[Plug-security] Francois Security -- March 27, 2000
J. Francois
frenchie@magusnet.gilbert.az.us
Mon, 27 Mar 2000 07:10:42 -0700
Got Dual Boot?
Linux + Windows98 + WordPerfect Office 2000 for both!! $799
- http://www.thelinuxstore.com/perl-bin/details.pl?id=1331
NAI: W32/ASpam - virus masquerading as an anti-spam too from Microsoft
<http://vil.nai.com/vil/RAT98551.asp> - This is a 32bit PE trojan sent
supposedly from Microsoft as an AntiSpam tool, but really is a remote access
trojan. It is important to note that Microsoft does not distribute files by
email
<http://www.zdnet.com/zdnn/stories/news/0,4586,2473689,00.html?chkpt=zdhpnew
s01> - A teenager arrested in Wales for allegedly hacking into e-commerce
web sites had obtained the credit card details of Bill Gates, head of
Microsoft and the world´s richest man, newspapers said on Sunday
<http://www.ntsecurity.net/forums/2cents/news.asp?IDF=103&TB=news> - A man
officials say was once a confidential FBI source on computer hackers has
been charged with allegedly breaking into computer systems belonging to
NASA, the military and the U.S. departments of energy, defense and
transportation, the U.S. Attorney´s office said
<http://www.zdnet.com/zdnn/stories/news/0,4586,2473335,00.html?chkpt=zdnntop
> - The denial-of-service attacks exposed the vulnerabilities of both open-
and closed-source security software, and now experts are debating the merits
of each as they try to plan and build an Internet infrastructure that will
be less susceptible to such rabid attacks
<http://news.cnet.com/news/0-1007-200-1583595.html?tag=st.ne.1002.thed.1007-
200-1583595> - The teenagers are accused of stealing information related to
more than 26,000 credit card accounts and posting the numbers on the Web
using the nickname "Curador," according to the Federal Bureau of
Investigation. The Web sites hit were based in the United States, Canada,
Thailand, Japan and Britain, the FBI said
<http://www.zdnet.co.uk/news/2000/11/ns-14318.html> - An MI5 agent has
admitted losing a laptop notebook containing sensitive government
information at Paddington train station earlier this month. Security has
been stepped up at MI5 following the theft, which has caused extreme
embarrassment for the security agency and the government
<JLF NOTE>
Why wasn't the hard drive encrypted? Free tools abound for WIN and Linux.
Don't give away your company secrets. Encrypt laptop hard drives.
</JLF NOTE>
<http://www.currents.net/newstoday/00/03/24/news2.html> - The already
legendary distributed denial of service attacks that brought down popular
corporate Web sites earlier this year is only a minor variation on the shape
of things to come, and the US must act accordingly to protect itself while
not violating privacy rights, Sen. Jon Kyl, R-Ariz., said today
<http://www.currents.net/newstoday/00/03/24/news1.html> - In a long awaited
announcement on Wednesday, Reps. Heather Wilson, R-NM, Gary Miller,
R-Calif., and Gene Green , D-Texas, said they would combine the most
important portions of their bills into one comprehensive piece of
legislation, H.R. 3113, the Unsolicited Electronic Mail Act
<http://news.cnet.com/news/0-1005-200-1582990.html?tag=st.ne.1002.thed.1005-
200-1582990> - DoubleClick, under attack for its method of tracking the
online movements of Internet users, is in settlement discussions with
several states that are investigating if the company violates consumers´
privacy, Michigan Attorney General Jennifer Granholm said
<http://news.cnet.com/news/0-1005-200-1582945.html?tag=st.ne.1002.thed.1005-
200-1582945> - What began as a rallying cry for free speech has turned into
a legal migraine for three young Webmasters who publicized decoded material
belonging to an Internet firm that filters smut from children´s computers.
The men, all in their early 20s, were ordered by a judge to take down the
information or face charges of copyright violations--the first time such a
law has been successfully applied in the hotly contested filtering debate
<http://www.ciac.org/ciac/bulletins/k-014.shtml>
- Aserver can be used to gain root access. It is necessary to change the
Aserver permissions for an interim workaround
<http://vil.nai.com/vil/vm98545.asp> - This is
a macro module virus for Word97/2000 documents and templates. This virus
consists of a single module named "skyline" and contains several Word97/2000
event handlers including in order to maximize the chance of executing the
virus code
<http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2472499,00.html?chkpt=p
1bn> - The European parliament is evaluating the possible dangers of
Echelon, a rumored US-sponsored global surveillance network, according to a
report from ZDNet France
<http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=W97M_MARKER.
AQ> - known as W97M_MARKER.AQ, When triggered, this macro virus either
deletes all text in an opened document, or converts the text to Webdings
font
<http://www.triblive.com/digage/dfbi0323.html> - unveils the Pittsburgh
High Tech Computer Crimes Task Force. The task force, one of the first in
the nation, will blend federal and local authorities to investigate
computer-related crimes
<http://www.zdnet.com/zdnn/stories/news/0,4586,2472277,00.html?chkpt=zdhpnew
s01> - Consumers who requested online life insurance quotes from the
SelectQuote Web site on Tuesday and Wednesday got more than they bargained
for: Thanks to an apparent software glitch, their personal information was
left on the company´s Web site for all the world to see
<http://www.canoe.ca/CalgaryNews/cs.cs-03-22-0040.html> - Calgary´s
thriving economy is attracting more than job-seekers and new corporations --
police computer experts say the city is also a hotbed for computer
espionage. Staff Sgt. Vic deBruyn, who heads the police commercial crime
unit, said hacking crimes have more than doubled each year since the unit
was formed in 1998 -- something he equates with the strong economy.
<http://www.currents.net/newstoday/00/03/22/news6.html> - Vipro Corp. has
struck a ground-breaking deal with Cable & Wireless [NYSE:CWP] (CWC),
allowing its Virus Service Plan (VSP) to be offered with CWC´s Virtual ISP
service. The Virtual ISP service, which was launched late last year, allows
third-party Internet service providers (ISPs) to resell capacity on the CWC
US backbone. This is especially useful for regional ISPs which want to offer
national coverage, as well as for "switchless" ISPs which rebrand ISP
services to end users
<http://cnn.com/2000/TECH/computing/03/21/idcide/index.html> - IDcide, has
developed a cure for cookies by providing a browser plug-in that
discriminates between first-party ,coming from the site you´re visiting, and
third-party ,coming from other servers, cookies. The tool, called the
Privacy Companion, can provide varying levels of security -- either blocking
no cookies, just third-party cookies, or all cookies
<http://www.currents.net/newstoday/00/03/22/news4.html> - NASA officials
blocked Brazil´s access to its computers last week following what agency
officials described as suspicious connection requests
<http://www.sophos.com/virusinfo/analyses/wm97thursdayq.html> -
WM97/Thursday-Q is a variant of the WM97/Thursday Word macro virus. On
December 13th the virus attempts to delete all files from C: drive
<http://www.sjmercury.com/svtech/news/breaking/merc/docs/011092.htm> - In
an annual survey issued Wednesday, the FBI and the San Francisco-based
Computer Security Institute showed just how pressing: total verifiable
losses in 1999 more than doubled to up to top $265 million, while more than
90 percent of respondents reported detecting some form of security breach
<http://www.infoworld.com/articles/en/xml/00/03/21/000321enwiretap.xml> -
The IETF Monday announced that its leadership has approved a policy against
building a wiretapping capability into its protocols. The new policy states
that the international standards development group is the wrong forum for
designing protocols to meet the wiretapping or privacy laws of specific
countries
<http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_GIGGLE&
VSect=T> - A destructive Trojan virus that deletes document files
<http://www.fcw.com/fcw/articles/2000/0320/web-hacker-03-21-00.asp> - Army
officials are worried that sophisticated hackers and other cybercriminals,
including military adversaries, may soon have the ability to hack their way
into and take control of major military weapon systems such as tanks and
ships
<http://www.linuxsecurity.com/feature_stories/feature_story-10.html> - We
live in the digital age. Email correspondence is commonplace, business
proposals are stored on computer systems, financial and legal information is
sent across networks. Nobody can get this information other than the
intended recipient, right? Don´t bet on it.
<http://199.97.97.16/contWriter/cndlatest_columns/2000/03/19/cndin/1801-0009
-pat_nytimes.html> - In the annals of cybercrime, the FBI´s all-time poster
boy is a Russian-born math whiz named Vladimir Levin. Levin committed his
spectacular online heist in 1994, when the Internet was still in its
infancy. It still stands as the largest recorded electronic crime in
history, but that´s because nobody knows how much goes unrecorded and
unpunished
<http://www.idg.net/servlet/ContentServlet?global_doc_id=154216&page_id=712&
content_source_id=5&return_spot=ts7&logger_loc=front_pages%2Fenglish> - An
official from the Army's National Training Center said some personnel can
remain idle for a year waiting for clearance that lets them to go to work.
That pattern costs DOD several billion dollars a year in lost productivity,
according to a recent General Accounting Office study
<http://www.currents.net/newstoday/00/03/20/news2.html> - A bill to stem
the avalanche of unsolicited e-mail won final approval by the Colorado
Senate today and was sent to Gov. Bill Owens for his signature
<http://www.zdnet.com/zdnn/stories/news/0,4586,2469620,00.html?chkpt=zdnntop
> - Takedown notices have been e-mailed to numerous Web sites that flout
Australia´s new content-regulation regime, but where are the storms of
protest?
Jean Francois Sends...
President & CEO MagusNet, Inc.
MagusNet.com, MagusNet.Gilbert.AZ.US
CTO EBIZ Enterprises, Inc.
TheLinuxStore.com, TheLinuxLab.com, LinuxWired.net
480-778-1120 - Office
602-770-JLF1 - Cellular