Loading ...
Sorry, an error occurred while loading the content.


Expand Messages
  • Fred Cohen
    Hijacked Web site regroups after infamous attack It started with an e-mail, the kind of nasty missive that e-commerce CEOs dread. The sender, describing
    Message 1 of 196 , Mar 1, 2000
      Hijacked Web site regroups after infamous attack
      It started with an e-mail, the kind of nasty missive that
      e-commerce CEOs dread. The sender, describing himself as
      a 19-year-old Russian named ``Maxim,'' claimed to have
      pilfered 300,000 credit card numbers from CD Universe,
      a music retailing Web site. Maxim offered to destroy the
      stolen files in exchange for around $100,000.

      U.S. sees progress, albeit slow, in hacking probe
      U.S. officials said Tuesday they were making headway in
      probing a wave of cyber attacks on some of the Internet's
      flagship sites, but finding the hackers responsible still
      requires a major undertaking. The attacks disrupted major
      commercial Web sites, including Yahoo, eBay and Amazon.com,
      for several hours earlier this month by hijacking
      third-party computers to flood the sites with so many
      information requests that legitimate users could not log
      on. ``We are making progress,'' Deputy Attorney General
      Eric Holder told a joint hearing of the House and Senate
      crime subcommittees. ``Once caught, we will prosecute
      these people to the fullest extent we can.''

      House, Senate to address hacker attacks
      A joint committee from the House and Senate today will
      hear testimony from investigators, government officials
      and industry executives on the recent wave of attacks
      that temporarily crippled some of the Web's most popular
      sites. The hearing will examine the distributed denial
      of service (DDoS) attacks that took down Yahoo, Amazon.com,
      eBay, E*Trade and others for hours at a time earlier this
      month. In a DDoS attack, hackers use any number of computers
      to send a flood of information requests to servers that host
      Web sites. The overwhelming stream of information often
      clogs a server network and paralyzes the site it hosts.
      Today's hearing, conducted by the House subcommittee on
      crime and the Senate criminal oversight subcommittee, will
      consider whether additional laws should be introduced to
      fight computer crimes and will examine the FBI's proposed
      budget increase to beef up its resources for computer
      crime investigations.

      Mr. Mitnick Goes to Washington
      A little over one month after his release from prison,
      famed hacker Kevin Mitnick will testify before the
      Senate Committee on Governmental Affairs on Thursday
      morning, in a hearing planned to address the security
      of the federal government's computer networks.
      Committee chairman Fred Thompson (R-TN) and ranking
      member Joseph Lieberman (D-CT) announced the hearing
      last Wednesday - one of a flurry of congressional
      hearings to follow this month's crippling denial of
      service attacks on various high-traffic Internet sites.
      The witness list was made public this afternoon, and
      also includes James Adams from computer security company
      iDefense, Cisco's Ken Watson, and two government experts.

      Strategic Command cyberpartnership battles national vulnerabilities
      A growing partnership between U.S. Strategic Command information
      security professionals and the Omaha community is helping to
      eliminate vulnerabilities in the nation's critical computer
      infrastructure. The partnership began last May during a
      USSTRATCOM-sponsored Cybersecurity conference. That conference
      spawned several computer security initiatives that have yielded
      encouraging results, said David Mike, chief of the command's
      Information System Security Policy and Accreditation branch.
      "The conference brought together more than 100 chief information
      officers and security managers from critical infrastructure
      companies and state and municipal governments to focus on computer
      security threats," said Mike. "As a result of the conference,
      Nebraska became the first state with a computer (emergency)
      response team, called "NebraskaCERT." Also, a monthly Cyber
      Security Forum was established to share information among
      interested individuals and companies, he added.

      Military sets up anti-hacker unit: Team of 14 based in Ottawa
      The Department of National Defence has declared war on Internet
      hackers by creating a new unit to help hunt down cyberspace
      intruders. A team of scientists and computer specialists has
      been formed at Defence Research Establishment Ottawa to devise
      new protective measures. To that end, they will imitate the
      hackers, creating new computer viruses to study and then design
      defences against. At the same time, they will develop new ways
      to track down hackers, said Prakash Bhartia, director-general
      of the facility.

      Free speech or cyber-slander?
      Cyberspace has become less anonymous as companies use libel
      suits to find and unmask their online critics, but now some
      cyber-chatters are fighting back. The chatters claim a First
      Amendment right to post messages on electronic bulletin boards
      using pseudonyms. They have scored some success in challenging
      attempts to pry loose their identities from Internet service

      Increased online security does not a draconian surveillance
      network make: Despite a recent spate of DoS attacks that
      caused a few hours of discomfort at places like Yahoo,
      Amazon, and eBay, the technology industry is a bit
      reluctant about increased government involvement in online
      security. While Congress appears eager to propose broader
      computer crime laws, the industry worries that increased
      government involvement in security issues might result in
      draconian surveillance networks... Congressional hearings
      to discuss the matter are scheduled to begin today.
      (New York Times stories; free registration required)

      New Generation Gap: Hackers
      The recent wave of denial-of-service attacks has
      revealed a generation gap among hackers. Many hackers
      have denounced the recent cyber assaults as the work
      of clueless virtual vandals, not legitimate hackers.
      Most hackers also said the attacks required few real
      skills or in-depth knowledge. For some hackers that
      lack of skill is equated with age. "All of a sudden,
      the big push is on to distance yourself from the bad
      guys -- those kids, and they always say 'kids' --
      who did the DoS attacks," said Schmoe, a 21-year-old
      hacker from the Northeast. "All of a sudden, it's
      good hackers talking about bad hackers and old hackers
      pointing fingers at young hackers."

      Study: 200,000 hooked on web porn
      At least 200,000 Internet users are hooked on porn sites,
      X-rated chat rooms or other sexual materials online,
      researchers say in one of the first studies to estimate
      the number of ``cybersex compulsives.''

      Survey - Web-savvy Folks Fret Over DoS Attacks
      An increasingly Web-savvy population is concerned about
      readiness to ward off deliberate denial of service
      (DDoS) attacks and wants solid leadership in information
      security to come from the industry, a survey has found.
      The Information Technology Association of America (ITAA)
      survey released today found that 90 percent of respondents
      perceive that the average e-business may be unprepared to
      fend off such attacks. Another 55 percent seem to agree
      that the problem places the "electronic economy" at risk.
      "The survey points up the enormous impact that the recent
      series of attacks had," ITAA spokesman Bob Cohen told
      Newsbytes. "This series has really been perceived as a
      watershed type of event. It's their wakeup call."

      Space Rogue Interviewed About Recent Hack Attacks
      Newsbytes.com Correspondent Kevin Featherly discusses
      hacking issues with a person who should know: former
      hacker "Space Rogue," who is now editor of Hacker News
      Network. The interview is part of a series of special
      reports to introduce the new washtech.com site. Kevin
      and Space Rogue discuss the recent hack attacks and
      what characterized them, as well as what type of person
      is motivated to conduct such break-ins. They also
      discussed what companies can do to prevent attacks and
      whether the media coverage of the event has caused
      awareness of the weaknesses, generated copycat attacks,
      or both. The interview is available at;

      Interesting case in Minnesota, where suspects are charged with
      possession of burglary tools, for using L0phtcrack in their computer
    • Fred Cohen
      Terrorist Web Site Hosted by U.S. Firm The political ideology of the Hamas site, which refers to recent suicide attacks in Israel as the martyr brigade, is
      Message 196 of 196 , Apr 4, 2002
        Terrorist Web Site Hosted by U.S. Firm The political ideology of the
        Hamas site, which refers to recent suicide attacks in Israel as the
        'martyr brigade,' is not illegal, according to most analysts. A Web
        site glorifying recent suicide attacks in the Middle East that is hosted
        by a U.S. company is sparking legal and ethical questions about whether
        Internet service providers and hosting companies should be held
        accountable for content on their networks and Web pages.

        FBI will use 'electronic tripwires' to protect secrets Tighter security
        against possible spies inside the FBI will require sophisticated
        ``electronic tripwires'' activated when employees try to review
        off-limits secrets, says a former FBI and CIA director. The tripwires
        ``will make it more difficult (for spies) in a deterrent sense --
        knowing they'll be more apt to be observed,'' said William H. Webster,
        who led a commission of experts investigating security inside the FBI
        after the February 2001 arrest of agent Robert Hanssen.

        Securing the cyber front Last year=92s spate of hacker attacks, viruses
        and worms shed light on the nation=92s poor state of information
        security--and the government=92s inability to shore it up. After Sept.
        11, the state of the country=92s cyber security seemed even more
        vulnerable to an even wider range of threats, and the White House
        stepped forward with what seemed like a bright idea to secure the cyber
        front. http://www.govexec.com/dailyfed/0402/040202ti.htm

        Clarke: IT security is 3 to 5 years away The president=92s proposed
        fiscal 2003 budget puts much-needed money behind efforts to improve IT
        security, presidential cybersecurity adviser Richard Clarke told
        industry representatives at FOSE 2002. =93The history of government
        trying to achieve IT ecurity is a sad one,=94 Clarke said. =93We have
        to tart putting our money where our policy is.=94

        Army security expert emphasizes vigilance and training A computer
        scientist from the National Infrastructure Protection Center yesterday
        urged agency officials to return to the basics of security and guard
        against cyberattacks by IT insiders. Robert M. Wright, on loan to
        NIPC=92s Special Technology Application Unit from the Army, said
        today=92s insiders are the people who are allowed onto an agency=92s
        network. Such insiders bring in tools ranging from hard drives the size
        of key chains to anonymous remailers, steganography=97hiding messages
        within digital images=97peer-to-peer applications, and infrared and
        radio wireless devices.

        Better management key to fighting cyber attacks The greatest
        technologies in the world will not shield federal agencies from cyber
        attacks unless they require more involvement from their senior managers
        and improve on educating their employees about computer security,
        several high-ranking federal information technology officials said
        Wednesday. "IT security is really a question of accountability," said
        Daryl White, the Interior Department's chief information officer, during
        a conference sponsored by the National High Performance Computing and
        Communications Council. "You can't hold firewalls and intrusion
        detection systems accountable. You can only hold people accountable."

        Support For Government Surveillance Slips Support for expanded high-tech
        government surveillance gradually has diminished during the six months
        following the Sept. 11 terrorist attacks, new Harris Poll figures show.
        While a majority of Americans continue to favor expanded surveillance by
        law agents in the war against terror, the poll shows that support has
        declined modestly. In one category =96 expanded government surveillance
        of cell phone and e-mail traffic =96 supporters now are in the minority,
        the poll indicates. http://www.newsbytes.com/news/02/175641.html

        Death to Old Software We all know that outdated network software is
        security hazard. The solution: hard-wired expiration codes that
        self-destruct an ld program when it's past its prime. Software lives
        forever. This is its blessing and its curse. It's a blessing, of
        course, because it's what separates software from automobiles, houses,
        electron microscopes, and other marvels of engineering: no wind and rain
        to make code rust, and software has no moving parts to wear out.

        --This communication is confidential to the parties it is intended to serve--
        Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171
        fc@... The University of New Haven.....http://www.unhca.com/
        http://all.net/ Sandia National Laboratories....tel:925-294-2087
      Your message has been successfully submitted and would be delivered to recipients shortly.