|
20 December 2001 - PayPal Spam Scam Doesn't Pay Off
Not many people appear to have been fooled by a phony PayPal e-mail
asking customers to update their information - including credit
card details - at a phony web site in return for a $5 account credit.
http://www.theregister.co.uk/content/6/23479.html
18
December 2001 - Social Engineering Tactics
Crackers use a variety of social engineering tactics to obtain access
to computer systems. They can exploit the good will of people working
the help desk, peer over shoulders to gather PINs and passwords,
sift through trash, impersonate network administrators on line,
or even pretend to be trusted support personnel to gain physical
access to computers. A future installment will address identification
and prevention of social engineering attacks.
http://www.securityfocus.com/infocus/1527
17
December 2001 - Al Qaeda Suspect Says They've Sabotaged Windows
XP
A suspected Al Qaeda member, arrested in India in early October,
allegedly claimed other members of the terrorist network managed
to secure jobs at Microsoft and tried to build backdoors and bugs
into the company's new XP operating system. A Microsoft spokesman
was skeptical of the statement.
- web stories removed by source -
13
December 2001 - Gokar Worm
Gokar is a mass mailer worm that spreads via email (Outlook and
Outlook Express), mIRC and web servers running IIS software. Users
must click on an attachment to become infected, and the worm runs
each time an infected computer is booted up. The attachment file
extension will be .pif, .scr, .exe, .com, or .bat; the subject,
body text, and file names vary. http://www.computerworld.com/storyba/0,4125,NAV47_STO66586,00.html
13
December 2001 - Davis Wants GISRA to be Permanent
Representative Tom Davis (R-Va.) is developing legislation that
would make the Government Information Security Reform Act (GISRA)
permanent and would include mandatory information security standards
for government agencies. GISRA will expire in October 2002.
http://www.fcw.com/fcw/articles/2001/1210/web-gisra-12-13-01.asp
6
December 2001 - Football Association Computers Stolen
Thieves stole laptop computers, hard drives and computer disks from
England's Football Association's London headquarters. The information
contained on the stolen items includes team travel plans, security
arrangements and bank information.
http://www.theregister.co.uk/content/55/23197.html
6
December 2001 - CA Governor Halts Sale of Personal Data
California Governor Gray Davis has imposed a 45-day moratorium on
the sale of birth and death records to private companies who were
publishing the information on the Internet after state legislators
became concerned the information could be used to steal people's
identities.
http://news.cnet.com/news/0-1005-200-8090554.html?tag=prntfr
5
December 2001 - Goner Worm Virus Hits Hard
The goner worm virus comes by email, offers a screen saver, spreads
rapidly, infects large numbers of user files, and tries to delete
firewall and antivirus software.
http://www.cnn.com/2001/TECH/internet/12/04/goner.worm/index.html
14
November 2001 - Survey Finds Businesses Focus on Wrong Measures
A KPMG survey of 500 executives from multinational corporations
found that the majority believed the solution to security problems
is to purchase the right technology. KPMG says they are wrong and
that developing a strategy that includes education, training and
policy is a more effective response.
- web stories removed by source -
9
November 2001 - Instant Messaging Security Issues
As instant messaging (IM) services increase in popularity we are
likely to see a parallel increase in related security issues. Because
most security products do not address IM services, companies need
to implement clear policies regarding IM use. - web stories removed
by source -
9 November 2001 - Police Find Pirated Microsoft Products in Singapore
Police raids in Singapore netted over 4,000 pirated copies of Microsoft
software products, the majority of which were Windows XP. People
convicted of software piracy in Singapore could be sentenced to
as many as seven years in prison. - web stories removed by source
-
8
November 2001 - Former HP Employee Allegedly Committed a Plethora
of Security Transgressions
A former Hewlett-Packard employee allegedly sabotaged Superdome
performance tests by sending reset commands, reformatting disks
and cutting cables. Hock-Beng Lim also allegedly copied large quantities
of a co-worker's e-mail, connected to machines on which he did not
have access privileges, and deleted evidence that connected him
to the problems. http://chkpt.zdnet.com/chkpt/printthisclick/www.zdnet.com/filters/printerfriendly/0,6061,5099406-2,00.html
8
November 2001 - Tips for Avoiding Socially Engineered Hacks
Because hackers can use many small, seemingly innocuous pieces of
gathered information to initiate an attack, companies are well advised
to be on their guard against social engineering - exploiting people's
naturally helpful natures into disclosing sensitive information.
Among other security precautions, the author of this article advises
asking for identity authentication before offering sensitive information
and when you see strangers in your work area and using
a shredder that cross-cuts documents into confetti-like pieces.
http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO65473,00.html
7
November 2001 - Malicious Code Commandeers Searches
Malicious code embedded in some web sites can cause Internet Explorer
to send surfers where they don't want to go. Some of the guilty
sites have instructions for undoing the "enhancements."
While it is unclear which vulnerability is being exploited, security
expert Georgi Guninski recommends that users disable scripting in
both IE and the Outlook e-mail program. http://www.wired.com/news/technology/0,1282,48177,00.html
7
November 2001 - Former IRS Worker Sentenced in Computer Sabotage
Case
Claude R. Carpenter II, a former IRS subcontractor employee,
was fined $109,000 and sentenced to 15 months in prison for intentionally
damaging an IRS computer. http://www.gcn.com/vol1_no1/daily-updates/17454-1.html
31
October 2001 - The Human Element of Security
John Dickinson reminds readers that people are an important line
of defense in computer security: don't open attachments if you don't
know what they are, who they're from or weren't expecting them,
be wary of attachments with certain extensions, including .exe,
.vbs, and .dll, and adjust program security settings.
- web stories removed by source -
26
October 2001 - Man Sentenced in Software Pirating Case
Paul Stamatis received a two-year prison sentence and must pay Microsoft
half a million dollars in restitution for distributing pirated software.
http://news.cnet.com/news/0-1003-200-7672673.html?tag=prntfr
25
October 2001 - Bank Intruders Most Likely Employees
The U.S. Treasury says 60 percent of the computer intrusions reported
by banks and other financial institutions in the first four months
of 2001 were committed by insiders. The findings were included in
the department's semiannual Financial Crimes Enforcement Network
report, released Monday. This is the first time computer intrusions
are being included in the regular review. The report also concludes
that the number of confirmed identity thefts is likely to more than
double this year, based on earlier figures. U.S. banks reported
332 cases of identity theft between Jan. 1 and April 30, compared
to 637 cases for all of 2000. "That amounts to a 50 percent
increase from the same period a year ago," according to the
review.
25 October 2001 - Antset Virus
The Antset virus arrives as an attachment that claims to be a Trojan
horse scanner; instead, it sends itself out via Outlook and to any
e- mail addresses it finds in PHP, HTM, SHTM, CGI and PL files.
http://www.zdnet.com/zdnn/stories/news/0,4586,2820285,00.html?chkpt=zdhpnews01
22
October 2001 - Security Manager's Journal: Security Review
The events of September 11th compelled the security manager to conduct
a review of security practices at his company. He reviewed access
permissions and examined physical security by wandering through
various offices looking for poorly hidden passwords and unsecured
areas. He also plans to review the company's disaster preparedness
and business continuity plans and to test hiring practices with
an eye to keeping out those who are trolling for company security
information. http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO64933,00.html
19
October 2001 - Red Cross Says Trojan Could Steal Personal Data
The American Red Cross has issued a warning about the Septer.Trojan
that appears to be an e-mail donation form. When the bogus form
is filled out, the information is sent to a web site that is not
affiliated with the Red Cross. The program does not self-replicate;
the e-mails with the infected attachments must be sent out manually.
http://www.computerworld.com/storyba/0,4125,NAV47_STO64948,00.html
16 October 2001 - Passwords Still Too Easy to Crack
A book written by risk management consultants says that users still
choose passwords that are very easy to crack. Some people choose
easy to guess passwords like names of family members; others use
the same password for a variety of systems. The book points out
that while a four-character password that uses only letters can
be broken within minutes, a seven-character password that incorporates
digits significantly increases the cracking time.
- web stories removed by source -
16
October 2001 - Anthrax Virus Shows Depravity Of Virus Writers
A new virus, with subject line "Antrax Info." offers to
show a photo of anthrax side effects.
- web stories removed by source -
15
October 2001 - Review Internal Security, Say Experts
In the wake of the September 11 attacks, cybersecurity experts are
encouraging businesses to reexamine their security policies with
special attention paid to internal threats and physical security.
No scenario is too improbable to consider. This article also includes
a list of suggested security measures.
http://www.computerworld.com/storyba/0,4125,NAV47_STO64774,00.html
27
September 2001 - Physical Security Counts
A network administrator's boss denied his request to house a server
for a new application in a secure location; several weeks later,
the administrator found that someone had reinstalled DOS on the
machine and loaded a game. http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO64267,00.html
26
September 2001 - Schneier: Security is Getting Worse
Speaking at the Information Security Solutions Europe (ISSE) conference
in London, Bruce Schneier voiced the opinion that security cannot
keep pace with the growing complexity of the Internet. Schneier
also spoke out in favor of collaboration, pointing out that hackers
combine forces while businesses isolate themselves. - web stories
removed by source -
21
September 2001 - Employees are Key to Security
Security software and hardware cannot do their jobs effectively
without employees who are well-trained in good security practices.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci771517,00.html
28
August 2001 - Home Users Need Firewalls
Home users are beginning to understand that everyone who connects
to the Internet should use a firewall as evidenced by the surge
in firewall sales that followed the Code Red and SirCam infestations.
However, a recent CERT/CC summary indicates that many home users
are still not current with software patches and anti-virus software,
and are not careful about attachments. http://news.cnet.com/news/0-1006-200-6994590.html?tag=prntfr
22
August 2001 - VA Tightens Security for Managers and Employees
In a move to improve security at the Department of Veterans Affairs
(VA), program managers will have to sign contracts certifying that
they have installed security measures to protect information in
all projects under their leadership. The VA will also publish a
new telecommuting policy for employees.
http://www.fcw.com/fcw/articles/2001/0820/web-va-08-22-01.asp
20
August 2001 - Used Computers Still Hold Company Files
In the chaos that ensues when dot-coms go under, some company machines
are sold at auction before they've been wiped clean of sensitive
data. There are programs available that will clear hard drives.
- web stories removed by source -
20
August 2001 - HTML Form Protocol Attack
A German computer programmer has written a paper describing how
crackers could manipulate HTML technology to trick browsers into
sending commands through firewalls. - web stories removed by
source -
23
July 2001 - Financial Institutions Need Stronger Information Safeguards
Some major financial institutions are not using passwords or codes
to ensure customer account security; instead, they are relying on
the old standbys of such readily available information as Social
Security numbers (SSNs) and mothers' maiden names as identifiers.
As a result, the banks can easily fall prey to social engineering
ploys and release sensitive data to identity thieves.
http://www.washingtonpost.com/wp-dyn/articles/A27475-2001Jul20.html
23 July 2001 - FBI's Missing Laptops
The FBI began tracking its laptops only last year. In the last 11
years, 184 of 13,000 laptops have disappeared; at least 13 were
stolen and three contained sensitive or classified data. Legislators
are unhappy, and Attorney General John Ashcroft has requested an
inventory of Bureau laptops and other items. http://www.fcw.com/fcw/articles/2001/0723/news-fbibx-07-23-01.asp
20
July 2001 - CERT/CC Advisory for Home Users
CERT/CC has issued a security alert urging home users to protect
their computers with antivirus software, firewalls, and good practices.
http://www.cert.org/advisories/CA-2001-20.html
20
July 2001 - Privacy and Security Require Change from the Inside
Out
At a panel discussion at the University of Chicago Law School the
consensus was that privacy and security will become manageable not
through "quick fixes," but through change from within
the company culture itself. [Note from SAI: this can only occur
through security awareness efforts] Ontario's Information and Privacy
Commissioner said that "legislation can't work without self-regulation."
One CIO said that companies should make security requirements a
part of contracts between businesses.
http://www.computerworld.com/storyba/0,4125,NAV47_STO62411,00.html
9
July 2001 - Easing the Security Headache for Users
Because security measures are generally tacked on after computer
systems are designed, users often find them cumbersome and develop
methods for bypassing permissions, virus filters, digital certificates
and the like. Unfortunately, passwords on post-its and disabled
filters undermine security.
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO62041,00.html
6
July 2001 - One Third Of On-Line Workers Monitored Constantly
The Privacy Foundation reported that employers are monitoring email
and/or web surfing activities of 30 to 40 per cent of all US workers
who have an Internet connection. The story includes a very useful
question and answer feature about how much monitoring is legal and
what type of communication is private.
- web stories removed by source -
25
June 2001 - Termination Policies for Good Security
Security analysts warn that layoffs could present security problems
for companies unless explicit termination policies are established
and followed. The security concern @Stake recommends logging perimeter
connections so holes can be closed upon an employee's departure,
and disabling passwords and accounts - remembering to check for
any unofficial accounts that may have been set up.
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO61663,00.html
18
June 2001 Elements of a Good Security Awareness Program
A good security awareness program will address social engineering,
passwords, insider threats, and cyber ethics. - web stories removed
by source -
21
June 2001 - Phone Phreaking Bill Dispute
Crackers took advantage of a Georgia realty firm's 800 number to
makenearly $90,000 in overseas calls; as no culprits have been caught,
the small company disagrees with AT&T about who should foot
the bill. Businesses can protect themselves from such attacks by
using arcane passwords, changing them habitually, keeping passwords
secret, and blocking international phone service if it is never
used.
http://www.accessatlanta.com/partners/ajc/epaper/editions/thursday
/business_b3130921445570660025.html
1
June 2001 - Gartner Analysts Point to Complacency as Root of Increased
Infections
Gartner analysts say the rise in e-mail worm infestations is due
to complacency, and advise IS organizations to continuously educate
users about guarding against e-mail-borne infections, to establish
and enforce strong security policies, and to strip .vbs files from
messages.
http://news.cnet.com/news/0-1003-201-6157094-0.html?tag=prntfr
31
May 2001 - SULFNBK.EXE Worm Hoax
A hoax e-mail may have convinced many people to delete SULFNBK.EXE,
a Windows utility, from their hard drives. While the e-mail may
have begun with good intentions - there have been reports of e-mails
containing copies of the file infected with W32.Magistr.24876@mm
- the hoax e-mail uses social engineering to get people to do the
work of a malicious worm.
A Symantec site offers information about the hoax e-mail and instructions
for restoring the deleted file.
http://www.symantec.com/avcenter/venc/data/sulfnbk.exe.warning.html
31 May 2001 - Former Employees Hack for Revenge
Federal investigators say the incidence of unhappy former employees
attacking companies' computer systems is increasing. One man altered
customer accounts and deleted databases in his former employer's
system; another sent phony e-mails that appeared to come from the
management at
the company where he had worked as a contract employee. An FBI computer
intrusion squad agent points out that it is important to be aware
of who has been fired because computer access is not always cut
off when employment is terminated.
http://www.usatoday.com/life/cyber/tech/2001-05-31-revenge-hacking.htm
29 May 2001 - The Costs of CyberCrime
In 1999 businesses spent over $7 billion to protect themselves from
cybercrimes; last year, computer attacks cost businesses over $17
billion, up from more than $12 billion in 1999. Experts say that
security risks can be decreased with the use of stringent security
measures and internal policies, and of course, vigilant monitoring.
http://detnews.com/2001/technews/0105/29/b01-229644.htm
29 May 2001 - Researcher Says Education is Key to Halting Viruses
Sarah Gordon, a researcher studying virus writers and hackers, uses
her skills not to track down criminals, but to develop cybercrime
deterrents. She believes that education is the key to stemming the
tide of malicious cyber activity because there is a "fundamental
disconnect" between people's on-line and off-line behavior.
http://www.wired.com/news/culture/0,1284,43839,00.html
24
May 2001 - Trojans are Stealthy, Damaging and Tenacious
Trojan horse programs can be used by malicious hackers to spy on
and stalk people, manipulate data and computers, steal money from
bank
accounts, and launch denial of service attacks. Trojans often slip
into a computer while hidden in screensavers, games, e-mail messages
or web
pages, and they can be hard to detect and remove. The best methods
may be reverting to a clean back-up or re-installing clean copies
of software.
http://www.wired.com/news/technology/0,1282,43981,00.html
24
May 2001 - Software Piracy Cost Industry $11.8 Billion Last Year
The Business Software Alliance estimates that piracy cost software
companies $11.8 billion in lost sales each year. The BSA has made
an impact through their vigilant efforts to address the problem.
One in 4 software programs is an unauthorized copy, down from 1
in 3 five to seven years ago.
- web stories removed by source -
23
May 2001 - Social Security Numbers and Identity Theft
Social security numbers can be purchased on line and used to steal
people's identities and fraudulently obtain credit. Legislation
has been introduced which, if passed, would restrict requests for
social security numbers as identifiers and would ban their sale
and display on public documents. One legislator wants the government
to issue all citizens new social security numbers that will be kept
secret.
http://www.usatoday.com/life/cyber/tech/2001-05-23-id-theft-solutions.htm
21
May 2001 - Security Practices and Liability
Companies need to show "due diligence" in protecting their
IT assets or they may find themselves facing liability suits for
security breaches involving their machines, cautioned security experts.
Companies would be well advised to employ security technology such
as firewalls, intrusion detection systems and VPNs as well as establish
consistent policies, procedures, and awareness training.
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60729,00.html
14
May 2001 - FBI Security Review
In the wake of the Hanssen spy case, the FBI is conducting a review
of its computer security practices, policies, and procedures.
http://www.fcw.com/fcw/articles/2001/0514/web-secure-05-14-01.asp
7 May 2001 - The Changing Role of the Security Professional
As companies come to realize the potential dollar costs of security
lapses and the importance of IT security, the role of security professionals
is expanding. This article profiles one such director of information
security who says that along with solidtechnical skills, strong
communication and business skills are important. http://www.computerworld.com/cwi/story/0,1199,NAV47_STO60207,00.html
25
April 2001 - DISA Official Urges User Accountability for Security
Personnel who neglect security protocol should be held accountable,
said the Defense Information Systems Agency (DISA) Vice Commander
Maj. Gen. Dave Bryan who was speaking at a technology symposium.
He noted that of the 245 successful attacks against Defense Department
systems last year, 96% could have been prevented if personnel had
adhered to protocol. http://www.gcn.com/vol1_no1/daily-updates/4028-1.html
30
March 2001 - Internet Explorer Security Hole
A vulnerability in Microsoft's Internet Explorer 5.01 and 5.5 could
lead to automatic execution of attachments arriving with MIME-encoded
HTML e-mail. Crackers could exploit the vulnerability to alter files
or reformat the hard drive on targeted computers. A patch for the
security hole is available, and the problem is addressed by IE 5.0
Service Pack 2. Users can also protect themselves by disabling downloads
in IE's "Security Zone." http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO59121,00.html
30
March 2001 - VeriSign Victim of Social Engineering
VeriSign's mistaken issuing of two digital certificates to someone
posing as a Microsoft employee underscores the threat of human error
in the chain of security. Security procedures can sometimes contain
vague elements; for example, it may be unclear who within an organization
is responsible for employee identity verification. http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO59099,00.html
13
& 15 March 2001 - New Version of SubSeven More Dangerous
A new version of the SubSeven backdoor program has emerged. The
program allows crackers to perform a variety of activities on targeted
computers, including retrieving saved passwords, uploading, downloading
and altering files, and modifying the registry so the program runs
whenever Windows is rebooted. http://www.vnunet.com/News/1119001
http://news.cnet.com/news/0-1003-200-5147606.html?tag=prntfr
12
March 2001 - Securing the Home Office
Working at home presents special security concerns. In order to
protect machines from intruders, the InfoWorld Test Center recommends
that home office users install personal firewalls and SOHO (small
office/home office) routers, and that users identify and change
all default passwords. http://www.infoworld.com/articles/tc/xml/01/03/12/010312tcsoho.xml
1
March 2001 - Twelve Keys to Security
While 100% security is not a reality, experts offer twelve security
essentials, which include applying appropriately differing levels
of security to different assets, spending carefully, approaching
security as risk management instead of threat avoidance, and educating
employees. http://www.cio.com/archive/030101/keys.html
16
February 2001 - Credit Card Info Stolen from Brazilian Internet
Users
A malicious e-mail tricked more than 10,000 ISP customers into
revealing their credit card number and expiration dates. The information
was sent to ISPs in the US and Brazil; Brazilian police are investigating
the incident. http://www.thestandard.com/article/display/0,1151,22287,00.html
1
February 2001 - New Virus Methods
Viruses are becoming more cunning in their methods of infection.
The Davinia virus sends out a link to a web site that contains a
Word document containing a macro virus. - web stories removed
by source -
3
January 2001 - Virus infection rates soar
The number of email viruses soared last year to the point where
one in 700 emails was infected. 2001 will prove as dire a year for
infection as 2000 unless users learn that opening an attachment
they are not expecting means running a high risk of infection.
http://www.theregister.co.uk/content/4/15751.html
5
November 2000 - Laptop Security
Though laptop thieves may be interested in selling a machine, victims
of laptop theft lose valuable data. Nothing beats vigilant physical
security when it comes to protecting your laptop. http://www.washingtonpost.com/wp-dyn/articles/A9633-2000Nov3.html
7
November 2000 - Mobile phone virus hoax makes the rounds
Sophos, one of the world's leading anti-virus developers, has
issued an advisory today about a hoax virus message which is being
distributed via email. A number of media organisations have written
about the threat, believing it to be true.
http://www.sophos.com/virusinfo/articles/unavailable.html
18
Octobert 2000 - Business spy threat is real, former CIA chief says
Threats to the security of business information are numerous
and they come from all directions, including organized crime syndicates,
terrorists and government-sponsored espionage. http://www.infoworld.com/articles/hn/xml/00/10/17/001017hnspy.xml
30
August 2000 - Don't Store Passwords on PCs
Anti-virus vendors caution against storing banking PINs and
passwords on your PC in light of the recent password-stealing ILOVEYOU
worm variant that hit United Bank of Switzerland customers. http://vnunet.com/News/1109796
29 August 2000 - Grading Government Information Security
The US House Subcommittee on Government Management, Information
and Technology last year graded agencies for Y2K compliance. Now
it plans to issue report cards on agencies' information security.
An information security executive feels the time and money would
be better spent providing the agencies with tools and best practices
information. http://www.computerworld.com/cwi/story/0,1199,NAV47_STO49211,00.html
24
August 2000 - Pokemon Worm Targets Children
The Pokey virus, which targets children wanting to view a picture
of the Pokemon character Pikachu, can wipe out Windows and Windows\system
directories on computers running Outlook. Users must open the e-mail
attachment to activate the worm, which replicates by sending itself
to the entire e-mail address book of the infected machine. - -
web stories removed by source -
17
August 2000 - The Next Wave of Viruses: Handhelds
Anti-virus experts are predicting that a new wave of viruses
will target handheld devices. Wireless Application Protocol (WAP)
devices appear to be immune to viruses, because the action takes
place on the server to which the devices connect. - web stories
removed by source -
13 August 2000 - UK Safeway Customers Receive E-Mail Hoax
A cracker apparently accessed a UK Safeway database and sent
hoax e- mails to many customers, announcing price hikes and advising
them to shop elsewhere. A Safeway spokesperson says the company
is trying to track down the origin of the security breach. http://news.cnet.com/news/0-1005-200-2511703.html
10
August 2000 - White House Staff Downloaders Disciplined
Some White House staffers were reprimanded or suspended after
a review of server logs revealed unauthorized downloads. Computer
security measures at the White House include a "no personal use"
policy, a click-through screen acknowledging that policy, and firewalls
blocking access to certain sites. Sending photos of any sort is
strictly forbidden; the firewall deletes all attachments. A White
House spokesperson acknowledged that cyber security is an evolving
process. http://www.zdnet.com/zdnn/stories/news/0,4586,2614219,00.html
29 June 2000 - Intel Employee Pleads Guilty
Former Intel employee has pleaded guilty to computer fraud; when
he was fired from his job three years ago, he logged on to the company's
internal system from his home computer and deleted files which slowed
the company's chip manufacturing process for several hours. http://news.cnet.com/news/0-1003-200-2174535.html
28
June 2000 - Companies Monitor Employees' Electronic Habits at Work
Some companies are monitoring employees' e-mail and web surfing
habits at work in order to protect themselves in the event of lawsuits.
Workplace electronic communications policies should be made clear
to employees and should be consistently enforced if they are to
be effective. - web stories removed by source -
24
June 2000 - Sophos Warns of Cell Phone Virus Hoax
Sophos, the anti-virus software company, says a bogus mobile phone
virus warning has been making the rounds. Hoaxes can cause trouble
when people forward warnings to everyone they know, thereby tying
up e-mail servers. http://www.computeruser.com/news/00/06/24/news5.html
23
June 2000 - Viruses Make Use of the Expected and the Unexpected
Recent viruses have used the ruses of appearing to come from a trusted
source and changing subject lines. And while blocking some files
may work to keep viruses out, it can also prevent legitimate e-mail
from reaching its destination. - web stories removed by source
-
29
April 2000 - Racy emails get 26 employees suspended
26 employees at the Southwest Florida Water Management District
have been suspended, some without pay, for sending personal emails
and distributing email containing jokes. Due to the number of staff
involved, suspensions will have to be staggered so they do not go
short-handed.
22
April 2000 - State Department Loses Computer to Theft
The U.S. State Department is missing a PC that holds highly
classified information regarding U.S. intelligence gathering.
Lax physical security practices were cited. http://www.washingtonpost.com/wp-dyn/articles/A59527-2000Apr21.html
7
April 2000 - Surveillance Features Copyright Protected
The Digital Millennium Copyright Act (DMCA) may prohibit users from
disabling software surveillance properties. http://www.wired.com/news/print/0,1294,35498,00.html
30
March 2000 - Former Intel Employee Indicted
A federal grand jury in San Jose, CA has indicted a man who used
to work for Intel, charging him with stealing proprietary information
about the company's Itanium microprocessor, which has been in development
for the past six years. He is being charged under the Economic Espionage
Act of 1996, which makes stealing trade secrets a federal crime.
- web stories removed by source -
8
March 2000 - Surfing at Work Cost Companies $5.3 Billion in 1999
Computer Economics estimates that companies lost $5.3 billion to
recreational Web surfing in 1999. Online shopping, stock trading,
car buying, looking for a new house, and even visiting porn sites
have become daily practices for about 25 percent of the workers
in U.S.
8
March 2000 - The Cost of Viruses
A report from Computer Economics says that virus attacks cost organizations
around the world $12.1 billion in 1999. The report concludes that,
over the last three years, a major programming shift has occurred
with viruses becoming far more malicious, being specifically designed
for destruction and damage.
5
March 2000 - Intel Notebook Security
Intel plans to use a variety of authentication methods, including
biometrics, as security measures to render stolen notebook PCs "as
useful as bricks."
- web stories removed by source -
3 March 2000 - University Pays to Settle Piracy Claims
Temple University has paid $100,000 in a piracy claims settlement,
according to the Business Software Alliance.
- web stories removed by source -
2 March 2000 - Mitnick Offers Advice to Legislators
Kevin Mitnick, recently released from prison, testified before the
Senate Government Affairs Committee, offering advice of keeping
computer systems safe from crackers. Mitnick spoke of his success
with "social engineering" methods: convincing people at various
companies he was someone to be trusted, and duping them into revealing
passwords. http://www.zdnet.com/zdnn/stories/news/0,4586,2454737,00.html
4
Feb 2000 - The Human Element in Information Security
Both ex-CIA director John Deutch and Energy Department scientist
Wen Ho Lee placed classified information on unsecured computers.
Government officials say this is a human problem, not a technological
problem. http://www.wired.com/news/print/0,1294,34105,00.html
http://www.fcw.com/fcw/articles/2000/0131/web-security-02-04-00.asp
3
Feb 2000 - Security of Home PCs
The recent revelation that the former CIA director's home computer
contained highly classified material and was used to access the
internet, raises the question of the security of home computers.
http://cnn.com/2000/TECH/computing/02/04/pc.security/index.html
|
