CRIME NIPC Daily Report 16 May 02

From: George Heuston (GeorgeH@private)
Date: Thu May 16 2002 - 07:17:41 PDT

  • Next message: Zot O'Connor: "CRIME [Fwd: FPC-News - A terrorist attack on your privacy]"

    Microsoft urges Windows users to download a fix for Internet Explorer. 
    Microsoft announced that six new flaws have been found in its Web 
    browser. Three of the flaws are considered critical and one of them; a 
    cross-site scripting error, affects only Internet Explorer 6.0 and would
    
    allow an attacker or a worm to run a program on the victim's computer. 
    The 2MB download includes all the old repairs for Internet Explorer 
    5.01, 5.5 and 6.0, plus patches for the latest six holes. (CNET News.com
    
    13 May)
    
    Deceptive Duo suspects netted in FBI raids. Teenager Robert Lyttle, aka 
    hacker Pimpshiz, 18, has been linked to another round of high-profile 
    web-site defacements following FBI raids targeting the Deceptive Duo. 
    Lyttle told Newsybtes that he "can't confirm or deny" that he and 
    another hacker known as "The-Rev" were the Deceptive Duo who recently 
    slipped in to a host of poorly secured servers operated by the U.S. 
    military, Sandia National Laboratories and an assortment of government 
    agencies and banks. Kelly Hallissey, an online den mother to young 
    hackers, told reporters that Lyttle had revealed his new, 
    headline-grabbing identity to her and said that cracking the 
    high-profile web sites was needed to alert officials to security holes 
    in the networks of critical agencies. (Newsybtes, 15 May)
    
    Canada Communications Security Agency expanding workforce. Canada's 
    Communications Security Establishment, responsible for Signals 
    Intelligence and Information Technology Security, expects to expand its 
    workforce by at least one third over the next 18 months. According to 
    the CSE public web-site, the agency is responsible for collecting 
    foreign intelligence that can be used by the government for strategic 
    warning, policy formulation, decision-making, and day-to-day assessment 
    of foreign capabilities and intentions. The CSE is also responsible for 
    providing technical advice, guidance, and services to the Government of 
    Canada to maintain the security of its information and information 
    infrastructures. Barbara Gibbons, director general of CSE's corporate 
    services, is quoted as saying "To our knowledge, this is the biggest 
    [recruitment] in our history." The hiring drive is a result of increased
    
    demand for the agency's expertise in the aftermath of the September 
    terrorist attacks on the United States. (Toronto National Post Online, 
    13 May)
    
    WWU Comment: The CSE maintains a working relationship with its allies in
    
    the US, UK, Australia and New Zealand. Increased capability of the CSE 
    will enhance the United States' capability to predict and respond to 
    threats to the infrastructure.
    
    Carnegie Mellon University is expected to formally announce its 
    "sustainable computing consortium" on May 16th. CMU will join with big 
    players in IT, software development and NASA, to explore new techniques 
    for measuring software quality and security sustainability. The 
    companies will collaborate and share ideas on proprietary software and 
    intellectual property. According to the group's authors, ""Consortium 
    members support the creation of standards and specifications that allow 
    for the measurement and enhancement of software quality, dependability 
    and security. Sustainable software encompasses technology, measurement, 
    policy, economic and market dimensions. (Topic Advocate 14, May)
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:12 PDT