High Tech "NewsBits" for 03/11/02

March 11, 2002 Two Men Indicted In Lucrative Auto-Dialer Payphone Scam Two Northern California men were indicted Thursday on charges of orchestrating an elaborate scheme to bilk Pacific Bell out of a half million dollars in payphone revenues. A federal jury returned a 17-count indictment against Berkeley residents Daniel David, 36, and Scott Nisbet, 38, for charges of mail and tax fraud, conspiracy and money laundering. http://www.newsbytes.com/news/02/175083.html - - - - - - - - Classified discs found in alley National defence officials insist computer discs found in an Ottawa alley marked "restricted" don't pose any threat to Canadian security, even though they contain information about navy submarines. An Ottawa woman found the discs in a downtown alleyway while on her way to work. The CD-ROMs, clearly labelled "Restricted," were scattered beside a dumpster. Dated from November 2000 to January 2002, the discs had been scratched in an attempt to make them unreadable, but the scratches were on the wrong side. http://cbc.ca/stories/2002/03/08/dnd_disks020308 - - - - - - - - Wells Fargo latest target in scams Masquerade is becoming a popular game online. In recent weeks, scam artists pretending to represent reputable companies such as Bank of America and eBay have been e-mailing Internet users in an attempt to steal their account information. Although not a new scam, the e-mails are part of a growing trend of identity theft online. In one of the latest examples, Wells Fargo warned its online customers late last month of an e-mail purporting to come from the company. The alert came after the company received notices from dozens of customers saying they'd received the bogus e-mail. http://news.com.com/2100-1017-857177.html - - - - - - - - U.S. court shuts down ``.usa'' Internet address scam A Chicago court shut down a Web site that capitalized on post-Sept. 11 patriotic fervor to sell Internet domain names ending with a bogus ``.usa'' suffix, the Federal Trade Commission said on Monday. Two British citizens launched an aggressive junk e-mail campaign that urged Internet users to sign up for the star-spangled addresses after the hijacking attacks of Sept. 11, the FTC said. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2838175.htm http://news.com.com/2100-1023-856979.html http://www.newsbytes.com/news/02/175104.html http://www.msnbc.com/news/722468.asp http://www.wired.com/news/politics/0,1283,50977,00.html http://www.cnn.com/2002/TECH/internet/03/11/attack.spam.reut/index.html - - - - - - - - U.S. Settles with Internet Data Brokers The FTC charged the companies with creating and maintaining Web sites that advertised the ability to disclose consumers' financial private information. The Federal Trade Commission (FTC) and three Internet data collection companies have settled charges that accused that companies of illegally obtaining private financial information from consumers through a process known as "pretexting." Pretexting, defined by the FTC as the practice of getting someone's personal information under false pretenses, became widely known two years ago when a woman named Amy Boyd was tracked down and murdered by a stalker who used pretexting services from a Florida firm. Pretexting was subsequently outlawed by the Gramm-Leach-Bliley Act. http://www.newsfactor.com/perl/story/16709.html - - - - - - - - 'Eddie Murphy' Hackers Demand Ransom From Rock Band A group calling itself "Hackers for Eddie Murphy" posted a ransom note Sunday on the front door of the Web site operated by Colorado-based rock band The String Cheese Incident. According to the defacement, which appeared to be a tongue-in-cheek hoax, the hackers demanded a payment of $1 million for the return of the site's servers "to their normal state of well being." http://www.newsbytes.com/news/02/175103.html - - - - - - - - ICQ hack theories flood into Vulture Central Our recent story about a possible mass hack of ICQ inspired many of you to turn sleuth. To recap, a Reg reader discovered that both of his accounts had suddenly become disconnected and the passwords no longer worked. The email addresses for both accounts, which were divided between divided between MacOS machines and Windowsmachines, were changed to 'uin@deathrow.com'. A search of the AOL Mirabilis ICQ 'whitepages reveals hundreds of accounts all with this address (registered in countries such as China and Egypt). We began to suspect a mass hack. http://www.theregister.co.uk/content/55/24377.html - - - - - - - - White House computer expert says GovNet is not a certainty The vice chairman of a board charged with coordinating a plan to defend the nation's computer networks said on Monday that the Bush administration is not certain whether it will proceed with its plan for GovNet, a government-only intranet. The Critical Infrastructure Protection Board, the recently reformulated executive-branch group charged with overseeing the security of computer networks, is "in the process of reviewing" more than 160 responses to a request for information about the GovNet proposal, said Howard Schmidt, who recently left his job as Microsoft's former top security official to become vice chairman of the board under Richard Clarke, the White House cyber-security adviser. http://www.govexec.com/dailyfed/0302/031102td1.htm - - - - - - - - 'Responsible Disclosure' Draft Could Have Legal Muscle A proposed Internet standard would dictate how researchers report and vendors close security vulnerabilities. Ignoring it could be risky for either side. A proposal recently submitted for comment to the Internet Engineering Task Force by Steve Christey of MITRE and Chris Wysopal of @Stake would create an official standard for reporting security vulnerabilities to vendors, and for vendors to respond to any such reports. It's worth reading, because if it becomes an official Internet standard, called an "RFC", it could expose those who fail to adhere to it to legal liability for negligence or defamation. http://online.securityfocus.com/columnists/66 - - - - - - - - Pentagon realities challenge new tech contractors Defending the nation against 21st-century threats requires products and services from high-tech companies that have never worked with the Pentagon before, Defense Department officials told industry representatives on Friday. But they cautioned that bringing those nontraditional firms into the loop would not be easy. "We've got to improve our ability to reach out," John Stenbit, Defense's chief information officer, said at a conference sponsored by the Northern Virginia Technology Council, adding that the high-tech industry must be part of the "coalition" fighting the war on terrorism. http://www.govexec.com/dailyfed/0302/030802td1.htm - - - - - - - - Chief of technology standards agency aims to boost its profile Researchers at the National Institute of Standards and Technology have played a role in most of the major technological advances of the past 100 years. Yet few Americans give the agency credit for their high quality of life. That's where NIST's new director, Arden Bement, enters the picture. "NIST is not a household word," said Bement, who in December became the agency's only political appointee. "I would venture to say that many chairmen of large corporations that even have heard of NIST are not clear how it can help them. I'm out to change that," Bement told National Journal. http://www.govexec.com/dailyfed/0302/031102nj1.htm - - - - - - - - Air Force seeks better security from Microsoft A top U.S. Air Force official has warned Microsoft to dramatically improve the security of its software or risk losing the Air Force as a customer. In an interview, Air Force chief information officer John Gilligan revealed he has met with senior Microsoft executives to tell them the Air Force is "raising the bar on our level of expectation" for secure software. http://www.usatoday.com/life/cyber/tech/2002/03/11/gilligan.htm - - - - - - - - Flaw weakens Linux computers A flaw in a software-compression library used in all versions of Linux could leave the lion's share of systems based on the open-source operating system open to attack, said sources in the security community on Monday. Several other operating systems that use open-source components are vulnerable too varying degrees as well. The software bug--known as a double free vulnerability --causes key memory management functions in the zlib compression library to fail, a condition that could allow a smart attacker to compromise computers over the Internet, said Dave Wreski, director for open-source security company Guardian Digital. http://zdnet.com.com/2100-1104-857031.html http://news.com.com/2100-1001-857008.html - - - - - - - - 'Phantom Menace' Typing Just A Microsoft Speech Feature Random words and characters mysteriously appearing on the screens of some Windows XP and Office XP users are not the work of phantom hackers or a sign that users' systems are possessed by demons. It's just Microsoft's voice recognition system running slightly amok, the company said. In recent weeks, several XP users have posted messages to Internet discussion lists and newsgroups reporting that text is automatically appearing in Internet Explorer's address bar or in Outlook e-mail messages or Word documents as users compose them. http://www.newsbytes.com/news/02/175108.html - - - - - - - - Coming 'smart' ID card worries hacking-prone Hong Kong In 1949, Mao Tse-tung's communists conquered mainland China and set off a massive flow of emigration to this city, then a comparatively prosperous British colony. To sort out newcomers from residents, Hong Kong introduced compulsory cardboard identity cards. Now, Hong Kongers are about to be issued a new ID card. This time, they're getting so-called ``smart'' cards, with embedded computer chips that hold names, pictures and birthdates -- as well as a digital template of both thumbprints. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2833505.htm http://www.msnbc.com/news/722111.asp http://www.wired.com/news/technology/0,1282,50961,00.html http://www.cnn.com/2002/TECH/ptech/03/11/hong.kong.smart.ids.ap/index.html Malaysia digital ID card slow to take off http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2833492.htm http://www.nandotimes.com/technology/story/295706p-2603569c.html - - - - - - - - Hackers' next target? Cell phones As Mobile Devices get "Smarter", They Become Prone to Viruses. For malicious computer hackers and virus writers, the next frontier in mischief is the mobile phone. A phone virus or ``Trojan horse'' program might instruct your phone to do extraordinary things, computer security experts say.``If a malicious piece of code gets control of your phone, it can do everything you can do,'' said Ari Hypponen, chief technical officer of Helsinki-based F-Secure, a computer security firm. ``It can call toll numbers. It can get your messages and send them elsewhere. It can record your passwords.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2833740.htm http://www.cnn.com/2002/TECH/ptech/03/10/cellular.viruses.ap/index.html - - - - - - - - 3G phone security: Win some, lose some Third-generation (3G) mobile devices equipped to surf the Internet will present operators with added security against handset theft but far more potential for online fraud, industry experts warned on Monday. Mobile crime grabbed the attention of lawmakers and cell-phone owners after a series of violent phone thefts over the past few months. Experts said the sophistication of 3G should help to prevent such ``petty'' crimes. http://zdnet.com.com/2100-1105-857043.html - - - - - - - - Chipmaker gets a jump on safer wireless Atheros Communications on Monday began shipping the first silicon chip that uses a new wireless networking standard known as 802.11g. 802.11g is a faster and more equipment used in a growing number of homes and offices. But the 802.11g is still in draft form, with a few questions remaining about what technologies to use. The standard itself won't be ratified until at least midyear. http://zdnet.com.com/2100-1105-857144.html http://news.com.com/2100-1033-857082.html - - - - - - - - Fingerprint IDs ready for the big time Fingerprint authentication and identification are powerful techniques built on the unique nature of fingerprints. Gartner Dataquest estimates that there are approximately 10 to the 48th possible fingerprint patterns; therefore, it is nearly impossible to find duplicate fingerprints, and positive identification can be made with just a partial print. Even identical siblings have unique fingerprints. Fingerprint technology is easy to apply with modern technology: Inexpensive cameras or silicon sensors can swiftly capture and analyze fingerprint images. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2852879,00.html - - - - - - - - Application service providers urged to ensure security About a quarter of online application service providers lack standard protections against security breaches and viruses, an industry monitor said Friday. International Data Corp. said that of 50 ASPs they surveyed worldwide, 25 percent lacked fundamentals such as user authentication, virus protection, network security and firewall services. http://www.nandotimes.com/technology/story/295276p-2601701c.html - - - - - - - - The Best Way to Make Software Secure: Liability Microsoft Corp. is having a tough time making sure its products are free of glitches. On Feb. 21, the software giant alerted customers that it had released three fixes for gaping security holes in its Internet browser and other Web software that could allow hackers to crash Web servers or snatch files from a personal computer and send them to an attacker's machine. http://www.businessweek.com/magazine/content/02_11/b3774071.htm - - - - - - - - Spyware Watches Where You Surf Once installed, adware can do almost anything. Most of the time, it tracks which sites are visited and delivers targeted ads. Your computer may be watching you. If you download free software from the Net -- especially the ragingly popular music-sharing programs and Web games -- chances are you've also gotten more than you've bargained for. Freeloading programs can quietly piggyback onto your PC during the download process and then do things surreptitiously once they get there. http://www.newsfactor.com/perl/story/16717.html http://www.usatoday.com/life/cyber/tech/2002/03/11/stealthware.htm - - - - - - - - Spying: The American Way of Life? Last month's revelation that President Bush wants hundreds of millions of dollars to invent innovative ways to spy on Americans was greeted not with suspicion, but shoulder shrugging indifference. Save for a few battle weary civil libertarians, not many people have been fretting about how cameras now monitor all downtown areas in Washington, or the unchecked spread of face-recognition cameras that spy on travelers in airports and sports fans in arenas. http://www.wired.com/news/politics/0,1283,50964,00.html - - - - - - - - DOD aids first responder system As part of an annual program supporting advanced technology projects, the Defense Department is funding development of a system to improve communications among state and local public safety agencies and DOD personnel. The homeland security command and control (HSC2) package is intended to provide a secure, common communications backbone to ensure that emergency workers don't face the radio, telephone and digital communications breakdowns that occurred after the Sept.11 terrorist attacks, said Sue Payton, deputy undersecretary of Defense for advanced systems and concepts. http://www.fcw.com/geb/articles/2002/0311/web-dod-03-11-02.asp - - - - - - - - Human Chip Implants No longer a futuristic fantasy, human chip implants that store personal information are here. Is this a medical advancement, or an example of technology gone wrong? Since Applied Digital Solutions unveiled its VeriChip -- a chip containing medical information that is implanted under the skin -- in December 2001, the company has come under fire from civil liberty groups. The company claims that the chip offers an effective way for doctors to identify patients that will be unable to identify themselves because they are either unconscious or dead. But privacy rights experts say the chip could be used for evil purposes since it could someday be tracked remotely. http://www.techtv.com/siliconspin/features/story/0,23008,3375395,00.html - - - - - - - - Dot's All You Need for Security As Ian Allen fires up his BMW at a boat marina, he doesn't see much point in gunning the engine. It isn't horsepower that makes him fawn over his car -- it's the 10,000 microdots sprayed all over it. Any thief wanting to steal Allen's prized possession would need to remove all 10,000 of them to fully rebadge, or "rebirth," the car. "Why 10,000 dots?" said Allen, a jocund Western Australian. "I figured it was a nice, big, round number." http://www.wired.com/news/technology/0,1282,50598,00.html - - - - - - - - Dulles, JFK test iris-recognition systems Travelers at two major U.S. airports on Monday will begin testing a technology that may speed them through passport control in seconds. Select Virgin Atlantic Airways frequent fliers at New York JFK and Washington Dulles airports begin enrolling in an iris-recognition system that will send them through passport control at London's Heathrow Airport without waiting in line for an immigration agent. The system which reveals passengers' identities by taking close-up pictures of the iris of their eyes is in the test phase, and some critics say it is not foolproof. http://www.usatoday.com/life/cyber/tech/2002/03/11/iris-technology.htm - - - - - - - - Car computer could detect drunken steering A dashboard computer system that monitors the delay between a driver's eye movement and steering could be used to identify drunk drivers, claims a UK researcher. Dilwyn Marple-Horvat, at the University of Bristol, tested the eye-to-steering coordination of people playing a computer driving game who were given alcoholic drinks. Previous research has shown that drivers normally look towards a corner approximately 0.85 seconds before turning a car's steering wheel. Marple-Horvat found that this time decreases significantly with alcohol. http://www.newscientist.com/news/print.jsp?id=ns99992023 - - - - - - - - Slate apologizes for fake auto executive in its Diary section Slate magazine is looking for an unknown writer who duped the online publication with fake diary entries about his life as an executive of a European auto manufacturer. In a message posted on the Web site March 5, Slate editor Jack Shafer apologized for the hoax. ``We have removed the entries from the Diary section of Slate because we believe them to be fiction,'' Shafer wrote. ``But because you can no more unpublish an article on the Web than you can unring a bell, we have also decided to post them ... as a sidebar.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/2837959.htm http://www.usatoday.com/life/cyber/2002/03/11/slate-duped.htm http://www.nandotimes.com/technology/story/296844p-2611459c.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.