July 3, 2002 Fugitive DEA Agent Arrested in Mexico Former federal agent had skipped out on charges that he sold information from law enforcement computers to a private investigations firm. A 12-year veteran of the U.S. Drug Enforcement Administration (DEA) who went on the run last February rather than face federal computer crime charges was arrested in Guadalajara, Mexico last month, and is now being held without bail in Los Angeles where he faces new charges for his brief turn as a fugitive. http://online.securityfocus.com/news/510 - - - - - - - - EBay baseball fraud ends in 21-month sentence A man who impersonated two major league shortstops to obtain bats to sell on eBay has been sentenced to 21 months in federal prison. Herbert John Derungs, 32, of San Francisco was sentenced in federal court Monday after pleading guilty to six counts of mail and wire fraud, according to the U.S. Attorney's office. http://www.usatoday.com/life/cyber/tech/2002/07/03/ebay-fraud.htm - - - - - - - - Hacker drops appeal of DVD cracking case The 2600 Magazine Web site bows to the demands of film studios, and will not link to DVD cracking software. The publisher of a hacker Web site will not appeal a ruling that prohibits the posting of links to software that unlocks digital copyright protections on DVDs, attorneys said on Wednesday. http://news.zdnet.co.uk/story/0,,t269-s2118505,00.html http://www.cnn.com/2002/TECH/internet/07/04/dvd.hacker.ap/index.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3597125.htm http://news.com.com/2100-1023-941685.html http://www.nandotimes.com/technology/story/455650p-3645830c.html - - - - - - - - Firm Accused of Using Web Auction Sites to Sell Phony Computers Massachusetts Attorney General Thomas F. Reilly yesterday accused the head of a West Boylston (MA) company of using two auction Web sites to sell $750,000 of Apple (Nasdaq: AAPL) computers that didn't exist. A spokesman for eBay, where most of the transactions were conducted, said it appears to be one of the largest-ever cases of fraud involving the popular auction site. The other Web site used was Auction Works. http://www.newsfactor.com/perl/story/18483.html - - - - - - - - Fake escrow sites lure auction users Elaborate scam tricks users by appealing to perceived safety of third-party transactions. The sophomoric message "The Best Escrow in the World" atop this page should be a giveaway that something is wrong. Worried about getting scammed on an Internet auction? Just use an escrow service, is the customary advice. Not so fast. The latest auction scam is an elaborate swindle involving creation of fake escrow services, complete with convincing Web sites like www.escrow-is.com. http://www.msnbc.com/news/775457.asp - - - - - - - - Auction sites warn on the danger of wire transfers Bidders on online auctions are at risk of fraud if they use wire transfers rather than cheques or credit cards to pay for their purchases, the sites warn. Earlier this year, Shahir El-Shaieb lost $1,645 in an online auction, and he has little hope of getting the money back. That's because El-Shaieb paid for the Apple Macintosh G4 he found on eBay with a wire transfer. Unlike credit cards and cheques, wire transfers can't be cancelled after they've been sent. And that means they've been used in many fake auctions -- so many that several online auction sites are warning visitors of the dangers. http://news.zdnet.co.uk/story/0,,t269-s2118550,00.html - - - - - - - - Stock Exchange admits porn link Singapore dealers get China Girl sex site. The Singapore stock exchange today confirmed it had fixed a link on its website that took visitors to a porn site. Browsers who clicked on a hyperlink for plastics company Avaplas were directed instead to a site called China Girl Wild World Web. Red-faced officials revealed that the blunder had been caused by some confusion over the website addresses, according to news site Ananova. http://www.vnunet.com/News/1133259 - - - - - - - - Homeland security bill becomes a magnet for cybersecurity initiatives Legislation to create a Homeland Security Department, a top congressional priority, has begun to attract previously introduced cybersecurity and other technology-related bills as riders. The most activity is in the House, where numerous committees and subcommittees with jurisdiction on homeland security have until July 12 to recommend changes to the legislation, H.R. 5005. Staffers for Virginia Republican Tom Davis, for instance, have redrafted several of his bills as potential amendments to the homeland measure. http://www.govexec.com/dailyfed/0702/070302td1.htm - - - - - - - - The FBI Turns To IT Since 1908, the FBI has been instrumental in bagging bad guys from John Dillinger to John Gotti. But how well are the Feds adapting from tommy guns to cyberterror? In the wake of Kevin Mitnick's 1998 hackathon, the agency created the National Infrastructure Protection Center (NIPC). But many IT pros say the FBI still isn't doing enough to prevent cyberattacks. Nearly half the IT execs surveyed by the Business Software Alliance believe a major attack is on the way, and 90 percent think the government should devote more resources to preventing it than it did to contend with Y2K. http://www.techweb.com/tech/security/20020703_security - - - - - - - - House members voice concerns about Navy intranet project Inadequate testing methods and a failure to identify tens of thousands of existing legacy applications have hampered the Navy's efforts to transition all of its information systems to the Navy-Marine Corps intranet (NMCI), the House Appropriations Committee has said last week. In a report that accompanied the House-passed fiscal 2003 Defense appropriations bill, H.R. 5010, committee members said they are "concerned that this problem has limited the current state of the [NMCI] network's capabilities to such a degree that the system has significantly impacted operations." http://www.govexec.com/dailyfed/0702/070302td2.htm - - - - - - - - Fed-up customers want faster bug alerts Corporate customers are sick and tired of software flaws. A study of more than 300 companies published last week found that nearly 80 percent of companies support security consultants and hackers releasing information about software vulnerabilities even when the developers aren't prepared, and that they want news of potential flaws within a week. The desire for greater and more rapid disclosure comes more out of spite than as a way to increase security. http://zdnet.com.com/2100-1105-941558.html Study: Shoddy software steams users http://news.com.com/2100-1001-941549.html - - - - - - - - Deep linking faces clampdown Say you post a scrappy one-man-band Web site on the pros and cons of pet sweaters. Like any good Webmaster, you add links to pages on outfitting pooches in ponchos so people can track down additional information--a move that captures the essence of the Web. Imagine your surprise, then, when you receive a letter from one of the sites you directed people to, which says posting such links is illegal without first seeking written permission. http://zdnet.com.com/2100-1105-941592.html http://news.com.com/2100-1023-941556.html - - - - - - - - Microsoft teases 'Trustworthy Computing' Microsoft over the past week has quietly unveiled details about a key new security initiative code- named Palladium, giving the first glimpse into its plan to deliver on its promise of "Trustworthy Computing." Named after a protective statue of the Greek goddess of wisdom, "Palladium" is being used to describe a broad-based security system for the Windows operating system that will involve both hardware and software. http://zdnet.com.com/2100-1105-941398.html EU warning for Microsoft over Palladium security plan http://www.ananova.com/news/story/sm_620123.html - - - - - - - - Zimmermann calls for NAI to free PGP Phil Zimmermann is calling on Network Associates to open source portions of the PGP encryption program he sold to the security giant in 1997. The suggestion from the author of PGP comes as NAI continues to search for a buyer for the popular desktop encryption program, having decided to cease development work on the product as part of its reorganisation last year. NAI has pledged to honour existing contracts, but the lack bug fixes or updates in the pipeline leaves PGP in a state of limbo. http://online.securityfocus.com/news/511 - - - - - - - - Why E-Commerce Law Enforcement Is an Oxymoron The Internet is simply too vast, stretching across too many borders and encompassing too many cultures, for the current scattershot approach to be effective. In the few years since the Internet has become an important venue for commerce, communications and entertainment, so-called cybercops have tried to impose a variety of rules, regulations and guidelines to protect the interests of consumers and businesses. Unfortunately, however, no mechanism yet exists to enforce such initiatives. http://www.newsfactor.com/perl/story/18468.html - - - - - - - - How the Apache worm could have been prevented One of the most contentious issues in the security community today is how and when those who discover vulnerabilities communicate their knowledge to both the companies that make the products and the public. Usually, it's considered appropriate to notify the vendor first, so it has time to come up with a fix before the public--which includes malicious users--knows about the security hole. http://zdnet.com.com/2100-1107-941475.html - - - - - - - - Virginia Beach tests facial-recognition software ACLU of Virginia: 'This is a Big Brother contraption' If you're a criminal, a runaway or a terrorist, a day at the beach here may soon be anything but that. The city will become the second in the nation -- Tampa, Florida, is the first -- to employ facial- recognition software in an effort to assist police in identifying andtching criminals and missing persons. http://www.cnn.com/2002/TRAVEL/NEWS/07/04/beach.surveillance.ap/index.html - - - - - - - - INS launches new system for tracking foreign students Eligible schools will soon be able to use the Immigration and Naturalization Services new automated system for tracking foreign students living in the United States, under a rule published in the Federal Register this week. The rule allows certain accredited private and public schools that enroll foreign students to begin using the Student and Exchange Visitor Information System (SEVIS) over the next month. Schools that begin using SEVIS between now and Aug. 16, when the early enrollment period for the system ends and the new certification process for schools kicks in, will not have to pay a certification fee. http://www.govexec.com/dailyfed/0702/070302m1.htm http://www.fcw.com/fcw/articles/2002/0701/web-track-07-04-02.asp - - - - - - - - Nuclear safety agency rejects IT audit The National Nuclear Safety Administration has rejected the recommendations of an audit that found fault with the systems it uses to track nuclear material. The Energy Department's inspector general last month issued a report criticizing the operations of about 50 nuclear material tracking systems with which the department accounts for nuclear materials. DOE said it spends $217 million annually to operate the systems. http://www.gcn.com/vol1_no1/daily-updates/19211-1.html - - - - - - - - British ID cards to revolutionise crime Home Secretary David Blunkett announced the start of a six month consultation in Parliament today on plans by the government to introduce "entitlement cards" (that's ID cards to you and me). Lobby group Privacy International reckons the proposal for a national identity card has little to do with the government's stated objectives of reducing the threat of crime, terrorism and illegal immigration. Its real purpose is part of a broader objective outlined in the Cabinet Office report "Privacy & Data Sharing" to create a new administrative basis for the linkage of government databases and information systems. http://www.theregister.co.uk/content/55/26029.html - - - - - - - - Got a cause? Here's how to get online Greased in sunscreen and crusty with salt from bathing in the nearby Pacific Ocean, activists have transformed a rustic barn and hillside into a high-tech retreat dedicated to nonviolent political activism. The Oakland, Calif.-based Ruckus Society organized its first annual Tech ToolBox Action Camp, a weeklong training seminar to teach activists how to use computers and the Internet. More than 230 activists attended the conference, which ended Tuesday afternoon. http://news.com.com/2100-1017-941723.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.