From: Mark Neely <[EMAIL PROTECTED]> - - - - - - - - - - - - - - - - - - - - Net-Alert 21 July 1999 If you have any questions, comments or other feedback concerning Net-Alert articles, contact the Editor at <mailto:[EMAIL PROTECTED]> Previous editions of Net-Alert are available at http://www.onelist.com/arcindex.cgi?listname=net-alert Subscription and unsubscription details are available at the end of this newsletter. ____________________ Contents: ## Anti-BO2K tools ## Hackers hacked? ## Keeping tabs on email ## War with computer criminals gets nasty ## Just how anonymous are anonymous Web services? ## Credit card fraud ## Credit card scam ## eBay fraud prosecution ## Virtual models? ____________________ Anti-BO2K tools After some confusion and delay, the Cult of the Dead Cow released Back Orifice 2000 earlier this week, as foreshadowed in the last issue of Net-Alert. While BO2K doesn't constitute a new threat (it is really only an extension of the earlier Back Orifice trojan horse), it is certainly a good idea to take steps to protect your PC against it. Below are some URLs offering information about the program, what it can do, how to detect it and how to defend against it. There is also a link to a program called "Cassandra" (appropriately named after the Trojan goddess who tried to warn the Trojan people of the original "trojan horse"), which can detect BO2K, among other trojan horse programs. Most popular anti-virus program vendors have now released updates that will protect user's computers against BO2K. Be sure to update your anti-virus program. URLs: Data Fellows BO2K Web page http://www.datafellows.com/v-descs/bo2k.htm Sophos Alert http://www.sophos.com/downloads/ide/index.html#bo2k XForce Alert http://xforce.iss.net/alerts/advise31.php3 Symantec Anti-Virus Research Center advisory http://www.norton.com/avcenter/venc/data/back.orifice.2000.troj an.html Cassandra download site http://www.win32software.com/software.htm ____________________ Hackers hacked? In a related story, the Cult of the Dead Cow endured considerable embarrassment when it was forced to admit that the CDs it distributed at the DefCon conference containing its BO2K program were infected with a particularly nasty computer virus called CIH (also known as Chernobyl). URL: CNet article http://www.news.com/News/Item/0%2c4%2c39272%2c00.html?dd.ne.txt .0716.09 ____________________ Keeping tabs on email One of the questions most commonly asked by new users is: "How do I know that my email was delivered or read?". The short answer is: there is no way to tell, except perhaps to call the recipient and ask. A new service, free to all Internet users, may help solve this dilemma. CertifiedMail.com allows users to track email messages sent via the service, and provides details of exactly when messages are opened or retrieved. It caters for both personal and business users, and offers a range of extra “add-on” services for business users (though there is a charge for these added services). The way it works is quite straightforward. After you have registered with the service, you can log into the member area, which has an online form for composing messages. When you send the message, the recipient receives a notice advising that they have an important message. To retrieve it, they must click on the link contained in the notice. This takes them to the site where they can read your message and retrieve any attachments. When they do, the time and date is recorded on a log, so you can see that the message has been read. URL: CertifiedMail http://www.certifiedmail.com ____________________ War with computer criminals gets nasty Network Associates has announced the availability of a new tool in the fight against computer criminals: a "decoy" server program called CyberCop Sting. As its name suggests, once the decoy server is deployed on a company's network, it tracks all attempts to break-in or otherwise interfere with the server, records their details and creates detailed reports for further investigation. According to the company's press release: CyberCop Sting operates by creating a series of fictitious corporate systems on a specially outfitted server that combines moderate security protection with sophisticated monitoring technology. The Sting product creates a decoy, virtual TCP/IP network on a single server or workstation and can simulate a network containing several different types of network devices, including Windows NT servers, Unix servers and routers. Each virtual network device has a real IP address and can receive and send genuine-looking packets from and to the larger network environment. Each virtual network node can also run simulated daemons, such as finger and FTP, to further emulate the activity of a genuine system and avoid suspicion by would-be intruders. ____________________ Just how anonymous are anonymous Web services? Anonymous Web browsing services, which protect your privacy by acting as a proxy service that hides your computer's details (including your IP address) and blocks access to cookies while you explore the Net, may not be as anonymous as initially thought, thanks to a Java/Javascript security weakness. If your Web browser is configured with Java and Javascript "enabled", it is possible to circumvent anonymous proxy services and query the Web browser directly for the information. URL: BUGTRAQ Report http://www.securityfocus.com/templates/archive.pike?list=1&msg= [EMAIL PROTECTED] ____________________ Credit card fraud Many consumers are afraid to purchase goods and services over the Internet lest their credit card details should fall into the hands of criminals. While the risk of this occuring is real, it is quite low. In fact, the risk is not much greater than when purchasing from mail-order catalogues or by telephone. But there is a seldom discussed twist to the issue: you don’t actually have to use your credit card to purchase goods over the Internet to be the victim of online credit card fraud. “Credit card number generator” programs have been widely available for many years. These are computer programs that create credit card numbers using the same, supposedly “secret”, algorithms used by the banks to generate the numbering sequence used on the front of credit cards. Computer criminals use such programs to generate thousands of credit card numbers at a time, then visit online storefronts and attempt to purchase goods. If the transaction is processed without problem, they know they have a “valid” credit card number. They can then use this number (for a limited time at least) to purchase products and services both online and offline. Remember, these criminals haven’t “stolen” credit card numbers from an online storefront, or captured transaction details. They’ve literally just made up credit card details. So even if you don’t purchase goods online, your credit card details may not be safe. You should always check your credit card statements thoroughly as soon as they arrive. ____________________ Credit card scam This scam is a variation of one covered in an earlier issue of Net-Alert. Scammers have been cold-calling consumers and identifying themselves as representatives from their credit card company. They claim that in order to deal with certain Y2K issues, the credit card company is sending a replacement magnetic strip for the back of the card, without which the card won't function after January 1, 2000. The scammer then asks for the consumer's credit card details for verification. Just say no! ____________________ eBay fraud prosecution Robert Guest, 31, of Blue Jay, California, pleaded guilty to defrauding buyers on the eBay online auction service. Guest offered several items for sale but failed to deliver them after collecting payments, netting around US$37 000 between March and May 1998. eBay has since made a number of modifications to its auction service aimed at protecting both buyers and sellers from fraudulent activities. ____________________ Virtual models? Well, I guess it had to happen. The Elite modeling agency, "the world's largest and most prestigious modeling agency", has launched a new division specialising in "virtual" models and actresses (yes, that's right, computer generated 3D characters). According to the agency's press release, it has already "signed" its first virtual model, Webbie Tookay (I'm almost certain that that is an attempted pun on their part). In launching the new division, Elite Illusion 2K - Virtual Models and Actresses Management, Elite claims to be "...launching a new concept of beauty for the next millennium". They might have something there. I suppose virtual models don't throw temper tantrums, suffer from weight problems or hang out with the wrong crowds! You can see the result of Tookay's first "photoshoot" online. URL: Virtual Model http://www.illusion2k.com:81/photos/index.htm ____________________ Send a copy of Net-Alert to a friend. Forwarding this newsletter to friends and colleagues is encouraged, providing the message is forwarded in its entirety, including the copyright notice. ____________________ If you received this copy of Net-Alert from a friend, you can subscribe by visiting the following URL: http://www.onelist.com/subscribe/net-alert or by sending a blank email to [EMAIL PROTECTED] To UNSUBSCRIBE, send a blank email to [EMAIL PROTECTED] ____________________ Net-Alert is copyright (c) Mark Neely 1999. Forwarding this message to friends and colleagues is encouraged, providing the message is forwarded in its entirety, including this copyright notice. - - - - - - - - - - - - - - - - - - - - --------------------------- ONElist Sponsor ---------------------------- Start a new ONElist list & you can WIN great prizes! http://www.onelist.com See homepage for details on ONElist's new "FRIENDS & FAMILY" program. ------------------------------------------------------------------------
