Please forward as appropriate: - February 2000 should prove to be a month to remember for Internet privacy advocates -- and DoubleClick investors. It ended with the online ad firm announcing it would suspend plans to tie names to now-anonymous user Web "cookies" until online privacy standards were established - President Clinton has asked each cabinet secretary and agency head to renew their efforts to make sure their computer networks are safe against denial of service and other illegal Internet attacks - The MySQL database server versions prior to 3.22.32 has a flaw in the password authentication mechanism which allows anyone who can connect to the server to access databases without requiring a password, given a valid username on the database - in other words, the normal password authentication mechanism can be completely bypassed - Efforts are under way to make Linux more secure for e-business, now that it´s making inroads as an enterprise server platform - Somebody´s going to get sued: that´s clear, said David J. Loundy, of Chicago´s D´Ancona & Pflaum LLC. Somebody´s going to want a test case. The issue is whether there´s going to be one or two of these suits, or whether it´s going to be open season against service providers, said Mr. Loundy, who teaches computer crime at Chicago´s John Marshall Law School - The Trojan horse, which arrives as an e-mail attachment named ´prettypark.exe,´ has already victimized universities and corporations - Salesgate.com says some credit data belonging to thousands of customers that was taken when a hacker broke into the e-commerce site was posted on the Internet - The version of nmh that was distributed in Debian GNU Linux 2.1 aka slink did not check incoming mail messages properly. This could be exploited by using carefully designed MIME headers to trick mhshow into executing arbitrary shell code. This has been fixed in version 0.27-0.28-pre8-4. We recommend you upgrade your nmh package immediately - Microsoft is awarding two grants to university researchers to help network administrators fend off distributed denial of service attacks, executives said Thursday - In a bizarre twist to the federal prosecution of Kevin Mitnick, a Senate panel today asked him to explain ways hackers infiltrate sensitive computer systems, and to suggest solutions to lawmakers - Commercial information security products designed to protect information systems from cyberattacks next year will have to meet strict international standards before government agencies can purchase them - Personal financial information that consumers key into Intuit Corp.s popular Quicken Web site has been leaking out to advertisers, and the company moved swiftly to address the problem - On March 1, 2000, the director of the Software Engineering Institute at Carnegie Mellon University of which the CERTCC is a part presented testimony on the issue of cyber security - Online travel agency and Microsoft spin-off Expedia.com reported Wednesday that it will record $4 to $6 million in third quarter losses to cover fraudulent credit card purchases made on its Web site. - Software security solutions provider Diversinet Corp. announced Tuesday that it is extending support of its Software Development Kit for creating wireless e-commerce applications to the Linux open-source platform. - It began with an e-mail, the kind of nasty missive e-commerce CEOs dread. The sender, describing himself as a 19-year-old Russian named "Maxim," claimed to have pilfered 300,000 credit card numbers from CD Universe, a music retailing Web site. Maxim offered to destroy the stolen files in exchange for around $100,000. - The virus uses the Office Assistant to display a random message, chosen from 21 possibilities. Amongst messages which may be displayed are some credited to Virginia Woolf, Steve McConnell, David Parnas and Paul Clements, Kreitzberg and Schneiderman, Alice in Wonderland, Michael I. Buen, Glenford Myers, Donald Knuth, Peter Williams and Rich Cook - U.S. Department of Justice officials on Tuesday told a joint congressional committee that the law has to be changed to make it easier to pursue hackers. They also want more money to hire prosecutors and analysts, as well as to improve the research capabilities of federal, state, and local law enforcers investigating cybercrime - The Windows version of trin00 is similar to the Unix version. The daemon for Windows trin00 listens on port 34555, while the Unix version listens by default on port 27444. Unlike the Unix version of the trin00 daemon, the Windows daemon does not try to contact the master server to register. The ISS X-Force believes that this is to prevent someone who finds the daemon on a Windows machine from finding the IP address of the master by looking in the binary executable - Days before the Feb. 27 broadcast of a "60 Minutes" story focusing on the U.S.-backed global electronic surveillance network known as Echelon, the National Security Agency sent a letter to every member of Congress reassuring them that the super-secret agency respects the privacy of U.S. citizens - Security firm TripWire Inc. is cannonballing into the open-source waters, with a friendly push from major Linux vendors Caldera Systems, Red Hat and SGI - An increase in the intruder activity associated with various vulnerabilities in certain implementations of the clock daemon cron has prompted the issuing of this note. Multiple intruder tools exploiting previously-discussed cron vulnerabilities have been found on compromised Linux systems as part of incidents recently reported to the CERT/CC - Congress members often accuse the federal government of being slow on the uptake compared to the lightning-quick innovations of the high-tech industry. But only several weeks after a series of crippling denial of service attacks on popular World Wide Web sites, the Hill this week looks forward to multiple hearings on the subject, along with the possible introduction of the long-awaited Cyberspace Electronic Security Act - The Internet isn´t so great at protecting our secrets, but hopefully government obfuscation will get the same treatment. - Only a handful of computer attackers are actually caught and convicted as federal law enforcement of cyber-crime lags far behind the explosive growth of the Internet, Justice Department records show. - Yet another World Wide Web site was temporarily blocked in a "denial of service" attack, the FBI said yesterday. The site was the FBI´s. - While recent e-commerce attacks have made us all more security conscious, they also serve as a reminder that e-mail has never been really private. - Windows machines have been used as intermediaries in various types of denial of service attacks for years however, the development and deployment of the technology to use Windows machines as agents in a distributed denial of service attacks represents an overall increase in the threat of denial of service attacks - IBM on Wednesday will announce it will offer for export PCs capable of handling 256-bit digital key encryption. The machines will be available on March 10, making Armonk, N.Y.-based IBM among the first to make this technology widely available, an IBM executive said - Sen. Charles Schumer, D-N.Y., Thursday formally introduced a measure that would increase the fines and penalties for computer crimes - While federal investigators continue their hunt for the folks behind the recent denial-of-service attacks that crippled some of the Internet´s biggest players, security companies are plying their wares with a vengeance - On the heels of recent distributed denial-of- service attacks on commercial Web sites, a public/private security group has published a document to help organizations deal with systems security - Microsoft uses the open Internet security standard in its Windows 2000 operating system and makes modifications without openly documenting its changes Jean Francois Sends... President & CEO MagusNet, Inc. MagusNet.com, MagusNet.Gilbert.AZ.US CTO EBIZ Enterprises, Inc. TheLinuxStore.com, TheLinuxLab.com, LinuxWired.net 480-778-1120 - Office 602-770-JLF1 - Cellular