QuickLinks - Security and encryption

recent items

Issue no. 200 - 14 June 2001

• MS: Security hole in SQL Server lets attackers take over (IDG)
  A security flaw in Microsoft Corp.'s SQL Server 7.0 and SQL Server 2000 Gold databases can allow an attacker to take control of a targeted server, the company said in a security bulletin. Microsoft issued a patch for the flaw at the same time that it posted the bulletin.

• Panel: Computer export rules useless (MSNBC)
  Computing power dwarfing that used to build the most advanced weapons is now available to foes of the United States, making computer-hardware export controls a waste of time, a panel of senior national security figures has concluded.

• Security sites hit by graffiti gang (ZDNet News)
  In what appears to be a response to the geek-chic equivalent of a dare, a notorious group of online vandals has begun defacing security company Web sites. The group, known as PoizonB0x, put its online graffiti on 12 sites in the past week, according to hacking and security site Alldas.de. The targeted sites span the globe, with little in common except for the word security in their domain name.

• Teen hacker accused at sentencing hearing (AP)
  A 16-year-old computer hacker illegally used software to cripple major Internet sites last year, including CNN and Yahoo, witnesses told a sentencing hearing. The youth, known by the online nickname Mafiaboy, ignored a warning on the software that its use on the public Internet was illegal and could lead to prosecution.

• TiVo users told to stop swapping hack info (vnunet.com)
  Owners of TiVo digital recorders have been asked to stop revealing how to copy TV programmes in digital form onto another machine because of fears they could be breaking copyright laws.

• Virginia Government Data Web Site Hacked (Newsbytes)
  A hacker group known as "World of Hell" brought a world of headache on administrators at Virginia's Department of Information Technology, many of whom spent the better part of Saturday cleaning up digital graffiti left on the agency's Web site.

Issue no. 199 - 4 June 2001

• Thousands spammed by Seti@home hackers (vnunet)
  Hackers have escaped with around 50,000 email addresses, after the Seti@home project was hacked. A number of the email addresses taken have since been subjected to a major spam attack.

• Worm tracks down child porn (MSNBC)
  An e-mail virus that seeks out images of child pornography on systems running Microsoft Windows and alerts government agencies to positive findings, has been released by hackers intent on cleaning up the Internet.

• Expert Says Windows XP Aids Vandals (New York Times)
  The Internet is sustaining a growing plague of attacks that overwhelm Web sites by flooding them with data, and an Internet security expert is warning Microsoft that the planned consumer rollout of its Windows XP operating system for personal computers could make the global network even more vulnerable.

• Handy verschlüsselt Gespräche auf Knopfdruck (Heise)
  Deutschlands erstes Krypto-Handy geht jetzt in Serienproduktion. Äußerlich gleicht das Verschlüsselungs-Handy einem Siemens S35i, doch das TopSec GSM genannte Gerät bringt der Messtechnik-Spezialist Rohde und Schwarz auf den Markt.

Issue no. 198 - 28 May 2001

• Computer Vandals Clog Antivandalism Web Site (New York Times)
  The CERT Coordination Center is one of the premier places that the online world turns to for information when computer vandals attack; but its Web site has been knocked out by a distributed denial of service attack,

Issue no. 197 - 21 May 2001

• Anti-piracy program for digital TV (Los Angeles Times)
  In a letter sent to the Federal Communications Commission, the Consumer Electronics Association said the majority of TV makers plan to equip their digital TVs with a new technology that can block viewers from making digital copies. FireWire raises the bar for those seeking to copy protected material. Instead of just one secret encryption key that might easily be defeated, digital cable networks will have dynamic encryption that is different for every user.

• Echelon Spy System Not Urgent Matter - Intelligence Chair (Newsbytes)
  European Parliament officials who canceled a visit to the U.S. to get information about the "Echelon" spy system are "on a little bit of a wild goose chase" . But they were right to feel snubbed after several planned meetings with national security authorities were scrubbed. The views are those of House Intelligence Committee Chairman Porter Goss, R-Fla.

• Music anti-piracy group issues official shrug (CNET News.com)
  The struggling Secure Digital Music Initiative took another big step backward, breaking from its latest meeting with an admission that members can't yet agree on an industry standard for anti-piracy.

• Professor describes hacking music industry's anti-piracy technology (AP)
  Princeton professor Edward Felten told a spillover crowd at Stanford University as much as he could about successfully hacking the music industry's latest anti-piracy technology, but stopped short on some details for fear of being sued.

Issue no. 196 - 15 May 2001

• White House Prepares Cyber-Security Plan (Newsbytes)
  The White House is kicking into high gear a new version of the National Plan for Cyberspace Security and Critical Infrastructure Protection, which it said will be ready for action later this year.

• Automatic Web-Defacing Worm On The Loose, CERT Says (Newsbytes)
  Network administrators who haven't been keeping up with security patches for their servers are being warned about a new Internet worm that breaks into machines running Sun's Solaris operating system in order to launch automated attacks on Web sites hosted on Microsoft's Windows NT. CERT at Carnegie Mellon University is calling the malicious code the "Sadmind/IIS worm".

• X-rated 'Homepage' worm dying out (ZDNet News)
  The worldwide flood of e-mails caused by the virus is starting to dry up, say antivirus experts, less than 24 hours after the malicious attachment first went out. see also Homepage worm spreads quicker than Lovebug (ZDNet UK).

Issue no. 195 - 8 May 2001

• CERT statistics point to increasing security woes (IDG)
  A new set of security statistics released Friday by the Computer Emergency Response Team Coordination Center (CERT/CC) finds that in the first quarter of 2001 a number of security issues, including incident and vulnerability reports, are on track to top 2000 figures.

• End to email viruses may be nigh (ZDNet UK)
  The Ministry of Defence has come up with a way of stopping quick-spreading email viruses before they get out of control, which doesn't rely on traditional virus-detection methods. The Defence Evaluation and Research Agency (Dera) - an MoD agency - unveiled software that detects when a virus is attempting to send emails to all the names in your address book

• German government calls for hacker warning system (IDG)
  The German government is planning an early warning system to protect the country's Internet resources against potential international hacker attacks. The Interior Ministry wants to build a network of the Computer Emergency Response Teams (CERTs) that already exist in various government and private organizations.

• Kashmiri hackers attack BBC site (ZDNet UK)
  The British Broadcasting Corporation (BBC) has confirmed that hackers supporting the liberation of Kashmir have attempted to break into a server used to provide information to BBC staff around the world.

• Microsoft warns of 'serious' software hole (BBC)
  A serious security vulnerability has been found in the Microsoft software used to keep millions of websites running. EEye Digital Security discovered the bug, which affects Windows 2000 Servers running the Internet Information Server 5.0 (IIS) add-on. The flaw uses the remote printing protocols inside the software. When the right string of text is sent, it causes the software to return an unsecured command prompt, effectively giving high-level access to a server.

Issue no. 194 - 23 April 2001

• Clone of 'Melissa' virus infects the Internet (CNN)
  A new Trojan virus similar to the "Melissa" bug is proliferating quickly across the Internet. The subject line is usually "Matcher" and the misspelled message text is: "Want to find your love mates!!!/ Try this its cool.../ Looks and Attitude maching to opposite sex."

• New cloaked-code threat to security (ZDNet News)
  A new technique for disguising programs aimed at cracking corporate networks could raise the stakes in the heated battle between hackers and security experts. The cloaking technique is aimed at foiling the pattern-recognition intelligence used by many intrusion detection systems, or IDSes, known as the burglar alarms of the Internet.

Issue no. 193 - 3 April 2001

• Biggest threat to electronic data from insiders - KPMG (Reuters)
  Over 90 percent of global CEOs and chief information officers believe a breach of e-commerce systems would be perpetrated through the Internet or other external means, said survey of 1,283 companies by the accounting firm KPMG. And while the breach could come from outside the company walls, it is highly likely that the electronic fraudster will be an employee or consultant, as is the situation with more traditional forms of fraud.

Issue no. 192 - 26 March 2001

• The Internet and State Security Forum (Cambridge Review of International Affairs)
  May 19th, 2001Trinity College, Cambridge UK. Identify how networks create new state vulnerabilities, Examine appropriate and best practice responses to these challenges, Explore international opportunities for state security using network technologies.

Issue no. 191 - 19 March 2001

• Fast-spreading code is weapon of choice for Net vandals (CNET News.com)
  Computer worms are not ordinary viruses. Their ability to spread quickly across the Internet has made worms the weapon of choice for malicious vandals to spread their latest creations. Furthermore, the programs can be easily copied and changed, and point-and-click tools to create complex worms are readily available.

• Nastier version of backdoor tool released (eWEEK)
  A new version of SubSeven, a powerful and well-known backdoor program that gives attackers almost complete control over a victim's computer, is making the rounds on the Internet.

Issue no. 190 - 12 March 2001

• Descramble That DVD in 7 Lines (Wired)
  Descrambling DVDs just got even easier, thanks to a pair of MIT programmers. Using only seven lines of Perl code, Keith Winstein and Marc Horowitz have created the shortest-yet method to remove the thin layer of encryption that is designed to prevent people from watching DVDs without proper authorization.

• FBI Warns Companies About Hackers (AP)
  Organized hacker groups, primarily from former Soviet countries, are responsible for recent increases in credit card thefts and extortion attempts, the FBI said. It said e-commerce companies should be more vigilant in protecting their customers' credit card numbers.

• Naked Wife Virus Strips Down Computers (NewsFactor)
  The Naked Wife Trojan virus - which masquerades as a Flash movie of a naked woman - spreads via Microsoft Outlook and can damage vital system files, rendering an affected computer inoperable, according to security company McAfee.com Corporation. see also Yahoo Viruses page.

• SafeWeb offers Triangle Boy source code (Newsbytes)
  Online privacy company SafeWeb has released the source code of its Triangle Boy client, a peer-to-peer application that the company said prevents anyone, such as corporations, governments, and schools, from blocking access to SafeWeb.

Issue no. 189 - 5 March 2001

• Das Ohr der NSA in der Europäischen Kommission (Telepolis)
  Angeblich ist das Verschlüsselungssystem der Kommission NSA-überprüft und sicher

• Plan Fabius sur la sécurité des cartes bancaires : « un début », selon les usagers (ZDNet FR)
  La principale mesure du plan Fabius concerne l'arrivée d'un nouveau gendarme, la Banque de France, qui reprend la tutelle sur la sécurité des cartes de crédit au grand dam du lobby en chef des banques commerciales, le GIE Cartes bancaires. Ce groupement d'intérêt économique était au centre du procès de Serge Humpich, cet informaticien qui a démontré les failles de verrous mis en place par le GIE. voir aussi La peine de Serge Humpich confirmée en appel (ZDNet FR).

• Weltwirtschaftsforums-Hack war Spaziergang durch offenes Scheunentor (Telepolis)
  Schweizer Wochenzeitung enthüllt haarsträubende Sicherheitslücken am Server des Davoser Prominenten-Meetings

• Gnutella worm finds new way to squirm into PCs (CNET News.com)
  A worm started spreading over the weekend among the PCs of people using the peer-to-peer file-swapping protocol known as Gnutella.

• Secret Messages Come in .Wavs (Wired)
  A small but growing number of digital detectives are working in the field of computer steganalysis - the science of detecting hidden communications. Most computer-based steganography tools conceal information in digitized information - typically audio, video or still image files - in a way that prevents a casual observer from learning that anything unusual is taking place. The surprising news: Nearly all leave behind fingerprints that tip off a careful observer that something unusual is going on.

Issue no. 188 - 24 February 2001

• The State of Music Security (Wired)
  Recently, the digital rights management crowd got a sharp lesson from the entertainment industry. No more proprietary systems and hard-to-use digital rights management systems that consumers can't understand. Instead, they want clearinghouses where their content can be safely stored and streamed to end users who don't have to decipher which media player will work.

• IBM pulls digital tagging plan (CNET News.com)
  IBM has withdrawn a proposed method of digitally tagging content, known as Content Protection for Removable Media (CPRM), leading an industry coalition to adopt an alternative way to prevent piracy of copyrighted material.

• Lookout for major Outlook bug (The Register)
  Microsoft has warned of a potentially devastating security vulnerability involving its popular Outlook and Outlook Express email clients. It could allow attackers to trick users into running malicious code so giving them control of a victim's machine. The security bug concerns the vCard, or virtual business cards, component of Outlook.

• The Key Vanishes: Scientist Outlines Unbreakable Code (New York Times)
  A computer science professor at Harvard says he has found a way to send coded messages that cannot be deciphered, even by an all-powerful adversary with unlimited computing power. And, he says, he can prove it.

Issue no. 187 - 17 February 2001

• Dutch Police Arrest Computer Virus Suspect (AP)
  Dutch police arrested the hacker known as "OnTheFly", a 20-year-old man who claims he wrote a computer virus that backed up e-mail systems worldwide by purporting to offer a photograph of tennis star Anna Kournikova. see also coverage by CNET News.com and Computer virus tempts with Kournikova picture (FT).

• Server des Weltwirtschaftsforums geknackt (Heise)
  Auch eine Form der Demonstration gegen das Weltwirtschaftsforum in Davos: Angreifer haben die Server des World Economic Forum (WEF) geknackt und vertrauliche Daten von Teilnehmern gestohlen.

• DNS proves to be weak link in Internet chain (eWEEK)
  A series of high-profile events over the last few weeks has highlighted the fact that the DNS that is so critical to the Internet's operation is also one of its weakest links.

• E-mail wiretapping exposes forwarded messages (CNET News.com)
  Privacy experts they have discovered a security glitch that allows an e-mail author to read private comments attached to the original message as it gets forwarded to new recipients.

• Gnutella swapping cookies, too (CNET News.com)
  Web surfers trading free music and other digital goods over one of the Web's most popular file-swapping networks are sharing much more: sensitive data files that could expose them to identity theft.

Issue no. 186 - 3 February 2001

• Server flaws leave web vulnerable to hackers (FT)
  Internet security experts in the US have identified four flaws in a commonly-used domain name server that could allow hackers to breach the security of corporate and governmental websites and e-mail. The flaws, which relate to problems with Internet Software Consortium's Berkeley Internet Name Domain (Bind) server, "present a serious threat to the internet infrastructure", according to the Coordination Center, a US government funded research centre which specialises in internet security

Issue no. 185 - 27 January 2001

• Satellite broadcasters zap pirate smartcards (BBC)
  Satellite TV companies are fighting back against hackers. In the last week two companies have broadcast codes that have zapped the hacked smartcards people have been using to get access to TV channels without paying for them.

• Microsoft hit by hacker attack (Financial Times)
  Internet surfers were unable to access sites run by software giant Microsoft for the third successive day on Thursday. The FBI have been called in to investigate the latest attack. see also Red faces in Redmond, Microsoft's .Net Campaign Likely Finished (InternetNews), Microsoft Sites Shut, This Time in Network Attack (New York Times) and Microsoft blames technicians for massive outage (CNET News.com).

more items

QuickLinks consists of

• a free newsletter appearing approximately once a week. The newsletter is distributed by electronic mail through an "announcement only" mailing list. To be included on the mailing list, send a blank email to quicklinkshtml-subscribe@yahoogroups.com (HTML) or quicklinks-subscribe@yahoogroups.com (Text)
• a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.