Computer Security Weekly, March 20, 2000


The US law enforcement community is on the anonymity rampage again. Janet Reno is calling for some means to eliminate anonymity online, although she has declined to be specific about her proposals. This is dangerous since, as she herself admits, law enforcement officials don't have enough training to understand the online world. The details, when they come, are likely to be as ill-thought out as most such legislation in recent decades.

http://www.wired.com/news/business/0,136... http://www.pcworld.com/cgi-bin/pcwtoday?... http://www.infoworld.com/articles/en/xml...

Known bugs strike yet again. A security loophole in Microsoft's Internet Information Server that has been known for at least a year and a half has been used to download thousands of credit-card numbers from a variety of Web commerce sites.

http://www.www.infoworld.com/articles/en...

Oh, and about them US FBI people who think they can dictate how the Web shall be run? They still haven't a clue about the DDoS attacks from last month.

http://www.mercurycenter.com/svtech/news...

I remember the great furor over the release of SATAN, which, depite its name, was a useful tool for assessing the security of your site or network. However, the recent ruckus over Trend Micro's OfficeScan is a bit different. OfficeScan actually opens a loophole for attack in some cases.

http://www.zdnet.com:80/zdnn/stories/new...

Microsoft's Internet Explorer versions 5.0 through 5.0b with the 128-bit encryption pack can interfere with the use of Windows 2000. If you have W2K and IE5, but haven't tried them together yet, hold off.

http://www.microsoft.com/windows/ieak/en...

Kerberos is a well-regarded system that can be used to provide for reasonably secure authentication over insecure networks such as the Internet. Windows 2000 now has it. Well, no it doesn't. You see, W2K uses a version of Kerberos that does not conform to the standard. Which can create problems. For one thing, it means that Microsoft's version won't interoperate with others.

http://www.isi.edu/gost/gost-group/produ... ftp://ftp.isi.edu/in-notes/rfc1510.txt ftp://athena-dist.mit.edu/pub/kerberos/doc/techplan.txt http://www.www.microsoft.com/windows2000... http://www.www.microsoft.com/WINDOWS2000... http://www.www.microsoft.com/windows2000... http://www.microsoft.com/msj/defaulttop....

Heard that a lot of mail servers have shut down recently? Don't believe it. Another Melissa variant is out there, this one saying that the mail server is down, and you should read the attached file for information. Now *my* first question would, of course, be "if the server is down, how did you send me this message?" and my second would be "why did you send a file attachment rather than just explaining things in the message?" but maybe I'm very old fashioned ...

Yet another DDoS tool. This one provides for remote changes to the ports used, in order to avoid detection of known port use.

http://sled.gsfc.nasa.gov/~spock/shaft_a... http://www.cert.org/reports/dsit_worksho... http://packetstorm.securify.com/distribu... http://staff.washington.edu/dittrich/mis... http://www.cert.org/advisories/CA-99-17-...

As I've noted before, the publishers of content filtering software (usually seen as porn filters) have consistently refused to say what it is that they block. (Some more insistently and viciously than others.) One outfit is now trying to take legal action under the US

The copyright of the article Computer Security Weekly, March 20, 2000 in Computer Security is owned by Robert Slade. Permission to republish Computer Security Weekly, March 20, 2000 in print or online must be granted by the author in writing.

Go To Page: 1 2

Articles in this Topic    Discussions in this Topic