[Plug-security] [SECURITY] News Summary 2/15/2000

18 Feb 2000 10:12:02 -0700

Federal agents are getting ready to question three suspects in the rash
of distributed denial of service (DDoS) attacks.
http://dailynews.yahoo.com/h/nm/20000215/ts/tech_hackers_31.html
http://www.washingtonpost.com/wp-dyn/business/A51397-2000Feb14.html
http://www.wired.com/news/business/0,1367,34341,00.html

Suspicions that the government may be responsible for the recent barrage
of distributed denial of service attacks are circulating on the Internet.
Some suggest that the attacks are the result of a classified exercise,
and others propose that they provided a "smoke screen" for the government
to place surveillance programs on computers.  Still others wonder if
the attacks were staged to increase concern about computer security.
http://www.fcw.com/fcw/articles/2000/0214/web-conspiracy-02-15-00.asp
http://www.wired.com/news/print/0,1294,34285,00.html 
Note: Most people who have a clue disagree with these theories.

Computer experts at banks and other financial institutions received
warnings about the recent DDoS attacks, but due to rules mandated by
their security network, they were unable to share that information with
law enforcement agencies.  http://www.msnbc.com/news/370221.asp

A white-hat hacker who uses the moniker "Mixter" and who authored Tribe
Flood Network (TFN), a distributed denial of service (DDoS) attack tool
program said in an interview on ZDNet that he wants to talk with the
FBI because he wants the perpetrator of the attacks caught.  Mixter said
he wrote the program to demonstrate weaknesses in the Internet, and that
when he posted the program, he was operating under the concept of "full
disclosure."   (The MSNBC article has the text of the ZDNet interview).
http://www.zdnet.com/zdnn/stories/news/0,4586,2437637,00.html
http://www.msnbc.com/news/370058.asp

The hacker community has been quite vocal in its disdain for those
responsible for the recent burst of distributed denial of service attacks
(DDoS).  While such attacks do not require "technical prowess", there
is evidence to suggest that the person or group responsible for the
attack on Yahoo used more sophisticated technologies that specifically
targeted the site's vulnerabilities.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_640000/640527.stm
http://www.usatoday.com/life/cyber/tech/cth337.htm
http://www.usatoday.com/life/cyber/tech/cth328.htm
http://www.wired.com/news/print/0,1294,34228,00.html

The first computers attacked of the distributed denial of service (DDoS)
attacks weren't the major sites, but the computers surreptitiously
enlisted to carry out the barrage of traffic sent to the sites.  The
computers vulnerable to manipulation share several characteristics: they
are always connected to the Internet, they have high bandwidth access,
and belong to people or institutions whose primary concern is not
security.  http://www.computerworld.com/home/print.nsf/all/000211E9AE

Network administrators at the University of California at Santa Barbara
said that one of their computers was used in the attack on CNN's web
site.  The cracker who manipulated the computer did not destroy all the
monitoring logs.  http://www.wired.com/news/print/0,1294,34305,00.html
http://www.usatoday.com/life/cyber/tech/cth346.htm
http://news.cnet.com/category/0-1005-200-1548087.html
http://www.zdnet.com/zdnn/stories/news/0,4586,2437045,00.html

Requests for information about Internet insurance coverage have escalated
in the wake of the recent distributed denial of service attacks.  The
majority of losses due to cracking are not covered by traditional
insurance.  http://www.usatoday.com/life/cyber/tech/cth331.htm
http://www.wired.com/news/print/0,1294,34229,00.html

Attrition.org received an e-mail claiming responsibility for the recent
distributed denial of service (DDoS) attacks.  The author also claimed
that the intent of the attacks was to scare Internet stockholders, and
that each attacked site had an insider who helped the attack along.
While DDoS attacks do not require the help of insiders, the claim is
being investigated.  http://www.wired.com/news/print/0,1294,34256,00.html

The best defense against distributed denial of service (DDoS) attacks
is to prevent the slave programs from being installed on your computer.
Another wise move would be to install filters that refuse to send packets
to improper addresses.
http://www.wired.com/news/print/0,1294,34230,00.html

The federal government is checking its computers to make sure they do
not contain agents used to overwhelm web sites with traffic.  Several
free security products that will scan for such programs are available
for downloading.
http://www.fcw.com/fcw/articles/2000/0207/web-servers-02-10-00.asp
http://news.bbc.co.uk/hi/english/business/newsid_638000/638445.stm

Two articles that do a good job of describing how the attacks work, and
what can be done to mitigate their effects.
http://news.cnet.com/category/0-1007-200-1546362.html
http://www.usatoday.com/life/cyber/tech/cth317.htm

People trying to get to www.rsa.com were instead led to a rogue page
hosted by a server in Colombia.  RSA's computers were not compromised.
Two crackers have claimed responsibility.
http://www.currents.net/newstoday/00/02/15/news2.html Editor's Note
(Murray): The compromised site, rsa.com, is not the current site name
for RSA Security; the new site name is rsasecurity.com.

Using Public Key Infrastructure (PKI) to protect Defense Department
(DOD) information systems would require an "enormous" undertaking to
provide the more than a million users with digital certificates, according
to the National Security Agency (NSA).
http://www.fcw.com/fcw/articles/2000/0214/web-nsa-02-15-00.asp

DoubleClick, the focus of much debate about consumer privacy, has set
up a web site from which consumers can opt-out of having their on-line
data collected, and which offers links to privacy advocacy sites.
DoubleClick's president maintains that the purpose of advertisements is
to keep the cost of the Internet down.  Privacy advocates call the plan
"disingenuous".  http://www.currents.net/newstoday/00/02/15/news5.html

A cracker broke into RealNames' keyword database and redirected all
searches to a web site in China.  Credit card numbers and passwords
could have been stolen, and RealNames has asked its customers to change
their passwords.  http://www.wired.com/news/print/0,1294,34295,00.html
http://www.computerworld.com/home/print.nsf/all/000211E9C2
http://news.cnet.com/category/0-1005-200-1547688.html

Washington state's Snohomosh County government's e-mail system was hit
with the Melissa worm.  The system was shut down while the servers were
cleaned up.  http://www.usatoday.com/life/cyber/tech/cth335.htm

Recent Internet privacy violations have fueled privacy advocates' hopes
for legislation restricting the on-line gathering of personal consumer
data, and recently introduced legislation would prevent sites from
collecting personal data without the customer's express permission.
The legislation focuses on "cookies," or data strings stored on computers
and used to identify visitors to sites.  Opponents say improving
advertising is necessary to keep the Internet free.
http://news.cnet.com/category/0-1005-200-1547443.html
http://www.usatoday.com/life/cyber/tech/cth319.htm

The UK's Regulation of Investigatory Powers Bill declares that law
enforcement officials should have the power to demand encryption keys
or plaintext versions of computer files.  Those who fail to comply would
be faced with jail time.  Critics of the measure say that people could
be jailed for losing their encryption keys.  The bill does require that
law enforcement have "reasonable grounds" to demand keys.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_638000/638041.stm

Windows 2000 Professional will ship soon with increased anti-piracy
protection, including a measure that requires users to register the
software within the first fifty times it is used.  If the software is
not registered by then, it will stop working.  Registrants will receive
a code to disable the alert message.
http://www.computerworld.com/home/print.nsf/all/000210E832