Networking

Hackers have broken into a BBC internal communications network and posted a web page in support of Kashmiri independence.A server at BBC Monitoring was hacked into on 30 April and a notice from the "Silverlords for the freedom of Kashmir" placed on the website, BBC Monitoring has confirmed.

The site is used by BBC Monitoring purely as a working tool linking staff at BBC Monitoring's headquarters in Caversham near Reading to staff working overseas, a spokesperson for the BBC said.

A remotely exploitable security vulnerability has been discovered in Kerberos version 5's FTP daemon. The vulnerability is exploitable both via anonymous FTP and via local account access. The vulnerability results from a buffer overflow in code that calls ftpglob(), a function responsible for expanding glob characters in pathnames. Recent versions of FTPd (krb5-1.2 or later) should not contain buffer overflows in the ftpglob() function itself.

Strong words from the official voice of Redmond today, urging admins to patch a recently-discovered buffer overflow vulnerability in servers running IIS 5.0 on Windows 2000 Server, Windows 2000 Advanced Server and Windows 2000 Datacenter Server, make it clear how serious a security problem Microsoft has on its hands.

"Microsoft strongly urges all IIS 5.0 server administrators to install the patch immediately," a company security bulletin says.

Microsoft's security patch for Outlook, which is designed to protect users from the effects of another Love Bug-style virus, has come under fire from no less a body than the US Air Force.

In a paper to be presented at a security workshop in June, an assistant professor of computer science at the US Air Force Academy will deliver a devastating critique of Microsoft's approach to security in general and Outlook in particular.

The Register

Bend, Oregon, May 1, 2001. Cylant Technology
announces its "0wn this box" challenge. As a
demonstration of its behavioral analysis approach
to the field of security, Cylant invites hackers
and crackers alike to attempt a root compromise
of victim.cylant.com. The first person to
successfully "0wn" victim will have the server
shipped to them.

A computer hacking group best known for creating tools for hijacking computer systems is
turning its hand to civil disobedience and plans to release an application that could scupper government and corporate censorship around the world.

Websites operated by the departments of Labor and Health and Human Services were working properly Sunday after being vandalized one day before by hackers who federal officials believe are from China.

A picture of Wang Wei, the Chinese pilot who was killed in a collision with a U.S. Navy spy plane April 1, was posted Saturday on Labor's Web site. Agency spokesman Stuart Roy compared the vandalism to graffiti: "You can lock up a store so the merchandise is safe," he said, "but you can't stop somebody running by with a can of spray paint."

IBM is pouring several billion dollars into what they hope will be the future of security. Called "Project Eliza", the system would use artificial Intelligence in order to detect DDoS attacks, as well as general hack attempts and stop the intruder before they can damage or gain entry to any systems.

USA Today

Saw this over at SNN

A 15-year-old has been arrested for allegedly breaking into US Air Force and US Department of Transportation (DOT) flight tracking computers in March 2000.

The techniques used by the hacker reveal standard system cracking methods in use today: sniff network traffic for plain-text logins and passwords, use that information for unauthorized access to the system, and then destroy log data once inside. A page out of Script-kiddie 101.

Two Russians were indicted on computer-crime charges stemming from a rash of intrusions
into the networks of banks, Internet service providers and other companies, a U.S. federal
prosecutor said Monday.

The two alleged network intruders, identified as 20-year-old Alexey Ivanov and 25-year-old Vasiliy Gorshkov, were indicted earlier this month on counts of conspiracy, wire fraud and violations of the Computer Crime and Abuse Act, said Assistant U.S. Attorney Stephen Schroeder.