------------------------------------------------------------------------ Get your money connected @ OnMoney.com - the first Web site that lets you see and manage all of your finances all in one place. http://click.egroups.com/1/3012/7/_/480272/_/955439727/ ------------------------------------------------------------------------ There is 1 message in this issue. Topics in this digest: 1. Net-Alert Volume 3, Issue 2 From: Mark Neely <[EMAIL PROTECTED]> ________________________________________________________________________ ________________________________________________________________________ Message: 1 Date: Mon, 10 Apr 2000 23:02:07 +0930 From: Mark Neely <[EMAIL PROTECTED]> Subject: Net-Alert Volume 3, Issue 2 - - - - - - - - - - - - - - - - - - - - Net-Alert April 10, 2000 If you have any questions, comments or other feedback concerning Net-Alert articles, contact the Editor at <mailto:[EMAIL PROTECTED]> Previous editions of Net-Alert are available at http://www.onelist.com/archive/net-alert Subscription and unsubscription details are available at the end of this newsletter. ____________________ Contents: ## 911 Virus - Not an April Fools joke ## Holding "virtual sit-ins" ## Big figures in online crime ## DoubleClick backdown ## Free protection for your PC ## More privacy worries ## Self-healing computers ____________________ 911 Virus - Not an April Fools joke A new, aggressive, self-replicating "worm" (similar to a computer virus) was reported on April 1 by the US Federal Bureau of Investigation. The worm is able to spread itself from computer to computer without any involvement by the computer's owner. It does this by scanning PCs connected to the Internet, looking for a specific security weakness. If it finds the weakness, it sends a copy of itself to the PC, over the Internet. It can do this without any indication that this is taking place, so most users won't know their machine is being infected. Once installed, the copy of the worm will search for other Internet computers to infect. Because it is able to copy itself to multiple machines, and because each copy of itself is able to infect other PCs independently, this worm may become very wide-spread very quickly. Once the worm has infected a PC, it may also format the computer's hard disk and attempt to instruct the PC's modem to dial "911" (which is the US emergency services number). From initial reports, it would appear that this worm is specifically targeting US computer users. However, there appears to be several variations of the worm, and it may be that future versions will have the capacity to attack computers located outside the US. For more information about this worm, including how to detect its presence, see the reports below. To test whether your PC has the security weakness exploited by this worm, use the free Shields UP! service, and follow the instructions provided by the service in the event it detects and security weaknesses. URLs ShieldsUP! - http://grc.com/x/ne.dll?bh0bkyd2 Virus Alerts: SANS Institute Alert http://www.sans.org/newlook/alerts/911worm.htm Symantec Alert http://www.symantec.com/avcenter/venc/data/bat.chode.worm.html McAfee Alert http://vil.nai.com/villib/dispVirus.asp?virus_k=98557 ____________________ Holding "virtual sit-ins" A popular "tool" for demonstrators is the sit-in. The humble sit-in helps gain media attention for causes, and draws complaints and issues to the attention of whatever company, organisation or government the protest is aimed at. It seems that new Internet tools - little more than slight modifications of the Distributed Denial of Services software covered in the last edition - will allow activists to take similar action online. Basically, demonstrators invite similarly minded individuals to register via a central coordinating Web site. On the designated sit-in date, registered individuals are sent an email which contains a Web page. The Web page contains special code so that, when it is loaded in a Web browser, it instructs the browser to repeatedly send page requests to the Web site of the target organisation/company. The idea is that the Web site will be overburdened in such a way that it gains the site owner's attention (in much the same way that occupying the HQ reception does), though it is done using relatively benign, peaceful and (possibly) legal means. URLs Electrohippies Paper: http://www.gn.apc.org/pmhp/ehippies/files/op1.htm Rebuttal: MSNBC article: http://www.msnbc.com/news/380065.asp ____________________ Big figures in online crime I must admit to being terribly cynical when it comes to reading estimates of the losses caused by "computer crime". In the late 80s and early 90s, there were a number of prosecutions against computer criminals (aka "hackers") in the US (as part of the government's so-called "Hacker Crackdown"). On most occasions, the corporate victims were requested to submit affidavit evidence detailing the level of damages (that is, financial loss) caused by the defendant's alleged crimes (this affected the severity of the sentence in the event the defendant was found guilty). Many corporations submitted evidence to the effect that the crime cost them tens of millions of dollars in damages. Further investigation, however, would often reveal that, in calculating these cost figures, the companies would include the original development costs of the system compromised, or the software stolen. This is tantamount to suing a vagrant that breaks your window for $500400 - $400 for the window, and $500 000 for the original cost of building the house. It seems the rubbery-figured corporates are at it again. The Computer Security Institute ("CSI") recently published a survey of major corporations and public agencies in which they (the corporates and agencies) estimated their computer crime losses at $US266 million in 1999. Based on that, CSI has estimated that the total losses attributed to computer crime annually at $US10 billion. I'd love to see how the original respondents "guestimated" their losses. URLs CSI Press Release http://www.gocsi.com/prelea_000321.htm ____________________ DoubleClick backdown DoubleClick, as recently reported in Net-Alert, were developing new profiling technologies that would allow them to both identify individual Web users and keep track of them as they moved from Web site to Web site - through the use of cookies and profiling software. The public uproar was quite intense, which forced DoubleClick into to providing an "opt-out" option, which allowed individuals to elect not to be tracked or monitored. Many users didn't think this went far enough - they thought DoubleClick should only work on an "opt-in" basis. It seems that the DoubleClick controversy only started to really heat up when its partners - the companies featuring its advertising banners (and, therefore, cookies) on their Web sites - started to get a little nervous and were publicly distancing themselves from DoubleClick. Included were AltaVista (which accounted for more than 20% of DoubleClick's revenue) and Kosmo. This led to DoubleClick's share price being cut by a third in value. Consequently, DoubleClick announced that it would "delay" its plans for the new technologies. DoubleClick CEO, Kevin O'Connor, issued a statement in which he admitted the company had been trying to act without public agreement, and that: "We commit today, that until there is agreement between government and industry on privacy standards, we will not link personally identifiable information to anonymous user activity across Web sites." ____________________ Free protection for your PC Responding to the well-publicised Distributed Denial of Services attacks, which involved the hijacking of computers owned by a number of innocent Internet users for use as platforms to institute Internet-based attacks, Aladdin Knowledge Systems, author of the popular Internet protection utility, eSafe Desktop, has released a free version for home users: "In light of the recent Distributed Denial of Service vandals that hijacked computers of innocent users and used them to launch the attack on several high-profile Internet sites, we believe we can help make the Internet a safer place by offering our Desktop product free of charge to home users", said Shimon Gruper, Aladdin's Executive Vice President for Internet Technology. "eSafe Desktop 2.2 offers the most pre-emptive digital asset protection on the market. It snares malicious vandals before they can cause irreparable damage or access confidential information on a user's machine." eSafe Desktop protects PCs from computer viruses and worms, as well as other malicious, Web- and Internet-based attacks, and includes a personal firewall. The free version includes virus signature updates as well. URLs Press Release http://www.ealaddin.com/news/2000/esafe/freedesk.asp eSafe Desktop http://www.ealaddin.com/home/solutions/homeusers.asp ____________________ More privacy worries It seems that some companies never learn. Fast on the heels of the DoubleClick controversy was the revelation that some "free", advertisement-supported Internet software programs, including 3D-FTP, Admiral VirusScanner, Aureate SpamKiller, CDMaster32, CuteFTP 3.0 and GetRight, collect information about the use of their products and report these details back to the software creator. Gibson Research Corporation, which offers the very popular ShieldsUP! PC security testing service mentioned earlier, has released a program called OptOut, which will automatically check your PC for the presence of such "spyware" programs and disable their "spy" modules. A word of caution first: Much debate and anger has arisen since it was disclosed that certain programs have the ability to "report back" to their creators without the knowledge or consent of their users. To date, however, it has not been demonstrated that the software reports anything other than what advertisements were displayed and when, and how often a user uses the software. There is no indication or proof that the software reports any other information about the user or his or her use of the Internet in general. Having said that, some users may find the presence of such software on their PC unnerving. In which case, you can download and run OptOut to check for and remove the key files that allow the reporting. However, doing so may result in your being unable to use the problem software anymore. URLs OptOut! http://grc.com/optout.htm Shields UP! https://grc.com/x/ne.dll?bh0bkyd2 ____________________ Self-healing computers Something that has been "on the drawing board" for some time may finally be turning into reality. Researchers at IBM and Symantec are said to be putting the final touches on the "Digital Imune System" - an anti-virus system that runs over networks and which is designed to automate (and therefore considerably speed up) the process of detecting and eradicating viruses. Rather than warn a user that his or her PC is infected with a virus, the software captures a copy of the infected file and forwards it to a central server for analysis. There, the virus is intentionally allowed to infect multiple computers, which then work out an antidote or a strategy for counteracting it. The virus's "signature" (i.e. tell-tale signs or code) plus an antidote is tested and then sent back to the PC which reported the problem, which then installs the antidote and eradicates the virus - no human intervention necessary. Sounds very interesting indeed! ____________________ Send a copy of Net-Alert to a friend. Forwarding this newsletter to friends and colleagues is encouraged, providing the message is forwarded in its entirety, including the copyright notice. ____________________ If you received this copy of Net-Alert from a friend, you can subscribe by visiting the following URL: http://www.onelist.com/subscribe/net-alert or by sending a blank email to [EMAIL PROTECTED] To UNSUBSCRIBE, send a blank email to [EMAIL PROTECTED] ____________________ Net-Alert is copyright (c) Mark Neely 2000 Forwarding this message to friends and colleagues is encouraged, providing the message is forwarded in its entirety, including this copyright notice. - - - - - - - - - - - - - - - - - - - - ________________________________________________________________________ ________________________________________________________________________