|
[networknewsletters]
||
[Date Prev]
[11-2005 Date Index]
[Date Next]
||
[Thread Prev]
[11-2005 Thread Index]
[Thread Next]
[Security-News] October 31, 2005 update
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 01 Nov 2005 11:24:09 -0500
**************************************************************
Network Newsletters Mailing List ©1994
Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Educational CyberPlayGround Community Mailing Lists
http://www.edu-cyberpg.com/Community/
Advertise Network Newsletters Guidlines
http://www.edu-cyberpg.com/Community/Subguidelines.html
**************************************************************
*********************************************************************
THE HOTLIST IS A MASTER REGISTRY OF K-12 SCHOOLS ONLINE
The registry is organized by state and by grade level.
The registry also includes sites for charter Schools, virtual schools,
school districts, state and regional education organizations, state
departments of education, state standards and state administrators.
SUBMIT YOUR SCHOOL DISTRICT OR SCHOOL URL NOW:
http://www.edu-cyberpg.com/schools/
*********************************************************************
SECURITY IN THE NEWS
updated on October 31, 2005
This report is available on the web at
http://www.thei3p.org/news/today.html
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Info Commissioner criticises ID Cards Bill:
The Register, 2005-10-28
Carriers Might Not Meet E911 Deadline:
NewsFactor Network, 2005-10-28
U.S. makes securing SCADA systems a priority:
Security Focus, 2005-10-28
CYBERCRIME-HACKING
Sex.com thief arrested:
The Register, 2005-10-28
eBay scam gang face sentencing:
The Register, 2005-10-28
Microsoft Takes On the Spam Kings:
NewsFactor Network, 2005-10-28
MALWARE
AIM worm plays nasty new trick:
CNet, 2005-10-28
TECHNOLOGY
IBM boffins produce kernel solution to worms and viruses:
Techworld, 2005-10-28
This week in biometrics:
CNet, 2005-10-28
BEST PRACTICES & RISK MANAGEMENT
Anti-Spyware definitions finalised:
The Register, 2005-10-28
Spam scams targeting smaller firms:
Silicon.com, 2005-10-28
CIVIL & CONSUMER ISSUES
Web Banking to Upgrade Security:
Wired News, 2005-10-30
Supreme Court won't review Microsoft patent appeal:
CNet, 2005-10-31
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Title: Info Commissioner criticises ID Cards Bill
Source: The Register
Date Written: 2005-10-28
Date Collected: 2005-10-31
The UK?s Information Commissioner, Richard Thomas, published a
statement that he believes that the standards developed in the
National Identify Cards Bill go "well beyond" the ?requirements
to set up a secure, reliable and trustworthy ID card system?. The
Commissioner did express several ?issues of concern relating to
privacy and data protection of personal information of an
individual?.
http://www.theregister.co.uk/2005/10/28/id_card_bill_concerns/
Title: Carriers Might Not Meet E911 Deadline
Source: NewsFactor Network
Date Written: 2005-10-28
Date Collected: 2005-10-31
The deadline for implementing 911 emergency call services for
Internet telephony companies is currently November 28, 2005, and
several companies may not be able to meet it. The deadline may be
extended up to two years, as a result. Reasons given for the
delay are technical. Triangulation of signals does not work in
big buildings, and some companies are now trying to use Global
Positioning Systems, as well as developing proprietary
technology, to meet the requirements. As IP telephony service
providers ?often provide their services through networks they
themselves do not control" said Steve Mank, chief operating
officer of Qovia, there are ?significant challenge(s)?.
http://www.newsfactor.com/story.xhtml?story_id=38954
Title: U.S. makes securing SCADA systems a priority
Source: Security Focus
Date Written: 2005-10-28
Date Collected: 2005-10-31
The US government has embarked on a ?major push to secure the
systems used to control and monitor critical infrastructure, such
as power, utility and transportation networks?. Increasing fears
of attacks conducted through the internet against industrial
control systems motivated several security initiatives for
systems such as the supervisory control and data acquisition
(SCADA) system, because the ?lion's share of such control systems
are owned by private companies and are increasingly being
interconnected to improve efficiency?. The increased access,
connectivity and real-time control mean increased risk to these
systems. Experts claim that there have already been SCADA system
attacks, but that the incidents are rarely made public. The
Department of Homeland Security will publish best practices for
control-system operators in 2006 as part of the Cybersecurity
Protection Framework, and will also ?determine if a third-party
academic institute is needed to act as a central hub for
reporting vulnerabilities and incidents?.
http://www.securityfocus.com/news/11351?ref=rss
CYBERCRIME-HACKING
Title: Sex.com thief arrested
Source: The Register
Date Written: 2005-10-28
Date Collected: 2005-10-31
Stephen Michael Cohen, who stole the ?most valuable domain name
in the world?, Sex.com, from the founder the dating website
Match.com, Gary Kremen, was arrested. Cohen ?stole Sex.com in
October 1995 through an elaborate scam?. Cohen then controlled
the site and took in an estimated $100 million profit until
November 2000, when the courts finally returned the site to
Kremen. Cohan has been living illegally in Mexico and Monte Carlo
since that time. Kremen did not recover much financially from
Cohen, but did reach a settlement with the Network Solutions, who
at the time administered dot-com names, ?thought to be worth up
to? $20 million.
http://www.theregister.co.uk/2005/10/28/sexdotcom_cohen_arrested/
Title: eBay scam gang face sentencing
Source: The Register
Date Written: 2005-10-28
Date Collected: 2005-10-31
Nicolae and Adriana Cretanu, a Romanian couple living in London,
conspired to steal £300,000 from eBay users. The pair used 12
different names under which they ran fake internet auctions for
two years. Western Union employees tipped off the police to
suspicious activity, leading to the couple?s arrest.
http://www.theregister.co.uk/2005/10/28/ebay_scam_sentencing/
Title: Microsoft Takes On the Spam Kings
Source: NewsFactor Network
Date Written: 2005-10-28
Date Collected: 2005-10-31
For 20 days during summer 2005, Microsoft recorded all internet
traffic on a zombie PC that the company created for that purpose.
The machine received five million connection requests and was
used to attempt to send out over 18 million spam messages that
promoted more than 13,000 individual Web sites. The spam was not
actually sent, but Microsoft used the data to file 13 lawsuits
against spammers. Microsoft has also joined the U.S. Federal
Trade Commission and Consumer Action to identify and stop
spammers and to educate consumers.
http://www.newsfactor.com/story.xhtml?story_id=38973
MALWARE
Title: AIM worm plays nasty new trick
Source: CNet
Date Written: 2005-10-28
Date Collected: 2005-10-31
An as yet unnamed worm that spreads through America Online's
Instant Messenger includes a rootkit, which is designed to remain
undetected by security software that locks down control of a
computer after a security breach. The worm also delivers a Sdbot
Trojan. FaceTime Communications discovered the worm through one
of its worm traps on AOL. IM users are advised to be careful when
clicking on links messages.
http://news.com.com/AIM+worm+plays+nasty+new+trick/2100-7349_3-5920403.html?part=rss&tag=5920403&subj=news
TECHNOLOGY
Title: IBM boffins produce kernel solution to worms and viruses
Source: Techworld
Date Written: 2005-10-28
Date Collected: 2005-10-31
Researchers at IBM say they have developed a way to stop worms
and viruses without using anti-virus software: the Assured
Execution Environment (AXE). AXE software is put into the kernel
of an operating system (it works with both Windows and Mac OS)
and then checks every piece of software run on the machine to be
sure only authorized code is executed. A variety of techniques
can be used, including encryption, to ensure that software will
not be run without permission. AXE could also be used restrict
programs to running on certain machines, or even make data
unreadable. Essentially, AXE creates a ?whitelist? of authorized
programs, an approach that will spread, according to Yankee
analyst Andrew Jaquith, because ?the traditional anti-virus
technique of blocking known malware is simply becoming too
unwieldy.? The downside of whitelists is that they can create
management headaches for administrators if they are involved
every time software is updated. IBM will give AXE to an early
pilot customer early in 2006.
http://www.techworld.com/security/news/index.cfm?NewsID=4675&Page=1&pagePos=4
Title: This week in biometrics
Source: CNet
Date Written: 2005-10-28
Date Collected: 2005-10-31
Compatibility, data sharing and privacy issues remain stumbling
blocks to developing global biometrics standards, but the
?zealous reception? biometric identification has received will
push the initiative forward. Starting in October 2006, all US
passports will contain radio frequency ID (RFID) chips, and
eventually the State Department projects that digitized
identification data like fingerprints or iris scans will also
be included.
http://news.com.com/This+week+in+biometrics/2100-1009_3-5920547.html?part=rss&tag=5920547&subj=news
BEST PRACTICES & RISK MANAGEMENT
Title: Anti-Spyware definitions finalised
Source: The Register
Date Written: 2005-10-28
Date Collected: 2005-10-31
The Anti-Spyware Coalition (ASC), an organization made up of
software developers, security firms and consumer protection
groups, formally defined spyware, along with other similar
technology, in an attempt to give those ?united in the battle
against spyware a common language?. Spyware is descrbed as
technology ?deployed without appropriate user consent and/or
implemented in ways that impair user control over: material
changes that affect their user experience, privacy, or system
security; use of their system resources, including what programs
are installed on their computers; and/or collection, use, and
distribution of their personal or other sensitive information?.
http://www.theregister.co.uk/2005/10/28/anti-spyware_defs/
Title: Spam scams targeting smaller firms
Source: Silicon.com
Date Written: 2005-10-28
Date Collected: 2005-10-31
Enrique Salem, senior vice president of security products at
Symantec, warns that small companies ?are increasingly being
singled out with highly targeted email scams? which ?will be far
harder to spot than the blunderbuss subtlety of generic 419
scams or product offers?. One example Salem gave was a company
whose employees received benefits enrollment solicitations
appearing to originate from the organization that had recently
acquired the group.
http://software.silicon.com/security/0,39024655,39153759,00.htm
CIVIL & CONSUMER ISSUES
Title: Web Banking to Upgrade Security
Source: Wired News
Date Written: 2005-10-30
Date Collected: 2005-10-31
Federal regulators will require banks to use "two-factor"
authentication by the end of 2006. User names and passwords will
no longer be sufficient to verify a customer's identity. Internet
fraud such as phishing and other socially engineered attacks have
prompted the new regulations. Data-privacy laws tend to be
stronger in other countries, and many overseas banks are already
issuing smartcards to customers that display a changing series of
passwords. This is expensive, however, and most US banks are
expected to deploy internal checks instead.
http://www.wired.com/news/business/0,1367,69418,00.html?tw=rss.TOP
Title: Supreme Court won't review Microsoft patent appeal
Source: CNet
Date Written: 2005-10-31
Date Collected: 2005-10-31
The US Supreme Court will not hear an appeal Microsoft had filed
after losing a patent infringement lawsuit to Eolas Technologies
and the University of California in which the preliminary jury
verdict is more than $500 million. The case will now proceed
before a federal district judge. If Microsoft finally loses the
case, it ?could force a redesign of Web pages that use plug-in
applications like Macromedia Flash and Adobe Acrobat that run
inside a Web browser?. The university and Eolas share rights to a
patent that could cover plug-ins and applets invoked through a
Web browser, while Microsoft will try to show that it developed a
browser with similar functions called Viola a year earlier.
http://news.com.com/Supreme+Court+wont+review+Microsoft+patent+appeal/2100-1047_3-5923978.html?part=rss&tag=5923978&subj=news
The Institute for Information Infrastructure Protection (I3P)
accepts no responsibility for any error or omissions in this e-mail.
The information presented is a compilation of material from various
sources and has not been verified by staff of the I3P. Therefore,
the I3P cannot be made responsible for the factual accuracy of
the material presented. The I3P is not liable for any loss or
damage arising from or in connection with the information
contained in this report. It is the responsibility of the user to
evaluate the content and usefulness of this information.
References in this e-mail to any specific commercial products,
processes, or services by trade name, trademark, manufacturer, or
otherwise, does not constitute or imply endorsement,
recommendation, or favoring by the I3P. I3P is a research, not
operational, organization, and makes its Security in the News
e-mail available as a public service on a best-effort basis.
Security in the News will be sent out on most business days, but
not all.
The Institute for Information Infrastructure Protection
45 Lyme Road, Suite 300
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: listmanager@xxxxxxxxxx
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Copyright statements to be included when reproducing
annotations from Network Newsletters
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
