E! called me from the plane and said ..........
Just kidding...
************************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 1, Number 10 June 3, 1999
Editorial Team:
Kathy Bradford, Bill Murray, Alan Paller, Howard Schmidt, Eugene Schultz
<sansro@sans.org>
*************************************************************************
INDEX OF THIS ISSUE'S HEADLINES
02 June 1999 Hackers Spur Pentagon to Withdraw From The WWW [Temporarily]
01 June 1999 New York Considers Privacy Package
01 June 1999 Hackers Strike Again
31 May 1999 Federal Advisory Group Stages Public Debate On National Security
29 May 1999 FBI Raids Microsoft Campus
29 May 1999 Digital signature law making its way through the Senate
29 May 1999 US Copyright Office Wants to Ease Laws for Education Online
29 May 1999 Digital Signature Act Moves Along
28 May 1999 Cyberwar? The U.S. Stands To Lose
28 May 1999 Web Users Leave A Digital Trail
28 May 1999 A New Trojan Horse Attack Hides In Screensaver Distributed Over Net
28 May 1999 FBI and Senate Sites Attacked
28 May 1999 US Online Companies Not Exempt from EU Data Privacy Law
28 May 1999 Oracle 8 And 8I Running Under Unix Are At Risk
27 May 1999 Echelon, the UK-USA Communications Monitoring Program
Investigated by Congressional Panel
26 May 1999 British Government Drops Key Escrow Requirement
26 May 1999 Internet Content Likely to be Censored in Australia
25 May 1999 Encryption Export Bills Threatened by New Report
>From our sponsor: Tripwire Can Lockdown Software to Ensure Y2K Compliance
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
02 June 1999: Hackers Spur Pentagon to Withdraw From The WWW [Temporarily]
The Defense Department has briefly disconnected its computers from the
Internet to install firewalls between sensitive and non-sensitive systems.
The pentagon is also considering moving unclassified systems to a
proprietary network, called Global Network Information Enterprise (GNIE).
search.washingtonpost.com
computerworld.com
01 June 1999: New York Considers Privacy Package
The New York Assembly passed part of a comprehensive legislative package
aimed at safeguarding residents against identity theft, financial loss,
damaged credit ratings and discrimination. The New York Senate is expected
to present its own privacy package later this summer.
civic.com
01 June 1999: Hackers Strike Again
Hackers defaced US Department of Interior web site and continued flooding
FBI web site in an apparent reaction to the FBI crackdown and raids on
hacker groups. Messages left at the defaced sites said the attackers
were going after "every computer on the net with a .gov (suffix)" Another
message said, "We'll keep hitting them until they get down on their
knees and beg." Justice and FBI sources said the attackers are being
hunted and "could face jail time."
abcnews.go.com
wired.com
abcnews.go.com
31 May 1999: Federal Advisory Group Stages Public Debate On
National Security
The National Security Study Group launched a web site nssg.gov
to encourage and gather public comment on national security in the 21st
century.
fcw.com
29 May 1999: FBI Raids Microsoft Campus
"Sources" report that FBI agents raided the Microsoft campus and seized
computers where a programmer known as Vallah worked. Other "sources"
say Vallah was terminated from his Microsoft job.
antionline.com
29 May 1999: Digital signature law making its way through the Senate
The Digital Signature Act of 1999 would make digital signatures legally
binding. If passed, consumers and businesses could sign contracts online
with the same legal effect as a written signature. Law would go into
effect one year after passage.
wired.com
29 May 1999: US Copyright Office Wants to Ease Laws for Education Online
The US Copyright Office says that teachers of online classes should have
impunity from copyright laws similar to that enjoyed by classroom
teachers. Copyright holders are apprehensive, although the Copyright
Office is also recommending measures that would protect them in this
new environment.
nytimes.com
29 May 1999: Digital Signature Act Moves Along
The Digital Signature Act, a part of the larger Millennium Digital
Commerce Act, is being reviewed by senate subcommittees. The bill would
give digital signatures the same effect as written signatures, beginning
one year from the date of passage.
wired.com
28 May 1999: Cyberwar? The U.S. Stands To Lose
According to Newsweek the CIA had plans to hack into Slobodan Milosevic's
international bank accounts. Experts debate the feasibility of such
attacks, but most agree that the US would be damaged if it chose to
implement the plans. msnbc.com
28 May 1999: Web Users Leave A Digital Trail
Police investigating network-based crimes are using search warrants to
seize evidence from Internet service providers and find information that
many users didn't know would end up in the hands of law enforcement.
more.abcnews.go.com
28 May 1999: A New Trojan Horse Attack Hides In Screensaver Distributed Over Net
A new Trojan horse program sent by a hacker over the Internet via an
email spam format as a screensaver could allow PCs to be accessed by
unauthorized users." Use of the screensaver installs "Backdoor-G" on
the user's PC and permits the system to be operated remotely by the
attacker. deja.com
28 May 1999: US Online Companies Not Exempt from EU Data Privacy Law
While the US says that the EU (European Union) agreed not to take action
against US companies not in compliance with the EU's comprehensive data
privacy law while the two try to reach an accord, private European
citizens are free to file litigation if they feel their rights have been
violated. Talks between the entities seem to have stalled; Clinton will
be meeting with EU leaders in mid-June.
news.com
28 May 1999: Oracle 8 And 8I Running Under Unix Are At Risk
A flaw in an Intelligent Agent for remote administration (oratclsh)
allows an intruder almost unlimited access to the database. Oracle
notified only paying support customers of a fix on May 7 and included
a statement on its support web site's frequently asked questions.
zdnet.com
27 May 1999: Echelon, the UK-USA Communications Monitoring Program
Investigated by Congressional Panel
Echelon is one name of the analysis programs developed by the US and
British intelligence organizations to monitor voice and data messages
throughout the world. Two weeks ago, the House Committee on Intelligence
requested that the NSA and CIA provide a detailed report outlining the
legal standards used to monitor communication of American citizens.
nytimes.com
26 May 1999: British Government Drops Key Escrow Requirement
After heavy business lobbying, the British government decided to drop
its proposed requirement for encryption keys to be escrowed, which was
to be part of the upcoming Electronic Commerce Bill.
wired.com
techweb.com
Editor's Note: Bill Murray notes: "The elected government dropped the
provision from e-Commerce legislation. The un-elected bureaucracy is
still pushing the scheme in other contexts.
26 May 1999: Internet Content Likely to be Censored in Australia
The Australian legislature is close to passing a bill that would severely
limit access to sites deemed inappropriate for minors under the country's
Broadcasting Services Act of 1992. ISPs would be required to monitor
sites for compliance and shut down those in violation. Free speech
advocates are not pleased.
news.com
25 May 1999: Encryption Export Bills Threatened by New Report
A report released last week claiming that China has been stealing US
nuclear secrets for decades is likely to halt the forward momentum of
bills aimed at lifting the stringent regulations on exporting encryption
technology. Some believe the report is not as damaging as others make
it out to be. In a related story, the congressional testimony of SANS
NewsBites' editor Dr. Eugene Schultz is heavily quoted. Ex: Because of
US export restrictions, "[t]he sectors within the U.S. that most need
to deploy encryption technology, unfortunately, either do not deploy it
at all or do not use it to its potential. The result is that we are now
worse off, with respect to protecting our critical infrastructure, than
we were a few years ago."
wired.com
techweb.com
== Tripwire Can Lockdown Software to Ensure Y2K Compliance === [Advert]
Thinking of enforcing a software lockdown to protect the Y2K testing
you've done? What about upgrading to commercial Tripwire to ensure Y2K
compliance? Tripwire(tm) Security Systems announces an initiative to
help organizations assure data and network integrity prior to and after
January 1, 2000. Visit tripwiresecurity.com or
e-mail us at <y2k@tripwiresecurity.com> to learn more.
== End ==
Please feel free to share this with interested parties. For a free
subscription, e-mail <sans@sans.org> with the subject:
Subscribe NewsBites
Email <sans@sans.org> with instructions and your SD number (from the
headers) for subscribe, unsubscribe, change address, or with any other
comments.
|
