0blivion nº2:(NEWS2.txt):15/03/2000 << Back To 0blivion nº 2
_____________________________________________________ / Oblivion Underground Magazine \ / Issue 2 15/04/2000 \ ▌ This Months News, Selection 2 ▌ \ by Slider / \_____________________________________________________/ Heres the rest of this months news... ComputerNewsDaily: Privacy Mistakes In A Data-Rich Society <http://199.97.97.16/contWriter/cnd7/2000/03/12/cndin/4805-0010-pat_nytimes. html> - The concept of privacy is changing radically as a result of our new computer-based lives. Privacy used to be achieved through the sheer friction of everyday life: distance, time and the lack of records. Information didn┤t travel well, and most people who wanted to escape their pasts could simply move to a new location NTSecurity: HTML Code Causes 100% CPU Usage <http://www.ntsecurity.net/go/loader.asp?iD=/security/ie514.htm> - Certain HTML code can cause Internet Explorer 5.0 to crash or consume all available CPU cycles until the offending process is terminated manually Wired: Echelon Spies for Euro Bribes <http://www.wired.com/news/politics/0,1283,34932,00.html> - An ex-CIA director has detailed business-related espionage conducted by the United States against Europe Caldera Linux Advisory: Security problem in telnetd <http://securityportal.com/topnews/caldera20000313.html> - The telnet daemon from the Linux netkit supports a command line option -L that lets the administrator specify a login program other than /bin/login. Authentication can possibly be bypassed Sophos Virus Alert: Win32/Shoerec <http://www.sophos.com/virusinfo/analyses/w32shoerec.html> - The payload randomly changes the icon arrangement on the desktop so it appears that icons are running away from the mouse pointer. The virus may mutate so that it is not further infectable, but still deletes a number of randomly chosen files, depending on the date ComputerWorld Australia: Hackers with heart <http://www.computerworld.idg.com.au/CWT1997.nsf/cwtoday/DB6C6D9B3448ECE64A2 568A00075454B?OpenDocument> - - Loopholes in Federal laws mean hacker advocate group 2600 Australia will be able to broadcast DVD decryption codes and other sensitive information on national television within weeks NandoTimes: Justice Department launches cybercrime site <http://www.nandotimes.com/technology/story/0,1643,500180192-500237416-50117 3875-0,00.html> - The Justice Department has created a cybercrime Web site defining computer crime and describing how to report it, listing the department┤s latest thinking on privacy vs. policing on the Internet and even showing how the government searches and seizes computers Mar 13, 2000 ZDNet: China eases encryption rules <http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2460182,00.html?chkpt=p 1bn> - The government agency in charge of enforcing the rules sent a "clarification" letter to U.S. business organizations last week that steps back from the hard position it had taken when the rules were adopted Jan. 31 Mar 27, 2000 NAI: W32/ASpam - virus masquerading as an anti-spam too from Microsoft <http://vil.nai.com/vil/RAT98551.asp> - This is a 32bit PE trojan sent supposedly from Microsoft as an AntiSpam tool, but really is a remote access trojan. It is important to note that Microsoft does not distribute files by email ZDNet: Hackers got Bill Gates┤ credit card info <http://www.zdnet.com/zdnn/stories/news/0,4586,2473689,00.html?chkpt=zdhpnew s01> - A teenager arrested in Wales for allegedly hacking into e-commerce web sites had obtained the credit card details of Bill Gates, head of Microsoft and the world┤s richest man, newspapers said on Sunday Mar 25, 2000 NTSecurity: Ex-FBI Source Charged With Hacking <http://www.ntsecurity.net/forums/2cents/news.asp?IDF=103&TB=news> - A man officials say was once a confidential FBI source on computer hackers has been charged with allegedly breaking into computer systems belonging to NASA, the military and the U.S. departments of energy, defense and transportation, the U.S. Attorney┤s office said ZDNet: Is open source secure? Experts differ <http://www.zdnet.com/zdnn/stories/news/0,4586,2473335,00.html?chkpt=zdnntop > - The denial-of-service attacks exposed the vulnerabilities of both open- and closed-source security software, and now experts are debating the merits of each as they try to plan and build an Internet infrastructure that will be less susceptible to such rabid attacks Mar 24, 2000 CNet: British police charge teens with online credit card thefts <http://news.cnet.com/news/0-1007-200-1583595.html?tag=st.ne.1002.thed.1007- 200-1583595> - The teenagers are accused of stealing information related to more than 26,000 credit card accounts and posting the numbers on the Web using the nickname "Curador," according to the Federal Bureau of Investigation. The Web sites hit were based in the United States, Canada, Thailand, Japan and Britain, the FBI said ZDNet UK: MI5 laptop containing top secret data stolen <http://www.zdnet.co.uk/news/2000/11/ns-14318.html> - An MI5 agent has admitted losing a laptop notebook containing sensitive government information at Paddington train station earlier this month. Security has been stepped up at MI5 following the theft, which has caused extreme embarrassment for the security agency and the government Currents: Big Increase in Net Warfare Predicted <http://www.currents.net/newstoday/00/03/24/news2.html> - The already legendary distributed denial of service attacks that brought down popular corporate Web sites earlier this year is only a minor variation on the shape of things to come, and the US must act accordingly to protect itself while not violating privacy rights, Sen. Jon Kyl, R-Ariz., said today Currents: Spam Bill Overwhelmingly Passes in House <http://www.currents.net/newstoday/00/03/24/news1.html> - In a long awaited announcement on Wednesday, Reps. Heather Wilson, R-NM, Gary Miller, R-Calif., and Gene Green , D-Texas, said they would combine the most important portions of their bills into one comprehensive piece of legislation, H.R. 3113, the Unsolicited Electronic Mail Act CNet: Doubleclick in settlement discussions <http://news.cnet.com/news/0-1005-200-1582990.html?tag=st.ne.1002.thed.1005- 200-1582990> - DoubleClick, under attack for its method of tracking the online movements of Internet users, is in settlement discussions with several states that are investigating if the company violates consumers┤ privacy, Michigan Attorney General Jennifer Granholm said CNet: Filtering firm employs copyright law against Webmasters <http://news.cnet.com/news/0-1005-200-1582945.html?tag=st.ne.1002.thed.1005- 200-1582945> - What began as a rallying cry for free speech has turned into a legal migraine for three young Webmasters who publicized decoded material belonging to an Internet firm that filters smut from children┤s computers. The men, all in their early 20s, were ordered by a judge to take down the information or face charges of copyright violations--the first time such a law has been successfully applied in the hotly contested filtering debate HP-UX Aserver Vulnerability <http://www.ciac.org/ciac/bulletins/k-014.shtml> - Aserver can be used to gain root access. It is necessary to change the Aserver permissions for an interim workaround NAI: New Virus W97M/Wrench.e <http://vil.nai.com/vil/vm98545.asp> - This is a macro module virus for Word97/2000 documents and templates. This virus consists of a single module named "skyline" and contains several Word97/2000 event handlers including in order to maximize the chance of executing the virus code Mar 23, 2000 SGI Security Advisory: sendmail 8.9.3 for IRIX 6.5.7 <http://securityportal.com/topnews/20000302-01-P3865.html> - sendmail 8.9.3 includes improved anti-spam and anti-relay capabilities to minimize spam vulnerabilities. SGI has investigated the issue and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL vulnerable SGI systems ZDNet: Europe weighs Echelon threat <http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2472499,00.html?chkpt=p 1bn> - The European parliament is evaluating the possible dangers of Echelon, a rumored US-sponsored global surveillance network, according to a report from ZDNet France Trend Micro: New Marker virus mutation <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=W97M_MARKER. AQ> - known as W97M_MARKER.AQ, When triggered, this macro virus either deletes all text in an opened document, or converts the text to Webdings font Tribune Review: FBI installs new task force aimed at fighting cybercrimes <http://www.triblive.com/digage/dfbi0323.html> - unveils the Pittsburgh High Tech Computer Crimes Task Force. The task force, one of the first in the nation, will blend federal and local authorities to investigate computer-related crimes TechWeb: Softbank Sells Trend Micro <http://www.techweb.com/wire/story/reuters/REU20000322S0005> - Japanese Internet investor Softbank said on Wednesday it has sold its holdings in anti-virus software maker Trend Micro for about 66.9 billion yen ($626.8 million) to raise cash for new investments ZDNet: Insurance site exposes personal data <http://www.zdnet.com/zdnn/stories/news/0,4586,2472277,00.html?chkpt=zdhpnew s01> - Consumers who requested online life insurance quotes from the SelectQuote Web site on Tuesday and Wednesday got more than they bargained for: Thanks to an apparent software glitch, their personal information was left on the company┤s Web site for all the world to see Mar 22, 2000 Canoe: ON GUARD - Cops say it's only tip of iceberg <http://www.canoe.ca/CalgaryNews/cs.cs-03-22-0040.html> - Calgary┤s thriving economy is attracting more than job-seekers and new corporations -- police computer experts say the city is also a hotbed for computer espionage. Staff Sgt. Vic deBruyn, who heads the police commercial crime unit, said hacking crimes have more than doubled each year since the unit was formed in 1998 -- something he equates with the strong economy. Currents: Industry's First Virus Service Plan <http://www.currents.net/newstoday/00/03/22/news6.html> - Vipro Corp. has struck a ground-breaking deal with Cable & Wireless [NYSE:CWP] (CWC), allowing its Virus Service Plan (VSP) to be offered with CWC┤s Virtual ISP service. The Virtual ISP service, which was launched late last year, allows third-party Internet service providers (ISPs) to resell capacity on the CWC US backbone. This is especially useful for regional ISPs which want to offer national coverage, as well as for "switchless" ISPs which rebrand ISP services to end users CNN: New tool offers privacy without crippling browsing habits <http://cnn.com/2000/TECH/computing/03/21/idcide/index.html> - IDcide, has developed a cure for cookies by providing a browser plug-in that discriminates between first-party ,coming from the site you┤re visiting, and third-party ,coming from other servers, cookies. The tool, called the Privacy Companion, can provide varying levels of security -- either blocking no cookies, just third-party cookies, or all cookies Currents: NASA Blocks Brazil's Web Access <http://www.currents.net/newstoday/00/03/22/news4.html> - NASA officials blocked Brazil┤s access to its computers last week following what agency officials described as suspicious connection requests Sophos Alert: WM97 Thursday-Q <http://www.sophos.com/virusinfo/analyses/wm97thursdayq.html> - WM97/Thursday-Q is a variant of the WM97/Thursday Word macro virus. On December 13th the virus attempts to delete all files from C: drive SJ Mercury: Computer security attacks, losses surging, study shows <http://www.sjmercury.com/svtech/news/breaking/merc/docs/011092.htm> - In an annual survey issued Wednesday, the FBI and the San Francisco-based Computer Security Institute showed just how pressing: total verifiable losses in 1999 more than doubled to up to top $265 million, while more than 90 percent of respondents reported detecting some form of security breach InfoWorld: Internet task force rejects wiretap proposal <http://www.infoworld.com/articles/en/xml/00/03/21/000321enwiretap.xml> - The IETF Monday announced that its leadership has approved a policy against building a wiretapping capability into its protocols. The new policy states that the international standards development group is the wrong forum for designing protocols to meet the wiretapping or privacy laws of specific countries TrendMicro: TROJ_GIGGLE Trojan <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_GIGGLE& VSect=T> - A destructive Trojan virus that deletes document files Mar 21, 2000 FCW: Hacker-controlled tanks, planes and warships? <http://www.fcw.com/fcw/articles/2000/0320/web-hacker-03-21-00.asp> - Army officials are worried that sophisticated hackers and other cybercriminals, including military adversaries, may soon have the ability to hack their way into and take control of major military weapon systems such as tanks and ships Keeping Your Private Files Private: An Introduction to GNU Privacy Guard <http://www.linuxsecurity.com/feature_stories/feature_story-10.html> - We live in the digital age. Email correspondence is commonplace, business proposals are stored on computer systems, financial and legal information is sent across networks. Nobody can get this information other than the intended recipient, right? Don┤t bet on it. ComputerNewsDaily: Security Experts Struggle Over Internet Crime Curbs <http://199.97.97.16/contWriter/cndlatest_columns/2000/03/19/cndin/1801-0009 -pat_nytimes.html> - In the annals of cybercrime, the FBI┤s all-time poster boy is a Russian-born math whiz named Vladimir Levin. Levin committed his spectacular online heist in 1994, when the Internet was still in its infancy. It still stands as the largest recorded electronic crime in history, but that┤s because nobody knows how much goes unrecorded and unpunished FCW: DOD's security logjam <http://www.idg.net/servlet/ContentServlet?global_doc_id=154216&page_id=712& content_source_id=5&return_spot=ts7&logger_loc=front_pages%2Fenglish> - An official from the Army's National Training Center said some personnel can remain idle for a year waiting for clearance that lets them to go to work. That pattern costs DOD several billion dollars a year in lost productivity, according to a recent General Accounting Office study Linux is a security risk, experts claim <http://www.silicon.com/public/door?REQUNIQ=953519311&6004REQEVENT=&REQINT1= 36413&REQSTR1=newsnow> - Silicon.com has uncovered growing concern that the Linux operating system suffers from major security problems that could prevent its widespread adoption in the enterprise environment. Focus on Securing Biomedical and Biotechnical Information <http://securityportal.com/direct.cgi?/topnews/biomed20000321.html> - In the information security business, a forgotten sector remains the biomedical and biotechnology fields. Biomedical pertains to medical treatment and related research on either animals or humans. This realm┤s security issues include confidentiality and the protection of proprietary data. Principal files requiring guarding are medical records, genetic testing results, and research and development (R&D) papers, notes, and reports Microsoft Bulletin: Patch Available for Chunked Encoding Post Vulnerability <http://securityportal.com/topnews/ms00-018.html> - IIS 4.0 supports chunked encoding transfers, but does not limit the size of the buffer that can be reserved. This would allow a malicious user to request an extremely large buffer for a POST or PUT operation, but never actually send data, thereby blocking memory on the server that had been allocated to the session. If sufficient memory on the server were blocked in this fashion, it could prevent the server from performing useful work. There is no capability through this attack to create, modify or delete data on the server, nor is there any capability to usurp administrative control of the server. If the malicious user closed his session, the memory would be released and the server's operation would return to normal. Otherwise, the machine could be put back into normal service by stopping and restarting the service Mar 20, 2000 Currents: State Lawmakers Okay Anti-Spam Bill <http://www.currents.net/newstoday/00/03/20/news2.html> - A bill to stem the avalanche of unsolicited e-mail won final approval by the Colorado Senate today and was sent to Gov. Bill Owens for his signature ZDNet: Busted! Aussie censors zap 27 sites <http://www.zdnet.com/zdnn/stories/news/0,4586,2469620,00.html?chkpt=zdnntop > - Takedown notices have been e-mailed to numerous Web sites that flout Australia┤s new content-regulation regime, but where are the storms of protest? Apr 3, 2000 Weekly Microsoft Security Roundup <http://www.securityportal.com/direct.cgi?/topnews/weekly/microsoft20000403. html> - Three Security Bulletins, "Virtualized UNC Share" Vulnerability, "Malformed TCP/IP Print Request" Vulnerability, "Malformed Hit-Highlighting Argument" Vulnerability. Mailing list review: RunAs Information, NIPC Advisory 00-038 - Self-propagating 911 script. Tip of the Week: Have a security question that you just can┤t find any information on? Do you need a technical answer to a security question that no one seems to be able to provide you with? NandoTimes: Hackers gather at Israel conference <http://www.nandotimes.com/technology/story/0,1643,500187324-500250833-50127 1402-0,00.html>- Hackers from around the world overcame interrogations, censorship and an all-around bad reputation to hold Israel┤s first hacker convention, wrapping up the two-day conference Thursday without a glitch SJ Mercury: Internet Security system unveiled <http://www.sjmercury.com/svtech/news/breaking/ap/docs/382663l.htm> - Analysts say a new type of Internet burglar alarm system by Counterpane may raise the bar in the burgeoning and vital field of computer security Apr 2, 2000 National Infrastructure Protection Center Advisory: Malicious 911 Virus <http://www.nipc.gov/nipc/advis00-038.htm> - NIPC is reporting a new virus that can supposedly erase hard drives and dial 911 systems. It reportedly propagates itself through Microsoft file sharing (we don┤t know if this is an April Fool┤s Joke or what the NIPC has been smoking, but the advisory is on their site right now) Apr 1, 2000 PC World: FTC Committee Debates Online Privacy <http://www.pcworld.com/pcwtoday/article/0,1510,15993,00.html>- The Advisory Committee on Online Access and Security, established in February by the FTC, met Friday to debate the issues surrounding access and security of Web users Archives Mar 31, 2000 IDG: Health sites' data collection under fire <http://www.idg.net/idgns/2000/03/31/HealthNetSitesDataCollectionUnder.shtml > - The authors of a report on privacy policies and practices of health Internet sites weren┤t necessarily hoping to spark a U.S. government investigation with their damning findings, but that appears to be what has happened FCW: GAO lists security bargains <http://www.fcw.com/fcw/articles/2000/0327/web-cheap-03-30-00.asp> - In its security audits of agencies, including the departments of Defense and Veterans Affairs, GAO found that security controls are in place but that those controls are not being used correctly Red Hat Advisory: ircii buffer overflow <http://www.redhat.com/support/errata/RHSA2000008-01.6.1.html> - A buffer overflow exists in ircii┤s dcc chat capability. An attacker could use this overflow to execute code as the user of ircii CERT Current Activity: BIND and SGI Objectserver vulnerabilities <http://www.cert.org/current/current_activity.html> - updated information on current high impact vulnerabilities includes a new report with a SGI Objectserver exploit that can lead to elevated privileges ZDNet: Safe Harbor privacy plan -- not so safe? <http://www.zdnet.com/zdnn/stories/news/0,4586,2495461,00.html> - Consumer group says Internet privacy accord between European Union and U.S. government isn┤t so safe for citizens in either region Mar 30, 2000 Microsoft Bulletin: Patch Available for Malformed TCP/IP Print Request <http://securityportal.com/topnews/ms00-021.html> - Microsoft has released a patch that eliminates a security vulnerability in the TCP/IP Printing Services for Microsoft« Windows NT« 4.0 and Windows« 2000. If this service is installed, the vulnerability could allow a malicious user to disrupt printing services Microsoft Bulletin: Patch Available for Virtualized UNC Share Vulnerability <http://securityportal.com/topnews/ms00-019.html> - Microsoft has released a patch that eliminates a security vulnerability in Microsoft« Internet Information Server and products based on it. Under certain fairly unusual conditions, the vulnerability could cause a web server to send the source code of .ASP and other files to a visiting user ZDNet: Australia tackles Net privacy and workplace e-mail <http://www.zdnet.com.au/zdnn/stories/zdnn_display/au0001402.html> - The Australian Federal Privacy Commissioner today released guidelines for companies navigating workplace e-mail issues -- part of a broad strategy for safeguarding privacy on the Internet Sun Security Bulletin 00194: BIND <http://securityportal.com/topnews/sun20000329.html> - Sun announces the release of patches for Solaris(tm) 7 which relate to four vulnerabilities in BIND reported in CERT Advisory CA-99-14 Trend Micro: TROJ_PLATAN <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PLATAN> - This is a password stealing Trojan that collects system passwords from the infected PC and emails it to the author Trend Micro: VBS_NETLOG.WORM <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_NETLOG.W ORM> - This Trojan when run searches for a computer in the network where c:\ is shared with full control and accesses files. This virus does not run on Windows NT environment. Rated medium risk NWFusion: Check Point launches security appliance initiative <http://www.nwfusion.com/news/2000/0329checkpointapp.html> - Check Point Software has begun letting vendors such as Alteon WebSystems and IBM integrate Check Point┤s virtual private network and FireWall-1 technologies into their product lines Techweb: Hacker School Teaches Security <http://www.techweb.com/se/directlink.cgi?IWK20000327S0051> - More than 20 students recently sat in a muggy room on the 12th floor of a New York office building to learn how to hack into Microsoft Windows NT and Linux systems. But it wasn┤t an underground session run by computer criminals; instead, these students hoped to learn how to protect their computer systems and E-commerce Web sites from attack. ZDNet: Stephen King e-book pirated <http://www.zdnet.com/zdnn/stories/news/0,4586,2487101,00.html?chkpt=zdnntop > - Hackers give e-book publishers the horrors -- cracking encryption key for PDF version of King novella and distributing it free online (they used 40-bit encryption - that is its own horror story) Mar 29, 2000 Wired: Mattel Ruling Confuses Hackers <http://www.wired.com/news/business/0,1367,35258,00.html> - A federal judge┤s vague ruling in a case over a program that reveals Cyberpatrol┤s secret blacklist has left the Net┤s hacking community thoroughly confused Currents: FBI Needs More Net Security Resources <http://www.currents.net/newstoday/00/03/29/news7.html> - Federal law enforcement is getting plenty of pats on the back from Congress on its efforts to fight Internet crime, but it needs more money and more latitude in finding and prosecuting online criminals - and some of those resources may not sit so well with other members of the Internet community ZDNet: SEC Web snooping plan draws fire <http://www.zdnet.com/zdnn/stories/news/0,4586,2486808,00.html?chkpt=zdhpnew s01> - Is it a good idea to spend millions of U.S. dollars to scour the Net for securities-law violators? Privacy advocates scream foul Linux is a security risk, I don't think so! <http://securityportal.com/direct.cgi?/closet/closet20000329.html> - Recently, on a major computer industry website an interesting article was posted, regarding Linux security. The article starts off by stating that there is "growing concern that the Linux operating system suffers from major security problems that could prevent its widespread adoption in the enterprise environment". This is just false MSNBC: Office 2000 patch showing holes <http://msnbc.com/news/387569.asp> - "Less than a week out of the chute, Microsoft's Office Service Release-1 is coming under fire. Because of some testing that we've done and because of the rumblings that we've been seeing in newsgroups, we thought we would issue this warning before you venture out on the Net and grab the latest patch to the Microsoft's Office Suite" CNN: EU vote on privacy agreement due this week <http://cnn.com/2000/TECH/computing/03/28/eu.privacy.idg/index.html> - U.S. government negotiators are cautiously optimistic that the data privacy agreement they reached two weeks ago with their European counterparts will be approved this week by an European Commission committee Civic.com: GPS follows mobile security system <http://www.civic.com/civic/articles/2000/0327/web-2GPS-03-28-00.asp> - The Hauppauge, N.Y., Public School District is testing a new vehicle tracking and messaging system that could improve communication between supervisors and their security personnel in the field. The PageTrack2 system includes a two-way paging feature that enables security officers to notify their supervisors upon arrival at a location or after the completion of a task simply by opening their car door CERT: Survivability Blends Computer Security With Business Risk Management <http://interactive.sei.cmu.edu/Columns/Security_Matters/Security_Matters.ht m> - "To ensure that mission-critical functions are sustained and essential services are delivered despite the presence of attacks, accidents, or failures, a survivability perspective on security practices is needed" Mar 28, 2000 CNet: FBI cracks down on increasing cybercrimes <http://news.cnet.com/news/0-1005-200-1595429.html?tag=st.ne.1002.thed.1005- 200-1595429>- The number of cybercrimes being investigated by the FBI has doubled in the past year, and last month┤s attacks on leading Web sites are the tip of the iceberg, FBI director Louis Freeh said today Register: L0pht develops Palm Pilot war dialer <http://www.theregister.co.uk/000328-000005.html> - Self-styled ┤ethical hacking┤ outfit L0pht Heavy Industries has developed a free war-dialling utility for use with the Palm operating system. Known as TBA, the programme combines carrier logging, data-file manipulation, calling-card dialling options, and a handy battery meter display Trend Micro Virus Alert: IROK <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=IROK> - This DOS virus, which is also a worm, spams through MS Outlook and MIRC. The virus is memory resident and infects executable files by overwriting its code with its own program without changing the file attributes of the infected files SiteReview.Org: The Short Life and Hard Times of a Linux Virus <http://sitereview.org/?article=43> - Why aren┤t the existing Linux viruses anything more than a topic for columns such as this one? Why don┤t they affect you in your daily computing in the way that MS viruses affect Windows users? Patching Security Holes with Software Updates <http://securityportal.com/direct.cgi?/topnews/patch20000328.html> - One of the greatest dangers for network administrators managing security on their networks is finding out about a software update by the manufacturer to correct a security hole in their operating system or application software after exploitation by someone. With the proper functioning of the network and the systems connected to it as their main focus, network administrators do not always have the time to identify and implement security patches as they become known. Even taking the time to go to the appropriate web site to download the patch and install it on the system seems more than they can spare Entrust announces XML security solutions <http://www.entrust.com/news/2000/03_27_00.htm> - solutions allow for encryption and digitally signing XML documents, seen as critical for B2B transactions TechWeb: Security Alliance Unveils Anti-Hack Tool <http://www.techweb.com/wire/story/TWB20000327S0009>- The Alliance for Internet Security has unveiled a new tool that detects whether a corporate network is vulnerable to being used as an unwitting participant in a distributed denial-of-service attack ZDNet: Hackers settle Cyber Patrol suit <http://www.zdnet.com/zdnn/stories/news/0,4586,2475125,00.html?chkpt=zdhpnew s01> - Two hackers sued by Cyber Patrol maker Microsystems Software Inc. have settled with the filtering firm. The defendants, both of them programmers -- one Swedish, the other Canadian -- agreed Monday to abide by permanent injunctions preventing them from distributing their software, which allows users to bypass Cyber Patrol filters. They also agreed to turn over rights to their software to Microsystems. ------------------------------------------------------------------------------ Well thats this month's news events, i have tried to list everything of intrest. Slider.