[Plug-security] Francois Security News

J. Francois frenchie@magusnet.gilbert.az.us
Sun, 12 Mar 2000 15:39:25 -0700


<http://www.computerworld.com/home/print.nsf/idgnet/000310F582> - A
2-year-old security hole in Microsoft Corp.´s Internet Information Server
(IIS) software let a computer cracker download thousands of credit-card
numbers from e-commerce sites recently and post them on the Internet

<http://www.msnbc.com/news/380065.asp>  - Borrowing a page from the
headline-grabbing Web attacks last month, a group of Internet activists is
set to release its own software tool designed to cripple Web sites. The
distributed denial of service attack tool to be released by the
Electrohippies group will allow thousands of protesters to aim their
computers at a single Web site, effectively jamming a company's Internet
presence

<http://www.digitalmass.com/news/daily/03/09/personal_tech.html>  - Hacker
attack? Thats something for big guys like Yahoo and eBay to worry about,
right? Wrong. With the growth of broadband connections - cable modems and
DSL service - consumers are becoming more vulnerable to hacker mischief

<http://www.currents.net/newstoday/00/03/10/news6.html>  - A
long-anticipated White House document that recommends broader powers for law
enforcers in monitoring Internet traffic drew mixed responses today, earning
praise from some in the high-tech industry, while drawing sharp criticism
from civil libertarians

<http://www.internetnews.com/ec-news/article/0,1087,4_318381,00.html>  -
Curador, the cracker who has stolen credit cards from at least eight small
e-commerce sites and then posted them online, is growing more brazen by the
minute. In an interview with InternetNews Wednesday, Curador claimed he has
hit five new Web firms and will soon publish hundreds more stolen credit
card numbers at a new site, which he said he registered using one of the
stolen cards

<http://www.computerworld.com/home/print.nsf/idgnet/000309F55A> - A report
called Frame Relay and ATM: Are They Really Secure just out from The Yankee
Group in Boston suggests there are major security vulnerabilities in
Asynchronous Transfer Mode (ATM) networks and frame-relay systems that could
leave them open to attackers sufficiently motivated to attack the actual
cables making up the network

<http://www.zdnet.com/zdnn/stories/news/0,4586,2458291,00.html?chkpt=zdhpnew
s01>  - A report released by the U.S. Department of Justice on Thursday
received a drubbing from cyberrights advocates and a congressional leader

<http://www.newsbytes.com/pubNews/00/145310.html>  - The worlds largest
maker of personal finance software, Intuit Inc., reportedly faces a lawsuit
brought by a user of its popular Quicken.com site, who alleged that the
company disclosed personal information to advertisers. A Reuters report
today said the suit was filed Wednesday in Manhattan federal court and seeks
class action status on behalf of other users of the Quicken.com site who may
have had their privacy violated. The report identified the plaintiff as
Joseph Rubin, who contended he had used the site for over a year and that
his confidential information had been transmitted to third parties without
his consent

<http://www.wired.com/news/technology/0,1282,34861,00.html> - They´re
storing all that information in a database somewhere, said Deborah Pierce,
staff attorney at the Electronic Frontier Foundation. My question is: Who
has access to that information? Can patients correct it? Can they see it?
It´s all the fair information practice issues that come up

<http://www.sjmercury.com/svtech/news/breaking/reuters/docs/298684l.htm>  -
A top U.S. cyber security expert blasted software developers on Thursday for
marketing flawed products that he said boosted the Internet´s vulnerability
to high-tech hacker attacks

NAI: KALI Hoax <http://vil.nai.com/vil/ve98524.asp>  - There is a hoax
message which may be circulating the Internet by concerned users who may be
tricked into believing there is such a virus or trojan. Ignore this message
and/or delete it. Do not forward this message on to others as it suggests

<http://www.fcw.com/fcw/articles/2000/0306/web-3survive-03-09-00.asp> - The
best way to secure the Internet is to make the Internet itself stronger, a
member of the President's Information Technology Advisory Committee
testified Wednesday before Congress

<http://www.sophos.com/virusinfo/analyses/wm97lennia.html>  - WM97/Lenni-A
is a Word macro virus. If the year is 2000 and an infected document is
closed the virus attempts to unconditionally format the C: drive

<http://cnn.com/2000/TECH/computing/03/08/hacker.arrest.reut/index.html>  -
A 17-year-old New Hampshire computer junkie known as "Coolio" was arrested
Wednesday and charged with hacking into a Los Angeles Police Department
anti-drug Web site, officials said

<http://www.techweb.com/wire/story/TWB20000308S0009>  - The Clinton
administration is thinking about letting law enforcement get national court
orders to trace electronic communications to help hunt down hackers and
other cyber criminals, a senior Justice Department official told lawmakers
Wednesday

<http://199.97.97.16/contWriter/cnd7/2000/03/08/cndin/0305-0002-pat_nytimes.
html>  - After taking heat from privacy advocates, Sprint PCS said Tuesday
it plans to change its policy of transmitting customers phone numbers to Web
sites they access with their cell phones. But a second company, AT&T,
confirmed that it, too, automatically sends customers phone numbers to Web
sites through its wireless data service. The phone numbers are embedded in
every request for a Web page

<http://www.straitstimes.asia1.com/world/wrld1_0308.html>  - Unlike hackers
in richer countries, most Russian ones are not just motivated by the thrill
of cracking code but are driven by empty pockets

header parsing <http://www.redhat.com/support/errata/RHSA2000006-01.html>  =
By creating specially formed MIME headers, it was possible to have nmh´s
mhshow utility execute arbitrary shell code. It is recommended that all
users of nmh upgrade to the fixed packages

<http://www.currents.net/newstoday/00/03/08/news4.html> - The RIP bill has
been in the legal pipeline in the UK for almost 18 months and mirrors
similar proposed legislation in the US which has since been placed on a back
burner by the Clinton administration

<http://www.currents.net/newstoday/00/03/08/news1.html> - The Gallup
Organization´s Web site was cracked by a cyber-vandal over the weekend, just
before today´s presidential primary elections, but the intruder reportedly
did not alter survey data or plant false findings

<http://news.cnet.com/news/0-1005-200-1566340.html?tag=st.ne.1002.tgif?st.ne
.fd.gif.d> - Security software maker VeriSign wants to become a gatekeeper
of the Internet economy, but it is unclear whether its proposed acquisition
of Network Solutions will provide the key

<http://www.sophos.com/virusinfo/analyses/wm97markercq.html>  - This virus
has been reported in the wild. WM97/Marker-CQ is a variant of WM97/Marker.
On any date after June 2000 this virus will create up to 999999991 copies of
the infected document in the c:\windows directory. The virus also contains
the constant la macro de colombia xxx

<http://www.cnnfn.com/2000/03/07/technology/privacy_technology/>  - How can
you keep information about you and your Internet browsing habits to
yourself? It´s a daunting challenge in this era of technological
advancements. But experts say there are a number of things you can do to
protect yourself, starting with understanding the tools companies use to
collect that information, often without your knowledge
[ FRANCOIS NOTE: Try http://www.magusnet.com/proxy.html ]

<http://www.thestandard.net/article/display/0,1151,12661,00.html> - Taiwan´s
military said on Tuesday it has set up Internet defenses in the run up to
the March 18 presidential election after discovering more than 7,000
attempts by Chinese hackers to enter the country´s security systems

<http://www.cert.org/nav/whatsnew.html>  - New: Installing and configuring
sps to examine processes on systems running Solaris 2.x. Updated:
Maintaining currency by periodically reviewing public and vendor information
sources. Installing, configuring, and using rpcbind to log unauthorized
connection attempts to rpc services on systems running Solaris 2.x. Using
the ps program to examine processes for signs of intrusive activity.
Installing, configuring, and using swatch to analyze log messages on systems
running Solaris 2.x. Configuring and installing lsof 4.48 on systems running
Solaris 2.x

<http://www.microsoft.com/technet/security/bulletin/fq00-015.asp>  -
Microsoft Security Bulletin MS00-015 announces the availability of a patch
that eliminates a vulnerability in Microsoft Clip Art Gallery. The
vulnerability could cause the Clip Art Gallery software to crash or, under
special circumstances, could allow the execution of hostile code on the
computer where the Clip Art Gallery software was running

<http://www.ntsecurity.net/go/loader.asp?iD=/security/ie513.htm>  - There is
a vulnerability in IE 5.x for Win95 and WinNT that allows the execution of
arbitrary programs using files with the .chm extension. Microsoft Networking
must be installed for this exploit to work

<http://www.ntsecurity.net/go/loader.asp?iD=/security/win95-dos2.htm>  -
Windows 95 and 98 can be made to crash using URLs that point to a device
such as CON, AUX, NUL, etc... instead of actual Web pages

<http://www.sophos.com/virusinfo/analyses/wm97blastera.html> - On the 17th
of any month this virus changes C:\AUTOEXEC.BAT. The changes attempt to
delete all files from the C:, D:, E:, and F: hard drives the next time the
computer is rebooted

<http://www.wired.com/news/business/0,1367,34610,00.html>  - Super-encrypted
Hushmail, located in a British West Indies crypto-haven, is going to offer
new products -- and consolidate its operations in Ireland

<http://www.sjmercury.com/svtech/news/breaking/merc/docs/000866.htm>  -
Internet industry leaders must take responsibility for developing
regulations on privacy, security and trade policy, or risk the government
doing it for them, the chief of computer giant International Business
Machines said on Monday

<http://www.fcw.com/fcw/articles/2000/0306/fcw-news-dodfrp-03-06-00.asp> The
Defense Department this week plans to launch a $1.5 billion procurement for
a wide range of information security services, including new efforts to
defend critical DOD networks against the kind of attacks that recently
locked up Yahoo, Amazon.com and other popular Web sites

<http://www.zdnet.com/zdnn/stories/news/0,4586,2455579,00.html?chkpt=zdnntop
>  - The chip maker plans to announce a new security architecture designed
to make stolen notebooks about as useful as bricks


Jean Francois Sends...
President & CEO MagusNet, Inc.
MagusNet.com, MagusNet.Gilbert.AZ.US
CTO EBIZ Enterprises, Inc.
TheLinuxStore.com, TheLinuxLab.com, LinuxWired.net
480-778-1120 - Office
602-770-JLF1 - Cellular