• United States



by CSO Contributor

Computer Virus Exploits Biological Virus Fears; Inside Ciscos Eavesdropping Apparatus; Complaint to FTC says Violates Childrens Privacy Law; Windows 2003 Leaves Security Gaps

Apr 23, 20033 mins
CSO and CISOData and Information Security

Computer Virus Exploits Biological Virus Fears

Known as Coronex-A, a new mass-mailer worm forwards itself to all contacts in Outlook address books and attempts to dupe computer users into opening infectious attachments by claiming they offer details on the current SARS epidemic. According to The Register, Coronex is a Windows-only worm whose spread, thus far, has been minimal. Graham Cluley, senior technology consultant for Sophos Anti-Virus, urges antivirus vendors to avoid using the SARS virus moniker for the malicious code in order to reduce the possibility of confusion and panic. Inside Ciscos Eavesdropping ApparatusCNet story, Cisco Systems recently published a proposal that describes how it plans to embed lawful interception capability into its products. Cisco’s routers currently aren’t designed to target an individual, so Internet service provider (ISP) comply with a police request for information on a persons Internet use by turning over all the traffic that flows through a router or switch. Cisco’s “lawful interception” capability might be able to reduce the volume of information turned over, but privacy advocates claim that if manufacturers hardwire surveillance standards they should also hardwire accountability standards like audit logs and public reporting, which currently are lacking. As notes, Cisco is not doing the snooping, but responding to its customers’ requests, and if they don’t, other hardware vendors will. More responsibility should go to General John Ashcroft, who asked for and received sweeping surveillance powers in the USA Patriot Act, as well as elected representatives in Congress, who gave those powers to him with virtually no debate. The story ends with a Q&A between writer Declan McCullagh and Fred Baker, a Cisco fellow and former chairman of the Internet Engineering Task Force.

According to a

Complaint to FTC says Violates Childrens Privacy LawWashington Post, privacy and consumer-advocacy groups yesterday asked federal regulators to investigate Inc., claiming that the online retail giant lets children post personal information on its website in violation of the 1998 Children’s Online Privacy Protection Act. That law requires Web sites to get parental consent before allowing children under the age of 13 to post information. allows users to search for toys based on age group, and enables children to post reviews of toys or books. The Electronic Privacy Information Center (EPIC) said it found several reviews that contained personal information posted by children, including real names, hometowns and ages. By targeting, EPIC lawyers said they hoped to persuade the FTC to extend enforcement of the law to retailers that sell children’s products or market to them. Amazon spokesman Bill Curry told the Post, “We’re a store. We sell things, and you need a credit card to buy them. When it comes to reviews, we created special software for anonymous reviews by children under 13.” FTC spokeswoman Claudia Bourne Farrell said the commission will review the complaint, but did not say whether it will investigate Amazon.

According to a story in todays

Windows 2003 Leaves Security GapsVNUNet, will offer improved security and faster file and Web server performance compared with Windows 2000. But Microsoft’s security-by-default strategy and new advanced features will demand tough policy decisions. The story enumerates areas of concern, including password complexity, user profile controls and lockdown settings.

Microsoft will launch Windows Server 2003 Thursday, which, according to a story on UK technology news portal