QuickLinks - Security and encryption
Issue no. 245 - 15 September 2002
- US - Administration Pares Cyber-Security Plan
As the White House moves to finalize a national plan to better secure cyberspace, high-tech firms and other companies are continuing a furious campaign to have some recommendations struck from the document. The administration no longer plans to recommend that Internet service providers such as America Online, MSN and EarthLink bundle firewall and other security technology with their software. Instead, it will ask ISPs to "make it easier" for home users to get access to such protections.
Issue no. 243 - 31 August 2002
- OECD promotes "culture of security"
In time for the first anniversary of the Sept. 11 attacks, the Organization for Economic Cooperation and Development has issued new guidelines for securing information systems and networks in anticipation of cyberterrorist attacks or intrusions. Towards A Culture Of Security OECD Guidelines for the Security of Information Systems and Networks.
- US - RIAA site comes under second attack
For the second time in a month, the Recording Industry Association of America's Web site has been attacked, apparently by opponents of the industry group's efforts to shut down online music trading. see also RIAA Web site disabled by attack.
Issue no. 242 - 30 July 2002
- Princeton accused of Ivy League hacking
Princeton University admissions officials gained unauthorized access to a Web site at rival Yale University containing personal information about applicants to the Ivy League school, according to officials at both institutions.
- US - RIAA Web site disabled by attack
The Recording Industry Association of America's (RIAA) Web site was unreachable over the weekend due to a denial-of-service attack. The apparently deliberate overload rendered the RIAA.org site unavailable for portions of four days and came after the group endorsed legislation to allow copyright holders to disrupt peer-to-peer networks.
Issue no. 238 - 22 June 2002
- Game Consoles - the Next Hacker Target?
Xbox and Playstation 2 decks are coming to the Internet in droves this fall. How will they stand up against the legions of hackers waiting for them there?
Issue no. 236 - 8 June 2002
- Cheaters take profits out of online gaming
Game companies are looking to subscription fees from online players as a major source of recurring revenue in the near future, but those subscribers may not stay around if the new virtual worlds are full of the cheating and hacking that has marred previous online games. A small but fractious minority in online gaming circles, cheaters can suck the fun out of a game by introducing homemade characters with unauthorized powers, making it impossible for opponents to win or even survive. They can also quickly pollute the social atmosphere critical to many games.
- NL - Government starts internet emergency centre
The Dutch government has spent some E300,000 on an emergency centre to warn private and smaller business internet users of incidents such as computer viruses, network break-ins or denial-of-service attacks.
- Passwords: The weakest link
The best network security is only as strong as its weakest link. And often, that's your not-so-clever password
- Security v. Privacy Conference
(Internet Law And Policy Forum)
The Internet Law & Policy Forum is holding its annual conference on the topic of Security v. Privacy on 18-19 September 2002 in Seattle, Washington. The events of September 11th have raised the stakes on these two critical issues. Many governments have passed new legislation in efforts to increase security and stop terrorism. Many privacy advocates have criticised some of these new laws for their negative effect on privacy. This conference will explore the synergies and conflicts, both real and imagined, between these two important issues and the laws written to promote them. The conference will have a privacy track and a security track, where speakers will explore key issues and concerns in the respective areas. Some of the topics covered in these panels include:
- privacy global survey;
-legislative regimes and cross-cultural dimensions;
- practicalities of compliance with law enforcement requests;
- identifying and selecting appropriate authentication options;
Plenary sessions will cover topics from both perspectives. Readers of QuickLinks will receive a USD 200 reduction if they register before 22nd June 2002 and refer to Priority Code N5B2.
- Hackers unlocking Norway's history
A Norwegian educational center for cultural preservation lost the password to a historical database cataloging 11,000 original books and manuscripts, but was able to recover it with help from the Web.
Issue no. 234 - 11 May 2002
- OECD will "Kultur der Netzwerk-Sicherheit" begründen
Die OECD (Organisation for Economic Co-Operation and Development) will eine groß angelegte Kampagne für mehr IT-Sicherheit starten. In einem Richtlinienpapier hat die "Arbeitsgruppe zu Informationssicherheit und Datenschutz" neun Prinzipien zur Begründung einer "Kultur der Sicherheit" im Netzwerkbereich erstellt.
SmartID is a discussion group set up by a team at the Computer Security Research Centre at the London School of Economics for the exchange of news and discussion about the social and organisational issues of the large-scale deployment of smart-card systems.
- USA - Playing the ID Card
Americans have never had to 'show papers' to move around. Now they must choose between privacy and security.
Issue no. 233 - 4 May 2002
Issue no. 232 - 28 April 2002
- Argentina - Hacking 'legal'
An Argentine judge has ruled that hacking is legal by default in the country, arguing that the law covers crimes against people, things and animals, but not cyberspace. It is the first case against computer hacking in Argentina.
- Hotmail at Risk to Cookie Thieves
MSN Hotmail users, guard your cookies. A simple technique for accessing Microsoft's free e-mail service without a password is in the wild and apparently being exploited. The trick involves capturing a copy of the victim's browser cookies file. Once the perpetrator gains two key Hotmail cookies, there's no way to lock him out because at Hotmail, cookies trump even passwords.
- Keeping e-mail encryption alive
Phil Zimmermann's invention for encrypting e-mail, Pretty Good Privacy, was so good that the government considered it munitions subject to tough export controls. Prosecutors threatened him with criminal charges when others leaked it overseas. The government ultimately backed off. But now, the company that makes the most popular version of PGP is the one pulling the plug.
Issue no. 231 - 14 April 2002
- Experts: Chat rooms a haven for hackers
The ability for hackers to go onto the Internet and chat up fellow hackers is as old as the Net itself. But with identity theft becoming a more popular form of fraud, according to the Federal Trade Commission (FTC), more attention is being paid to chat rooms that serve as flea markets for hackers.
- Security for all
(Sydney Morning Herald)
The cloak-and-dagger world of computer security testing is under attack by an open-source project that harnesses the world's best minds.
Issue no. 230 - 7 April 2002
Issue no. 229 - 23 March 2002
- 'Social Engineering' Spreads New Plague of Web Chat Attacks
The enticements of pornography, free software and security - otherwise known as "social engineering" - that have been common among e-mail-borne computer viruses now have spread to instant messaging (IM) and Internet Relay Chat (IRC), according to CERT, a federally funded security center based at the Software Engineering Institute of Carnegie Mellon University.
Issue no. 228 - 17 March 2002
Issue no. 227 - 10 March 2002
- Browser Makers Hid Java Proxy Flaw For A Year - Researcher
A critical security flaw in Java that could allow browser traffic hijacking was hidden from the public for almost a year, a security researcher said. Patches that protect users of Microsoft's Internet Explorer and Netscape's Navigator browsers against the bug were released yesterday, nearly eleven months after the software makers learned of the vulnerability in their implementation of Sun Microsystem's Java Virtual Machine (JVM).
Issue no. 226 - 3 March 2002
- USA - Commerce Department Fines Company For Illegal Crypto Exports
The federal body that regulates exports has fined San Diego firm Neopoint Inc. $95,000 for exporting strong encryption software to Korean companies without the necessary government approval.
- USA - N.Y. Times source database hacked
A computer security researcher accessed internal New York Times computer networks this week through the Internet and managed to view hundreds of sensitive Times files. Among them: a database of 3,000 Times contributors.
- USA - Sites Revealed Passwords For Thousands Of Ameritech Users
One of the unsecured Ameritech Web sites contained an alphabetical hyperlinked listing of dial-up users. Each individual account, when clicked on, automatically created a dial-up networking account on the visitor's computer, complete with the username, password and appropriate dial-up phone number for the subscriber's region.
Issue no. 225 - 24 February 2002
- Tipping the balance on net security
Net security is going to get a lot worse before it gets better. So says Peter Tippett, the computer security pioneer who now runs TruSecure, a company dedicated to spotting the next big security problem before the vandals and malicious hackers exploit it.
- Gator Digital Wallet Allows Hacker Back Doors
Gator, a digital wallet program installed on millions of computers, contains a security flaw that could enable malicious sites to take control of a user's computer.
- VeriSign places trust in Web services
VeriSign partnered with Microsoft, IBM, Oracle, Sun Microsystems and other technology makers to provide security for Web services. VeriSign's new software tools allow companies to add authentication services for online bill payment or financial data exchange between companies, for instance, to Web services applications.
Issue no. 223 - 10 February 2002
- Identity In Search Of Security
Varying one's Internet identity with different passwords and log-in names is the best way to limit fraud. Lots of companies are trying to develop a powerful password program to make surfing easier and that's the problem: There's no clear standard.
Issue no. 222 - 2 February 2002
- Overworked hackers' archive closes
Safemode.org has announced that it is to stop archiving hacked websites. The site has shut down because it can no longer deal with the sheer volume of defacements.
- USA - Top News Sites Close Script Hacking Hole
A cross-site scripting (CSS) security flaw at leading online news providers MSNBC.com, NYTimes.com, and WashingtonPost.com could have allowed attackers to generate bogus articles using the sites
- USA - Top Security Sites Easy Prey To Script Attacks
Web sites operated by several leading Internet security organizations are vulnerable to an old but serious security flaw known as the cross-site scripting (CSS) attack.
Issue no. 221 - 26 January 2002
- Dutch Probe Hack-Attack on Royal Wedding Web Chat
The Dutch public prosecutor launched a criminal investigation into a hacker attack that crashed an online chat with the Dutch crown prince and his Argentine fiancee earlier in the week. see Royal Web chat freezes screens (CNN).
- Internet still a dangerous place
Spending on Internet security continues to grow, yet the worldwide supernetwork remains more vulnerable than ever to viruses, break-ins and terrorism. Simply put, hackers are getting smarter, and computer networks are getting more complex and difficult to keep safe.
- Real To Close Security Hole in RealPlayer
RealNetworks will release a patch for a security flaw in its RealPlayer 8 software that could allow a rogue site to crash the player and potentially execute malicious code.
- Serious Security Hole In AOL's ICQ Chat Software - CERT
A security hole in America Online's Internet chat software could allow remote attackers to execute malicious programs on the users' computer, a government-funded security watchdog warned.The vulnerability lies in a feature of AOL's ICQ Internet chat program for Windows that allows ICQ users to invite others to join them in playing online games.
Issue no. 220 - 19 January 2002
- Details On Severe IE Hole Posted Online
Instructions on how to exploit a critical security hole discovered last month in Microsoft's latest Web browser were posted on the Internet, raising concerns that malicious code may soon appear that takes advantage of the flaw. Security experts said the Internet Explorer file execution vulnerability is one of the most severe ever found, because it enables an attacker to run a program on another user's computer simply by causing the victim to view a Web page or open an HTML e-mail.
- Deutschland - Innenministerium kooperiert mit Telekom bei Schutz von Datennetzen
Das Bundesinnenministerium und die Telekom haben eine langfristige strategische Zusammenarbeit und einen Austausch von Experten vereinbart. Im Bedarfsfall wollen sie so auf "akute Bedrohungen der nationalen informationstechnischen Infrastruktur" reagieren können. Dazu werden die Computer Emergency Response Teams des Ministeriums und der Telekom zusammenarbeiten.
- Experts: 'About time' on Microsoft security plan
Computer security experts, who have long complained about holes in Microsoft Corp. software, were pleased to see Chairman Bill Gates proclaim security as the highest priority after years of lip-service. see also Trust, but verify, Microsoft's pledge (news.com) by Bruce Schneier.
- InstaKiss Password-Stealing Scam Sites Proliferate
Authorities moved quickly to shut down the latest "InstaKiss" Web site designed to dupe AOL users into giving up their account passwords in exchange for an electronic smooch.
- USA - ACLU Skewers DMV Proposal As 'De Facto' National ID
The American Civil Liberties Union (ACLU) took aim at a proposal by the American Association of Motor Vehicle Administrators (AAMVA) calling on Congress to authorize state and federal authorities to share information on identity cards applicants. The DMV body also requested funding to equip state IDs with technology that ties the cards to their owners’ unique physical characteristics or preferences.
- USA - FBI Advises Security Review Of Web Content
The FBI's National Infrastructure Protection Center advised providers of water, energy, transportation, finance and other critical infrastructures to evaluate the content of their Web sites from a security perspective.
Issue no. 219 - 13 January 2002
Issue no. 218 - 6 January 2002
Index page see also Computer crime
Links to news items about legal and regulatory aspects of Internet and the information society, particularly those relating to information content, and market and technology.
QuickLinks consists of
QuickLinks is edited by Richard Swetenham firstname.lastname@example.org
- a free newsletter appearing approximately once a week. The newsletter is distributed by electronic mail through an "announcement only" mailing list. To be included on the mailing list, send a blank email to email@example.com (HTML) or firstname.lastname@example.org (Text)
- a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.