January 9, 2002 Hacker pleads guilty to damaging Energy labs system A 22-year-old Minnesota man pleaded guilty Monday to hacking into Lawrence Livermore National Laboratorys computer network in 1999, according to a Justice Department statement. Benjamin Troy Breuninger, also known as Kon or Konceptor, faces maximum penalty of five years in prison and a fine of $250,000 plus reimbursement for the damage he caused to the Energy Department network. http://www.gcn.com/vol1_no1/daily-updates/17736-1.html http://www.newsbytes.com/news/02/173519.html http://www.securityfocus.com/news/305 http://www.theregister.co.uk/content/55/23613.html - - - - - - - - Alleged teen scammer didn't brag about Net riches If young Cole Bartiromo had become a millionaire, he did a good job hiding it. The Securities and Exchange Commission has charged the high school senior with bilking 1,000 investors out of at least $1million. But neighbors, friends and baseball teammates say Bartiromo never let on that he was the mastermind of a lucrative Internet swindle. Bartiromo, who said Tuesday that his lawyer told him not to talk to reporters, has agreed to repay $900,000 and may face civil penalties. http://www.usatoday.com/life/cyber/invest/2002/01/09/teen-didnt-brag.htm - - - - - - - - Tech News Site E-Mails Virus To Readers Officials at SiliconValley.com confirmed that the technology and business news site inadvertently sent a dangerous virus Monday morning to readers of one of its e-mail newsletters. According to Cynthia Funnell, director of corporate communications for Knight Ridder Digital, which operates the site, a message containing an attachment infected with a variant of the data- destroying Magistr e-mail worm was sent to subscribers to "Good Morning Silicon Valley," an e-mail version of a popular daily news roundup section at the site. http://www.newsbytes.com/news/02/173521.html - - - - - - - - Audiogalaxy Installer May Have Harbored Nimda Virus Thousands of fans of Audiogalaxy Satellite, a popular alternative to the Napster file-sharing application, may have been infected with the Nimda virus, according to users who recently downloaded the program. The software's installer file, AGSetup0608.exe, triggered the anti-virus software of some music fans who downloaded the program Tuesday from a link at CNET's Download.com site. The link re-directs users to a download server operated by Audiogalaxy.com. http://www.newsbytes.com/news/02/173512.html - - - - - - - - Gun Safety Group Asks FTC To Probe Firearm Web Sites A new gun safety organization today asked the Federal Trade Commission to expand its probe of post-Sept. 11 false and misleading Web advertising claims to include firearms Web sites. A project under the Alliance for Justice, Gun Industry Watch said in its letter that gun makers should be held to the same standards as Web sites that claim to offer protection from biological and nuclear agents. http://www.newsbytes.com/news/02/173525.html - - - - - - - - State wiretapping proposal alarms privacy watchdogs Gov. Gray Davis' proposal to expand the state's power to listen in on telephone conversations thrusts California into one of the most contentious debates to emerge since the scramble to increase security began in the wake of the Sept. 11 terrorist attacks. And California now joins other states that are wrestling with how to balance the need for additional tools to combat terrorism against the desire to protect Americans' rights to privacy. http://www0.mercurycenter.com/premium/front/docs/security09.htm http://www.newsbytes.com/news/02/173516.html - - - - - - - - Defense bill funds IRS security The Internal Revenue Service is getting an extra $16 million to secure its information systems, money tucked into the fiscal 2002 Defense appropriations bill in the wake of the Sept. 11 terrorist attacks. Most of the funds about $13.5 million will be used for a backup computer recovery system that will be "designed and constructed in close coordination" with the IRS Business Systems Modernization program. But the IRS declined to comment on exactly how the money would be spent. http://www.fcw.com/fcw/articles/2002/0107/web-irs-01-09-02.asp - - - - - - - - Senator seeks to link IRS funding to action on missing computers Senate Finance Committee ranking Republican Charles Grassley of Iowa has urged the White House Office of Management and Budget not to boost funding for the Internal Revenue Service until the agency accounts for about 2,300 missing computers and improves its inventory management, reports Dow Jones Newswires. Grassley said in a letter to Office of Management and Budget Director Mitch Daniels this week that Congress has spent millions to meet continued funding requests to modernize IRS systems. http://www.govexec.com/dailyfed/0102/010902tdam1.htm http://www.newsbytes.com/news/02/173514.html IRS misplaces its hardware http://www.msnbc.com/news/684779.asp - - - - - - - - EC approves data flow with Canada Canadian data protection laws provide an adequate level of protection for EU citizens, the EC has decided. The European Commission has ruled that Canada should be the third non-EU country to be allowed to transfer personal data with EU businesses. It was decided on 20 December that the Canadian Personal Information Protection and Electronic Documents Act 2000 provides an adequate level of protection for European citizens, without the need for additional guarantees. The decision was officially published on Monday. http://news.zdnet.co.uk/story/0,,t269-s2102296,00.html - - - - - - - - Bill signed to create cybercourt for high-tech business disputes Gov. John Engler (MI) signed a bill Wednesday creating a virtual state court, where lawyers can file briefs online and put in their court appearances by teleconference. The court is expected to begin work by October, Engler said. It would be the first to operate in the country, according to Matt Resch, an Engler spokesman. http://www.siliconvalley.com/docs/news/tech/071207.htm http://www.newsbytes.com/news/02/173524.html http://www.nandotimes.com/technology/story/214715p-2074059c.html - - - - - - - - Aguilera threatens suit over Internet porn video Pop diva Christina Aguilera Wednesday threatened to take legal action against the distributors of an online porn video purported to include sexually explicit images of the singer. ``It has recently come to our attention that certain pornographic Web sites are posting sexually explicit photographs and video footage on the Internet fraudulently representing that it is Christina,'' Aguilera's Web site said in a notice dubbed its ``official statement on Adult Tape Rumor.'' http://www.siliconvalley.com/docs/news/reuters_wire/1727473l.htm - - - - - - - - Tech attacks are big challenge to small firms More dependent than ever on technology, young companies are fighting a bruising battle to protect their computers and vital data from theft or loss. Companies of all sizes must guard against data thieves and vandals. But the job is tougher for small ventures because most cannot afford full-time tech wizards. http://www.usatoday.com/life/cyber/tech/2002/01/09/tech-attacks-challenge.htm - - - - - - - - Major server flaws exposed Security authority the Computer Emergency Response Team (Cert) yesterday released details of multiple vulnerabilities in the Netscape Enterprise Server and iPlanet servers which could allow an attacker to crash a server or gain access. Discovered by security firm ProCheckUp, the first vulnerability is a remotely exploitable denial of service attack on Netscape Enterprise Servers versions 4.0 and 4.1, and iPlanet 4.x web servers running on Windows. http://www.vnunet.com/News/1128112 - - - - - - - - Webmasters face hack attack The discovery of a proof of concept virus has prompted security experts to warn that the popular Shockwave website animation tool may be the next virus carrier. According to Sophos, it is the first ever virus to spread via Shockwave Flash files. Although not yet in the wild, it is only a matter of time before malicious websites pose a new threat. The LFM-926 virus could be used to target webmasters who use Shockwave on their sites, or viewers of a maliciously crafted page. http://www.vnunet.com/News/1128082 - - - - - - - - Virus writers take an early crack at .Net Virus writers have apparently made the early developer list for Microsoft.Net. On Wednesday, antivirus companies received a copy of the first virus capable of infecting files based on Microsoft's .Net Intermediate Language, or MSIL. Known as W32.Donut, the virus does little but infect other .Net files, but it shows that the programmers who create such code are looking ahead, said Motoaki Yamamura, a virus researcher with security software company Symantec. http://news.cnet.com/news/0-1003-200-8424382.html http://www.msnbc.com/news/684761.asp - - - - - - - - Microsoft slammed over latest IE flaw Experts have warned that Microsoft's avoidance of a known security rule has resulted in a severe flaw in the Internet Explorer (IE) browser. Discovered just before Christmas, the vulnerability could allow malicious users to spoof legitimate websites, steal data from cookies or access files on a victim's machine. http://www.vnunet.com/News/1128098 - - - - - - - - AIM security tool opens back doors A tool recommended by a security group to squash the bugs in America Online's Instant Messenger application actually had secret backdoor code that allowed the author to, among other things, redirect browsers to porn sites. The security group w00w00, which discovered last week's serious flaw in AOL's instant messenger software, said Tuesday that a program that could act as a temporary Band-Aid for the AIM problem had in reality been misrepresented by the person who posted it to the Bugtraq mailing list late last month. http://www.zdnet.com/zdnn/stories/news/0,4586,5101490,00.html http://news.cnet.com/news/0-1003-200-8421374.html http://www.vnunet.com/News/1128120 http://www.computerworld.com/storyba/0,4125,NAV47_STO67214,00.html - - - - - - - - More Libraries Filtered In 2001 - Report A reported spike in the number of U.S. libraries using filtering software has rekindled concerns among some civil liberties advocates that library administrators may be bowing under federal pressure to limit access to adult materials on their computers. In a survey published by Library Journal, 43 percent of libraries polled said that they electronically filtered Internet access in 2001, up from 31 percent the previous year. http://www.newsbytes.com/news/02/173523.html - - - - - - - - Intelink sees renewed interest An existing secure collaboration network used by the intelligence community to share data has experienced a resurgence since the Sept. 11 terrorist attacks, officials said Jan. 8 at the Federal Convention on Emerging Technologies in Las Vegas. Intelink has been in place since 1997, but was previously used by only a few advocates. When officials realized Sept. 11 that there was no single technology tool to allow real-time collaboration, they turned to Intelink, which was developed for and by the intelligence community. http://www.fcw.com/fcw/articles/2002/0107/web-intelink-01-09-02.asp - - - - - - - - Feds nix pact on Net radio stations Federal copyright authorities have blocked a deal between the record industry and broadcasters that would have set royalty terms for radio-station broadcasts put online. Broadcasters, such as radio giant Clear Channel, had agreed with the Recording Industry Association of America in late December to pay for music used online. Terms of the settlement had been kept secret, however. http://news.cnet.com/news/0-1005-200-8424478.html - - - - - - - - North Carolina shakes down tax debtors via cybershame When calls and letters fail to get deadbeat taxpayers to ante up, try cybershame. North Carolina this week joined a group of states that posts on the Web the names, addresses and amounts owed of delinquent taxpayers. The states Revenue Department posted the names of 69 people and businesses that owe delinquent taxes to the state. http://www.gcn.com/vol1_no1/daily-updates/17737-1.html - - - - - - - - Indiana upgrades its legislative tracking system Indiana has expanded the services available through its online BillWatch legislative tracking and information system. The state offers the service via its accessIndiana.com Web site, which is operated by National Information Consortium Inc. of Overland Park, Kan., under a contract with the state. New features let subscribers assign priority to bills they are tracking, sort bills by number, place personal comments on bills with a notes feature, access committee schedules and do other functions. http://www.gcn.com/vol1_no1/daily-updates/17735-1.html - - - - - - - - States to propose linked ID cards to deter forgery State and federal authorities are working to develop new identity cards that could be easily checked nationwide and contain digitized fingerprints or other features that would be difficult to forge. A group of state drivers-license agencies plans to unveil on Monday a set of standards that would enable authorities to instantly check identities and possibly criminal backgrounds across state lines. http://www.siliconvalley.com/docs/news/reuters_wire/1727295l.htm http://news.cnet.com/news/0-1005-200-8423854.html - - - - - - - - Making life miserable for would-be cyber-intruders As a PC devotee, I have never felt more vulnerable to attacks from people I don't know as they continue to exploit the deficiencies in my operating system and the tools I use to make my computing life easier. Hackers and creators of nasty viruses and worms continue to exploit the vulnerability of Windows, Microsoft Outlook and America Online's Instant Messenger. Huge security holes became evident as 2001 drew to a close, with warnings coming from everyone, ranging from the FBI to the sales clerk at the local supermarket, although the FBI has now admitted it may have overreacted a tad when suggesting a solution to one of the problems. http://www.nandotimes.com/technology/story/214588p-2072570c.html - - - - - - - - Name That Worm - How Computer Viruses Get Their Names What's in a name? Plenty, if you ask a computer virus researcher who is responsible for designating the latest malicious code spreading on the Internet. Antivirus experts say there are specific guidelines for naming computer worms. Not surprisingly, the first rule dictates that the name should be anything other than what the virus writer wants it called. Beyond that, researchers look to the code, to its message, or the situation to name worms as they find them. http://www.newsfactor.com/perl/story/15662.html - - - - - - - - Social Engineering Fundamentals, Part II: Combat Strategies This is the second part of a two-part series devoted to social engineering. In Part One, we defined social engineering as a hackers clever manipulation of the natural human tendency to trust, with the goal of obtaining information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system. To review: the basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network. http://www.securityfocus.com/infocus/1533 Social Engineering Fundamentals, Part I: Hacker Tactics http://www.securityfocus.com/cgi-bin/infocus.pl?id=1527 - - - - - - - - Face-recognition technology has limits, some say Face-recognition technology, now being lined up for use in airports, might be capable of finding Osama bin Laden if he showed up at a U.S. airport to catch a flight. But critics say there's no high-tech quick fix that can ferret out the ordinary terrorist from the ranks of millions of Americans on the move - and error rates on the machines are so great it's just as likely to be the innocent traveler who trips off the alarm. http://www.nandotimes.com/technology/story/214481p-2071899c.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.