E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


"It's not a matter of if America has an electronic Pearl Harbour -- it's a matter of when." -- Curtis Weldon, The Pentagon

Source: ZD Net UK

Posted on January 14, 2001

U.K. Nuclear hacker fuels security review

Computer break in at nuclear power plant causes security concerns

Security at nuclear power stations in the UK is being increased after a security guard at one plant attempted to sabotage its computer system.

A patrolman is believed to have hacked into a computer network at a nuclear power station in Bradwell, Essex, setting off a major security alert.

According to a confidential document quoted in the Guardian Tuesday, the security guard attempted to delete sensitive information on the computer system. The same document says that the guard had not undergone security screening and had two prior criminal convictions.

BNFL, the government-owned nuclear fuel company which runs the Bradwell plant, says that safety at the plant was never in question. "The situation presented no risk to our staff, the general public or to the staff itself," says a statement from BNFL.

Security screening is to be stepped up at BNFL nuclear power stations following the incident, however.

Hackers attack Brazilian defence ministry

Che Guevara puts in a show on defence ministry's Web site

On Wednesday, the Web site of Brazil's defence ministry became a hacking victim. For some 15 minutes, the hackers invaded the site, replacing its original content with pictures of Argentina's revolutionary hero Ernesto "Che" Guevera.

The word "Voltamos", meaning "we're back", was written below the photograph and signed by "Crime Boys". According to a ministry's spokesperson, this is the first incident of its kind in the one and a half years the site has been in operation. Ministry officials said they do not know who is responsible, but that the incident is under investigation.

Boots condemns site hack

Hacker 'manifesto' posted on site defends computer criminals' place in society

The corporate Web site of Boots, the UK's largest chemist, was hacked Tuesday and a "Hackers Manifesto" posted on its home page.

The Web page featured a statement explaining why many teenagers are drawn into computer hacking and criticising the punishment of computer hackers for experimentation with computer security. "My crime is that of curiosity... I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all," said the hacker, calling him or herself "Mentor".

Boots, however, was not impressed by Mentor's altruistic message. "The Web site is there for people who want to find out about the company," says a spokesman. "The last thing we want is for them to be inconvenienced by someone hacking it." Boots says that the break-in was detected early this morning and the Web site returned to normal by 9am.

Zoom in email security scare

User says customer email accounts exposed

Internet service provider Zoom is investigating the security of its free email system after a customer complained that her private email accounts could be accessed by others.

Zoom said Thursday that it could not confirm whether there was a security problem with its email service, but company director Jo Mosaku said that the claims are being investigated.

"Until we have looked into it we just don't know," he says. "There could have been a multitude of reasons. We take these things very seriously," he said.

Gabi Matthews, a customer with Zoom's free online email service, contacted ZDNet Friday claiming she was shocked to be given access to another user's account when trying to log in on Tuesday 2 January. She says she was accidentally allowed access to accounts belonging to four different customers.

Despite contacting technical staff at Zoom and being told that the problem had been fixed, Matthews says she has still been able to read other user's email Friday. "It's absolutely unbelievable," Matthews says. "It's personal stuff and I'm thinking of closing the account before the whole world can see it."

Matthews says she contacted those customers affected by email and was told that they too could get into other accounts. Matthews says that, despite being assured that the problem was fixed last week, the problem has persisted.

Major free email services have been hit by security controversies in the past. For example, the world's biggest free Internet email service Hotmail was found to have a major security vulnerability in August 1999 potentially allowing any user's account to be broken into.

Macromedia investigates Flash security

It could be serious, but history suggests there's little to lose sleep over U.S. Software giant Macromedia is investigating reports that its Flash Player plugin for Internet browsers could allow malicious hackers access to computers connected to the Internet.

An advisory reported to the popular security mailing list Bugtraq on 2 January that a flaw in Flash -- which allows Internet users to playback multimedia content embedded into Web pages -- could enable a malicious user to launch an attack. The advisory suggests the software has a buffer overflow vulnerability, which gets around the program's built in security. This could allow unauthorized, potentially malicious, code to be executed on a PC.

A spokeswoman for Macromedia says that the company's technical staff are investigating the situation. "It is a serious issue but there have been issues in the past that have arisen and there has not been a flaw," says the spokeswoman. "We need to look into it before we can comment."

Although the author of the alert suggests the vulnerability could be exploited to upload viruses, Trojan horses or other malicious code to a computer with Flash installed, one security expert thinks most users are safe.

"Its unlikely, based on past history," says Eric Chien, chief researcher at SARC, Symantec's Antivirus Research Centre. Chien says that providing Macromedia provides a swift patch and users install it, there is little danger. He believes, however, that virus writers may start exploiting this sort of vulnerability before long.

According to Macromedia's own figures Flash is used by 96 percent of all Web users.

Romanian hacker bombs chat network

A Romanian hacker has launched a major distributed denial of service (DDoS) forcing one of the largest IRC (Internet Relay Chat) networks, Undernet, to shut down much of its service, system administrators said Monday. IRC is one of the Internet's largest and best-established chat systems, predating such technologies as AOL Instant Messenger and ICQ. It has millions of users. A number of Internet Service Providers hosting Undernet servers -- including some in the US, the Netherlands and France -- have been hit with DDoS attacks.

One IRC server system administrator who spoke on the condition of anonymity, so that his servers would not become a target, said that the attacks appear to be coming from hundreds of remote machines taken over by a single hacker based in Romania. He also suggests that Romania lacks the legal infrastructure to deal with the attacks.

"This is a big problem since the Romanian hackers community is very active," he says. "We don't want to close IRC, but there is truly a lack of interest from the authorities about it, which is not the case for the streets, where they are pretty active."

Undernet issued a statement on its Web site Sunday suggesting that the situation threatens the existence of its IRC service. "To put it simply, we cannot provide you with a free and stable IRC service if that means the companies providing that service must continually suffer the loss of customers and revenue, the cost is simply too great. This ongoing problem threatens the existence of IRC as one of the 'classic' Internet services," reads the statement.

A DDoS attack involves bombarding a server with a tidal wave of data from many different hacked machines at many different locations. According to Undernet, some ISPs have been bombarded with 100MB of data per second. Richard Stagg, senior security architect with security firm IRM says that this type of attack is especially nasty. "Distributed attacks are the most dangerous sort of denial of service attacks because they are very hard to shut down, especially in coutries that don't have the legal infrastructure," he says.

Stagg says it is fairly simple to write a script that will allow IRC servers to be targeted. He agrees that this situation shows the need for greater cooperation between international law enforcement agencies.

Another system administrator who also spoke on condition of anonymity said that the attacks were likely to be the result of some IRC channel feud.

Undernet is one of the largest IRC networks in the world with 45 servers in 35 countries connecting over 100,000 different people every week.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.