Saturday, July 03, 2004

PROG: Cryptography Software Code in Visual Basic and C

Cryptography Software Code in Visual Basic and C

LINK: Frequently Asked Questions in Mathematics


LINK: Frequently Asked Questions in Mathematics


LINK: Euler




LINK: Number theory files for David Eppstein

Number theory files for David Eppstein

PROG: Mathematics Archives - Numbers

Mathematics Archives - Numbers

PROG: Special Numbers and Functions

Special Numbers and Functions

PROG: Tiny programs for constants computation

Tiny programs for constants computation


Cracking Tutorial, (c) Lucifer48 / ID

SEC: Asymmetric Cryptography

Asymmetric Cryptography

OT: The Number e

Math Forum - Ask Dr. Math

Date: 6/3/96 at 1:5:14
From: Anonymous
Subject: The Number e

Dear Dr.Math,

I have a project to do and I would like to know what "e" is. Is it
a number like Pi? How does "e" relate to continued fractions?

Oliver Wong

P.S. I am a 1st year Algebra Student.

Date: 6/14/96 at 0:40:34
From: Doctor
Subject: The Number e

I'm not sure what you have or have not covered yet, so I won't assume
too much.

That's a pretty big question.... There are a lot of interesting
properties of "e", as there are with Pi. Some of them are pretty
advanced, and some of them are easy to write down but hard to prove.

"e" is a number, just like Pi, and it has the value
2.718281828459045235306.... So e is not the same as Pi, which is about
3.14159265358979323846.... But while lots of people know Pi, not so
many know about e.

Now, what exactly is so special about e? Does it have a geometric
meaning like Pi (which is the ratio of the circumference of a circle
to its diameter)?

Why does e=2.71828... instead of, say, 17.391526381? Or -592?
Or Pi/2 (which it isn't)? Perhaps you've been told that the
decimal digits of Pi never end, and they never repeat like
22/7 = 3.142857142857142857.... Well, e is just like Pi in this
respect; if you keep going, it never stops, and it never repeats.

What sets them apart from fractions like 3/4 and -65/11, is just this
fact, which is more commonly known as irrationality. Fractions are
*rational*, while numbers like the square root of 2, Pi, and e are

Although e is irrational, we can approximate it with rational numbers.
If you're familiar with the concept of a continued fraction,

e = 2+ ------------------------------
1+ ---------------------------
2+ ------------------------
1+ ---------------------
1+ ------------------
4+ --------------
1+ -----------
1+ --------
6+ -----
1+ ...

or, if you prefer,

e = 2+1/(1+1/(2+1/(1+1/(1+1/(4+1/(1+1/(1+1/(6+1/(1+1/(1+1/(8+....

This method of computing e is very fast - try it by stopping the
continued fraction somewhere, as I did here, and punch it into a

Still, we haven't really talked about what e is useful for. To get to
this, we need to talk about logarithms. Say you have 2^x = 64
(2^x is my way of saying "2 raised to the x power"), and you want to
solve for x.

Well, we know that
64 = 2*32 = 2*(2*16) = 2*2*2*8 = 2*2*2*2*2*2 = 2^6, so x = 6.

How about 2^x = 5? There we're stuck, because 2^2 = 4 and 2^3 = 8
so x should be somewhere between 2 and 3 to make 2^x = 5.

There's another way of saying what x should be, and this is called the
logarithm of 5 to the base 2. That is, x = log[2](5); (the 2 should be
a subscript, like a power but typed a bit below the log, so it isn't
log 10). In general, the solution to b^x = n for some given b and n is
x = log[b](n). b is called the *base* of the logarithm.

Logarithms are useful, but there is a particular kind of logarithm
that is used the most often: the *natural* logarithm. This is just the
logarithm to the base [e]. In fact, the natural logarithm is so useful
that people often say "ln(n)" instead of log[e](n). Now, why is all
this important? It's hard to say without going into a lot of details,
but here's a little hint of the interesting things about e and ln(n):

Think about (1+1/n)^n for some value n. For n=1, this is 2. For n=2,
this is 2.25. For n=5, this is 2.48832. For n=10, this is 2.5937....
For n=100, this is 2.7048.... For n=10000, this is 2.7169.... Can you
guess what happens to (1+1/n)^n as n gets larger and larger? In fact,
it becomes e. A way of expressing this in mathematical notation is

lim (1+1/n)^n = e.

(the "lim" stands for "limit"; we say "the limit as n goes to infinity
of the quantity one plus one over n to the nth power is e.)

Another thing to think about: If you've graphed equations, look at the graph
of y=1/x. If you look at the region enclosed by y=1/x, the line y=0 (the
x-axis), and the lines x=1 and x=e, it looks like a rectangle but with one
curved side. What is the area of this shape? In fact, it is exactly 1.
Mathematically speaking, we say "the area under the curve y=1/x from 1 to e
is 1," or even better, "the *integral* of 1/x from 1 to e is 1." This is
because if we replaced the line x=e with some line x=b for some b>1, the
area of the region is the natural logarithm of b. Note the natural logarithm
of e is 1, because e^1 = e; that is, 1 is the exponent for which the base
(e) is equal to e.

And finally, for something I hope someone else will explain,

e^(i*Pi) = -1, where i is the square root of -1.

-Doctor Pete, The Math Forum
Check out our web site! http://mathforum.org/dr.math/


The SNIPPETS C collection - file: SPIGOT.C


The SNIPPETS C collection - file: PI_AGM.C


The SNIPPETS C collection - file: PI8.NFO


The SNIPPETS C collection - file: PI8.C


The SNIPPETS C collection - file: PI.C

LINK: Paj's Home

Paj's Home

LINK: Robert J. Nemiroff's Home Page

Robert J. Nemiroff's Home Page

LINK: Math Quotes

Math Quotes

LINK: Mathematical Constants and computation

Mathematical Constants and computation

LINK: Easy programs for constants computation

Easy programs for constants computation

LINK: Science > Math > Recreations > Specific Numbers

Google Directory - Science > Math > Recreations > Specific Numbers

BOOK: Album of Algorithms and Techniques

Album of Algorithms and Techniques

LINK: The Math Forum - Math Library - e

The Math Forum - Math Library - e

LINK: Computers > Hacking > Cryptography

Google Directory - Computers > Hacking > Cryptography

LINK: Tina's Humor Archives

Tina's Humor Archives

LINUX: Installing MPlayer

Linux.com | Installing MPlayer

M$: Replace and disable Internet Explorer now

NewsForge | Replace and disable Internet Explorer now

LINUX: Linux users are spoiled

NewsForge | Linux users are spoiled

OT: Searching for the Perfect OS

Wired News: Searching for the Perfect OS

MAC: Screens from Apple's Mac OS X 10.4, a k a Tiger

Screens from Apple's Mac OS X 10.4, a k a Tiger

LINK: LASEC: Publications

LASEC: Publications

LINK: Kmalloc Internals

Kmalloc Internals

BOOK: The Unofficial Revised Slackware Book Project

The Unofficial Revised Slackware Book Project

LINK: The SlackFiles: English documentation

The SlackFiles: English documentation

LINK: World Lecture Hall

World Lecture Hall

LINK: Client Server subject at University of Canberra

Client Server subject at University of Canberra

BOOK: Artificial Intelligence: A Modern Approach

Artificial Intelligence: A Modern Approach

LINK: ai programming resources

LinuxQuestions.org - ai programming resources - where Linux users come for help

LINK: Wittys.Com Security Text Files

Wittys.Com Security Text Files

LINK: Best Free Computer Security Training Materials

GovernmentSecurity.org -> Best Free Computer Security Training Materials

Do you have time to check these links? Well, it will help you guys for sure! Manu biggrin.gif

Rainbow Books - Great for studying for the CISSP Exam

TCP/IP References

Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network

Computer Vulnerabilities

Security Bibliography - many papers and books to download.

Firewalls Complete - Table of Contents

Handbook of Information Security Management

Network Security Library - Information, publications and books about network security, (in)security: UNIX, Windows, NetWare, WWW, Firewalls, Intrusion Detection, Security Policy, etc. Hundreds of books, articles and FAQs online.

Applied Cryptography - all chapters are available for free download.

Godzilla Cryptography Tutorial - many slides and presentations on this one.

Computer Security Research Papers

The CISSP Open Study Guide (OSG) Download Section

The TECS Computer Security Tutorial
IT Today, The Free Online IT Magazine, specializes in computer security

EarthWeb.com: The IT Industry Portal - Security Archives

Security Resources and Links from The Internet Security Conference

Slide Presentation on various network security vulnerabilities, including session hijacking, man in the middle attacks, ARP spoofing, DNS games, TCP sequence number guessing and so on. Also discusses some of the packages (dsniff, ettercap) that have been developed recently to exploit these vulnerabilities.


LINK: s0urceb0x


LINK: Simple Bufferoverflow - How To Do

GovernmentSecurity.org -> Simple Bufferoverflow - How To Do

M$: Visual Studio 2005 Beta Home

Visual Studio 2005 Beta Home

GOOGLE: Gmailers banned from selling addresses

.:[Security-Protocols]:. - Gmailers banned from selling addresses

VIRUS: W32/Sdbot-JG

Gmail - Sophos Anti-Virus IDE alert: W32/Sdbot-JG

Name: W32/Sdbot-JG
Type: Win32 worm
Date: 2 July 2004

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the August 2004 (3.84) release of Sophos Anti-Virus.

Customers using Enterprise Manager, PureMessage and any of the
Sophos small business solutions will be automatically protected
at their next scheduled update.

At the time of writing, Sophos has received no reports from
users affected by this worm. However, we have issued this
advisory following enquiries to our support department from

Information about W32/Sdbot-JG can be found at:

This IDE file also includes detection for:


Download the IDE file from:

Download all the IDE files available for the current version of
Sophos Anti-Virus in a single compressed file. The file is
available in two formats:

Zip file:

Self-extracting file:

Read about how to use IDE files at

To unsubscribe, email: notification-unsubscribe@lists.sophos.com
For additional commands, email: notification-faq@lists.sophos.com

SEC: SANS AuditBits Vol. 2, Num. 12

Gmail - SANS AuditBits Vol. 2, Num. 12

Hash: SHA1

SANS AuditBits July 2, 2004 Vol. 2, Num. 12


-- Four Michigan Cemeteries Violating State Law
-- Lessons to be Learned From Adecco
-- Rite Aid Execs Begin Serving Jail Time
-- Big Four Accounting Firms Gets Their Report Cards
-- KPNQwest Files Lawsuit Against Qwest International
-- Poll Shows European Companies Not Ready for 2005 IFRS
-- Shell Sued by Pension Funds for Mismanagement
-- Australian Version of International Standards to be Announced
-- IASB Publishes Preliminary Views on Standards for SMEs
-- IFAC and UNCTAD Join Forces
-- Case Against PNC Financial Dismissed
-- PCI Tells NAIC State Auditing Regulation Good Enough
-- SEC Approves Financial Reporting Auditing Standard
-- Accounting Watchdogs Report Misappropriation of USD 170 Million
-- FRC to Battle with Banks over IAS39
-- Embezzlement Leads to Proposed Reforms in State Law
-- Former Auditor Testifies Against Investment Banker
-- Parmalat Revamp Plan Filed


-- Accounting Beyond QuickBooks
-- Sarbanes-Oxley and Mergers


-- Cyber Risk Insurance: A Discourse and Preparatory Guide


-- Federal Reserve Revises Fair Credit Reporting Act Implementation
-- Free Annual File Disclosures
-- Interagency Statement on Sound Practices Concerning Complex
Structured Finance Activities
-- National Principal Contracts; Contingent Non-periodic Payments;

******************* Sponsored by SANS SCHOOL STORE ********************

Check out our School Store for recently released books on Business Law,
Solaris Securing Solaris, Computer Security Incident Handling and
exclusive books and merchandise. Also, check out our section on
recommended books written by SANS faculty, PDF samples on our
Step-By-Step Guides, and current specials on Oracle Security, 7-Pack
Guides, and T-shirts. For more information go to

Highlighted Training Programs Of The Week

SANS in London (June 21-26)
Five of our most popular tracks including Hacker Exploits, SANS Security
Essentials, Forensics, and more.

SANSFIRE in Monterey, CA (July 5-13) offers you 14 immersion training
tracks in one of the most beautiful places in America -- Monterey, CA.
Phenomenal training for auditors who want to master the challenges of
security auditors, managers who want to build a great security program,
beginners who want to get a fast start, and, of course, the only place
to go for technologists who want to master the most current methods for
protecting systems and networks.

SANSFIRE also offers lots of evening programs, extra one-day classes
ranging from Business Law to Cyberwarrior training, and vendor exhibits,



-- Four Michigan Cemeteries Violating State Law
(30 June 2004)
Four mid-Michigan cemeteries are violating a state law requiring 15
percent of proceeds from burial costs go into endowed trust. State
auditors maintain that between the four cemeteries there is USD 591,000
in trust fund deficits. However, state regulators maintain the public
should not worry yet. According to Alan J. Schefke, chief auditor with
the state Bureau of Commercial Services, while the four cemeteries are
making deposits slower than state law dictates, there is no evidence
that funds are being withdrawn improperly.
(Subscription Required)

-- Lessons to be Learned From Adecco
(29 June 2004)
Adecco shareholders are going to be demanding answers at the company's
annual meeting in Lausanne, Switzerland as to how the company's stock
plunged six months ago due to the perception of wrongdoing. Ultimately,
it was deemed that Adecco, the world's largest temporary employment
group, had only committed minor procedural irregularities. The events
at Adecco over the last six month have significance for executives
throughout Europe. Was Adecco merely the first victim of new
legislation or did the events at Adecco provide an object lesson? The
answers to these questions are vital for European executives. In
addition to companies affected by the U.S. Sarbanes-Oxley (SOX)
legislation, European firms will soon have to be compliant with a
European Commission directive on corporate governance in which key parts
are nearly identical to provisions in the SOX Act. Stewart Hamilton, a
professor of finance and accounting, asserts, "Key parts were lifted
from Sarbanes-Oxley. It's a wake-up call. It's coming here too."
(Subscription Required)

-- Rite Aid Execs Begin Serving Jail Time
(29 June 2004)
Three Rite-Aid executives, including Martin J. Grass, the company's
former chief executive, began serving their jail terms after pleading
guilty to federal conspiracy charges related to an accounting scandal
in which the company had to restate its earnings downward by USD 1.6
billion. Grass and Rite Aid's former chief financial officer Franklyn
M. Bergonzi will serve their sentences at prison camps for low security

-- Big Four Accounting Firms Gets Their Report Cards
(28 June 2004)
The Big Four accounting firms, PricewaterhouseCoopers LLC, Ernst & Young
LLC, KPMG LLP and Deloitte Touche USA LLP, received draft reports from
the Public Company Accounting Oversight Board (PCAOB). PCAOB chairman
William McDonough, speaking to lawmakers, revealed that the Big Four
accounting firms had "significant" problems; some of their issuing
clients did not appear to follow Generally Accepted Accounting
Principles (GAAP). In addition, McDonough asserts, "In terms of
overall, really tough application of quality, there's room for
improvement. The firms have 30 days to respond to the reports.

-- KPNQwest Files Lawsuit Against Qwest International
(28 June 2004)
A lawsuit against Qwest International, the regional telecommunications'
group, was filed in a New Jersey district court by the trustees of
KPNQwest. KPNQwest, which carried most of the Internet traffic in
Europe before it became insolvent two years ago, is seeking USD 3
billion in damage under the US Rico (Racketeer Influenced and Corrupt
Organization Act for damages KPNQwest and its creditors suffered due to
Qwest's mismanagement and breach of duty.

-- Poll Shows European Companies Not Ready for 2005 IFRS
(28 June 2004)
New international financial reporting standards (IFRS) are due to take
effect in 2005 but several recent polls indicate that companies are
ill-prepared for the deadline. According to a straw poll by accounting
firm KPMG, only twenty-five percent of Scottish non-executive directors
claim to have adequate preparations for the switch to the new IFRS.
Another study done by Atos KPMG Consulting found that preparations by
U.K. companies for IFRS were the worst in Europe with twenty-six percent
of companies maintaining they will not be able to meet the 2005
deadline, compared to 12% in France, Germany and the Netherlands. Also,
at this time, only two percent of U.K. companies are ready, compared
with twenty percent in the other three countries.

-- Shell Sued by Pension Funds for Mismanagement
(28 June 2004)
Two U.S.-based pension funds, the New York City-based UNITE National
Retirement Fund and the Virginia-based Pipefitters National Pension
Fund, filed a lawsuit in New Jersey Superior Court in Middlesex County
against twenty-seven directors and officers of the Royal Dutch/Shell
Group and their accounting and auditing firms PricewaterhouseCoopers
International and KPMG International following financial losses and
scandal associated with Shell's cutting its proved oil and natural gas
reserves four times since January. Among the allegations are "breach
of fiduciary duty, abuse of control, mismanagement, fraud and unjust
enrichment." The plaintiffs are seeking monetary damages against each
defendant, as well as new controls and limits on insider stock sales and
increased transparency of executive compensation and improved board
accountability to investors.

-- Australian Version of International Standards to be Announced
(28 June 2004)
According to the Australian Accounting Standards Board, Australia is
committed to pushing ahead with the implementation of international
accounting standards, despite letters from the Australian Institute for
Company Directors requesting a deferment of the January 1, 2005
implementation date. One of the standards, which requires the
disclosure of the market value of investments in derivative securities,
has sparked bitter opposition both in Australia and Europe; Belgium,
France and Italy have rejected the rule.

-- IASB Publishes Preliminary Views on Standards for SMEs
(28 June 2004)
The International Accounting Standards Board (IASB) has published a
Discussion Paper "Preliminary Views on Accounting Standards for Small
and Medium-sized Entities (SMEs)" which differs significantly from the
traditional views in standard-setting for the U.K. and the Republic of
Ireland who use the Accounting Standard Board's (ASB's) Financial
Reporting Standard for Smaller Entities (FRSSE) which is tailored to the
needs of small entities. The IASB hopes to receive comments on its
basic approach to the project on accounting standards for SMEs. The
ASB's Committee on Accounting for Smaller Entities (CASE) has requested
copies of responses to the IASB Discussion Paper from parties in the
U.K. and Ireland to allow discussion on the issue at its September 8th

-- IFAC and UNCTAD Join Forces
(28 June 2004)
The International Federation of Accountants (IFAC) and the United
Nations Conference on Trade and Development (UNCTAD) have joined forces
to boost accounting standards in developing nations and transitional
countries. A representative from UNCTAD summed up the joint effort with
a statement maintaining, "The two organizations share the objectives of
achieving greater transparency and accountability with a view to
strengthening the international financial systems and contributing to
economic growth."

-- Case Against PNC Financial Dismissed
(24 June 2004)
The U.S. District Court for Western Pennsylvania dismissed the case
against PNC Financial Services Group at the request of the U.S.
Department of Justice (DOJ) citing the fact that dismissal of the case
was part of a deferred prosecution agreement the DOJ had with PNC. The
settlement, reach in July 2002 required PNC to pay 115 million USD in
penalties connected with security fraud charges. The charges arose due
to PNC's removal of USD 762 million in bad corporate loan and
investments in 2001, which inflated the company's annual earnings by USD
155 million. According to PNC spokes man Bryan Goerke, the case
dismissal "brings closure to the main governmental investigations and
inquires into PNC and its affiliates stemming from the 2001
Related Article: Judge Says PNC Didn't Prove Breach

-- PCI Tells NAIC State Auditing Regulation Good Enough
(24 June 2004)
The Property Insurers Association of America (PCI), and other industry
representatives attending a public hearing, told the National
Association of Insurance Commissioners (NAIC) Working Group that the
Group needs to reconsider proposed amendments to its Model Audit Rule
that would incorporate provisions from the Sarbanes-Oxley (SOX) Act.
According to PCI's financial vice president Stephen W. Broadie current
state regulations achieve the goals of SOX. He notes "the working group
needs to examine whether there is a problem with current regulation and
what the cost and benefits of potential solutions are before assuming
that the very costly internal controls provisions of SOX are the

-- SEC Approves Financial Reporting Auditing Standard
(24 June 2004)
The Public Company Accounting Oversight Board, a private, nonprofit
company established by the Sarbanes-Oxley Act, developed an auditing
standard for internal control over financial reporting that identifies
four major categories of IT control: program development, program
changes, computer operations and access to programs and data. The
standard, approved by the Oversight Board in March, covering section 404
of Sarbanes-Oxley, has now been approved by the Securities and Exchange
Commission (SEC). Foreign companies listed at U.S. stock exchanges and
companies with less than USD 75 million market capitalization must
comply by 15 July 2005, while all other publicly traded companies will
have to include such attestations with their 2004 annual reports
starting 15 Nov. 2004.

-- Accounting Watchdogs Report Misappropriation of USD 170 Million
(24 June 2004)
In a recently published report covering its annual audit of select
government departments and state-owned enterprises, China's National
Audit Office found that officials at 41 out of 55 departments had
diverted funds into other areas that had been allocated for specific

-- FRC to Battle with Banks over IAS39
(24 June 2004)
Sir Bryan Nicholson, chairman of the UK's accounting regulator, the
Financial Reporting Council (FRC), in a letter to the internal market
commissioner of the European Union, Frits Bolkestein, talking about the
International Accounting Standards IAS32 and IAS39, warned that "Failure
to endorse these standards will have serious implications for the
quality and credibility of the EU's financial reporting regime," adding
that failure to endorse the standards would be incompatible with the
stated objectives of the EU's own regulation for international
accounting standards. Opposition to the IAS39 standard centers around
concerns from European banks over the introduction of "false volatility"
into their accounts.

-- Embezzlement Leads to Proposed Reforms in State Law
(23 June 2004)
The Roslyn, Virginia Council of School Superintendents is calling for
reforms in state law following the embezzlement of school funds by
school superintendent Pamela Gluckin in October 2002. According to
Jericho District Superintendent Henry Grishman, the council discussed
ways to prevent theft in school districts and came up with several
recommendations to change legislation to tighten weaknesses in audit and
hiring procedures that may have contributed to the embezzlement.
Recommendations include banning officials accused of fraud from
resigning without disclosure or an investigation and mandating that
annual district audits include checks for fraudulent vendors or vendor

-- Former Auditor Testifies Against Investment Banker
(23 June 2004)
Charged with embezzling USD 518,145 from his publicly traded companies,
Nathan A. Chapman Jr. heard his company's former auditor, Graylin Smith,
testify that he had warned the investment banker in 2001 that he had to
stop taking checks for expenses he couldn't document. Evidence
introduced in the federal fraud trail showed that, two days after
receiving the warning, Chapman accepted another such "business
development" check. According to Smith, he had talked with Chapman
about accepting loans from his own company as early as 2000.

-- Parmalat Revamp Plan Filed
(23 June 2004)
Antonio Marzano, Italian Industry Minister, was presented with a plan
developed by Enrico Bondi, late last year named commissioner to organize
the bankruptcy-protection restructuring of dairy giant Parmalat after
its massive fraud scandal, which he is expected to approve soon.
According to one news agency, Marzano wants Parmalat to remain in
Italian hands and expects the company to return to "strong profits once
the plan is implemented, by the years 2005 and 2006." The plan
recommends the company to concentrate on fruit juice, milk and
milk-related products, sell the dairy group's non-core assets, and slash
the number of the group's brands from 120 to 30.

*************************** SPONSORED LINKS ***************************
Notice: These links may redirect to non-SANS web pages.

(1) Interested in a Roadmap to Security Tools & Services?
Go to:

(2) Got a SSH client? Need secure access to your servers? Get OpenSSH
server free today:

(3) Need guidance on implementation and configuration of OpenSSH?
Order a Step-by-Step guide:



-- Accounting Beyond QuickBooks
As a small business grows so do its accounting needs. Over time,
software accounting applications such as QuickBooks are not sufficient
to meet the company's expanding accounting needs. This tutorial
examines questions that the business owner must consider before
purchasing a more complex accounting solution.

-- Sarbanes-Oxley and Mergers
This tutorial examines the effect of Sarbanes-Oxley on the merger and
acquisition activities of companies. It provides discussion on several
specific issues that should be examined when conducting a Sarbanes-Oxley
audit including control and procedures, financial statement
certifications, prohibition on insider loans and corporate governance
http://www.accountingweb.com/cgi-bin?id=99353 NOT FOUND


-- Cyber Risk Insurance: A Discourse and Preparatory Guide
By Denis Drouin
This paper offers insight to the implications of insurance and cyber
crime coverage and raises the awareness of the uncertain ties within
cyber insurance. It will also examine topics such as what technology
based insurance policies are available to the insured, the
organizational liabilities and what effect changing technology is likely
to have on organizations over time.


-- Federal Reserve Revises Fair Credit Reporting Act Implementation
The Board of Governors of the Federal Reserve System has published
revisions to Regulation V which implements the Fair Credit Reporting Act
(FCRA). Section 217 of the Fair and Accurate Credit Transactions Act of
2003 (FACT Act) amends the FCRA, requiring financial institutions that
extend credit and regularly furnish information to a nationwide consumer
reporting agency, and furnishes negative information to such an agency
regarding credit extended to a customer, the institutions must also
provide a clear and conspicuous notice about furnishing negative
information, in writing, to the customer. The term "financial
institution" is defined by Section 217 to have the same meaning as in
the privacy provisions of the Gramm-Leach-Bliley Act.
Effective: 16 July 2004.

- -- Free Annual File Disclosures
This final rule implements provisions made law by the Fair and Accurate
Credit Act of 2003. Under this law, the Federal Trade Commission was
mandated to establish a centralized source through which consumers may
request a free annual file disclosure from each nationwide consumer
reporting agency as well as an efficient process for them to do so.
Date: This rule is effective on December 1, 2004.

-- Interagency Statement on Sound Practices Concerning Complex
Structured Finance Activities
The Office of the Comptroller of the Currency, Treasury (OCC), Office
of Thrift Supervision, Treasury (OTS); Board of Governors of the Federal
Reserve System (Board); Federal Deposit Insurance Corporation (FDIC);
and Securities and Exchange Commission (SEC) are extending the comment
period for a proposed Interagency Statement on Sound Practices
Concerning Complex Structured Finance Activities.
Date: Comments should be received by July 19, 2004.

-- National Principal Contracts; Contingent Non-periodic Payments;
The Internal Revenue Service (IRS) is publishing a correction to a
correction notice for proposed regulations that were published in the
Federal Register on March 23, 2004 (69 FR 13498). The proposed
regulations call for the inclusion into income or deduction of a
contingent nonperiodic payment provided for under a notional principal
contract (NPC).


AuditBits Editorial Board:
Aminah Grefer, Roland Grefer, David Mangefrida, Stephen Northcutt,
Aurobindo Sundaram, Arrigo Triulzi

If you would like to provide feedback, have additional news items or
other information you would like to share with us, please send an email
to AuditBits@sans.org.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit

An archive of past issues of the AuditBits newsletter is available at

The AuditBits newsletter is also available as a RSS feed at

Version: GnuPG v1.2.4 (Darwin)


SEC: [INFOCON] NewsBits - 07/01/04

Gmail - [INFOCON] NewsBits - 07/01/04

NewsBits for July 1, 2004

Boy, 16, Is Arrested Under Film Piracy Law
A 16-year-old boy was arrested at a Chatsworth movie
theater early Wednesday after an employee wearing
night-vision goggles caught him videotaping "Spider-
Man 2," Los Angeles police said. The boy was booked
under a state law enacted earlier this year that
makes videotaping in a movie theater punishable by
up to one year in jail, with a maximum fine of $2,500,
according to police.
(LA Times article, free registration required)

'Fahrenheit' Web leaks add fuel to controversy
- - - - - - - - - -
Students Allegedly Hack Into School Psychologist's Computer
Two Long Island students were charged with illegally
accessing a high school psychologist's computer and
tampering with other students' psychological evaluations,
officials said. Christopher Kabacinski, 18, and Ryan
Webb, 16, both students at Carle Place High School,
allegedly learned the psychologist's password and
used it to log on to the school's computer network.
- - - - - - - - - -
Man Admits Counterfeiting $100 Bills Made On Color Copier
A Parsippany man admitted in federal court Tuesday
to trying to pass off counterfeit $100 bills he
produced using a color copier purchased at a computer
store, the U.S. Attorney's office announced. Martin
Siris, 58, was arrested Feb. 27 at Meadowlands
Racetrack in East Rutherford, after authorities
said he placed an $800 bet with the photocopied
bills. Secret Service agents found another $5,000
in bogus bills that Siris was carrying, and then
$200,000 in photocopied fakes he had stashed in
a safety deposit box, authorities said.
- - - - - - - - - -
California man sentenced on child porn charges
A California man convicted of e-mailing obscene
messages and photos to a young girl in Jeff Davis
Parish has been sentenced to five years in prison
at hard labor. Stephen Anderson, 62, of Oceana,
Calif. was convicted in the 31st Judicial District
Court this week on three counts of pornography
involving juveniles and one count of contributing
to the delinquency of a juvenile.
- - - - - - - - - -
Midland: Former officer sentenced
A sobbing and contrite former Midland policeman,
William Andrew "Andy" Glasscock, was sentenced
to 15 1/2 years in federal prison Tuesday after
pleading guilty to two charges stemming from his
Christmas Eve 2003 arrest by Odessa police and
Texas Rangers. Glasscock, 52, attributed his fall
to "a sexual addiction" that led him to allegedly
drug and rape women, spy on a pubescent girl in
his bathroom and traffic in Internet child
- - - - - - - - - -
Web criminals hit Betfair with DDOS attack
UK Internet betting site Betfair said on Wednesday
afternoon that it had been attacked by Web-based
criminals. In an statement posted on its site,
Betfair told its users that it been the victim
of a distributed denial of service (DDOS) attack.
DDOS attacks are used by malicious Web users to
prevent a server from functioning properly by
flooding it with traffic.
- - - - - - - - - -
Nigeria failing to tackle 419ers
Roughly 200 Nigerians are currently serving jail
terms for advance fee or 419 fraud around the world,
Malam Nuhu Ribadu, chairman of the Nigerian Economic
and Financial Crimes Commission (EFCC), told a
seminar in Abuja this week. But in Nigeria itself
not a single person has been sentenced yet. About
500 suspected fraudsters are currently detained by
the commission in various detention centres across
Nigeria, but they still await trial, according to
afternoon daily P.M. News.
- - - - - - - - - -
Tracking of E-Mails Held Legal
In an online eavesdropping case with potentially
profound implications, a federal appeals court ruled
it was acceptable for a company that offered e-mail
service to surreptitiously track its subscribers'
messages. The case involves a now-defunct online
literary clearinghouse, Interloc Inc., which was
acquired in 1998 by Alibris Inc., an Emeryville,
Calif.-based online rare-book broker. Interloc made
copies of the e-mails sent to its subscribers by rival
Amazon.com Inc. An Interloc executive was subsequently
indicted on an illegal wiretapping charge.
- - - - - - - - - -
Net Firms Not Liable for Piracy in Canada
The music industry suffered a legal defeat Wednesday
when the Canadian Supreme Court rejected its contention
that Internet companies should pay royalties for pirated
music. The court rejected an argument that Internet
service providers must pay royalties to musicians and
their publishers to cover music their customers download.
It concluded that the Internet companies were mere
conduits of the information.

'Controlled' music copying okay - record industry group
- - - - - - - - - -
IP address fight in N.J. worries ISPs
A New Jersey State Court ruling in a case involving
the use of Internet Protocol addresses by a Web
hosting firm is causing alarm among some network
operators who believe it may create a dangerous
precedent. University Communications Inc.,
a Parsipanny. N.J.-based Web hosting company,
earlier this week secured a temporary restraining
order that allows it to continue using its current
IP addresses -- even after terminating its contract
with the assigning service provider.
- - - - - - - - - -
Spam still presents technology and enforcement challenges
In case you had not noticed it, spam has not
disappeared in the six months that the CAN-SPAM
Act has been in force. By various estimates,
spam now accounts for well over 80 percent of
all e-mail and still clogs servers and in boxes.
According to the spam filtering company Commtouch
Inc. of Mountain View, Calif., the number of spam
outbreaks per day increased by 43 percent during
the first half of 2004, from 350,000 each day to

Junk mail host nations named and shamed
Appeals court upholds Washington state spam law
- - - - - - - - - -
Auditors: DHS flunks wireless security
The Homeland Security Department's failure to
impose security controls on its wireless data
exposes sensitive information to potential
eavesdropping and misuse, the department's
inspector general said. The department agreed
to tighten its wireless security in accord with
the IG's recommendations. As a department that
is part of the government's intelligence community,
many DHS agencies handle sensitive and classified
information at various levels affecting
counterterrorism and law enforcement functions.
- - - - - - - - - -
FBI opens new computer crime lab
The FBI opened a new lab Tuesday dedicated to
detecting computer-related crimes and training
federal, state and local police to catch Internet
pedophiles, frauds and thieves. It is the second
such lab the FBI has opened in the United States,
and it will serve one of 50 computer crime task
forces that have been set up around the country to
increase cooperation among law enforcement agencies.
- - - - - - - - - -
No nudes on .nu: official
The operators of the .nu TLD have taken mighty
exception to a recent report by Secure Computing
which claimed that the tiny sun-kissed island of
Niue was the repository for three million pages
of Web depravity. .NU Domain Ltd - the US-based
.nu custodian - is to take legal action against
Secure for "making false claims that .NU Domain
is hosting millions of pages of pornographic
- - - - - - - - - -
Brightmail tackles zombies
Brightmail, a maker of antispam tools, released
this week a new version of its software, which now
includes features designed to deal with zombie PCs.
One way that Brightmail's new software, Anti-Spam
6.0, filters spam is through maintaining lists of
spammers' IP addresses, which it calls a Reputation
Service. It gathers information on spammers by
setting up "honey pots"--fake e-mail accounts on
the Web designed to attract spambots trawling for
new addresses to spam.
- - - - - - - - - -
Microsoft security flaws renew calls to switch browsers
It's been a bad week for many users of Microsoft Corp.'s
nearly ubiquitous Internet Explorer browser. A pair
of virus attacks exploiting its vulnerabilities has led
security experts to recommend that Web surfers consider
such alternatives as Mozilla and Opera.
- - - - - - - - - -
Usenix: Experts debate security through diversity
Most of those on hand for a debate on OS and browser
diversity like the idea. The sheer number of worms
and viruses directed at Microsoft Corp.'s Windows
operating system and Internet Explorer browser have
many in the computer industry wondering whether the
cyberworld would be more secure if more users relied
on alternatives to Microsoft's products.
- - - - - - - - - -
Third-generation security
Today's security challenges call for a third-generation
security strategy. Each week vnunet.com asks a different
expert to give their views on recent security issues,
with advice, warnings and information on the latest
threats. This week Dave Roberts, co-founder and vice
president of strategy, product management and marketing
at Inkra, explores how virtualisation technology is
making layered security a reality.
- - - - - - - - - -
At Delta, tracking bags with radio tags
Delta Air Lines says it will use radio frequency
identification technology to end the problem of
lost luggage for its customers and save itself
up to $100 million annually. The company announced
that it is to spend between $15 million and $25
million to launch an RFID system across its U.S.
network. When the system is installed, it will be
able to track bags from airport check-in counters,
where the RFID tags will be attached, until they
are dropped off at the baggage carousel at the
customer's destination.
- - - - - - - - - -
Lawmakers back full funding for data-sharing center
The Homeland Security Department's nerve center for
analyzing and sharing information about potential
terrorist threats would receive significant funding
next year under pending legislation. The House and
Senate have proposed matching President Bush's
request for $35 million to fund the Homeland Security
Operations Center in fiscal 2005. The House passed
its bill, H.R. 4567, on June 18 by a vote of 400-5;
the Senate measure, S. 2537, is awaiting floor action.
- - - - - - - - - -
Colorado to require microchip implants in dangerous dogs
Colorado dog owners beware: A state law goes into
effect today that requires implanting a microchip
in dogs that injure someone. It's the latest use
of the tiny device already inserted under the
skin of millions of pets across the country.
These microchips are commonly used for reuniting
lost pets with their owners.
- - - - - - - - - -
Some military bases on alert for Coke's GPS promotion
There's a new security threat at some of the nation's
military bases -- and it looks uncannily like a can
of Coke. Specially rigged Coke cans, part of a summer
promotion, contain cell phones and global positioning
chips. That has officials at some installations worried
the cans could be used to eavesdrop, and they are
instituting protective measures.
Search the NewsBits.net Archive at:
The source material may be copyrighted and all rights are
retained by the original author/publisher. The information
is provided to you for non-profit research and educational
purposes. Reproduction of this text is encouraged; however
copies may not be sold, and NewsBits (www.newsbits.net)
should be cited as the source of the information.
Copyright 2000-2004, NewsBits.net, Campbell, CA.
Asst. Chief Ron Levine (Acting) | Voice (650)949-7339
Foothill-DeAnza College Dist. Police | FAX (650)941-4963
12345 El Monte Road | Pager (888)399-7369
Los Altos Hills, CA 94022 | mailto:rlevine@ix.netcom.com
Visit the Foothill-DeAnza College Dist. Police Web Site at

Information is the currency of victory on the battlefield.
GEN Gordon Sullivan, CSA (1993)

INFOCON Mailing List @
IWS - The Information Warfare Site

To subscribe, change your subscription or unsubscribe go to http://www.iwar.org.uk/mailman/listinfo/infocon/

Friday, July 02, 2004

SEC: Usenix: Experts debate security through diversity

Usenix: Experts debate security through diversity - Computerworld

OT: Military clashes with Coca-Cola over electronics used in promotion

HoustonChronicle.com - Military, Coca-Cola clash over GPS device

SEC: Hackers target DND computers, break into network

Ottawa Citizen - canada.com network



OT: Mozilla Feeds on Rival's Woes

Wired News: Mozilla Feeds on Rival's Woes

SEC: Gary McGraw on software security

Alex Moskalyuk Weblog: Gary McGraw on software security

/. : Dept. of Homeland Security Says to Stop Using IE

Slashdot | Dept. of Homeland Security Says to Stop Using IE

LINUX: Looking for Indemnification While Linux Sales Double

Looking for Indemnification While Linux Sales Double by Tom Adelstein -- Tom Adelstein examines issues related to Linux use in the enterprise while copyright infringement claims exist.

Thursday, July 01, 2004

LINK: Google Directory - Games > Puzzles > Cryptograms

Google Directory - Games > Puzzles > Cryptograms

LINK: Cryptograms




PROG: CSN381 Introduction to C Programming

CSN381 Introduction to C Programming

PROG: EulerConstant


LINK: EULER - Your Portal to Mathematics Publications

EULER - Your Portal to Mathematics Publications

GOOGLE: Google Moderate SafeSearch is on images



BOOK: The GNU C Programming Tutorial

The GNU C Programming Tutorial

BOOK: Welcome to the SICP Web Site

Welcome to the SICP Web Site

LINK: Topics in cryptography - Wikipedia, the free encyclopedia

Topics in cryptography - Wikipedia, the free encyclopedia

LINK: EECS 4980/5980: Special Topics - Computer Security

EECS 4980/5980: Special Topics - Computer Security

/. : Linux vs. Windows: What's The Difference?

Slashdot | Linux vs. Windows: What's The Difference?

SEC: Security In The News - June 30, 2004

Gmail - [INFOCON] Security In The News - June 30, 2004

Security In The News


This report is also available on the Internet at

European betting sites brace for attack:
The Register6/28/04

Latest ID theft victim? A law firm:
MSNBC (AP)6/28/04

Cyber-loafing boss sacks office spyware detective:

Learn computer forensics at Bradford University:
The Register6/30/04

FTC mulls bounty system to combat spammers:

In Wild West of data mining, a new sheriff?:
MSNBC (AP)6/28/04

Rights Groups Seek E-Vote System Source Code Access:
Also - Federal Computer Week6/29/04

Pop-Up Program Snatches Banking Passwords:

In Hungary, creator of computer virus given suspended prison sentence:
Security Focus (AP)6/30/04

There is no anti-spyware silver bullet:
The Register6/30/04

GAO: Net-centric war needs better integration:
Federal Computer Week6/29/04

NIST aims to ease XP security setup:
Federal Computer Week6/29/04

Microsoft haunted by old IE security flaw:
C-Net News6/30/04

ISPs avoid royalties for music downloads:
The Globe and Mail6/30/04

E-Mail Snooping Ruled Permissible:
Wired News6/30/04


Title: European betting sites brace for attack
Source: The Register
Date Written: June 28, 2004
Date Collected: June 30, 2004
German computer magazine c't reports that extortionists may threaten to launch distributed denial of service (DDoS) attacks against online betting sites during the Euro 2004 soccer finals. Popular betting site Betfair estimates that its website will handle over $200 million during the Euro 2004 tournament. Extortionists often demand up to $15,000; DDoS attacks against betting sites, sometimes lasting as long as 16 hours, as in the case of Mybet, can cost far more in lost betting opportunities. Attacks originate from Eastern Europe or Latin America, and leverage armies of zombie computers; some sources believe at least two groups control tens of thousands of such hijacked machines. Some betting sites have gone out of business after such DDoS attacks, or have abandoned websites for phones.


Title: Latest ID theft victim? A law firm
Source: MSNBC (AP)
Date Written: June 28, 2004
Date Collected: June 30, 2004
Paralegal Phoebe Nicholson, 39, has been charged with grand larceny for embezzling nearly $600,000 from law firm Fish & Neave of Manhattan. Ms. Nicholson "basically stole the identity of this law firm", according Westchester County District Attorney Jeanine Pirro. Ms. Nicholson set up a bank account under the name "Fish Neave", forged her boss's signature on phony bills from the law firm, and persuaded her employer, Honeywell International, to send her the checks for delivery. Ms. Pirro surmises that it was only a matter of time before identity thefts targeted corporations as well as individuals. Ms. Nicholson is being held on $5 million bail, and faces up to fifteen years in prison if convicted.


Title: Cyber-loafing boss sacks office spyware detective
Source: Silicon.com
Date Written: June 29, 2004
Date Collected: June 30, 2004
The Alabama Department of Transportation has fired Vernon Blake for installing WinSpy, a freely available spyware, on his boss's computer. Mr. Blake was apparently frustrated over the 'cyber-loafing' of his boss, George Dobbs, and used the spyware to prove that Mr. Dobbs spent 70% of his time playing solitaire. Symantec warns that WinSpy can not only monitor computer use, but also log keystrokes, possibly giving Mr. Blake access to sensitive material in violation of the law. Installing spyware on a boss's computer may also violate company policy, and may result in loss of job. Mr. Dobbs has been given a written warning, reminding him that managers must not "compromise their ability to manage subordinates."


Title: Learn computer forensics at Bradford University
Source: The Register
Date Written: June 30, 2004
Date Collected: June 30, 2004
The United Kingdom's University of Bradford is offering a Masters of Science in Forensic Computing, citing the growing demand for computer scientists to investigate cyber crimes. Courses offered range from such technical topics as "Network Protocols" and "Foundations of Cryptography" to such legal subjects as "Crime analysis" and "Crime scene management, courtroom and expert witness skills". University of Bradford joins such institutions as Cranfield University and the University of Glamorgan in offering a Master in computer forensics.


Title: FTC mulls bounty system to combat spammers
Source: MSNBC
Date Written: June 30, 2004
Date Collected: June 30, 2004
The Federal Trade Commission (FTC) is studying the possibility of offering bounties for information leading to the successful prosecution of mass marketing e-mailers who violate the CAN-SPAM Act. The CAN-SPAM Act, which requires spammers to give accurate information in e-mail headers, to label adult content, and to allow consumers to opt out of future spams, also requires the FTC to study the feasibility of a bounty program offering "not less than 20 percent of the total civil penalty collected" for people who first identify spammers who violate the CAN-SPAM Act. The idea of a bounty was popularized by Stanford Law professor Lawrence Lessig. Steve Linford, founder of the antispam group Spamhaus.org argues that the FTC already has enough information on the identities of spammers, and does not need anymore. Louis Mastria, a spokesman for the Direct Mail Association objects that bounties would promote vigilantism and would probably be ineffective.



Title: In Wild West of data mining, a new sheriff?
Source: MSNBC (AP)
Date Written: June 28, 2004
Date Collected: June 30, 2004
As the US government seeks to leverage data mining technology to search for clues of terrorist activity and government waste, privacy advocates warn that no regulations govern the proper use of the technology. Senator Joe Lieberman (D-Connecticut) says the Transportation Security Administration may have violated the 1974 Privacy Act by acquiring airline passenger data without passengers' consent. The Technology and Privacy Advisory Committee (TAPAC) has released a report finding data mining useful for combatting terrorists, but calls for anonymizing technology to protect US citizens against unreasonable searches. If evidence of terrorist activity is found, investigators could get authorization to uncover identities from the Foreign Intelligence Surveillance Court. TAPAC recommends the restrictions only for general data mining of US citizens, but not for analysis of government employees, airline passengers, or foreign intelligence data. Congress is not expected to pass data m!
ining laws until after the 2004 elections.


Title: Rights Groups Seek E-Vote System Source Code Access
Source: EWeek.com
Date Written: June 29, 2004
Date Collected: June 30, 2004
The Leadership Conference on Civil Rights and the Brennan Center for Justice at New York University School of Law have released a report of security and best practice recommendations to 675 counties using DRE (direct recording electronic) voting machines. The recommendations draw on advice from Eric Lazarus and a team of information technology security experts, including Howard Schmidt, former cybersecurity advisor to the White House. The most prominent recommendation is to have DRE voting machines analyzed by an independent security team with no business relationship with the machine vendor. The teams must have full access to the machines and back-end systems, something vendors have been reluctant to provide, arguing that the code could be misused. Counties should also establish permanent independent panels of computer experts and citizen groups to monitor security and conduct post-election assessments. Election officials should receive security training, develop parallel t!
esting for problems, and establish a standard process for dealing with security incidents and to protect evidence for an investigation. The recommendations have won support from such organizations as the Electronic Frontier Foundation, the Electronic Privacy Information Center, the National Committee for Voting Integrity, and the National Association for the Advancement of Colored People.

Also - http://www.fcw.com/fcw/articles/2004/0628/web-evote-06-29-04.asp


Title: Pop-Up Program Snatches Banking Passwords
Source: EWeek.com
Date Written: June 29, 2004
Date Collected: June 30, 2004
Online banking customers are being hit by a Trojan that infects machines through a pop-up ad to steal user names and passwords for banking sites. The pop-up ad uploads an apparent image file, img1big.gif, which is really a compressed executable containing the Trojan and a DLL (dynamic linked library), which are installed as a BHO (browser help object) for Internet Explorer. The Trojan monitors web use for HTTPS (hypertext transfer protocol secure) sessions with a list of banking sites, including Citibank, Deutsche Bank, and Barclays Bank. The Trojan grabs outbound POST and GET data before its is encrypted by SSL (Secure Sockets Layer). The Trojan then encrypts the data itself and sends it to a remote server. SANS Internet Storm Center learned of the Trojan when a user found it on one of his company's computers after it failed to properly install due to restrictions on the user's account.


Title: In Hungary, creator of computer virus given suspended prison sentence
Source: Security Focus (AP)
Date Written: June 30, 2004
Date Collected: June 30, 2004
The Veszprem City Court in Hungary has convicted a teenager, referred to only as Laszlo K., of unauthorized use of computer systems and sentenced him to two years probation and to pay $2,400 in court costs. Laszlo K. created an e-mail virus that infected tens of thousands of computers in May 2003, tricking users into downloading an e-mail file attachment by promising pictures of Hungarian porn actress Maya Gold. The virus disabled antivirus, disabled the mouse, and printed anti-Microsoft messages. Hungarian newspaper Nepszabadsag reports that Mr. K. created the virus to prove to himself that he had some skills after failing several high school projects. The police were able to track down Mr. K. since the virus was originally e-mailed from his address, and contained his name and postal code in the source code.


Title: There is no anti-spyware silver bullet
Source: The Register
Date Written: June 30, 2004
Date Collected: June 30, 2004
The Meta Group warns that the threat of spyware will continue to grow over the next few years. Only a handful of consumer products and emerging corporate products address spyware, while spyware features often have legitimate uses, making them difficult for antivirus to filter. The Spywarewarrior website notes that many anti-spyware tools are ineffective, are sold through deceptive practices, and are often spywares themselves. Some anti-spyware products are based on databases stolen from other anti-spyware vendors. The Meta Group finds that organizations must address spyware through a combination of policies and software until stronger solutions are available.



Title: GAO: Net-centric war needs better integration
Source: Federal Computer Week
Date Written: June 29, 2004
Date Collected: June 30, 2004
The General Accounting Office (GAO) has found that while network-centric communications and sensors have enhanced the military's battle capabilities, it has also found some barriers to the progress of network-centric warfare. GAO finds that Defense lacks standardized interoperable systems, a unified battlefield information system, ability to quickly assess battle damage, and training to help personnel deal with the increased information. Joint Forces and Special Operations used different Blue Force Tracking systems in Iraq, requiring them to build a make-shift network to allow the two forces to locate each other. Central Command has to deal with 23 reporting formats when assessing battle damage in Afghanistan. The Defense Department responds that a number of program are already addressing these issues, including the Global Information Grid, Joint Network Fires Capability roadmap, the Joint Fires Initiative, Joint Close Air Support, and Joint Targeting School.


Title: NIST aims to ease XP security setup
Source: Federal Computer Week
Date Written: June 29, 2004
Date Collected: June 30, 2004
The National Institute of Standards and Technology (NIST) has released Special Publication 800-68, offering recommendations and checklists for configuring security on Windows XP Professional in accordance with the Federal Information Security Management Act (FISMA) of 2002. The document should help systems administrators avoid mistakes that can cost time and money. NIST worked with the Defense Information Systems Agency, the National Security Agency, Microsoft, and the Center for Internet Security to develop the standards for productivity applications, e-mail, web browsers, personal firewalls, and antivirus. July 2004, NIST will publish details on its Security Configuration Checklists Program, a web portal that will let federal officials research softwares when making purchasing decisions. According to Center for Internet Security chief executive Clint Kreitner, software makers, businesses, and government agencies are reaching a consensus on security controls; Dell and Micro!
soft have begun shipping products already configured for security.


Vulnerabilities & Exploits

Title: Microsoft haunted by old IE security flaw
Source: C-Net News
Date Written: June 30, 2004
Date Collected: June 30, 2004
Security firm Secunia has released an advisory of a flaw in Microsoft's Internet Explorer that had been fixed in earlier versions in 1998. The flaw affects users who have multiple instances of Explorer open. An attacker can use one browser to alter the content of another without the user's knowledge, possibly inserting links to malicious websites to upload malware or trick users into revealing passwords. Secunia chief technology officer Thomas Kristensen comments "It's a concern that a company like Microsoft has a problem that's already been fixed in older versions resurface in newer ones". A number of flaws have been revealed in Internet Explorer recently, prompting the US Computer Emergency Readiness Team to recommend users switch browsers. One flaw allows an attacker to upload a keystroke logger through a pop-up ad, while another downloaded a malicious script from a Russian site when users visited popular website that had been cracked and planted with another malicious sc!
ript. The Russian site has been shut down.


Civil & Consumer Issues

Title: ISPs avoid royalties for music downloads
Source: The Globe and Mail
Date Written: June 30, 2004
Date Collected: June 30, 2004
The Supreme Court of Canada has ruled, 9-0, that Internet service providers (ISP) do not have to pay royalties to composers and artists for music downloaded from the Internet, finding that ISPs are merely intermediaries. The suit was brought to the court by the Society of Composers, Authors and Music Publishers of Canada (SOCAN) which also wanted federal copyright regulations extended to foreign websites that serve Canadians. The Canadian Association of Internet Providers, which includes such companies as Bell, Sprint, America Online, MCI, IBM, and Yahoo, argued that SOCAN should seek royalties from websites that offer music for download. SOCAN's lawsuit differs from those of the American music industry, which sues file-sharing services and individual users.


Title: E-Mail Snooping Ruled Permissible
Source: Wired News
Date Written: June 30, 2004
Date Collected: June 30, 2004
The First Court of Appeals in Massachusetts has ruled that Bradford C. Councilman, owner of a rare and out-of-print books website who provided e-mail service to other book dealers, did not violate the Wiretap Act when he intercepted and read customers' e-mails. Unknown to customers, Mr. Councilman ran code that copied e-mails from competitor Amazon.com before sending them on their intended recipient. Mr. COuncilman used the e-mails to find out what books people were seeking to gain an advantage over Amazon. The court ruled that this did not count as interception under the Wiretap Act, since the e-mails were in memory, and thus 'storage', rather than in transit. The court acknowledged that the Wiretap Act may be out of date for dealing with Internet communications. Kevin Bankston, an attorney with the Electronic Frontier Foundation, criticizes the ruling, arguing that it gives "Internet communications providers free rein to invade the privacy of their users for any reason and!
at any time". Justice Kermit V. Lipez wrote a dissenting opinion, arguing that Congress did not intend for e-mail temporarily stored during transmission to have less privacy than messages in transit.


To change your delivery preferences please go to:

If you wish to stop receiving the 'Security in the News' service please go to:

The Institute for Security Technology Studies (ISTS) accepts no responsibility for any error or
omissions in this e-mail. The information presented is a compilation of material from various
sources and has not been verified by staff of the ISTS. Therefore, the ISTS cannot be made
responsible for the factual accuracy of the material presented. The ISTS is not liable for any loss
or damage arising from or in connection with the information contained in this report. It is the
responsibility of the user to evaluate the content and usefulness of this information. References in
this e-mail to any specific commercial products, processes, or services by trade name, trademark,
manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by
the ISTS. ISTS is a research, not operational, organization, and makes its Security in the News
e-mail available as a public service on a best-effort basis. Security in the News will be sent out
on most business days, but not all.

Institute for Security Technology Studies
Dartmouth College
45 Lyme Road, Suite 200
Hanover, NH 03755
Tel: (603) 646 0700
E-mail: dailyreport@ists.dartmouth.edu

Information is the currency of victory on the battlefield.
GEN Gordon Sullivan, CSA (1993)

INFOCON Mailing List @
IWS - The Information Warfare Site

To subscribe, change your subscription or unsubscribe go to http://www.iwar.org.uk/mailman/listinfo/infocon/

SEC: High school students charged with hacking into psychologist's computer

Newsday.com - AP Regional

PROG: Sine code for ANSI C

Google Groups: View Thread "Sine code for ANSI C"

PROG: Faster Math Functions

SCEA Research and Development

Title: (105) Faster Math Functions
Speakers: Robin Green
Time/Date: Tuesday (March 4, 2003) 10:00 am — 6:00 pm
Track: Programming
Format: Full-Day Tutorial
Level: Advanced

Description: We use math functions like acos() and tan() all the time, but how efficiently are they implemented? How can we trade off accuracy for speed? This lecture explains how to efficiently implement the transcendental functions on modern videogame hardware and the tradeoffs you can make. We cover common floating point "gotchas", range reduction, polynomial approximation, table and semi-table based techniques and ways to leverage SIMD. Attendees leave with a toolbox of techniques for rolling their own function optimized for speed, accuracy or storage. Other topics addressed include: When can software outperform dedicated hardware? What is the smallest possable sine table? The fastest way to generate sine and cosine at the same time and how to abuse floating point values without involving integer registers.

Idea Takeaway: Takeaway code samples and the proofs that lie behind them. Discover the worlds fastest sine and cosine generator, new uses for Mathematica and Maple in game design, and tricks of the math masters.

Intended Audience and Prerequisites: This tutorial benefits library coders, console hackers, handheld jockeys and math junkies on all platforms who are looking for hardcore information and that 10% edge over the competition.

Download Presentation Parts One and Two (PDF files)

M$: MSN Sandbox

MSN Sandbox

Welcome to the Sandbox

This is the place to play with new MSN technologies, look at prototypes, and
peek behind the scenes at some of our new ideas. Let us know
what you think
about how we can improve MSN for you. Thanks for visiting
the Sandbox.

MSN Search Technology Preview    

MSN Search Technology Preview

Want a sneak peek at MSN's new search technology? We've got a brand new algorithmic
search engine under the hood -- built from the ground up -- on Microsoft technology.
Give it a spin and let us know what you think -- this is a work in progress, and it's
just the first step in bringing you a brand new MSN Search product. Send us a query
in United States,
United Kingdom, or one of our other



MSN Newsbot (beta) is an experimental, automated news service. We gather
news from over 4,000 sources on the internet and speed your discovery of news
stories on the internet. News headlines are clustered together to allow you to
compare coverage from multiple sources and each story links to the publisher's
site where you can read the full article.

As news changes around the world, MSN Newsbot (beta) updates continuously
to keep you current on what stories are being reported online. You can search to
find news related to particular topics, or browse the sections to find news in
Sports, Business, Technology, or World News.

Several different MSN Newsbot (beta) sites have been created to cover news
in different languages and to help you find national news from different
countries and perspectives:

  • United Kingdom
  • France
  • Spain
  • Italy
  • US Latino
  • Latin America
  • South Africa
  • Malaysia
  • India
  • Singapore


    MSN Toolbar

    MSN Toolbar

    The MSN Toolbar is a free toolbar available from MSN and plugs you directly into MSN Search, Messenger, and Hotmail.

    With this free and customizable toolbar you can:

    Search the Web from any Web page

    Use the Highlight Viewer to quickly locate your search words.

    Use Quick Links to launch MSN Hotmail, MSN Messenger, and your personalized MSN home page.

    Get rid of pop-up ads with the Pop-up Guard.


    3° is software that connects a small group of family and close friends, people
    who know and trust one another, so they can do fun things together in a whole
    new way. 3° is a beta test of an innovative application that lets users connect
    online, extending real-world social interactions.

    With 3° you can:

    Throw a personalized animation on your friends' desktops with winks.

    Listen to a shared play list simultaneously, created from music that you own.

    Easily send digital photos from last night's party to your friends.

    Initiate group chat with MSN Messenger.



    The NetScan system data mines Usenet newsgroups to provide tools to discover new
    newsgroups, select high quality content from the, evaluate the likely reliability of the
    information, and, possibly, motivate participants to make valuable contributions by providing a
    service that can be thought of as a reputation system for communities. Try searching for your
    favorite hobby, software, or TV show to see how it works.

    TerraServer and TerraService    

    TerraServer and TerraService

    The TerraServer-USA Web site is one of the world's largest online databases,
    providing free public access to a vast data store of maps and aerial photographs
    of the United States. TerraServer is designed to work with commonly available
    computer systems and Web browsers over slow speed communications links. The
    TerraServer name is a play on words, with 'Terra' referring to the 'earth' or
    'land' and also to the terabytes of images stored on the site.

    Exploring our planet by studying maps and images is a fascinating experience!
    Not surprisingly, the first place many people visit is their own neighborhood.
    You also might want to take a look at famous places such as our National Parks
    or your favorite sports parks. TerraServer is also a valuable resource for
    researchers who was to study geography, environmental issues or archeological
    mysteries...there are almost limitless possibilities.

    You can easily navigate the enormous amount of information in TerraServer by
    selecting a location on a map or entering a place name. And now, a new Web
    service--called TerraServer.NET--enables Web developers to easily integrate
    TerraServer data into their own applications.

    TerraServer is operated by the Microsoft Corporation as a research project for developing
    advanced database technology, and was born at the Microsoft Bay
    Area Research Center
    . TerraServer's foundation is Microsoft SQL Server 2000,
    the complete relational database management and analysis system for building
    scalable e-commerce, line-of-business, and data warehousing solutions.

    Equipment and additional software is provided by the Hewlett-Packard
    Corporation and other partners. See Technology Behind the Site for more information. Maps and images
    are supplied through our partnership with the U.S. Geological Survey.

    M$: MSN Newsbot

    MSN Newsbot

    OT: Defense bill could stifle computer trade

    Defense bill could stifle computer trade | CNET News.com

    M$: Microsoft to reveal online search changes

    FT.com / Business

    By Scott Morrison in San Francisco
    Published: July 1 2004 2:59 | Last Updated: July 1 2004 2:59

    Microsoft will on Thursday unveil several changes to its MSN internet search service as part of its strategy to thwart the ambitions of online rivals Yahoo! and Google.

    The software giant will announce its MSN unit will no longer intersperse paid advertisements with free internet search results, a move the software giant claimed would put the quality of its search results on a par with those from Google.

    The decision to strip out paid ads from free search results is one of several improvements introduced by Microsoft in hopes of attracting more customers to its search service.

    Microsoft said it would also unveil a stripped-down search page that is easy to use and quick to load, not unlike Google's main page. It also said it would today start live testing of a new search engine algorithm that is expected to power the company's next generation search service. Microsoft's current MSN search service is powered by third-party technologies.

    The moves underscore the intensifying battle among US internet giants to dominate online commerce and advertising. Groups such as Microsoft, Google and Yahoo! are all vying for the upper hand in search technology, which has proved to be a powerful magnet for advertising revenues.

    Microsoft is also bolstering its search technology to keep Windows users from straying to Google, which some observers suggest could pose a threat to the software maker's core desktop business.

    A recent S&P survey found Google continues to hold a significant lead in the search engine segment, with Yahoo! a distant second. Google, which handles hundreds of millions of queries a day and generated $105.6m in profit last year, is preparing for its initial public offering later this year.

    Microsoft said stripping out paid ads from free listings would increase the relevance of MSN's search results by almost 50 per cent. "The results are much cleaner and more relevant," said Larry Grothaus, product manager at MSN. "From a relevancy standpoint the algorithmic results are on par with Google's results."

    Critics contend that commercial listings that appear mixed in with general results blur the lines between editorial content and advertising.

    Google rose quickly to the top of the search engine heap in part because it does not have a paid-inclusion programme. The company has said that placing ads among free listings can skew search results. Ask Jeeves, another internet search group, said last week it would phase out paid-inclusion listings.

    Microsoft said stripping out paid-inclusion listings would force it to forego "tens of millions of dollars" in revenues.

    M$: MSN Search -- More Useful Everyday

    MSN Search -- More Useful Everyday

    OT: The Search Engine Wars

    NPR : The Search Engine Wars

    /. : Night Goggles Capture Spider-Man Movie Bootlegger

    Slashdot | Night Goggles Capture Spider-Man Movie Bootlegger

    Posted by simoniker on Thursday July 01, @02:36AM
    from the or-should-that-be-web? dept.
    linuxwrangler writes "According to SFGate.com/AP, a teen has been arrested for attempting to bootleg the Spider-Man 2 movie, after a projectionist using night-vision goggles spotted him. The teen was escorted from the theater by security guards and turned over to police. This may be the first arrest stemming from the use of NV goggles that were previously mentioned on Slashdot."

    /. : Microsoft Offers A Peek At New Search Engine

    Slashdot | Microsoft Offers A Peek At New Search Engine

    Posted by timothy on Thursday July 01, @11:05AM
    from the beta-but-working dept.
    ObsessiveMathsFreak writes "The Inquirer is reporting that Microsoft is offering a preview of its new search technology. The search engine preview has a minimalist interface, similar to Google. Microsoft claims over one billion web pages searched, but admits the fact that searching is a little slow. This technology hasn't yet been incorporated into MSN Search, though the site claims it eventually will be. In related news, the Financial Times is reporting that Microsoft are to improve the regular MSN Search site by removing paid advertisements from regular internet searches, a move that will cost them 'tens of millions of dollars.' Are the Search Engine Wars finally upon us?"

    /. : Playing Nice: Reviews of CrossOver Office, WineX 4

    Slashdot | Playing Nice: Reviews of CrossOver Office, WineX 4: "Posted by timothy on Thursday July 01, @03:41PM
    from the methadone-clinic dept.
    JimLynch writes 'One of the more common questions experienced Linux users get asked by those considering migrating from Windows to Linux is, 'Will my Windows applications run under Linux?' Thanks to the folks at CodeWeavers, the answer to that is yes--for some applications, anyway.' And Dan Dole writes 'Linuxlookup.com staff member Rich reviews Cedega (WineX 4.0), give it a 20/20 score & Editors Choice Award. 'The release of Transgaming's newest version of WineX, renamed Cedega, was met with considerable enthusiasm and interest in the Linux community last week. So much so that their server was inaccessible the day of release. Cedega is claimed to be much improved, offering the ability to play recent games released for Windows 'seamlessly and transparently' under Linux. They provided me with a copy, and I was curious to see if it lived up to the hype.''"

    Get Firefox!