QuickLinks - Security and encryption

recent items

Issue no. 210 - 14 October 2001

• Airport to install face-scan system (MSNBC)
  Viisage Technology will deploy the first face-recognition system at a U.S. airport within a month, responding to heightened demand for better security for airplanes following last month’s deadly attacks.

• Anti-Nimda Technology Saved Billions - Report (Newsbytes)
  According to Computer Economics, costs from Nimda would have been significantly greater if many leading anti-virus software packages hadn't automatically downloaded updated virus definitions to users.

• Code Red II Is Dead - Experts (Newsbytes)
  After a nearly two-month rampage across the Internet, the Code Red II worm has entered a period of self-inflicted euthanasia as of midnight Sept. 30. The worm's unidentified author programmed the worm to stop once the month of October arrived. An analysis of Code Red II shows the code has no provision to wake up again.

• FBI, SANS Institute: Internet 'not ready' for attack (Computerworld)
  FBI and the SANS Institute released a list of the 20 top vulnerabilities of Internet-connected systems and urged companies to close dangerous holes while warning again of virulent cyberattacks to come.

• High-Tech Leaders Slam Encryption Back Door Bill (Newsbytes)
  A coalition of high-tech companies urged Sen. Judd Gregg not to move forward with legislation that would give law enforcement back door access to all U.S.-made encryption products.

• Microsoft Closes Door To Its Online Customer Database (Newsbytes)
  Until very recently, anyone with a Web browser and the right Internet address could access Microsoft’s customer service database and look up the billing, shipping and purchasing data for any customer who had bought Microsoft products online.

• Microsoft Steps Up Software Security (Yahoo)
  Signaling a change in long-standing policy for Microsoft, the company will deliver all of its software in the "locked down'' position by default. That means the settings will be placed in the most secure configurations when shipped, rather than in the most "open'' position, which can leave the computer more vulnerable to hacking, but can offer more immediate and advanced functionality.

• USA - Feds Offer $5 Mil In Grants For Security Research (Newsbytes)
  The Department of Commerce's National Institute of Standards and Technology (NIST) gave $5 million in research grants to companies contracting to beef up security around the nation's computer and telecommunications systems.

• USA - Taking Out the Net (Washington Post)
  Without having to set foot on U.S. soil, terrorists with minimal expertise could cripple the Internet, damaging critical avenues of commerce, vital public services and sensitive government communications, authorities on Internet and national security are warning. see also Securing the Lines of a Wired Nation (New York Times) and Experts warn of combo terrorist assault, cyber attack CNN).

Issue no. 209 - 1 October 2001

• No Regrets About Developing PGP (Phil Zimmermann)
  Open letter: The Washington Post carried an article that misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case. This misrepresentation is serious, because it implies that under the duress of terrorism I have changed my principles on the importance of cryptography for protecting privacy and civil liberties in the information age.

• Opening Encryption 'Back Door' Problematic - Experts (Reuters)
  Lawmakers may be asked to give the FBI a "software key" to encryption technology that would allow the agency to unlock secret Internet messages but experts warn the measure would impair commerce and violate privacy right without deterring terrorism.

• U.K. E-Commerce Minister Calls For Tighter Internet Security (Newsbytes)
  Douglas Alexander, the U.K. e-commerce minister, spoke at the Information Security Solutions Europe (ISSE) event of the need for a heightened awareness of Internet security, following the terrorist attacks in America two weeks ago.

• USA - Hackers urged not to deface sites (MSNBC)
  Cyberangels has launched an effort to protect the Internet from hackers angry at Saudi-born militant Osama bin Laden, the prime suspect in the Sept. 11 attacks on New York and Washington. see also A TV Plea to Patriot Hackers (Wired)

Issue no. 208 - 24 September 2001

• AOL, Yahoo, ICQ Sites Battle Security Holes (Newsbytes)
  America Online's Shop@AOL site, along with the portal for its ICQ instant messaging product, and Yahoo's site for users in France, have been identified as vulnerable to an attack known as cross-site scripting.

• New, complex worm slows in United States (AP)
  As American companies recovered from the latest Internet worm, the complex "Nimda" program struck companies around the world, shutting down sites in Norway, Japan and elsewhere. The virus-like program spreads rapidly through many ways to infect computers running Microsoft's Windows operating system. see also 'Nimda' - Norwegian For 'Nasty' (Newsbytes) and Viruses are getting faster, tougher (IDG).

• UK government rejects key-escrow resurrection (ZDNet UK)
  The Home Office has confirmed that it will not try to resurrect the key escrow debate in light of last week's terrorist attacks on America, but will continue with the enforcement of current encryption laws later this year.

• Yahoo! News hacked (SecurityFocus)
  A hacker demonstrated that he could rewrite the text of Yahoo! News articles at will, apparently using nothing more than a web browser and an easily-obtained Internet address. Yahoo!, which learned of the hack from SecurityFocus, says it has closed the security hole that allowed 20-year-old hacker Adrian Lamo to access the portal's web-based production tools.

• A 'Tarpit' That Traps Worms (Wired)
  Network administrators now have a hacking tool that can help them strike back at malicious attackers. "LaBrea" is a free, open-source tool that deters worms and other hack attacks by transforming unused network resources into decoy-computers that appear and act just like normal machines on a network.

• To Attacks' Toll, Add A Programmer's Grief (Washington Post)
  Like many Americans, Phil Zimmermann, a computer programmer, has been crying every day since last week's terrorist attacks. He has been overwhelmed with feelings of guilt. Zimmermann is the inventor of a computer program called Pretty Good Privacy, or PGP; it was the first to allow ordinary people to encrypt messages so only those with a "key" could read them.

Issue no. 207 - 18 September 2001

• Don't pay TV? (Spieegl)
  Das Bezahlfernsehen Premiere World reißt immer größere Löcher in Leo Kirchs Kassen - dabei gibt es immer mehr Zuschauer. Über die kann man sich in München jedoch kaum freuen: Sie kaufen illegal ihre Karten für die Decoder am Bahnhof - oder "hacken" sie selbst.

• IT disaster declarations continue to grow in number (Computerworld)
  The day after terrorist attacks hit New York and Washington, businesses continued to file disaster declarations with large technology providers that can help them recover their IT systems in the wake of catastrophic events.

• Bertelsmann steps up CD security efforts (CNET News.com)
  Israeli security company Midbar has inked a deal with a Bertelsmann-owned CD manufacturer to provide copy protection for music albums.

Issue no. 206 - 3 September 2001

• Breaking Microsoft's e-Book Code (Technology Review)
  An anonymous programmer has found a way to decrypt Microsoft Reader e-books, spurring digital-rights debate.

• Expert: Code Red is here to stay (ZDNet UK)
  A new permutation of the Code Red II worm was discovered, and one expert says that Code Red is now unlikely ever to disappear. see also Virus costs reach $10.7 billion (Reuters).

• Hacker attacks site, halts stock trade (Reuters)
  In the latest in a spate of corporate cyberinvasions, a hacker broke into a paintball company's Web site and sent out phony financial statements, forcing the Nasdaq Stock Market to halt trading in the company's shares for more than two hours.

• New Zealand Center To Combat Cyber Threats (Newsbytes)
  The New Zealand government will set up a government unit dedicated solely to protecting the nation's critical infrastructure from cyber threats by Internet hackers or computer viruses.

• Record labels begin selling copy-proof CDs (AP)
  Hoping to crack down on music piracy, five major record labels have quietly begun selling CDs containing technology that foils attempts by customers to copy the songs onto blank discs or computer hard drives.

• Top Hacking Tools Site Restricts Access (Newsbytes)
  Citing a desire to thwart "script kiddies" and security companies, Hack.co.za , a popular site that provides free hacking tools, has closed its doors to the general public.

• USA - Professor unveils anti-copying flaws (ZDNet News)
  A talk speech on cracking digital watermarks went ahead, as encryption researcher Edward Felten addressed security experts as planned at a conference in Washington, D.C.

• USA - Severe computer security holes reported at Commerce Department (AP)
  The Commerce Department’s computer networks, which contain some of America’s most valuable business secrets, have security holes easily accessible to Internet criminals, federal investigators say.

• Pentagon Hides Behind Onion Wraps (Wired)
  The U.S. government has been awarded a patent for a technology known as "Onion Routing," which preserves anonymity by wrapping the identity of users in onion-like layers. The announcement prompted an angry reaction from Usenix attendees, who aren't big fans of software patents -- especially in the area of anonymous communications, where there's been so much prior work before the Navy ever got involved.

Issue no. 205 - 3 August 2001

• Code Red Infections Down To A Few Thousand An Hour (Newsbytes)
  Code Red worm watchers say that, after more than 24 hours of renewed activity, the notorious Web-server intruder has probably burrowed into less than 250,000 computers. Government, security officials sound alarm over 'Code Red' worm (MSNBC), "Red" alert: The worm returns (CNET News.com)

• Schoolboy hacker lays down the law (vnunet)
  A teenage hacker from India spent his summer holiday writing a 600 page book on the tricks and techniques of ethical hacking, and managed to score a deal with a mainstream UK book publisher.

• USA - New Laws: Thou Shalt Patch (Wired)
  The Federal Trade Commission (FTC) proposed a regulation that will require financial service companies to protect their networks against "anticipated threats" and generally take measures to protect their information.

• USA - Severe computer security holes at Commerce Department (AP)
  The Commerce Department’s computer networks, which contain some of America’s most valuable business secrets, have security holes easily accessible to Internet criminals, federal investigators say.

Issue no. 204 - 27 July 2001

• Cable internet security blown wide open (vnunet)
  Millions of people accessing the internet through broadband cable connections risk having their computers taken over by malicious hackers. The security vulnerability is caused by the shared architecture of the data channel that carries internet traffic within cable companies' fibre networks.

• Hackers Pounce On New Telnet Hole (Newsbytes)
  A newly discovered vulnerability affecting many UNIX-based computers is providing fertile ground for Web site attackers. Since a buffer overflow bug in the Telnet program shipped with most operating systems built on code from Berkeley Software Design was publicized, hundreds of Web sites running the operating system have been defaced.

• Nailing shut the cyber back door (CNET News.com)
  Mild-mannered and somewhat shy, Jay Beale--like many hackers of the old school--has made a name for himself at a young age as the leader of the Bastille Linux Project, an open-source endeavor to make Linux systems more secure by automating the patching process.

• Nine out of ten web users prefer porn (vnunet)
  Microsoft has been forced to fix a bug in its MSN Communities website that exposed users' personal image files to all and sundry. Aside from the obvious security implications, the glitch also revealed that nine out of 10 MSN Communities users have online collections of hardcore porn, and thousands of people have now seen it.

• Porn site hacked by rabbit (vnunet)
  Webby award winning porn site Stileproject.com was hacked. The culprit identified himself as Fluffi Bunni, the same hacker who defaced both the Sans Institute and Sourceforge a few months ago. He left a calling card featuring a pink fluffy rabbit.

• Sicherheitsloch bei Schweizer E-Mail-Anbieter (Heise)
  Der drittgrößte Schweizer Internet-Provider Swissonline hat ein Sicherheitsproblem: Rund 250.000 E-Mail-Konten lagen dadurch seit Monaten offen.

• SirCam clogs mailboxes, spreads secrets (CNET News.com)
  The SirCam worm continued to gain momentum, carrying with it the potential not only to slow corporate e-mail servers but also to send along company secrets. Like many other worms, SirCam spreads by e-mailing copies of itself to everyone in the infected computer's Microsoft Outlook address book. An added twist with SirCam is that the worm sends a random file from the infected computer's hard drive, potentially sending confidential business data or embarrassing personal information along with the virus. See also SirCam virus hides in the trash (Interactive Week) and SirCam hits FBI cyber-protection unit (Wall Street Journal).

• Swiss Hackers Grab 250,000 E-mail Addresses, Passwords (Newsbytes)
  Swiss hackers were able to infiltrate the mail server of SwissOnline, Switzerland's third largest Internet service provider (ISP), and gain access to 250,000 e-mail addresses and passwords, including the embassies of France, Sweden and Israel.

• The enemies of access (FT)
  Hackers grab the headlines. But infrastructure weakness may be a bigger threat to the net.

• World Virus Tracking Center (Trend Micro)
  Displays information about actual virus infections.

• Austria - Hackers Hit Again With Hitler Mustache, Music (Newsbytes)
  A cyber-battle has broken out between Austria's right-wing Freedom Party (FPOE) and Web site hackers. The hackers have struck the FPOE's Web site a second time; this time, it was not only a defacement, as occurred over the weekend, but an audio-visual attack: defacement plus an audio feed added to the Web site.

• USA - Adobe Opposes Prosecution in Hacking Case (New York Times)
  In an unexpected turnaround, Adobe Systems called for the release of a Russian programmer accused of violating American copyright law after he helped create software that can crack Adobe's security software for electronic books.

Issue no. 203 - 19 July 2001

• Attrition.org dispenses advice on defacements (IDG)
  When non-proft security site Attrition.org decided to stop mirroring Web site defacements, the group blamed the volume of defacements and said their hobby had become a "thankless chore." Members of Attrition gave a talk at the Black Hat Briefings conference in Las Vegas and dispensed hard-earned wisdom - and some bitterness - to those who might follow in their footsteps.

• Busting the Web Bandits (Newsweek)
  Online fraud was threatening to drive an Internet start-up out of business. Then PayPal decided to stay and fight back.

• Few Easy Answers On Net Security (Newsbytes)
  Worldwide Internet security weaknesses will get worse before they get better, and there isn't a whole lot lawmakers, can do to improve the situation, one Internet security expert told a Senate subcommittee.

more items

QuickLinks consists of

• a free newsletter appearing approximately once a week. The newsletter is distributed by electronic mail through an "announcement only" mailing list. To be included on the mailing list, send a blank email to quicklinkshtml-subscribe@yahoogroups.com (HTML) or quicklinks-subscribe@yahoogroups.com (Text)
• a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.