--- begin forwarded text From: editor-bounce@netsurf.com Date: Fri, 2 Oct 1998 19:22:38 -0700 (PDT) X-Authentication-Warning: smtp2.zocalo.net: editor set sender to editor-bounce@netsurf.com using -f Subject: Netsurfer Digest: Vol. 04, #29 Mime-Version: 1.0 Precedence: bulk NETSURFER DIGEST More Signal, Less Noise Volume 04, Issue 29 Wednesday, September 30, 1998 <snip> BREAKING SURF Credit Card Data Compromised at Online Auction Sites Mark Dodd owns AuctionWatch, a neat auction site information center. He was running searches on the major search engines and by sheer accident uncovered a security hole in some software used by many of the online auction houses. It's a big one, too. If the auction site misconfigures its software, and apparently many do, the first happy hacker to come along can steal its customers' credit card numbers and addresses. Mark went to CNet with the story, which warned many of the affected sites of the potential havoc and scooped up a good story in the process. Remember, the safety of your credit card data is only as good as the security savvy of the webmaster guarding it. AuctionWatch: <http://www.auctionwatch.com/> http://www.auctionwatch.com/ CNet: <http://www.news.com/SpecialFeatures/0,5,26760,00.html> http://www.news.com/SpecialFeatures/0,5,26760,00.html <http://adex3.flycast.com/server/socket/127.0.0.1:2800/click/NetsurferDigest/... ernetnews/123456> New Hacker Tactic: Slow, Coordinated Attacks from Multiple Locations A clever new twist in the evolutionary arms race between hackers and online security forces gives us an excuse to bring you this fascinating Web site. Hackers, it seems, have discovered herding behavior. Their latest tactic is to coordinate probes and attacks against online sites from a large number of separate machines and over a long period of time. By limiting probes to rates as low as two per hour and dispersing their sources, hackers can probe beneath current security software's threshold of detection. The Navy Cooperative Intrusion Detection Evaluation and Response team (CIDER) just released a report on the technique. The CIDER site is also worth visiting for information on security and intrusion detection software projects, notably a database comparing commercial and government tools. Cool spook stuff. CIDER: <http://www.nswc.navy.mil/ISSEC/CID/> http://www.nswc.navy.mil/ISSEC/CID/ Report: <http://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txt> http://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txt <snip> CONTACT AND SUBSCRIPTION INFORMATION Netsurfer Digest Home Page: Subscribe, Unsubscribe: Frequently Asked Questions: Submission of Newsworthy Items: Letters to the Editor: Advertiser and Sponsor Inquiries: Netsurfer Communications: <http://www.netsurf.com/nsd/>http://www.netsurf.com/nsd/ <http://www.netsurf.com/nsd/subscribe.html>http://www.netsurf.com/nsd/subscribe. html <http://www.netsurf.com/nsd/ndfaq.html>http://www.netsurf.com/nsd/ndfaq.html <mailto:pressroom@netsurf.com>pressroom@netsurf.com <mailto:editor@netsurf.com>editor@netsurf.com <mailto:sales@netsurf.com>sales@netsurf.com <http://www.netsurf.com/>http://www.netsurf.com/ CREDITS Publisher: Arthur Bebak Editor: Lawrence Nyveen Contributing Editor: Production Manager: Bill Woodcock Copy Editor: Elvi Dalgaard Netsurfer Communications, Inc. President: Arthur Bebak Vice President: S.M. Lieu Writers and Netsurfers: Sue Abbott Regan Avery Kirsty Brooks Judith David Joanne Eglash Lisa Hamilton Jay Mills Elizabeth Rollins Kenneth Schulze NETSURFER DIGEST © 1998 Netsurfer Communications, Inc. All rights reserved. NETSURFER DIGEST is a trademark of Netsurfer Communications, Inc. --- end forwarded text ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'