So were you caught out? A chain letter hoax last week claimed to come from the office of Bill Gates, advising that you had qualified for a $1 000 prize. All you had to do was send in your credit card number and its expiry date. It was a particularly well done hoax, but at the bottom of the chain letter is a disclaimer that says the money compensates for an embedded executable virus program that has been transferred to the reader`s hard drive. The $1 000 is for: $257 to cover the user`s loss of data, $43 for time and anguish, $93 for pain and suffering, $9 or $10 for a couple of stiff drinks, and $597 to buy a mythical future product from Microsoft to prevent a recurrence of this event. Microsoft is not impressed, and advises that the message did not originate with Gates. Of course, we were sure it had.
Down Under they claim the cost of Internet bludging exceeds $13.5 billion a year.
Ian Melamed, MD, Ian Melamed Secure Computing
This follows on the chain letter of the previous week that advised recipients that they could receive buckets of money, also from Gates, if they forwarded the letter to everyone they knew. Of course, this is utterly impossible, yet enough people believe it that these chain letters persist. Major chain letters I can recall are those raising sympathy for a girl in Kansas, who needs a kidney; the Tuli elephants; and just last week, Chinese bears. Chain letters are perpetuated by the same people who give life to pyramid schemes.
Microsoft remains under pressure for the perceived weakness of its security, especially as espoused in its .Net strategy. To be sure, there are problems with .Net, especially when it comes to the choices left to security administrators, who can leave huge holes in the network. But a secure system is more dependent on the process than the technology and if the administrator chooses to bypass good security practice, there is nothing Microsoft or anyone can do about it.
Online privacy continues to be at the centre of power politics. US Internet service provider (ISP) Earthlink has set a precedent for the rest of the industry with a compromise deal with the FBI in terms of which it on the one hand will not install FBI`s Carnivore wire-tapping system, but on the other, it will cooperate with the agency when it needs access to potentially criminal information. The Georgia-based ISP had refused to install the much criticised Carnivore; it had bucked court orders to do so; now, it won`t install Carnivore, but it will co-operate with the bureau when a court order specifies information required.
The US government, however, is taking Carnivore seriously. Attorney General Janet Reno is to review the system, in case it infringes on privacy rights. Pressure groups have their use, after all!
It could never happen here. Powergen, one of the UK`s largest utilities, has admitted to a massive security breach that left the debit card details of thousands of customers open to a potential multimillion pound fraud. Users who went online to pay their bills found files on the Web server containing the names, addresses and card details of more than 7 000 home and business users. Just another blow to consumer confidence in e-commerce.
A new phrase for you: cyber-bludging. That`s the practice, according to the Australians, of using the Internet for personal reasons during work time. Down Under they claim the cost of Internet bludging exceeds $13.5 billion a year. An Antipodean survey shows that employees who lack Internet access at home are wasting on average 3.6 working hours each a week. The research, commissioned by Internet software company Lanvision, found half of the most popular Internet sites accessed at work were for personal use. Of course, we hard-working South Africans would never do that.
Two Americans - a 15-year-old high school student and a 20-year-old man - have been arrested and accused of hacking into Nasa computers in Virginia, New York and California. The facility in California is Nasa`s Jet Propulsion laboratory and is the base of Nasa`s robotic space exploration programme, having launched missions to every planet except Pluto. Investigators found 76 000 passwords on the one computer, including usernames from computers owned by San Jose State University and Georgia Southern University.
Politika, the main pro-government daily paper in Yugoslavia, had its Web site defaced last week. An article describing President Slobodan Milosevic`s previous day`s activities was replaced with a fake article describing his death in a bomb explosion.
Shooting the messenger A New York high school student had to use the school`s colour printer for a class project, and found that a password was required to change the computer`s settings. "Password" worked and the student proceeded to notify the school`s sysadmin of the security hole. The student was reported to school officials and stands accused of breaking into a computer.
Passwords remain the ultimate security risk, as Visa has found. It conducted a survey to evaluate risk, and found that 67% of customers used easily guessed names or numbers (birthdays, pet names) for their passwords. But then, President Clinton didn`t set the best example when he signed the Digital Signatures bill last month using his dog`s name as a password.
The US has effectively made spam illegal with the passing into law of the Unsolicited Commercial Mail Act of 2000. Spam is annoying, but current issues in the virus world make it dangerous as well. Across the world, legislators are trying to come to terms with the implications of spam for a variety of reasons, not least because Outlook can trigger some lethal viruses.
Sources: Computer Wire, CNN, ZDNet, Silicon.com and the BBC.
Share
