QuickLinks - Security and encryption

recent items

Issue no. 218 - 6 January 2002

• Warning of malicious e-cards (BBC)
  People are being warned to watch out for computer viruses which could be hidden in electronic Christmas cards.

• AOL Fixes Messenger Glitch (Wired)
  America Online has closed a security hole in its Instant Messenger (AIM) application that could have given hackers access to, and control over, Windows PCs running the latest version of the application.

• Microsoft Browser Slips Up On SSL Certificates - Report (Newsbytes)
  Germany-based E-matters, a Web development company, announced has found a hole in IE's authentication of secure sockets layer (SSL) exchanges that allows Webmasters to use stolen or expired SSL certificates.

• Universal Net ID Consortium Says Momentum Growing (Newsbytes)
  An effort to create open standards for a "single sign-on" approach to personal identity on the Internet may be gathering steam, with the addition of seven heavy-hitting companies to its roster of founders. The new additions to the management board of the Liberty Alliance Project include credit card companies MasterCard International and American Express, as well as a major bank.

• What They Know Could Hurt You (Wired)
  Users of popular file-sharing applications may unknowingly be sharing more than just their collections of audio files. A Trojan horse program masquerading as an advertising application was included with recent versions of programs BearShare, LimeWire, Kazaa and Grokster. The Trojan, dubbed "W32.Dlder.Trojan" by antiviral companies, is contained within an application called "ClickTillUWin" which promises users a chance to win prizes.

• Windows XP vulnerable to 'serious' attacks (AP)
  Microsoft's newest version of Windows, billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The company released a free fix.

Issue no. 217 - 16 December 2001

• Anonymous e-mail services gain users (AP)
  For years, anonymous e-mail has been a choice tool for whistle-blowers, human rights activists and undercover sources looking to protect themselves while imparting vital information. The number of remailers has overall doubled to about 50 after the passage of security laws as media reports raised awareness of threats to privacy

• Microsoft Releases Patch For 'Critical' Browser Flaw (Newsbytes)
  Microsoft has released a patch for several security holes in its Internet Explorer Web browser, including one that could enable an attacker automatically to run malicious code on the computer of users who visit a Web site or read an HTML e-mail.

Issue no. 216 - 8 December 2001

• UK - House Committee OKs Increase In Security Research Funds (Newsbytes)
  The House Science Committee approved two bills designed to substantially boost federal spending on information technology and cyber-security research.

• USA - White House Cybersecurity Chief Unveils Plans (Government Computer News)
  Presidential cybersecurity adviser Richard Clarke announced two federal initiatives for improving security of the nation's information infrastructure. He said the government expects to open a national center for infrastructure simulation and analysis, and soon will create a cyberwarning intelligence network linking major government and commercial network operations centers.

• AOL joins safe Net standard (CNET News.com)
  AOL Time Warner has joined the Liberty Alliance Project, a coalition of technology companies creating a common online registration and identity system to counter Microsoft's ambitions with its Passport service.

• Computer Security Advisory Site Suffers Attack (Newsbytes)
  The Web site of the Computer Emergency Response Team (CERT) is undergoing a distributed denial of service attack, officials at the federally funded computer security clearinghouse confirmed.

• Hard-Coded Into E-Mail Hell By BadTrans (Newsbytes)
  The latest widespread infectious code to hit the Internet, BadTrans.B has been particularly unkind to 15 people whose e-mail addresses were programmed into the worm by its unidentified author.

• New Internet worm makes some files a 'goner' (CNN)
  Antivirus companies warned people about a rapidly spreading new e-mail worm that is capable of deleting certain computer programs. The mass-mailing Internet worm goes by the name "Goner" and is distinguishable by its subject line (Hi) and the body of the message, which promises a screensaver. The attachment is called "Goner.scr." see also 'Goner' Today, and Forgotten (Wired) and Chat Volunteers Block Worm's Channel Of Attack (Newsbytes) .

• Study: Security fixes overwhelming IT managers (IDG)
  The number of required security patches and updates to security products during the past 12 months has so overwhelmed IT managers at most companies that the process now places network security at greater risk, a new study concludes.

Issue no. 215 - 2 December 2001

• Fluffi Bunni Places Ads At Security Site (Newsbytes)
  Banner ads promoting a notorious group of computer attackers known as Fluffi Bunni today appeared at SecurityFocus.com, after the hackers compromised a server operated by the leading security firm's advertising partner.

• UK - Police set up e-crime tip-off system (IT Week)
  The police National Hi-Tech Crime Unit (NHTCU) has appointed an industry liaison officer to develop a confidential crime reporting system. The liaison officer has the task of creating a system to help companies report digital security breaches to the police without suffering any embarrassing public disclosures

Issue no. 214 - 23 November 2001

• IBM increases focus on privacy and security (FT)
  IBM announced a large research initiative on privacy and security and the formation of an advisory body.

• USA - Govt. Tech Security Officials Visit Key Net Facility (Newsbytes)
  A pair of high-ranking Bush administration officials today visited the Herndon, Va., offices of VeriSign to assess the security precautions being taken by the company that controls the technology at the heart of the Internet's global addressing system.

• USA - House OKs Bill With Cyber-Security Funding (Newsbytes)
  The House of Representatives passed a spending bill that contains funding for a raft of cyber-security and online crime-fighting initiatives. The House voted 411-15 to approve the Commerce-Justice-State (CJS) appropriations bill, a 2002 spending package that includes funding for programs to fight cyber-crime, child pornography, and intellectual property theft. The package also includes money for technology research programs.

• A Tell-All ZD Would Rather Ignore (Wired)
  If you subscribe to any of Ziff Davis' computer magazines, you may want to double-check your credit card bill next month. Ziff Davis Media, which publishes such popular tech titles such as Yahoo Internet Life and PC Magazine, accidentally posted the personal information of about 12,500 magazine subscribers on its website.

• Biometrics and the new security age (MSNBC)
  Starting this month, Logan International Airport will try out two facial recognition systems designed to boost security after two hijacked planes originating at the airport changed the course of history.

• Consumer Group Reports Hacker Break-Ins (Newsbytes)
  Internet servers operated by the Consumer Project on Technology (CPT), an organization created by consumer advocate Ralph Nader, suffered two security breaches this month.

• FBI software cracks encryption wall (MSNBC)
  The FBI is developing software capable of inserting a computer virus onto a suspect’s machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as Magic Lantern, enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. see also FBI snoop tool old hat for hackers (CNET News.com ).

• ICANN: To Serve and Protect (Wired)
  The deadly attacks of September 11 also prompted the Internet Corporation for Assigned Names and Numbers (ICANN) to toss out its customary agenda and replace it with a three-day special meeting on how to guard the Net's most vulnerable portions from terrorist attacks.

• Pirate-proof pop goes public (BBC)
  Music makers are stepping up attempts to stamp out piracy with the public release of CDs that cannot be played on computers. Natalie Imbruglia's latest album is the first to go on general release with a copy-protection system built in. But see BMG to replace anti-rip Natalie Imbruglia CDs (The Register).

• Playboy Web site hit by hacker (MSNBC)
  Law enforcement officials are investigating a security breach at the Playboy.com Web site that allowed a computer hacker to steal customers’ credit card numbers.

• UK - Students hack for PIN money (vnunet)
  Security experts have warned that PIN codes and card details held by cash machines may be at risk from unscrupulous bank employees. The warning comes after research by two Cambridge University students proved that IBM's 4758 cryptographic co-processor, as used in many high street banking systems, could be hacked. See also PIN code cracking claims questioned (vnunet).

Issue no. 213 - 11 November 2001

• ACLU Warns Of Face Recognition Pitfalls (Newsbytes)
  The American Civil Liberties Union is urging airport security officials to consider the limitations of face-recognition technology before rushing to install the systems as a hedge against terrorism.

• Hacker watchdog group in the works (CNET News.com)
  Microsoft and five security companies announced that they would create an organization to promote the responsible publishing of information about software flaws.

• Movie industry dealt DVD-cracking blow (CNET News.com)
  A California court has dealt a potentially serious setback to the movie industry's attempt to rid the online world of software that can help break through copy protections on DVDs. The appeals court overturned an earlier order that barred hundreds of people from publishing the code for a software program called "DeCSS" online. Posting the code is just like publishing other types of controversial speech and is protected by the constitution, the appellate judges said. see also Court Rules DeCSS Posting On Web Is Protected Speech (Newsbytes). DVD Copy v. Bunner (Court of Appeal, Sixth Appellate District).

• Deutschland - Datenschützer warnt vor zentraler Biometrie-Datei (Heise)
  Der niedersächsische Datenschutzbeauftragte Burckhard Nedden befürchtet, dass biometrische Daten aller Bundesbürger künftig zentral gespeichert werden könnten. "Mit Biometriedaten in deutschen Ausweisen fängt man keine Terroristen". Würden Fingerabdruck oder Irisscan ausschließlich auf dem Ausweis gespeichert, dann dienten diese Daten allein der Identitätsfeststellung. Damit habe es bei deutschen Bürgern allerdings praktisch nie Probleme gegeben, bei Ausländern hingegen schon. Gerade sie wären von den neuen Ausweisen jedoch nicht betroffen.

• España - El MCYT se incorpora a la 'Campaña de Seguridad en la Red' de la AI (Europa Press)
  El Ministerio de Ciencia y Tecnología (MCYT) se sumó a la 'Campaña Nacional de Seguridad en la Red', lanzada por la Asociación de Internautas (AI). Junto al apoyo institucional y la introducción de vínculos cruzados entre los sitios web de la campaña y el Centro de Alerta Temprana antivirus del Ministerio, el MCYT se ha ofrecido a hacer una aportación económica de un millón de pesetas o bien a ceder algún servidor para solucionar los problemas de ancho de banda registrados por la Asociación ante la audiencia conseguida por la Campaña.

• USA - Surveillance Law Urges ID Cards, Biometrics For Immigrants (Newsbytes)
  Federal authorities will be urged to develop biometric technology capable of identifying immigrants by their physical features, under a provision included in the anti-terrorism legislation passed by Congress.

• Amsterdam Airport Adopts Retinal Scanning ID Tech (Newsbytes)
  At Amsterdam's Schiphol airport, you can afford to forget your passport even if you're boarding an international flight. A program called "Privium" combines smart-card technology with optical scanning and networked computers to allow travelers to cross the border after retinal-scan identification.

• Cartoon DVD infected with FunLove virus (vnunet)
  Warner Bros has recalled all copies of an animation DVD as three computer programs on the disc have been infected by the FunLove virus.

• Hackers bypass Microsoft copy protection (ZDNet UK)
  Hackers in Hong Kong are routinely breaking Microsoft's digital media copyright protection system and helping themselves to broadband encrypted content. The hackers are using FreeMe, a DRM 2 cracker developed by pseudonymous programmer "Beale Screamer" and recently distributed across the Web following exposure on US security site Cryptome.org.

• Microsoft Warns Of Browser Cookie-Eating Attack (Newsbytes)
  Users of Microsoft's browser and e-mail programs could be vulnerable to having their browser cookies stolen or modified due to a new security bug in Internet Explorer (IE).

• Microsoft: No relief from security attacks (ZDNet)
  Almost every week since Microsoft announced its "Strategic Technology Protection Program," a new security flaw has cropped up. In the past few weeks, holes have been found in Excel and PowerPoint and a new system for protecting music content. A major security patch was issued for Windows XP, and the company had to shut down part of its Passport service to fix a set of flaws in the technology that Microsoft hopes will become the foundation of its .Net initiative.

• Personal Firewalls Spring Security Leaks (Newsbytes)
  Software firewalls deployed by millions of PC users offer only "illusory" protection against Trojan horses and other malicious programs, security experts warned. Techniques for defeating the outbound data filters in popular personal firewalls such as Zone Alarm and Norton Personal Firewall have been independently posted on the Web by several researchers. Using the methods described, a rogue program could upload private user data without being detected by the firewall, the experts claim.

• Welcome to the era of drive-by hacking (BBC)
  BBC News Online has been shown just how lax security is on wireless networks used in London's financial centre. On one short trip, two-thirds of the networks we discovered using a laptop and free software tools were found to be wide open.

• Deutschland - Kein Porno-Hack auf sicherheit-im-internet.de (Sicherheit im Internet)
  Am 31. Oktober 2001 meldete SPIEGEL online unter der Überschrift: "PEINLICHE PANNE -- Porno-Hack auf Ministeriums-Website: "Irgend jemand hatte sich an der Seite (www.sicherheit-im-internet.de) zu schaffen gemacht und einen Link verfremdet - "ge-rerouted", wie es auf Neuhochdeutsch so schön heißt. Von diesem Zeitpunkt an führte ein einziger kleiner Klick direkt auf ein Hardcore-Pornoangebot." Gottlob ist es nicht ganz so einfach, wie der SPIEGEL diese Geschichte darstellt: niemand hat sich an "der Seite zu schaffen gemacht und einen Link verfremdet" - das wäre auch nicht unbemerkt geblieben.

• UK - Students hack for PIN money (vnunet)
  Security experts have warned that PIN codes and card details held by cash machines may be at risk from unscrupulous bank employees. The warning comes after research by two Cambridge University students proved that IBM's 4758 cryptographic co-processor, as used in many high street banking systems, could be hacked.

Issue no. 212 - 27 October 2001

• Hack Breaks Security Site's Back (Wired)
  SecurityNewsPortal (SNP) , a security news website closed down after its owner decided it wasn't worth fighting a malicious hacker who defaced the site the day before.

Issue no. 211 - 20 October 2001

• Hacker cracks Microsoft anti-piracy software (CNET News.com)
  Microsoft confirmed that code, written by a programmer using the pseudonym "Beale Screamer," can strip off the protections in Microsoft's digital rights management (DRM) software which allow a content owner, such as a record label, to set rules on how the content can be used.

• Microsoft to hackers: Don't publish code (CNET News.com)
  Microsoft, whose software has been at the center of several recent high-profile security incidents, has decided to turn up the heat on those the company considers at least partially responsible: security firms and hackers who release sample programs to exploit software flaws. Scott Culp, manager for Microsoft's security response center, published an essay on the company's site decrying the information and example code released by some companies and independent security consultants as "information anarchy."

• Security Attacks Set To Double In 2001 - CERT (Newsbytes)
  Attacks on Internet computers are on pace to easily double the number reported last year, according to a government-funded security information clearinghouse, Computer Emergency Response Team (CERT).

• Spain - La AI inicia una campaña para promover una Internet más segura (ZDNet ES)
  Para paliar la demanda sobre información de utilización de herramientas que garanticen seguridad en todos los aspectos necesarios, la AI (Asociación de Internautas) ha desarrollado un espacio dentro de su sitio web que estará accesible desde el lunes 15 de octubre hasta el 15 de diciembre, bajo el título Campaña Nacional de Seguridad en la Red. ver también La protección de los menores en Internet (AI).

• USA - Bush Lays Out Cyber-Protection Plan (Newsbytes)
  President Bush has issued an executive order creating a federal "critical infrastructure protection" board that will be charged with coordinating nationwide electronic security efforts.

• USA - RIAA Wants to Hack Your PC (Wired)
  Look out, music pirates: The recording industry wants the right to hack into your computer and delete your stolen MP3s. It's no joke. Lobbyists for the Recording Industry Association of America (RIAA) tried to glue this hacking-authorization amendment onto a mammoth anti-terrorism bill that Congress approved.

more items

QuickLinks consists of

• a free newsletter appearing approximately once a week. The newsletter is distributed by electronic mail through an "announcement only" mailing list. To be included on the mailing list, send a blank email to quicklinkshtml-subscribe@yahoogroups.com (HTML) or quicklinks-subscribe@yahoogroups.com (Text)
• a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.