Show Are passive tokens immune to sniffing attacks?Tokens are favored over passwords as they are immune to sniffing and trial-and-error guessing.
What is a passphrase quizlet?A passphrase: uses longer, multiword phrases as secrets. A strong threat is willing to spend money, but not willing to leave evidence. True. Authentication associates an individual with an identity.
When an attacker is attacking a password system?When an attacker is attacking a password system, the average attack space estimates the number of guesses required before success is likely. Authentication associates an individual with an identity. MD5 is one of the most recent forms of hash functions.
Which of the following are examples of multi factor authentication select all that apply?A multi-factor authentication example of something the user has could include:. Google Authenticator (an app on your phone).. SMS text message with a code.. Soft token (also called software token).. Hard token (also called hardware token).. Security badge.. |
If you have any suggested additions, please contact me.
From New York Times, October 23, 2005
Colleges Protest Call to Upgrade Online Systems
By Sam Dillon And Stephen Labaton
"Sue Companies, Not Coders"
Wired News (10/20/05); Schneier, Bruce
"Mother Nature's Storms Postpone DHS' Cyber Storm"
Washington Technology (10/19/05); Dizard III, Wilson P.
"At Microsoft, Interlopers Sound off on
Security"
New York Times (10/17/05) P. C1; Markoff, John
"US Still World's Top Spammer"
IDG News Service (10/13/05); McMillan, Robert
In a recent report, security vendor Sophos determined that about 26 percent of worldwide spam originated within the United States, which is down from 42 percent in 2004. The reason for the drop, according to Sophos senior technology consultant Graham Cluley, is more effective prevention methods by ISPs and the work of antispam task forces. Meanwhile, spammers are focusing on the growing broadband connections in South Korea and China with the amount of spam originating in South Korea up 8 percent from 2004 to 2005 and the amount in China up 7 percent, according to Cluley, who points to the total amount of spam remaining the same between the two years. Spamhaus Project volunteer John Reid asserts that one way to significantly decrease spam is for ISPs to prohibit almost all of their users from establishing servers running the Internet standard port 25. Reid believes the policy would not affect the vast majority of non-spammers and points to previous attempts in Canada proving the method successful. Click Here to View Full ArticleFrom ACM's TechNews, October 14, 2005
"Developers 'Should Be Accountable' for Security Holes"
ZDNet UK (10/12/05); Espiner, Tom
"Nematodes: The Making of 'Beneficial' Network Worms"
eWeek (10/05/05); Naraine, Ryan
"The Sky Really Is Falling"
CIO (10/01/05) Vol. 19, No. 1, P. 80; Worthen, Ben
Research Project Will Track Network Attacks
Chronicle of Higher Education, 4 October 2005 (sub. req'd)
California Passes Anti-Phishing Law
InformationWeek, 3 October 2005
FTC Sues For Alleged Spyware
MSNBC, 5 October 2005
"Text Hackers Could Jam Cellphones, a Study Says"
New York Times (10/05/05) P. C1; Schwartz, John
"Fortifying DOD's Network Defenses"
Federal Computer Week (09/26/05) Vol. 19, No. 33, P. 60; Tiboni, Frank
"Are Attackers Winning the Arms Race?"
InfoWorld (09/26/05) Vol. 27, No. 39, P. 22; Grimes, Roger
"Microrobots Show Promise in IT, Security"
Dartmouth Online (NH) (09/28/05); Beale, Matt
"The Global State of Information Security 2005"
CIO (09/15/05) Vol. 18, No. 23, P. 60; Berinato, Scott; Ware, Lorraine Cosgrove
"Basic Training for Anti-Hackers"
Chronicle of Higher Education (09/23/05) Vol. 52, No. 5, P. A41; Carnevale, Dan
Congressmen To Ask For Review Of Higher Ed Antipiracy Efforts
Chronicle of Higher Education, 23 September 2005 (sub. req'd)
"Brazilians Blazing Trails With
Internet Technology"
Knight-Ridder Wire Services (09/26/05); Chang, Jack
"Anti-Spyware Gets HIP"
IT Architect (09/05) Vol. 20, No.
9, P. 61; Conry-Murray, Andrew
"Destructive Power of Mobile Viruses Could Rise Fast, Experts Say"
IDG News Service (09/28/05); Nystedt, Dan
"Lawmaker Doesn't Rule Out Cybersecurity Regulation"
IDG News Service (09/27/05); Gross, Grant
"New Security Proposed for Do-it-All Phones"
CNet (09/27/05); Evers, Joris
"Name That Worm--Plan Looks to Cut Through Chaos"
CNet (09/22/05); Evers, Joris
"The Next 50 Years of Computer
Security: An Interview With Alan Cox"
O'Reilly Network (09/12/05); Dumbill, Edd
"Now, Every Keystroke Can Betray You"
Los Angeles Times (09/18/05) P. A1; Menn, Joseph
"False Protection"
Software Development (09/05) Vol. 13, No. 9, P. 34; O'Connell, Laurie
"Hacking's a Snap in Legoland"
CNet (09/15/05); Terdiman, Daniel
"A Human Connection to Intrusion
Detection"
SearchSecurity.com (09/14/05); McKay, Niall
"Fleet-Footed
Worm Blocker"
Computerworld (09/12/05) P. 36; Anthes, Gary
Sound Of Keyboard Clicks Reveals What Is Typed ZDNet, 14 September 2005
Researchers at the University of California at Berkeley have demonstrated that an audio recording of someone typing on a computer keyboard can reveal with surprising accuracy exactly what they have typed. Using commercially available recording equipment, the researchers captured audio of typing and analyzed the sounds using an algorithm they developed. Because keys make different sounds, the system is able to make educated guesses about what key was pressed in what order. The application then applies some linguistic logic, including spelling and grammar checks, to refine the results. After three rounds of revisions, the application was able to identify 96 percent of the individual characters typed and 88 percent of the words. The application was effective even with background noise, such as music or cell phones ringing. Doug Tygar, UC Berkeley professor of computer science and information management and a principal investigator of the study, said the project should raise concerns about the security risks of such a technology. "If we were able to figure this out," he said, "it's likely that people with less honorable intentions can--or have--as well." http://news.zdnet.com/2100-1009_22-5865318.html From EduPage, September 12, 2005"Google Hacking"
Network World (09/05/05) Vol. 22, No. 35, P. 1; McMillan, Robert
UT Hacker Gets Fine, Probation
Houston Chronicle, 7 September 2005
"Bug Hunters, Software Firms in Uneasy Alliance"
CNet (09/06/05); Reardon, Marguerite
Colleges Dealing With Computer
Security Concerns
Christian Science Monitor, 1 September 2005
"The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them)"
Time (09/05/05) Vol. 166, No. 10, P. 34; Thornburgh, Nathan; Forney, Matthew; Bennett, Brian
"The Threats Get Nastier"
InformationWeek (08/29/05) No.
1053, P. 34; Claburn, Thomas; Garvey, Martin J.
"The Future of Computer Worms"
IT Observer (08/30/05); Sancho, David
Cyberscam Continues Apace
BBC, 26 August 2005
"Hackers Attack Via Chinese Web Sites"
Washington Post (08/25/05) P. A1; Graham, Bradley; Eggen, Dan
"Hacker Underground Erupts in Virtual Turf Wars"
Christian Science Monitor (08/22/05); Spotts, Peter N.
"Can a Simple Password Stop Domain Name Hijacking?"
Tom's Hardware Guide (08/17/05); Gruener, Wolfgang
"Computer
Characters Mugged in Virtual Crime Spree"
New Scientist (08/18/05); Knight, Will
"Al-Qaida Recruiting Target: Skilled Hackers"
Investor's Business Daily (08/19/05) P. A4; Tsuruoka, Doug
"'War of the Worms' Spurs Latest Cyber-Attack"
ABC News (08/17/05); James, Michael S.
"Computer Virus Writers Moving Faster with Attacks"
Reuters (08/17/05); Swartz, Spencer
Virus Attacks Windows Computers at Companies
By Matt Richtel
Spyware Heats Up the Debate Over Cookies
By Bob Tedeschi
Former AOL Employee Sentenced For Data Theft
Reuters, 17 August 2005
"'Spear Phishing' Tests Educate People About Online Scams"
Wall Street Journal (08/17/05) P. B1; Bank, David
E-Mail Marketer Convicted Of Stealing 1.6 Billion Names
Wall Street Journal, 15 August 2005
"NIST Creates Online Treasure Trove of Security Woes"
Federal Computer Week (08/15/05); Yasin, Rutrell
"Instant Messaging: A New Target For Hackers"
Computer (07/05) Vol. 38, No. 7, P. 20; Leavitt, Neal
New York Adds Disclosure Law
The Register, 12 August 2005
"PluggedIn: Wireless Networks--Easy Hacker Pickings"
Reuters (08/05/05); Sullivan, Andy
Hackers Hit Another University
San Francisco Chronicle, 9 August 2005
Students Face Punishment For Computer Tampering
Wired News, 9 August 2005
Spammer Settles With Microsoft
New York Times, 10 August 2005
"Critics Say Security Still Lags"
Investor's Business Daily (08/09/05) P. A4; Howell, Donna
"Annual Hacking Game Teaches Security Lessons"
SecurityFocus (08/04/05); Lemos, Robert
"Car Computer Systems at Risk as Viruses Go Mobile"
Reuters (07/29/05); Virki, Tarmo; Shields, Michael
Court Upholds University Block On Spammer
Inside Higher Ed, 4 August 2005
CU Suffers Another Hack
The Denver Post, 3 August 2005
Researcher Says Dns Servers Vulnerable
CNET, 3 August 2005
Europe Zips Lips; U.S. Sells ZIPs
By Eric Dash, August 7, 2005
The Rise of the Digital Thugs
By Timothy L. O'brien, August 5, 2005
"The Sniffer vs. the Cybercrooks"
New York Times (07/31/05) P. 3-1; Rivlin, Gary
The Sniffer vs. the Cybercrooks
By Gary Rivlin
Congress Gets Serious About Data Privacy
CNET, 28 July 2005
"Two Professors Go Fishing for Phishers"
San Francisco Chronicle (07/25/05) P. E1; Kirby, Carrie
Software Hides Passwords From Phishers
San Jose Mercury News, 25 July 2005
CU Computers Hacked
The Denver Channel, 22 July 2005
Paying Hackers For Bugs
CNET, 24 July 2005
Computer-security firm TippingPoint has begun a program to pay rewards to individuals who report computer vulnerabilities. Not unlike similar programs from other companies, the TippingPoint deal offers a variable amount of money if a reported bug proves valid. The company will use the information to update its own protection software and will notify the maker of the vulnerable product about the problem. David Endler, director of security research at TippingPoint, said the reward program is intended to "reward and encourage independent security research" and to "ensure responsible disclosure of vulnerabilities." Not all security companies believe in bounties. Internet Security Systems, for one, said that paying for such bug reports amounts to having hackers do a company's research for it. An official from Internet Security Systems also noted that the bugs reported in such programs are typically very low-level problems, saying that the more extreme vulnerabilities are worth much more when used for hacking than if turned in to security companies. http://news.com.com/2100-7350_3-5802411.html
Hackers Finding New Targets
Wall Street Journal, 25 July 2005
"Retracing Spam Steps Could Halt Mass Emails"
New Scientist (07/22/05); Knight, Will
"May I Have Your Identification, Please?"
SiliconValley.com (07/25/05); Lee, Dan
National Cybersecurity Test Scheduled
ZDNet, 22 July 2005
"Information Security With Colin Percival"
O'Reilly ONLamp (07/21/2005); Lucas, Michael W.
"Call for Homeland Security Cybersecurity Improvements"
IDG News Service (07/19/05); Gross, Grant
"Corrupted
PC's Discover a Home: The Dumpster"
New York Times (07/17/05) P. 13; Richtel, Matt; Markoff, John
"Between Phishers and the Deep Blue Sea"
CNet (07/18/05); Kawamoto, Dawn
A Pass on Privacy?
by Christopher Caldwell
What to Do After Your Data Is Stolen
by M.P. Dunleavey
University Charges
Cybersquatting
Detroit News, 18 July 2005
Study Shows Drop In Damages From Cyber Attacks
The Register, 18 July 2005
A new study shows a significant drop in the amount of damage caused by cyber attacks as well as a shift in the kinds of attacks that are most commonly reported. Researchers from the University of Maryland conducted the Computer Crime and Security Survey on behalf of the Computer Security Institute (CSI), with consultation from security experts at the FBI. The survey questioned IT security officials at 700 private companies, governmental agencies, and universities and found that the average cost per security incident was $204,000, down from $526,000 a year earlier. Viruses remain the most frequent type of attack (32 percent), but unauthorized access rose to second on the list at 24 percent. Chris Keating, director of CSI, noted that schemes to steal individuals' identities are a growing concern. The survey, he said, indicates "more financial damage due to theft of sensitive company data," a trend that should press network managers to ensure the security of enterprise systems. http://www.theregister.com/2005/07/18/csi_fbi_security_survey/
While
Computer Attack Costs are Down, Data Theft Costs Increase
Computerworld 18 July 2005
"How to Make Safer Software"
Wall Street Journal (07/18/05) P. R4; Guth, Robert A.
Coalition To Release Spyware Definition
CNET, 12 July 2005
Security Community Bemoans Loss Of Hacker Magazine
Silicon.com, 11 July 2005
The Answer is 42 of Course
If we want our networks to be sufficiently difficult to penetrate, we've got to ask the right questions. Read the Article. From ACM's TechNews, July 8, 2005"Schools Looking for Ways to Lure More Minorities"
Triangle Business Journal (07/01/05); Sutker,
Colin
"How Secure Is Federal 'Cybersecurity'?"
Fox News (07/07/05);
Vlahos, Kelley Beaucar
"Antispam Proposals Advance"
CNet (06/29/05); Festa, Paul
"The Answer Is 42 of Course"
Queue (06/05) Vol. 3, No. 5, P. 34; Wadlow, Thomas
Phishers Locked Up
CNET, 29 June 2005
Two men have been sentenced to prison in Britain for orchestrating a phishing scheme that used stolen identities to pilfer as much as 6.5 million pounds over two years. Douglas Harvard and Lee Elwood were sentenced to six and four years respectively for their parts in the phishing ring, which authorities said garnered at least 750,000 pounds during one 10-month period. The men allegedly worked with individuals in Russia to traffic in personal information and the money stolen using that information. Mick Deat, deputy head of Britain's National Hi-Tech Crime Unit, issued a statement thanking the U.S. Secret Service and the FBI for their assistance in the investigation. The statement also expressed Deat's hope that the convictions will discourage others who might consider such scams. http://news.com.com/2100-7348_3-5766860.html
From ACM's TechNews, June 29, 2005"Cybersecurity Group Looks to Europe for Help"
IDG News Service (06/27/05); Pruitt, Scarlet
"Microsoft Pushing Spam-Fighting System"
Associated Press (06/22/05); Jesdanun, Anick
"Viruses, Security Issues Undermine Internet"
Washington Post (06/26/05) P. A1; Cha, Ariana Eunjung
"Better PC Security Years Away"
TechNewsWorld (06/22/05); Mello, John P.
"Snoozing About Security"
CNet (06/17/05); Cooper, Charles
"Common Criteria or Common Confusion?"
SD Times (06/01/05) No. 127, P. 5; de Jong, Jennifer
University Of Connecticut Discovers Security Breach
New York Times, 24 June 2005
Choicepoint Changes Practices To Avoid Repeat Disclosure
Wall Street Journal, 24 June 2005
Spyware Charges Result In $7.5 Million Settlement
Reuters, 15 June 2005
Survey Shows More Bad Guys Turning To Browser Attacks
CNET, 14 June 2005
Former Student Convicted Of Stealing Data
Chronicle of Higher Education, 13 June 2005
Liberty Alliance Addresses Id Theft
CNET, 13 June 2005
Spam Fighters Form New Coalition
Silicon.com, 3 June 2005
"Internet
Security...Writ Very Small"
Network World (06/06/05) Vol. 22, No. 22, P. 1; Messmer, Ellen
"The Looming Threat of Pharming"
InfoWorld (06/06/05) Vol. 27, No. 23, P. 39; Leon, Mark
"Computer
Viruses Become Hacker Informants"
New Scientist (06/09/05); Marks, Paul
"Device Drivers Filled With Flaws, Threaten Security"
Security Focus (05/26/05); Lemos, Robert
The Scramble to Protect Personal Data
by Tom Zeller Jr.
"Has Ransomware Learned From Cryptovirology?"
NewsFactor Network (06/02/05); Young, Adam L.
"'Silent Horizon' War Games Wrap Up for the CIA"
Associated Press (05/26/05); Bridis, Ted
"Privacy Matters"
Washington Technology (05/23/05) Vol. 20, No. 10, P. 1; Lipowicz, Alice
"Hacker Hunters"
BusinessWeek (05/30/05) No. 3935, P. 74; Grow, Brian; Bush, Jason
Colleges Learn About Identity Theft From An Identity Thief
New York Times, 29 May 2005
Hackers Hit Stanford
Silicon.com, 26 May 2005
Gao Says Dhs Unprepared For Cybersecurity
CNET, 26 May 2005
"Collaboration Is a Necessity for a Secure Infrastructure"
Computing (05/26/05); Nash, Emma
"House Approves Spyware Penalties"
TechNews.com (05/24/05); McGuire, David
Spreading Spyware
Through An Affiliate Program
TechWeb, 24 May 2005
House Takes Two Steps Against Spyware
CNET, 23 May 2005
"Database Hackers Reveal Tactics"
Wired News (05/25/05); Zetter, Kim
"Scientist Blames Web Security Issues on Repeated Mistakes"
E-Commerce Times (05/24/05); Germain, Jack M.
Hackers Holding Computer Files 'Hostage'
(23 May 2005)
GAO Report Finds Wireless Security Lacking at Federal Agencies
(17 May 2005)
Court Rules German ISPs Do Not Have to Provide Record Companies with Customer Data
(17 May 2005)
"Instant Messaging Falls Prey to Worms"
New Scientist (05/14/05) Vol. 186, No. 2499, P. 26; Biever, Celeste
"School
Studies Effects of Internet Attacks"
eWeek (05/09/05) Vol. 22, No. 19, P. 18; Roberts, Paul F.
"Personal Data for the Taking"
New York Times (05/18/05) P. C1; Zeller Jr., Tom
"How to Hook Worms"
IEEE Spectrum (05/05); Riordan, James; Wespi, Andreas; Zamboni, Diego
Latest Loss Of Personal Information: MCI
Wall Street Journal, 23 May 2005
Feds
Conduct Searches Related To Data Thefts
Wall Street Journal, 20 May 2005
"Computing Officials Worry That Proposed Federal Database Could Be Hacked"
Chronicle of Higher Education (05/06/05) Vol. 51, No. 35, P. A37; Carnevale, Dan
Time Warner Reports Data Loss
Reuters, 2 May 2005
"Skeletons on Your Hard Drive"
CNet (04/20/05); Hines, Matt
FIU Suffers Computer Hack
The Register, 29 April 2005
A Crisis of Prioritization"
Computerworld Australia (04/27/05); Bajkowski, Julian
"Does Trusted Computing Remedy Computer Security Problems?"
IEEE Security & Privacy (04/05) Vol. 3, No. 2, P. 16; Oppliger, Rolf; Rytz, Ruedi
Concerns Mount Over Software's Role In Data Breaches
Wall Street Journal, 27 April 2005
"Encryption: The Key to Secure Data?"
Computer Weekly (04/26/05); Bradbury, Danny
"Center Aims to Improve Cybersecurity in Higher Education"
Indiana University (04/25/05)
"Cyber Security Has Its Limits"
Pittsburgh Tribune-Review (04/22/05); Bails, Jennifer
Survey Shows Steep Rise In Web Site Defacements
BBC, 25 April 2005
Do You Know Where Your Identity Is? Personal Data Theft Eludes Easy Remedies
ChoicePoint, a consumer data vendor, hands over personal information on at least 145,000 people to criminals posing as small businesses. Hackers swipe the personal information of 32,000 people who use the database Lexis-Nexis. Bank of America loses backup tapes containing 1.2 million federal employee records. Every day, it seems, a new identify theft incident is reported followed by new rounds of questions: Should data vendors be regulated? Can identity theft hurt e-commerce? How do individuals protect themselves? Unfortunately, suggest Wharton faculty and others, no simple answers are available, especially when personal information is so easily available through search engines. Read the articleFrom New York Times, April 9, 2005Sentence in Spam Case
LEESBURG, Va., April 8 -- A North Carolina man convicted in the nation's first felony prosecution for spamming was sentenced on Friday to nine years in prison, but the judge postponed the sentence while the case is appealed. A jury recommended the nine-year prison term after convicting Jeremy Jaynes of sending at least 10 million e-mail messages a day with the help of 16 high-speed lines. Mr. Jaynes, 30, of Raleigh, N.C., will be free on $1 million bond until the appeals process concludes. Mr. Jaynes was convicted in November for using false Internet addresses to send mass e-mail ads through a server in Virginia. Under Virginia law, sending unsolicited bulk e-mail itself is not a crime unless senders mask their identities. Published: 04 - 09 - 2005 , Late Edition - Final , Section C , Column 1 , Page 2 From ACM's TechNews, April 22, 2005"U.S. Gets New Cyberterrorism Security Center"
Computerworld (04/21/05); Weiss, Todd R.
"Researchers Propose Early Warning System for Worms"
eWeek (04/20/05); Naraine, Ryan
"Stopping Spam"
Scientific
American (04/05) Vol. 292, No. 4, P. 42; Goodman, Joshua; Heckerman, David; Rounthwaite, Robert
"Stanford Joins
Multi-Institution Center on Research in Cybersecurity and Computer Trustworthiness"
Stanford Report (04/14/05); Yang, Sarah; Levy, Dawn
"Putting Teeth Into U.S. Cybercrime Policy"
CNet (04/14/05); Hines, Matt
"Surveillance Works Both Ways"
Wired News (04/14/05); Zetter, Kim
"Prying Eyes Are Everywhere"
USA Today (04/14/05) P. 1D; Kornblum, Janet
"UC Berkeley to Lead $19 Million NSF Center on Cybersecurity Research"
UC Berkeley News (04/11/05); Yang, Sarah
"Diffie: Infrastructure a Disaster in the Making"
SearchSecurity.com (04/12/05); Brenner, Bill
"Lessons in Cybersafety"
ITworldcanada.com (04/05/05); Parkins, Robert
"Bigger Phishes Ready to Spawn"
CNet (04/06/05); Hines, Matt
Program Teaches Hacking To Raise Awareness
BBC, 8 April 2005
Higher Ed Fares Below Average For Computer Security
New York Times, 4 April 2005
Some Colleges Falling Short in Security of Computers
By Tom Zeller Jr.
"Carnegie Mellon Unit Looks to Advance IT Security, Reliability"
Computerworld (03/28/05) P. 23; Thibodeau, Patrick
Spammer Files For Bankruptcy Protection
BBC, 1 April 2005
Lawsuits Target Phishers
Reuters, 31 March 2005
"Secure Flight Faces Uphill Battle"
Wired News (03/29/05); Zetter, Kim
"Identity Theft Made Easier"
Wall Street Journal (03/29/05) P.
B1; Delaney, Kevin J.
"Cars Are Getting Computer-Jacked"
CNet (03/25/05); Spooner, John G.
Thief Grabs Laptop And 100,000 Identities
Inside Higher Ed, 29 March 2005
"Terror Plot to Cripple UK in Cyber Attack"
Scotsman (UK) (03/22/05); Kirkup, James
Due to a growing dependence on electronic networks in Britain and throughout the world and increasing technological sophistication of terrorists, Britain's counter-terrorism coordinator David Omand issued an alert that both government and private sectors need to ramp up electronic anti-terrorism defenses. Omand says terrorists are working on launching a crippling cyberattack, warning that top al Qaeda operatives that have been arrested or are being tracked have shown significant technological sophistication. Former Metropolitan Police Authority Chairman Toby Harris warns of "significant vulnerability in the systems we all rely on," and Omand believes the defense against cyberterrorism will fail unless businesses in the private sector begin taking the threat seriously and upgrading their defenses. Attacks could come in the form of denial of service attacks, hacking into sensitive electronic systems, attacking electricity grids or systems controlling hydroelectric dam flood gates, or carrying out a coordinated physical and electronic attack on emergency systems. The global aspect of the Internet has Britain working with countries they often regard with hostility to prevent cyberattacks. Harris says, "Britain could be quickly reduced to large-scale disorder, including looting and rioting, in the event of a serious disruption of critical national infrastructure." Click Here to View Full Article
"Security Counterattack"
Network World (03/21/05) Vol. 22, No. 11, P. S12; Gittlen, Sandra
"War of Words over Operating Systems' Safety"
New Scientist
(03/23/05); Biever, Celeste
"Does IM Stand for Insecure
Messaging?"
CNet (03/23/05); Hines, Matt
"Cyberterrorism Isn't a Threat Yet, One Expert
Says"
Fort Worth Star-Telegram (03/23/05); Batheja, Aman
Growth of Wireless Internet Opens New Path for Thieves
By Seth Schiesel
"IBM Embraces Bold Method to Trap Spam"
Wall Street Journal (03/22/05)
P. B1; Forelle, Charles
"Decrypting
the Future of Security"
Globe and Mail (CAN) (03/18/05); Kirwan, Mary
"Study Criticizes Government on Cybersecurity Research"
New York Times (03/19/05) P.
B2; Markoff, John
"Cleaning Spam From Swapping Networks"
CNet (03/18/05); Borland, John
"Schneier: Secure Tokens Won't Stop Phishing"
IDG News Service (03/15/05); Roberts, Paul
"Crack in Computer Security Code Raises Red Flag"
Wall Street Journal (03/15/05) P. A1; Forelle, Charles
GEORGIA UNCOVERS MISUSE OF ONLINE PORTFOLIOS After discovering files containing personal information on its e-portfolio system, officials at the University of Georgia are reviewing the institution's policies for online portfolios. A student in the university's New Media Institute--part of the school's journalism program--had used the e-portfolio system to store a list of names and credit card numbers on a university-owned server. Officials at the school are not sure how the student obtained the list, which came from a North Carolina company that sells pharmaceutical products online, or what the student intended to do with it. The server where the file resided was immediately taken down, and officials are now combing through the rest of the files before re-posting them, looking for any other inappropriate information. According to Scott Shamp, director of the New Media Institute, the incident has raised questions about how long and under what terms the university will offer online portfolio services to its students. Shamp, who expressed support for online portfolios, pointed to the possibility of third-party options to address concerns over liability for the institution. Chronicle of Higher Education, 1 April 2005 (sub. req'd) http://chronicle.com/prm/weekly/v51/i30/30a04102.htm
Tech Companies Coordinate Efforts To Fight Hackers
CNET, 28 March 2005
Dartmouth Decides To Penalize, But Not Eliminate, Hackers
Pittsburgh Post-Gazette, 18 March 2005
Applying Old Scams To New Technologies
Wired News, 20 March 2005
The emergence of voice over Internet protocol (VoIP) phone service has opened a new door for hackers and others to fool users. Using the Internet to transmit phone calls allows callers to spoof Caller ID systems, something that isn't possible with traditional phone service. Although telemarketers are required by the Federal Communications Commission to properly identify themselves, Caller ID spoofing is otherwise not prohibited. As a result, someone can, for example, call Western Union, which requires customers to call from their home phones to initiate money transfers, using a faked source number, and make a fraudulent transfer. In other instances, debt collectors and private investigators use Caller ID spoofing to trick people into answering their phones and possibly divulging information they otherwise would not. Scams similar to e-mail phishing rackets also take advantage of Caller ID spoofing, deceiving people into believing that a caller is at a bank or a financial institution and helping persuade them to reveal personal information to the caller. http://www.wired.com/news/privacy/0,1848,66954,00.html
From EduPage, March 18, 2005Hackers Target Boston College Alumni Database
ZDNet, 17 March 2005
Study Blames Users For Encouraging Spam
BBC, 23
March 2005
Rise of zombie PCs 'threatens UK'
BBC News, March 22
Can a Virus Hitch a Ride in Your Car?
New York Times, By Tom Zeller Jr. And Norman Mayersohn
What to Expect of 'Spamalot'?
A Lot of Spam
New York Times, By David F. Gallagher
Schools Criticized Over Rejection Of Nosy Applicants
Chronicle of Higher Education, 11 March 2005
"'Perfect Storm' for New Privacy Laws?"
CNet (03/01/05); Lemos, Robert
Harvard Rejects Applicants Who Peeked
Wall Street Journal, 8 March 2005
Hackers Compromise Publisher's Database
CNET, 9 March 2005
Hacker Exposes Admissions Records
San Jose Mercury News, 3 March
2005
"Thwarting 'Evil Geniuses'"
Spokane Journal of Business (02/24/05); Read, Paul
Bank Loses Sensitive
Data
New York Times, 26 February 2005
"Cybercorps Scholarships Fund New Generation of Security Gurus"
Software (02/05) Vol. 22, No. 1, P. 98; McLaughlin,
Laurianne
Companies Point To Education For Poor Security Training
CNET, 16 February 2005
"How to Stop Junk E-Mail: Charge for the Stamp"
New York Times (02/13/05) P. BU5;
Stross, Randall
"Terror's Server"
Technology Review (02/05) Vol. 108, No. 2, P. 46; Talbot, David
"Virtual Jihad"
Newsweek (02/09/05); Isikoff, Michael; Hosenball, Mark; Horesh, Andrew
"Project Honeypot Aims to Trap
Spammers"
New Scientist (02/05/05) Vol. 185, No. 2485, P. 26; Biever, Celeste
"Law Barring Junk E-Mail Allows a Flood Instead"
New York Times (02/01/05) P. A1; Zeller Jr., Tom
New I.B.M. Report Will Warn of Computer Security Threats
New York Times, October 25, 2004, by John Markoff
Outsourcing booms, although quietly
THE WALL STREET JOURNAL, By Jesse Drucker and Jay Solomon
Read the Article
From New York Times, October 24, 2004Identities Stolen in Seconds
by Timothy L. O'Brien
"Tech Firms, Lawmakers Target Spam, E-Mail Fraud"
Baltimore Sun (10/18/04) P. 1A; Bishop, Tricia
"The Quest for Secure Code"
Globe and Mail (CAN) (10/12/04); Kirwan, Mary
"A Matter of Trust: Privacy and Security in the Information Age"
IST Results (10/08/04)
Antispam Conference Calls For International Cooperation
BBC, 11 October 2004
"Mission: Critical"
Information Security (09/04) Vol. 7, No. 9, P. 26; Barlas, Stephen; Earls, Alan; Fitzgerald, Michael
"Hacking 101: It's For Your Own Good"
Charlotte Observer (10/05/04); Choe, Stan
"Cyber Center Targets Internet Plagues"
NewsFactor Network (10/05/04); Martin, Mike
"The Search for Computer Security"
Harvard University Gazette (09/30/04); Powell, Alvin
Survey Shows U.S. Computer Users Unaware Of Security Risks
BBC, 3 October 2004
"E-Cyclers Embrace Data Destruction"
eWeek (10/01/04); Hachman, Marc
"App Developers Need to Redouble Security Efforts"
eWeek (09/30/04);
Schindler, Esther
California Gets Tough On Spyware
Reuters, 28 September 2004
Concern Grows Over JPEG Flaw
BBC, 24 September 2004
"Reports on Spam Levels Paint Differing Views of the Problem"
Wall Street Journal (ONLINE) (09/21/04); Bialik, Carl; Creighton, Deborah S.
FTC Considers Offering Bounties for Spammer Convictions
17 September 2004
Phishers Target Gmail Accounts
15 September 2004
"'Dirty Dozen' Tips From Former Cybersecurity Czar"
Computerworld New Zealand (09/14/04); Watson, David
Users Find Too Many Phish in the Internet Sea
By David F. Gallagher
Attacks on Windows PC's Grew in First Half of 2004
By John Markoff
Barbarians at the Digital Gate
By Timothy L. O'Brien and Saul Hansell
"DHS Moves Ahead With Cybersecurity R&D Efforts"
Computerworld (09/15/04); Verton, Dan
"Dozens of Experts Take on
Cyberterror"
Seattle Post-Intelligencer (09/13/04); Shukovsky, Paul
"The Next Threat"
Forbes (09/20/04) Vol. 174, No. 5, P. 70; Lenzner, Robert; Vardi, Nathan
Are Hurricanes Swamping Spammers?
Lots of folks think the hits that the Sunshine State (aka Spam State) have taken slowed the volume. Probably isn't so, though http://www.businessweek.com/technology/content/sep2004/tc20040916_1065.htm?c=bwinsidersep17&n=link12&t=email From ACM's TechNews, September 15, 2004"OpenBSD's Theo de Raadt Talks Software Security"
Computerworld Australia (09/10/04); Gedda, Rodney
"Malware Writers Using Open-Source Tactics"
Linux Insider
(09/09/04); Mello, John P. Jr.
"House Panel Gets Tough on Spyware, P2P Piracy"
InternetNews.com (09/08/04); Mark, Roy
"System
Alert: Web Meltdown"
Independent (London) (09/08/04); Grossman, Wendy
"Are Hackers Using Your PC to Spew Spam and Steal?"
USA Today (09/08/04) P. 1B; Acohido, Byron; Swartz, Jon
"Industry Group Voicing Cybersecurity Concerns in Washington"
Investor's Business Daily (09/09/04) P. A6; Howell, Donna
--Investigative Report: How Hackers Infect PCs To Spread Spam and Steal Money
In a landmark study of the economics and techniques of hackers, two top reporters from USA Today have painted a vivid picture of what is really going on in cyber crime today and how it involves millions of home and business users. This article is the first of two parts. Part One vividly illustrates the problem and ends with the challenge: "Consumer outrage needed." On Thursday, September 9, Part Two shows that the problem will just get worse if vendors and ISPs continue to refuse to do their fair share to reduce the risk. http://www.usatoday.com/money/industries/technology/2004-09-08-zombieuser_x.htm"The Human Factor Trumps IT in the War on Terror"
Government Computer News (09/01/04); Jackson, William
"When E-Mail Points the Way Down the Rabbit Hole"
New York Times (09/02/04) P. E8;
Johnson, Kirk
More Compromised Data, Or Simply More Disclosure?
San Jose Mercury News, 2 September 2004
"Organized Crime Invades Cyberspace"
Computerworld (08/30/04) Vol. 32, No. 35, P. 19; Verton, Dan
DNA Analysis Used To Fight Spam
BBC, 25 August 2004
"Exhibit Features Viruses as Art"
Wired News (08/27/04); Delio, Michelle
"A Proactive Approach to Security"
VNUNet (08/18/04); Thomson, Iain
"Concerns Mount Over Major Web Strike"
eWeek (08/24/04); Morgenstern, David
"Selective Shutdown Protects Nets"
Technology Research News (09/01/04); Patch, Kimberly
London Internet Exchange Members Adopt Code of Practice to Thwart Spammers
The Register, 18 August 2004
Yankee Group Study Suggests Most Large Companies will Outsource Security by End of the Decade
Information Week, 23 August 2004
Immature standards, encryption attacks impose burdens on
early adopters
eWeek, August 23, 2004
"Convergence Quagmire:
Viruses with Spam"
TechNewsWorld (08/18/04); Lyman, Jay
SURVIVAL TIME OF UNPROTECTED PCS
DROPS
CNet, August 17, 2004
"Philippine Government Plans National Cyber Security System"
IT World, August 10, 2004
"AOL and Yahoo to Use Authentication Technology in Fight Against Spam and Phishing"
Computer World, August 12,
2004
"eMail Security Companies Say They Will Support Sender ID"
TechWeb , August 12, 2004
"Cellphone
Viruses: How Worried Should You Be?"
Business Communications Review (07/04) Vol. 34, No. 7, P. 14; Krapf, Eric
"Unprecedented Security Network
for Olympics"
Associated Press (08/10/04); Varouhakis, Miron
"APWG Data Shows Steady Increase in Phishing Scams During First Half of Year"
Computer World, August 4, 2004
"HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY"
Computer World, August 6, 2004
"Hospitals Defy Patching Restrictions"
NW Fusion Ellen Mesmer, August 9, 2004
"FCC Rules: Spammers Need Consent to Send to Wireless Subscriber Messaging Service Domains"
Washington Post, Information Week
Articles
"Reverse Engineering of Windows XP SP2"
PCWorld.com (08/03/04); Brandt, Andrew
"Feds Seek a Few Good Hackers"
PCWorld.com (08/03/04); Brandt, Andrew
The recent Defcon 12 hackers' conference included a recruitment presentation by federal law enforcement agents searching for talented people to work for the government. "The Department of Defense understands how important computers are to defending the United States, and is always on the lookout for good people," said Alvin Wallace, a supervisory special agent for the Air Force's Office of Special Investigations. The presentation was well-received with many of the twenty-something crowd taking business cards and asking questions about pay, security clearances, and college scholarships. Former National Security Agency director of information assurance Mike Jacobs spoke, urging hackers to help protect the United States from spies and terrorists. He said that when he worked at the agency, he would remind his colleagues that "the hacker community is probably our ally, and we need to pay attention to what they're doing out there." Some hackers may have trouble getting security clearances due to past misbehavior. Jim Christy, director of the Defense Department's Cyber Crime Center, says that the fight against terrorism has reduced security agency resources for cybercrime. The presenters noted that recruitment has to continue because employees tend to move into private industry. Wallace says his office provides "one of the best training grounds...Some of the best computer crime investigators in other federal agencies had their start in the Air Force Office of Special Investigations." Click Here to View Full Article From ACM's TechNews, August 6, 2004
"Stealth Wallpaper Keeps Company Secrets Safe"
New Scientist (08/04/04); Fox, Barry
"Onion Routing Averts Prying Eyes"
Wired News (08/05/04); Harrison, Ann
"FCC Takes on Spam, Copying"
Wired News (08/05/04); Grebb, Michael
"Talking Computer Security"
CyberDefense Magazine (07/04) Vol. 2, No. 7, P. 16
"Fingerprinting Your Files"
Technology Review (08/04/04); Garfinkel, Simson
"The Shaky State of Security"
InfoWorld (07/26/04) Vol. 26, No. 30, P. 32; Roberts, Paul F.
"Hack This"
EDN Magazine (07/22/04) Vol. 49, No. 15, P. 26; Webb, Warren
"Search Engines Expose Vulnerabilities"
Computerworld (07/29/04); Willoughby, Mark
"Hackers Plan Global Game of 'Capture the Flag'"
CNet (07/30/04); Lemos, Robert
"Academics Enlist in Spam Battle"
eWeek (07/31/04); Hicks, Matt
"Hackers Are Discovering a New Frontier: Internet Telephone Service"
New York Times (08/02/04) P. C4; Belson, Ken
"Internet Snagged in the Hooks of 'Phishers'"
Washington Post (07/29/04) P. E1; Walker, Leslie
WORM VARIANT CLOGS E-MAIL, SEARCH ENGINES
ZD-Net, July 26, 2004
"An Eye Opener on Open Source Internet Security"
IST Results (07/22/04)
"Wanted: Cybersecurity Experts"
Medill News Service (07/22/04); Kumler, Emily
"Is Your Computer a Loaded Gun?"
Salon.com (07/22/04); Vaidhyanathan, Siva
PIRACY REPORT STIRS CONTROVERSY
New York Times, July 19, 2004
"Loose Clicks Sink Computers"
Baltimore Sun (07/19/04) P. 6A; Stroh, Michael
"Computer, Heal Thyself"
Salon.com (07/12/04); Williams, Sam
"Hacktivism and How It Got Here"
Wired News (07/14/04); Delio, Michelle
"For Hackers, Shop Talk, a Warning and Advice"
New York Times (07/12/04) P. C3; Thompson, Nicholas
"Cybersecurity Research
Underfunded, Executives Say"
Government Computer News (07/08/04); Jackson, Joab
"Corporate Governance Task Force Pushes Security Best Practices"
Enterprise Systems (07/07/04); Schwartz, Mathew
"For Hackers, Shop Talk, a Warning and Advice"
New York Times (07/12/04) P. C3; Thompson, Nicholas
United
Nations To Address Spam Problem
San Jose Mercury News, 6 July 2004
Three Countries To Coordinate Antispam Efforts
Internet News, 6 July 2004
Report Shows Steep Rise In Software Piracy
CNET, 7 July 2004
"Software Fuse Shorts Bugs"
Technology Research News (07/07/04); Patch, Kimberly
"FTC Mulls Bounty System to Fight Spam"
MSNBC (06/29/04); Brunker, Mike
"Winning the War on Spam"
Discover (06/04) Vol. 25, No. 6, P. 24; Johnson, Steven
"Internet Takedown"
Government Technology (06/04) Vol. 17, No. 6, P. 24; McKay, Jim
"IT and End Users Differ on Spam Severity"
IT Management (06/18/04); Gaudin, Sharon
"Task Force Pushes for Early Warning System"
Security Management (06/04) Vol. 48, No. 6, P. 40; Piazza, Peter
Two Arrested and Charged in E-Mail Theft
By
Saul Hansell
ISPs Agree On Antispam Measures
New York Times, 23 June 2004
"Software Industry Seeking New Ways to Fight Piracy"
Investor's Business Daily (06/22/04) P. A4; Bonasia, J.
"Spam-Sending PCs Could Be Kicked Offline"
MSNBC (06/22/04); Sullivan, Bob
"Shortage of Computer Security Experts Hampers Agencies"
National Journal's Technology Daily (06/10/04); New, William
"Vigilantes on the Net"
New Scientist (06/12/04) Vol. 182, No. 2451, P. 26; Moran, Barbara
"Decoding Application Security"
CSO Magazine (05/04); Violino, Bob
"FTC Rejects Creation of No-Spam
Registry"
Washington Post (06/16/04) P. A1; Krim, Jonathan
"Is the Future of E-Mail Under Cyberattack?"
USA Today (06/15/04) P. 4B; Swartz, Jon
"Pay or Go Away: What Would Spammers Do?"
EurekAlert (06/08/04)
"Invasion of the Spambots"
Salon.com (06/08/04); Williams, Sam
Used Computers Full Of Sensitive Information
BBC, 9 June 2004
"Worst-Case Worm Could Rack Up $50B in
U.S. Damages"
TechWeb (06/04/04); Keizer, Gregg
"Recognition Keys Access"
Technology Research News
(06/09/04); Patch, Kimberly
"Cybersecurity: a Job for the Feds?"
IDG News Service (06/07/04); Gross, Grant
4 Rivals Almost United on Ways to Fight Spam
By Saul Hansell,
Published: June 23, 2004
"Will Code Check Tools Yield Worm-Proof Software?"
CNet (05/26/04); Lemos, Robert
Buffalo Spammer Gets Jail Time
A judge in New York this week sentenced Howard Carmack, the so-called Buffalo Spammer, to the maximum three-and-a-half to seven years in prison under the state's new identity theft statute. Carmack was charged with setting up hundreds of e-mail accounts under false or stolen identities and sending 850 million spam e-mails through those accounts. Internet service provider EarthLink previously won a $16.4 million civil judgment against Carmack, though the company has yet to collect any money from Carmack. At his sentencing, Carmack said his prosecution was politically motivated and that he didn't see any victims of his actions. In response, Judge Michael D'Amico said, "I'm having a heck of a time figuring out why you think everybody is unfair to you," telling Carmack he caused a lot of harm to many people. Wall Street Journal, 27 May 2004 Read the article (subscription required) From ACM's TechNews, May 26, 2004"Viruses Nip Russia After the Cold War"
IDG News Service (05/25/04); Blau, John
"RPI Study Eyes Sick Computers"
Associated Press (05/25/04); Hill, Michael
"How Are Script Kiddies Outwitting I.T. Security Experts?"
NewsFactor Network (05/19/04); Valentine, Lisa
"Executives Criticize the Tech Industry"
Associated
Press (05/19/04); Bridis, Ted
"Senate Hears Mixed Reviews of Anti-Spam Law"
Washington Post (05/21/04) P. E5; Krim, Jonathan
"Flaws Drill Holes in Open Source Repository"
CNet (05/19/04); Lemos, Robert
"Fine-Tuning Spam Filtering"
TechNewsWorld (05/18/04); Korzeniowski, Paul
Canada Urges International Cooperation To Fight Spam
Canadian officials this week suggested that international efforts, possibly including a treaty, are necessary to fight the growing problem of spam. Lucienne Robillard, Canada's Industry Minister, said, "Alone, country by country, we cannot solve this problem," noting that 95 percent of spam received by Canadians originates in other countries. According to Robillard, an international treaty on spam could include extradition of those accused of sending spam. Richard Simpson, director general of e-commerce for Industry Canada, compared a potential international agreement on spam to existing tax treaties, which countries use in collecting taxes and "countering other forms of activities like money laundering." A spam treaty is also being discussed at the Asia Pacific Economic Cooperation forum, according to Canadian officials. CNET, 11 May 2004 http://news.com.com/2100-1028_3-5210534.html From EduPage, May 10, 2004Microsoft Reward Credited With Arrest Of Sasser Suspect
An 18-year-old German student has been arrested for, and has confessed to, writing the Sasser worm that began infecting computers around the world last week. The arrest was made after acquaintances of the teen tipped off the Munich offices of Microsoft, which set up a reward program last year to try to catch writers of malicious computer code. The informers, who said they were aware of the reward program, provided Microsoft with details about the worm, convincing the company to notify German authorities. After being arrested and having his computer confiscated, the teen confessed. The informants will receive $250,000 if he is convicted. An official from Microsoft praised the reward program, calling this first instance of its use a "defining moment in demonstrating our ability to combat malicious code in collaboration with the authorities." Wall Street Journal, 10 May 2004 (sub. req'd) http://online.wsj.com/article/0,,SB108401726263605863,00.htmlSasser Author Tried To Create Virus-Fighting Virus
Sven Jaschan, the German teen who confessed to writing the Sasser computer worm, told authorities he had set out to write a virus, called Netsky, that would remove versions of the MyDoom and Beagle viruses. Jaschan reportedly wrote several versions of Netsky, eventually ending up with the Sasser worm. According to one German investigator, Jaschan is "a really good programmer" but didn't understand the scale of what he was doing. Just before being apprehended by authorities last week, Jaschan released a fifth version of Sasser, intended to limit the damage caused by the previous four. The new version, Sasser e, purported to include information about a patch against the Sasser worm. Instead of limiting the damage of previous versions, however, Sasser e also caused computers to reboot spontaneously. According to Sascha Hanke, a Microsoft official in Germany, Jaschan "did it with good intentions, but it had exactly the same damaging effects." eWeek, 10 May 2004 http://www.eweek.com/article2/0,1759,1589919,00.asp From ACM's TechNews, May 10, 2004"Breach of Trust"
InformationWeek (05/03/04) No. 987, P. 58; Hulme, George V.; Kontzer,
Tony
"Crackers Redux"
eWeek (04/26/04) Vol. 21, No. 17, P. 29; Fisher, Dennis
"Security From the Inside Out"
Tech Update (04/21/04); Farber, Dan
"Technological Networks and the Spread of Computer Viruses"
Science (04/23/04) Vol. 304, No. 5670, P. 527; Balthrop, Justin; Forrest, Stephanie; Newman, J.
"Supercomputer Hacks
Highlight Ed Security Challenge"
IDG News Service (04/16/04); Roberts, Paul
"FTC to Look Closer at 'Spyware'"
Washington Post (04/19/04) P. A4; Noguchi, Yuki
"Spam to Go"
Technology Review (04/04) Vol. 107, No. 3, P. 22; Roush, Wade
"Hackers Strike Advanced Computing Networks"
TechNews.com (04/13/04); Krebs, Brian
"DRC Investigation Finds Public Websites 'Impossible' for Disabled People"
PublicTechnology.net (04/16/04)
"Making Software Systems Evolve"
IST Results (04/14/04)
When Software Fails to Stop Spam, It's Time to Bring In the Detectives
McBride spends a lot of time waiting for spammers to make a mistake. They usually do. Read the article. From ACM TechNews, April 14, 2004"The
Porous Internet and How to Defend It"
E-Commerce Times (04/10/04); Millard, Elizabeth
"Concern Grows Over Browser Security"
CNet (04/12/04); Reardon, Marguerite
"In the Trenches With Antivirus Guru Mikko Hypponen"
E-Commerce Times (04/07/04);
Millard, Elizabeth
"Spamhaus Proposal Aims to Stop Spam"
InformationWeek (04/07/04); Gardner, W. David
"The Pure Software Act of 2006"
Technology Review (04/04); Garfinkel, Simson
"Email Attack Could Kill Servers"
New Scientist (04/06/04); Knight, Will
"Group Suggests 25 Ways to Improve IT Security"
Government Computer News (04/06/04); Miller, Jason
"Security Patching: Easy As 1-2-3"
Network Magazine (03/04) Vol. 19, No. 3, P. 37; Greenfield, David
WORM TURNS UP
A computer infection called Sasser has been fouling computers worldwide today. Read the article. From ACM TechNews, April 26, 2004"Hackers: Under the Hood"
ZDNet Australia (04/19/04); Gray, Patrick; Foo, Fran; Gray, Patrick
"Can E-Mail Be Saved?"
InfoWorld (04/19/04) Vol. 26, No. 16, P. 40; Boutin, Paul
"In the Trenches With Antivirus Guru Mikko Hypponen"
E-Commerce Times (04/07/04); Millard, Elizabeth
"Spamhaus Proposal Aims to Stop Spam"
InformationWeek (04/07/04); Gardner, W. David
"The Pure Software Act of 2006"
Technology Review (04/04); Garfinkel, Simson
"Email Attack Could Kill Servers"
New Scientist (04/06/04); Knight, Will
New Virus Targets Mac Users
A new Trojan horse represents what one security expert said is "the first native Mac OS virus." Brian Davis of Mac security firm Intego said the MP3Concept or MP3Virus.gen Trojan horse, which masquerades as an MP3 file, does not cause an infected computer any harm but merely accesses files in the System folder. According to Davis, the virus is probably a test to see what is possible with Mac systems, which historically have not been targets of malicious code. Given the growing popularity of Apple Computer's online music service, however, OS X systems have become a more tempting target. Because Windows--with its dominance in the operating system market--has traditionally drawn the attention of virus writers, most Mac users do not use antivirus software and are generally unconcerned about opening attachments in e-mail. With the new Trojan horse, said Davis, these habits for Mac users could change quickly. "They're all susceptible to viruses and Trojans," said Davis, "just as Windows is." Wired News, 9 April 2004 http://www.wired.com/news/mac/0,2125,63000,00.htmlSecurity Experts Debate Appropriateness Of Exploit Tool
A new security tool from the Metasploit Project has drawn criticism from some security experts who say it offers potential hackers an easy means to launch attacks. Computer scripts called "exploits" take advantage of known security holes in systems. The new tool is essentially such an exploit that can be easily modified to test new vulnerabilities. According to Metasploit founder HD Moore, the tool is a boon for security personnel, who use it to test systems for flaws and in quality assurance programs. Peter Lindstrom of Spire Security, however, sees the tool as having real value for only "about 10 academics and serious researchers who may find this interesting." Beyond those people, Lindstrom said, the tool could allow thousands of others to become hackers. Moore conceded that the tool could be used in malicious ways but argued that it is nonetheless valuable for those seeking to protect systems from attack. He said exploits are "required for many types of legitimate work." Other security companies have developed similar tools to aid in security computer systems, and HP has created an attack tool to test network security. ZDNet, 8 April 2004 http://zdnet.com.com/2100-1105_2-5187776.html From ACM's TechNews, April 2, 2004"Face-Off: Is Patch Management the Best Defense Against Vulnerabilities?"
Network World (03/29/04) Vol. 21, No. 13, P. 44; Schultze,
Eric; Hofmeyr, Steven
"New Marking Process Traces Spammers, Pirates, and Hackers"
EurekAlert (03/31/04)
"Yoran Rejects Claims of Slow Progress in Securing Key IT Systems"
InformationWeek (03/30/04); Hulme, George V.
"Time to Enlist a 'National Guard' for IT?"
Network World (03/29/04) Vol. 21, No. 13, P. 8; Greene, Tim
"Computer, Heal Thyself"
Federal Computer Week (03/29/04) Vol. 18, No. 8, P. 42; Moore, John
"IT Security and Software Development"
TechNewsWorld (03/26/04); Halperin, David
"Spam-Busters"
Network World (03/22/04) Vol. 21, No. 12, P. 69;
Ulfelder, Steve
"When Instant Messages Come Bearing Malice"
New York Times (03/25/04) P. E4; Junnarkar, Sandeep
"Technology Solution to Slicing Spam Lags"
CNet (03/22/04); Olsen, Stefanie; Festa, Paul
"Experts Publish 'How to' Book for Software
Exploits"
IDG News Service (03/15/04); Roberts, Paul
"The Web: Hacker Turf War Raging Online"
United Press International (03/17/04); Koprowski, Gene J.
"Viruses Lurk as a Threat to 'Smart' Cellphones"
Wall Street Journal (03/18/04) P. B4; Nasaw, David
"New Hacker Program Prompts Alert"
Washington Post (03/18/04) P. E5; Krebs, Brian
"In E-Mail Warfare, the Spammers Are Winning"
Baltimore Sun (03/14/04) P. 1A; Shane, Scott; Packard, Jean
"Can Social Networking Stop Spam?"
NewsFactor Network (03/15/04); Martin, Mike
"The End of Passwords"
E-Commerce Times (03/13/04); Millard, Elizabeth
Malicious Computer Worm Detected
By John Schwartz
Malicious computer program known as phatbot or polybot can create networks of remotely controlled computers to take part in online attacks, send junk e-mail messages and engage in other shady activities; program uses technology like that developed as Gnutella and Kazaa to control machines. The worm can create networks of remotely controlled computers to take part in online attacks, send junk e-mail messages and engage in other shady activities common to the bad neighborhoods of cyberspace. From EduPage, March 17, 2004Putnam Blasts Federal It Security
Rep. Adam Putnam (R-Fla.) had harsh words this week for federal agencies' failure to adequately protect their IT infrastructures. A December report gave federal agencies an overall grade of "D" for IT security, and a new report from the Government Accounting Office (GAO) indicates growing numbers of cyber attacks against government systems. According to the GAO report, cyber attacks on government offices rose from 489,890 in 2002 to 1.4 million in 2003. The report said blame for the lack of security falls more with poor management practices within federal agencies than with technology. Putnam, chair of the House Government Reform Subcommittee on Technology, noted that the nation has gone to great lengths to protect physical security but said "protecting our information networks has not progressed commensurately." Jeffrey Rush of the Treasury Department acknowledged the failings but noted that since the creation of the Department of Homeland Security, his agency has seen a 70 percent reduction in staff. Internet News, 17 March 2004 http://www.internetnews.com/infra/article.php/3327081 From ACM News, February 23, 2004"Computer-Security Efforts Intensify"
Wall Street Journal (02/23/04) P. B4; Clark,
Don; Wingfield, Nick; Hanrahan, Tim
"Spam: A Reality Check"
PC Magazine (02/18/04); Ulanoff, Lance
"Serious Linux Security Holes Uncovered and Patched"
eWeek (02/19/04); Vaughan-Nichols, Steven J.
"Unlocking Our Future"
CSO Magazine (02/04); Garfinkel, Simson
"Converging on Network Security"
Military Information Technology (02/09/04) Vol. 8, No. 1; Gerber, Cheryl
"Spam-Busters Sort Out the
Fakes"
New Scientist (02/07/04) Vol. 181, No. 2433, P. 26; Biever, Celeste
"Passwords to Guard Entry Aren't Enough to Protect Complex Data"
ScienceDaily (02/16/04)
"New Anti-Spam Initiative Gaining Traction"
eWeek (02/12/04); Callaghan, Dennis
"Security Still Reigns as Wireless 'Weakest Link'"
E-Commerce Times (02/17/04); Gallagher, Helen
"Spammers Exploit High-Speed Connections"
Associated Press (02/16/04); Jesdanun, Anick
"Hackers for Hire"
TechNewsWorld (02/13/04); Germain, Jack M.
"Congress and Cybersecurity"
TechNews.com (02/12/04); Krebs, Brian
IBM AND CISCO TO PARTNER ON SECURITY IMPROVEMENTS
IBM and Cisco Systems this week announced a partnership to build security into their products, reflecting a growing awareness among technology companies that security applications work better when they are integrated into basic design rather than added on to otherwise completed products. The new partnership means that various hardware and software products from the two companies will be able to communicate, lowering the chance for security weaknesses in networks. The IBM-Cisco deal echoes the recent acquisition of network security firm NetScreen Technologies by Juniper Networks. Chris Christiansen, analyst with IDC, said that although he is skeptical of such partnerships because "so many of them have failed in the past," he is more optimistic about the IBM-Cisco deal. The companies have worked together previously, said Christiansen, and have little product overlap. San Jose Mercury News, 13 February 2004 http://www.siliconvalley.com/mld/siliconvalley/7946744.htm From ACM News, February 13, 2004"Is
Cyberspace Getting Safer?"
Medill News Service (02/11/04); Newell, Adrienne
"Coming Soon to Your IM Client: Spim"
Network World (02/09/04) Vol. 21, No. 6, P. 30; Garretson, Cara
"The Virus Underground"
New York Times Magazine (02/08/04) P. 28; Thompson, Clive
"Can E-Mail Survive?"
PC Magazine (02/17/04); Metz, Cade
"The E-Mail Mess"
Governing (01/04) Vol. 17, No. 4, P. 40; Perlman, Ellen
REPORT SAYS CAN-SPAM ACT NOT EFFECTIVE
A report from California-based e-mail filtering company Postini seems to indicate little immediate change in the volume of spam as a result of the CAN-SPAM Act, signed into law by President Bush in December. At that time, spam accounted for 80 percent of all e-mail according to Postini. One month later, that figure remained at 79 percent. Critics of the bill had argued that it would do little to stem the flow of spam, saying that the bill simply outlined steps spammers must take for their e-mail to be "legitimate." Critics also noted that many spammers operate outside the United States, beyond the jurisdiction of the law. Postini's Andrew Lochart said spam can only be effectively controlled through a combination of technology and legislation. BBC, 9 February 2004 http://news.bbc.co.uk/2/hi/technology/3465307.stm From ACM News, February 9, 2004"Software Innovation Is Dead"
NewsForge (02/07/04); Love, Jonathan
"False Hope for Stopping Spam"
Technology Review (02/04/04); Garfinkel, Simson
"Tackling the Secure Web Mail Challenge"
E-Commerce Times (02/04/04); Pasley, Keith
MICROSOFT PROPOSES NEW STRATEGIES TO LIMIT SPAM
Software giant Microsoft, which has lately announced its intention to help stem the flow of spam, is working on programs designed to place a significant burden on those who want to send vast amounts of unsolicited e-mail. Under an initiative called "Penny Black," computers that send e-mail would be required to spend several seconds solving a complex math problem. Such a scenario would cause virtually no slowdown for average users, but spammers trying to send millions of e-mails would be faced with an enormous computational demand. Officials from Microsoft noted that the company is working on several other anti-spam programs and does not consider the Penny Black program to be a "silver bullet." For any solution to be effective, said Microsoft's George Webb, it must have "broad-based deployment across the e-mail system." Washington Post, 5 February 2004 From ACM News, February 4, 2004"Europe Blames Weaker U.S. Law for Spam Surge"
Wall Street Journal (02/03/04) P. B1; Mitchener, Brandon
"Why This One Is Scarier"
San Francisco Chronicle (02/03/04) P. B1; Kirby, Carrie
"Dual Curses: Viruses and Spam"
Computerworld (02/02/04) Vol. 32, No. 5, P. 29; Ubois, Jeff; Betts, Mitch
"Is the Tide Turning in Battle Against Hackers?"
IT Management (01/04); Robb, Drew
"Security Threats Won't Let
Up"
InformationWeek (01/05/04) No. 970, P. 59; Hulme, George V.
"Security: From Bad to Worse?"
InformationWeek (12/29/03); Keizer, Gregg
"Device Guards Net Against Viruses"
Technology Research News (12/24/03); Patch, Kimberly
"DARPA Evaluates Proposals for Self-Regenerative Systems"
Computerworld (12/22/03); Anthes, Gary H.
"We Hate Spam, Congress Says (Except When It's Sent by Us)"
New York Times (12/28/03) P. 1; Lee, Jennifer 8.
"The Spies Who Come in Through the Keys"
Financial Times (12/17/03) P. 15; Morrison, Scott
"Digital Defense"
Computerworld (12/22/03); Anthes, Gary H.
"Computer Security in Focus"
SiliconValley.com (12/03/03); Ackerman, Elise
"Rules to Address Holes in Software"
Los Angeles Times (11/28/03) P. C1; Menn, Joseph
"A Two-Pronged Approach to
Cybersecurity"
CNet (12/01/03); Lemos, Robert
"Fighting the Worms of Mass Destruction"
Economist (11/27/03) Vol. 369, No.
8352, P. 65
New Computer
Worm A Friend Of Spammers
Reuters, 2 December 2003
Researchers Find Serious Vulnerability in Linux Kernel
by Larry Seltzer
"Taking Cues From Mother Nature to Foil Cyberattacks"
Newswise (11/25/03)
"Q&A: Improved Security Requires IT Diversity"
Computerworld (11/24/03); Vijayan, Jaikumar
"Computer-Security Experts Challenge Researchers to Focus on Long-Term Solutions"
Chronicle of Higher Education (11/21/03); Carnevale, Dan
"Proposed
Spam-Blocking Technology Is a Long Way Away"
InternetWeek (11/21/03); Gonsalves, Antone
"EU Cybercrime Agency Gets the Go-Ahead"
IDG News Service (11/20/03); Meller, Paul
"The Future of Open Source in Security"
EarthWeb (11/19/03); Bourque, Lyne
"The Virus at 20: Two Decades of Malware"
silicon.com (11/11/03); Sturgeon, Will
"Spam
Nation"
InformationWeek (11/10/03) No. 963, P. 59; Claburn, Thomas
"Encryption Revolution: The Tantalizing Promise of 'Unbreakable' Codes"
Associated Press (11/16/03); Bergstein, Brian
"Spammers Target Instant Message Users"
TechNews.com (11/13/03); McGuire, David
"Could Antivirus Apps Become Law?"
IDG News Service (11/06/03); Gross, Grant
"Spammers Can Run But They Can't Hide"
New York Times (11/09/03) P. 3-1; Hansell, Saul
"Senate Votes 97-0 to Restrict E-Mail Ads"
Washington Post (10/23/03) P. A1; Krim,
Jonathan
"Carnegie Mellon to Launch New Initiative to Ensure Cybersecurity" EurekAlert (10/22/03)
The expertise of over 50 researchers and 80 students from Carnegie Mellon University's College of Engineering, School of Computer Science, H. John Heinz III School of Public Policy and Management, and the CERT Coordination Center will be combined under Carnegie Mellon CyLab. CMU President Jared L. Cohon says the CyLab facility "is designed to work with speed and great efficiency to shore up security breaches that can compromise the Internet-based electronic ties that enhance communications and services that bind so many enterprises together into a network that is the foundation of our economic prosperity." Another of CyLab's goals is to nurture government-business collaboration to bolster the security of the cyber-infrastructure. CyLab co-director Pradeep Khosla says the center will be a convergence point for CMU's information assurance specialists, including those working in the fields of research and development, public policy, response, and prediction. Much of CyLab's research funding is coming from a sizable federal investment shepherded by Rep. Mike Doyle (D-Pa.). The Internet's vulnerability to malicious software, hackers, and cyberterrorism will spur CyLab to concentrate on the development of state-of-the-art technologies designed to keep information private and fortify the security of distributed systems and wireless and optical networks. The facility will also be dedicated to sustaining CMU's CyberCorps program and its effort to boost cybersecurity competence among 10 million home users. Cisco CTO Greg Akers says, "We look forward to helping CyLab craft a focused research initiative centered on tools, technologies and practices to improve dependability, secure the Internet, embed security in computer and communications systems, and design a public/private partnership to accelerate outreach training and education." Click Here to View Full Article"Spammers Clog Up the Blogs"
Wired News (10/24/03); Ulbrich, Chris
From ACM News, October 29, 2003
"Antispam Methods Aim to Merge"
CNet (10/24/03); Festa, Paul
"Patchy Years Ahead for Software Users"
IDG News Service (10/23/03); Pruitt, Scarlet
"Anti-Spam List Wouldn't Fly, Experts Warn"
Investor's Business Daily (10/17/03) P. A5
"Lawmakers Hammer on Spam"
Medill News
Service (10/14/03); Chang, Rita
Survey Shows How Users Deal With Spam
Internet News, 13 October 2003
"Outwitting Spammers"
Network World (09/29/03) Vol. 20, No. 39, P. 48; Bort, Julie
"Ruling Over Unruly Programs"
CSO Magazine (09/03); Garfinkel, Simson
"E-Mail Is Broken"
Salon.com (10/02/03); Mieszkowski, Katharine
"Davis Signs Bill to Ban Online Spam"
Los Angeles Times (09/24/03) P. A1; Ingram, Carl
Latest
Virus Masquerades As Virus Patch
Internet News, 19 September 2003
"Self-Policing Added to Spam Bill"
Washington Post (09/18/03) P. E1; Krim, Jonathan
"China Joins Global Fight Against Spam"
IDG News Service (09/10/03); Lemon, Sumner
System Alert: You've Got ... Worms
With names like Sobig, Blaster, and Welchia, computer viruses have been wreaking havoc around the world. No longer confined to e-mail attachments, the latest bugs can spread through the Internet, as they take advantage of vulnerabilities in exposed computers. Was the recent spate of attacks just more of the same � or are virus writers beginning to infect computers with other gains in mind? Experts at Wharton and elsewhere weigh in on possible motives, what businesses should do to protect themselves, and which industry sectors stand to gain from the chaos. Read Article From ACM News, September 5, 2003"Computer Antivirus Strategies in Crisis"
New Scientist (09/03/03); Graham-Rowe, Duncan
"Many More Worms Will Wriggle Into Our Future"
San Francisco Chronicle (09/04/03) P. B1; Kirby, Carrie
"Email Updates Six Degrees Theory"
Technology Research News (09/03/03); Patch, Kimberly
"Outsmarting Spam"
InformationWeek (09/01/03) No. 953, P. 18; Kontzer, Tony
"Does IM Have Business Value?"
Business Communications Review (08/03)
Vol. 33, No. 8, P. 40; Bellman, Bob
"Spamming
Sleazebags Ruining E-Mail"
SiliconValley.com (08/31/03); Gillmor, Dan
"Fight Against Viruses May Move to Servers"
Washington Post (08/28/03) P. E1; Duhigg, Charles
Many security experts contend that desktop anti-virus software and firewalls may soon not be enough to thwart increasingly crafty and sophisticated computer viruses, and they expect the server to become the new front line of defense. "[Virus writers] are making viruses that are as difficult as possible to analyze, and they are crafting attacks so that anti-virus people can't download malicious code to neutralize it before it is executed," says Mikko Hypponen of F-Secure. Viruses and worms proliferate at such speed that predictive systems are the only effective deterrent, but desktop computers do not have the computing capability to support such systems, according to the computer security industry. Mark Sunner of MessageLabs says computer security will shift from desktops to large databases at key Internet exchange points; he insists that "Our databases know what an outbreak looks like, and can identify it much faster and more aggressively [than desktops]." Adding fuel to this migration are growing demands from consumers and security experts that Microsoft and other major software providers beef up the security of their products. Ken Dunham of iDefense reckons that at any one time at least 100,000 Internet-connected home computers in the United States are infected with malware that allows hackers to launch attacks from the compromised machines. Worse, security experts caution that worms are being designed to change tactics in the middle of an attack; another fear on experts' minds is the emergence of "superworms," though Lurhq security researcher Joe Stewart claims that user awareness is currently so poor that hackers do not necessarily have to resort to such highly intelligent malware. Experts place most of the blame for poor computer security at the feet of two trends: Software standardization and too much emphasis on system performance. Click Here to View Full Article
"Software Self-Defense"
ABCNews.com (08/27/03); Eng, Paul
"Saving Private E-mail"
IEEE Spectrum (08/03); Vaughan-Nichols, Steven J.
"Could Spam One Day End Up Crushed Under Its Own Weight?"
Wall Street Journal (08/25/03) P. B1; Berman, Dennis K.
"Spam Wars"
Technology Review (08/03) Vol. 106, No. 6, P. 32; Schwartz, Evan I.
"Record Computer Infections Slow U.S., Private Work"
Washington Post (08/22/03) P. E1; Duhigg, Charles; Krebs, Brian
Computer viruses that have proliferated at record rates over the past 10 days appear to be tapering off slightly, according to security firms such as MessageLabs. However, this news hardly breeds optimism for federal agencies--the Small Business Administration, the Department of Commerce, and the FCC among them--reporting productivity and operational slowdowns, computer outages, and unprecedented numbers of infected emails attributed to worms such as Sobig.F, Blaster, and Welchia, whose global reach encompasses at least 1 million residential, business, and government computers. Department of Commerce CIO Tom Pyke says that his department's virus-defense systems intercepted 40,000 Sobig.F-laden messages before Commerce computers were compromised on Aug. 21, and between 500 to 750 emails are being quarantined every hour. Though the damage caused by these viruses is repairable, computer experts say the worms could easily be programmed for more malevolent tasks, and are worried about the next epidemic. Sallie McDonald of the Homeland Security Department notes that both her agency and Microsoft warned of the Windows vulnerability the viruses are exploiting in July, but the record spread of the worms is a clear indication that few people took advantage of the warning, or the patch that was issued. She adds, "If industries and agencies don't start regulating themselves, Congress may put in legislative requirements." Click Here to View Full Article
"Strong Attackers, Weak Software"
Washington Post (08/21/03) P. E1; Duhigg, Charles
"Spam Technology Seeks Acceptance"
TechNewsWorld (08/15/03); Fontana, John
"Head of FTC Opposes Bills To Curb Spam"
Washington Post (08/20/03) P. E1; Krim, Jonathan
"Grappling With Virus Invasion"
Wired News (08/20/03); Delio,
Michelle
"Are You a Good or a Bad Worm?"
Wired News (08/19/03); Delio, Michelle
"Patching Becomes a Major Resource Drain for Companies"
Computerworld (08/18/03);
Vijayan, Jaikumar
"Profile of the Superworm: SoBig.E Exposed"
TechNewsWorld (08/13/03); Germain, Jack M.
"Patching Things Up"
CIO (08/01/03) Vol. 16, No. 20, P. 79; Violino, Bob
"Should E-mail Still Be Free?"
Technology Review (08/06/03); Shein, Barry;
Crocker, Dave
"Multiple Attack Only Hope in Spam Battle"
New Scientist (07/01/03); Knight, Will
Page Owner: Professor Sauter ()
� Vicki L. Sauter. All rights Reserved.