use of the Internet raises some ethical
issues. For example, California Supreme Court Justice Janice
Brown dissented from a majority opinion banning the use of stun
belts, a device that uses 50,000 volt shocks of electricity to
control prisoners, since the decision was influenced by articles
found on Google. Justice Brown argued that the evidence was not
part of the legal record. One judge shut down the website a
defendant used to discuss the drug-related charges brought
against him, arguing that it ranked low on a Google search and,
therefore, lacked legitimacy. If judges' web research leads them
to favor one party, the opposing party's legal counsel cannot
offer a rebuttal. Such issues are the reason behind Rule 201 of
the Federal Rules of Evidence, which forbid judges from using
outside sources unless their "accuracy cannot reasonably be
questioned."
http://news.com.com/Defending+DeLays+Internet+assault/2010-1071_3-5681317.html
MALWARE
Title: Viruses 'a thing of the past'
Source: SearchSecurity
Date Written: 2005-04-25
Date Collected: 2005-04-25
McAfee and Kaspersky Labs have recently published reports
agreeing with a Symantec study that found mass-mailing viruses on
the decline as virus writers switch to bots and trojans. The
Kaspersky report describes botnets as "the greatest threat to the
Internet as we know it" and names their detection and prevention
as a priority for the technology industry. The McAfee report
finds that the motivation for botnets and trojans is profit; the
malwares can steal private data or create platform for spam,
malware, and denial of service extortion. Kaspersky estimates
that 50,000 new bots are created each month, with the current
total around several million.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1082571,00.html
Title: Group Aims to Develop Guidelines to Define Spyware
Source: EWeek.com
Date Written: 2005-04-22
Date Collected: 2005-04-25
The nonprofit Center for Democracy and Technology (DCT) is
working with anti-spyware vendors to develop guidelines for
defining spyware. Experts say a definition is needed to help the
industry standardize and avoid confusion over what should be
blocked. Richard Stiennon, vice president of threat research at
Webroot Software, said the ad hoc group could release criteria
for determining spyware as early as May 2005. Anti-spyware
vendors each have their own criteria currently, leading to
disputes from companies who feel their software has been
improperly blocked.
http://www.eweek.com/article2/0,1759,1788844,00.asp
TECHNOLOGY
Title: Firewall to zap XML viruses
Source: ZDNet Australia
Date Written: 2005-04-25
Date Collected: 2005-04-25
Forum Systems has signed a deal with Computer Associates to
include CA's eTrust antivirus in its XML firewall, Forum XWall,
to protect XML applications from malicious code. As web services
grow, more companies are adding protection for applications that
handle data protocols that use XML formats. While e-mail and web
traffic are mature technologies with their own security products,
web services is a newer field with its own protocols. While there
has not yet been an XML virus, XML applications still lack
adequate protection, according to Forum Systems. XML will become
increasingly popular as it is used in Microsoft Office documents
and the Simple Object Access Protocol (SOAP) for communication
between companies. Computer Associates says its license agreement
with Forum is non-exclusive.
http://www.zdnet.com.au/news/security/0,2000061744,39189489,00.htm
Title: Microsoft: 'Trusted Windows' still coming, trust us
Source: C-Net News
Date Written: 2005-04-25
Date Collected: 2005-04-25
After years of talking about computer security, Microsoft still
has yet to provide a secure framework for information exchange.
The first piece of the decade-old trusted windows conception, the
Next Generation Secure Computing Base (NGSCB), will be partially
incorporated into the next Windows version, Longhorn. This
approach will ensure secure start-up, protecting the contents of
stolen or lost computers. While this does provide a measure of
protection, it pales in comparison with the original broader plan
to use NGSCB system-wide to protect sensitive information such as
passwords and bank records. The company made the change so that
software would not need to be rewritten.
http://news.com.com/Microsoft+Trusted+Windows+still+coming%2C+trust+us/2100-1029_3-5681603.html
Title: College freshmen less interested in tech
Source: C-Net News
Date Written: 2005-04-22
Date Collected: 2005-04-25
According to a new report by the Computing Research Association
(CRA), incoming college students have lost interest in computer
science during the last four years. The study found that the
percentage of incoming undergraduates interested in pursuing
computer science fell by 60% between fall of 2000 and 2004, and
is now 70% below the levels of the early 1980s. For female
students, the numbers were even more drastic. Only 1.5% of
incoming freshman intended to study computer science in fall
2004. The study's findings line up with concerns that the US may
be losing its technological edge relative to emerging IT powers
such as India and China.
http://news.com.com/College+freshmen+less+interested+in+tech/2100-1022_3-5681438.html
CIVIL & CONSUMER ISSUES
Title: Slain Marine's email raises legal issues
Source: Sydney Morning Herald
Date Written: 2005-04-25
Date Collected: 2005-04-25
Yahoo has complied with a court order to release the e-mails of
Lance Corporal Justin Ellsworth, a US soldier killed in Iraq, to
his family, in a legal issue that may become more common as e-
mail becomes a greater part of everyday life. many e-mail
providers, including America Online, EarthLink, and Microsoft,
provide access to another's e-mail after verifying death and the
next of kin, while Yahoo terminates e-mail accounts at death.
Although Yahoo has received court orders in a number of similar
cases, it has not changed its policy, citing privacy concerns.
However, Yahoo willingly worked with the family through the court
system to resolve the dispute. Next of kin typically need to
access the personal records of the deceased, but e-mail providers
have not yet fully realized the role they play as keepers of
personal documents.
http://www.smh.com.au/news/Breaking/Slain-Marines-email-raises-legal-issues/2005/04/23/1114152332515.html
Title: Forgent sues Microsoft, alleging JPEG patent infringement
Source: Computerworld
Date Written: 2005-04-22
Date Collected: 2005-04-25
Forgent Networks has sued Microsoft for allegedly infringing on a
data compression patent. Michael Noonan, director of investor
relations at Forgent, said the company filed the suit after it
was unable to negotiate a licensing agreement for the technique,
which is used in the JPEG digital image standard. Microsoft has
sued Forgent subsidiary Compression Labs, asking the court to
declare that the company is not infringing or that the patent in
question is not valid. Forgent filed similar suits against 31
companies, including Sony, Adobe, and IBM, in April 2004.
http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,101282,00.html
The Institute for Information Infrastructure Protection (I3P)
accepts no responsibility for any error or omissions in this e-mail.
The information presented is a compilation of material from various
sources and has not been verified by staff of the I3P. Therefore,
the I3P cannot be made responsible for the factual accuracy of
the material presented. The I3P is not liable for any loss or
damage arising from or in connection with the information
contained in this report. It is the responsibility of the user to
evaluate the content and usefulness of this information.
References in this e-mail to any specific commercial products,
processes, or services by trade name, trademark, manufacturer, or
otherwise, does not constitute or imply endorsement,
recommendation, or favoring by the I3P. I3P is a research, not
operational, organization, and makes its Security in the News
e-mail available as a public service on a best-effort basis.
Security in the News will be sent out on most business days, but
not all.
The Institute for Information Infrastructure Protection
45 Lyme Road, Suite 300
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: listmanager@xxxxxxxxxx
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Copyright statements to be included when reproducing
annotations from Network Newsletter.
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format.
> From Network Newsletter copyright
> Educational CyberPlayGround.
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
