April 26, 2002 Thieves leave capital gridlocked Santiago's traffic management system stolen Chile's capital Santiago was bought to a standstill yesterday after burglars stole computers used to co-ordinate the city's traffic lights. Police said that traffic was in chaos after the thieves broke into the office of the Traffic Control Centre overnight and took 17 computers. http://www.vnunet.com/News/1131302 http://www.wired.com/news/business/0,1367,52114,00.html - - - - - - - - Earthlink co-founder surrenders to face fraud charges Financial adviser Reed Slatkin surrendered Thursday to face charges that he ran a fraud scheme that bilked investors out of at least $254 million. Slatkin, 53, who also co-founded Internet company EarthLink Inc., appeared in federal court and was ordered detained pending a scheduled Monday arraignment on 15 felony counts of mail fraud, wire fraud, money laundering and conspiracy to obstruct justice. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3139397.htm - - - - - - - - FAA Confirms Hack Attack Self-styled patriotic intruders deface a government airline security site and download a detailed screener database. Their proclaimed mission: saving the U.S. from foreign cyber terrorists. Hackers were able to penetrate a Federal Aviation Administration system earlier this week and download unpublished information on airport passenger screening activities, federal officials confirmed Thursday. http://online.securityfocus.com/news/378 http://www.theregister.co.uk/content/55/25029.html - - - - - - - - WAP email suspended after security breach in NZ Telecom New Zealand has suspended its WAP email service after finding what could be a dangerous security hole. Telecom New Zealand is suspending its DJuice WAP-based email service following the discovery of a potentially damaging security hole. http://news.zdnet.co.uk/story/0,,t269-s2109204,00.html - - - - - - - - FTC, Canadian Firms Settle Over Bogus Domain Threats Under a settlement with the Federal Trade Commission, several Canadian domain-name registrars and their operator will pay $375,000 to consumers who were duped into unnecessarily buying variations of their existing domain names. The FTC alleged that Darren J. Morgenstern's Toronto-based companies faxed unsolicited warnings to consumers that third parties had applied for domain names that were nearly identical to the recipients', most of whom operated small businesses on the Web. http://www.newsbytes.com/news/02/176175.html - - - - - - - - Lawyer to pay up in Web defamation A California man who calls himself "the guru of drunk-driving law" must pay $1 million to a rival lawyer in a Web defamation case. A Los Angeles jury ruled this week that Edward "Fast Eddie" Kuwatch posted false and defamatory statements about Lawrence Taylor, a competing drunk-driving defense lawyer, on his Web site. http://news.com.com/2100-1023-893321.html - - - - - - - - Klez threat upgraded to 'severe' Over 3,000 infections a day during March Antivirus experts have upgraded the Klez virus threat in response to an overwhelming number of submissions of infected material. Security firm Symantec reported seeing "a few thousand" just yesterday. Klez retained the number one position of most infectious viruses throughout March, and it looks like April will be no different, according to the statistics. http://www.vnunet.com/News/1131284 - - - - - - - - Chernobyl Virus Damage Expected To Be Minimal Today, April 26, is the day the Chernobyl virus annually awakens from its slumber to deliver its potentially dangerous payload. According to two major anti-virus companies, however, the actual danger from the three-year-old Chernobyl is minimal. "In its day, it was a dangerous and prevalent virus, but most users are protected now," said Craig Schmugar, virus researcher for McAfee Security. http://www.newsbytes.com/news/02/176177.html - - - - - - - - Hybrid threats overtake DoS attacks Latest X-Force report paints a grim picture Internet-facing devices are likely to be compromised less than a day after being connected, and hybrid threats have overtaken denial of service (DoS) attacks as the biggest security bugbear. The Internet Risk Impact Summary for the first quarter of 2002, released this week by Internet Security Systems' white hat hacker unit X-Force, painted a grim picture for IT administrators. http://www.vnunet.com/News/1131294 - - - - - - - - Lab will help FBI crack high-tech cases High-tech crime isn't just for high-tech criminals anymore. Confined mostly to corporate insiders and high-tech hackers only five years ago, computers have become an everyday tool for everyday criminals. Drug dealers are communicating by e-mail, and do-it- yourself counterfeiters are using a $19.95 software program to print phony checks. One California bank robber's stick-up note had been typed out using Microsoft Word and printed on his home computer printer. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3145543.htm - - - - - - - - Security Agents Head For Cybercrime School Security agents from both sides of the Atlantic are being sent to school so they can trace and prosecute computer criminals. The FBI, U.S. Customs, the High Technology Crime Investigation Association, Europol and the U.K.'s National High-Tech Crime Unit are among the agencies that have sent staff to learn about cybercrime, fraud, hacking and software bugs, according to the company, Massachusetts-based QinetiQ Trusted Information Management. http://www.newsbytes.com/news/02/176176.html - - - - - - - - Canada's Top Court Pulls Plug On Gray-Market Satellite TV Canada's Supreme Court today backed the country's satellite broadcasters and the federal government in their quests to tune out a "gray market" for capturing direct-to-home TV signals from the U.S. The decision appears to be a set-back for hundreds of thousands of citizens who claim to prefer U.S.-based programming from services such as DirecTV over, say, Bell Canada's ExpressVu. http://www.newsbytes.com/news/02/176168.html - - - - - - - - Industry hails cyber R&D bill When the Senate went to work on legislation to pump $878 million into cybersecurity research and development, it got no argument from representatives of industry and academia. Sen. Ron Wyden (D-Ore.) convened a panel of scientists and businessmen April 24 who unanimously praised the Cyber Security Research and Development Act as a step toward correcting chronic underfunding in computer security research. http://www.fcw.com/fcw/articles/2002/0422/web-leg-04-26-02.asp - - - - - - - - Internet businesses object to Senate bill to protect privacy A Sentate effort to limit what businesses can do with information they collect online from their customers is under attack from Internet companies and getting tepid support from consumer advocates. The proposed online privacy legislation, introduced last week by Sen. Ernest Hollings, D-S.C., who chairs the Senate Commerce Committee, would require businesses to tell visitors to their Web sites what information is being gathered on them and how it will be used. http://www.bayarea.com/mld/mercurynews/3144302.htm http://www.nandotimes.com/technology/story/380417p-3035895c.html http://www.usatoday.com/life/cyber/tech/2002/04/26/online-privacy.htm http://www.cnn.com/2002/TECH/industry/04/26/online.privacy.ap/index.html http://www.wired.com/news/politics/0,1283,52128,00.html http://salon.com/tech/feature/2002/04/26/hollings_spyware/index.html - - - - - - - - Piracy foes rally round digital flag A final report for establishing a standard to protect digital copyrighted broadcasts from being illegally redistributed is slated to be issued May 17, industry players told lawmakers Thursday. The step would be incremental as other issues such as stopping the unauthorized copying of songs and other digital media on the Internet are still unresolved and the subject of heated debate, but it would represent a breakthrough, executives of major media companies told a congressional panel. http://zdnet.com.com/2100-1105-892743.html - - - - - - - - Group wants DVD-code ruling overturned The Computer & Communications Industry Association is asking the California Supreme Court to overturn a lower-court ruling that an Indiana man can be tried in California even though his only contact with the state is via the Internet. Matthew Pavlovich was named as a defendant in a lawsuit charging that he and others helped illegally crack the copy protection code on DVDs. Pavlovich, who was experimenting with adding features to DVDs and making them Linux- player compatible, operated his site from Indiana. http://zdnet.com.com/2110-1105-893059.html http://www.newsbytes.com/news/02/176180.html - - - - - - - - Hotmail at Risk to Cookie Thieves MSN Hotmail users, guard your cookies. A simple technique for accessing Microsoft's free e-mail service without a password is in the wild and apparently being exploited. The trick involves capturing a copy of the victim's browser cookies file. Once the perpetrator gains two key Hotmail cookies, there's no way to lock him out because at Hotmail, cookies trump even passwords. http://www.wired.com/news/technology/0,1282,52115,00.html - - - - - - - - MS Word runs malicious e-mail scripts If you've chosen MS Word for your e-mail editor in Outlook 2000 or 2002, you'll need to patch a flaw which enables script execution when a malicious memo is replied to or forwarded. Outlook blocks scripts when an HTML e-mail is viewed; but when Word is the editor, replying or forwarding calls it in an unprotected mode, and it then allows the script to run. Essentially, Word behaves as if a new memo were being created, a situation where security wouldn't be an issue. The actual flaw, then, is a failure to distinguish between a user's own e-mail and his modifications to someone else's. http://www.theregister.co.uk/content/4/25033.html http://www.newsbytes.com/news/02/176165.html - - - - - - - - Treasury warns of U.S. bank scam Organized crime, identity theft used to withdraw from savings. An agency inside the Treasury Department has issued an alarming warning to all U.S. banks about a fraud scheme involving organ- ized gangs, newly hired bank tellers, and identity theft. In the simple scheme, gang members use friendly tellers to cash forged savings account withdrawals from innocent victims. While the alert is just 24 hours old, MSNBC.com has learned the loosely organized gangs have been operating for at least a year, and maybe longer. http://www.msnbc.com/news/744172.asp - - - - - - - - Cyberwargames: Cadets hone security skill Systems administrator David Riebrandt's first hint that intruders had hacked the military network came from telltale electronic footprints. From the logs--electronic records of the information passed on the network--it quickly became evident that a server with gate-keeping control over different parts of the system was getting downright chatty with a foreign computer via the Internet. "I didn't know what the information meant," said Riebrandt. "I just knew that someone was talking to (the server). And it was talking back." http://news.com.com/2100-1001-893314.html - - - - - - - - UK city begins smart card e-government plan Southampton City Council in Southampton, England, will begin a smart card-based e-government scheme this month, allowing citizens to apply for housing and to follow housing repair requests online, it said Wednesday. The council has been running a smart- card scheme for its leisure and library facilities since June 2000, which Mervyn Holzer, the council's specialist IT auditor, said it had been keen to develop.It is now part of a U.K. government project called Pathfinder that aims to deliver improved services online by funding 25 projects nationwide. http://www.cnn.com/2002/TECH/ptech/04/26/smart.card.govt.idg/index.html - - - - - - - - Government gives go ahead for PKI Only minor configuration issues remain unresolved The UK government's security advisors have given the green light to the use of secure encrypted emails in Whitehall following a successful trial. Public key infrastructure (PKI) interoperability issues were put to the test by the Communications Electronics Security Group (CESG) and a range of vendors during a trial earlier this year. http://www.vnunet.com/News/1131301 - - - - - - - - Datawiping doesn't work eTesting Labs has run a series of tests of eight commercial available diskwiping products - and only one of them worked properly. This is Redemtech Data Erasure, from the company which contracted eTesting to run the trials. So the results should be treated with caution. The eight products were run on six variously configured PCs. http://www.theregister.co.uk/content/54/25034.html - - - - - - - - Appliance vendors turn to security Network appliance vendors are not just directing traffic any more; now they want to police it too "First we directed traffic... now we police it." That's the slogan for Array Networks' latest attempt to gain the attention of the industry, but it is one that number of other suppliers might equally have adopted: vendors of network appliances are all lining up to hit on security as the next big opportunity for their products. http://news.zdnet.co.uk/story/0,,t269-s2109176,00.html - - - - - - - - Study: Users aren't buying online ID hype Microsoft and other technology makers struggling to define new Web services business models have another obstacle: consumer distrust of online authentication systems. A new Gartner study indicates that despite compulsory sign-up programs, consumers aren't interested in online identity and authentication accounts--such as Microsoft's Passport and AOL's Screen Name service http://zdnet.com.com/2100-1105-892838.html http://news.zdnet.co.uk/story/0,,t269-s2109231,00.html http://news.com.com/2100-1001-892808.html - - - - - - - - Crackers favour war dialling and weak passwords With all the talk about zero day exploits and sometimes esoteric vulnerabilities its easy to lose sight of the role of older, less sophisticated techniques as a mainstay of cracker activity. During a hacking debate at InfoSecurity Europe yesterday, black hat hacker KP said that when he broke into a network he did so 90 per cent of the time through an unprotected modem, often through war dialling. http://www.theregister.co.uk/content/55/25044.html - - - - - - - - Wireless Networks Let Your Computers Share - Sometimes Unintentionally. There is even a new class of malicious hacker known as a 'war driver,' who cruises around in a car with a laptop, latching onto open 802.11b networks. Experts say security is one of many considerations computer users should weigh when selecting from a growing number of wireless networking alternatives. http://www.newsfactor.com/perl/story/17460.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.