July 8, 2002 Notorious Net thief pleads guilty Jay Nelson admits scamming 1,700 auction users. Jay Nelson, the man hundreds of Internet auction users learned to hate last year, pleaded guilty Monday to several counts of wire and mail fraud. Nelson, once calling the Internets John Dillinger, spent 13 months scamming over1,700 eBay and Yahoo auction users, netting more than $200,000. http://www.msnbc.com/news/777607.asp - - - - - - - - Ca. couple ordered to turn over $261,000 A federal judge has ordered a couple accused of software piracy to turn over $261,000 believed to be held in a Pakistani bank account to the U.S. District Court. Mirza Ali, 54, and Sameena Ali, 48, husband-and-wife owners of a Fremont company called Samtech Research Inc. are accused of buying up companies licensed to resell Microsoft products at discounts to schools and selling the products instead to some dealers who were also arrested for software piracy. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3606297.htm http://www.usatoday.com/life/cyber/tech/2002/07/05/software-piracy.htm http://www.nandotimes.com/technology/story/457622p-3661685c.html - - - - - - - - DRAM VAT fraudsters jailed for 18 1/2 years Four computer dealers in the West Midlands were sentenced today a total of 18 and a half years for a PS39 million series of VAT and duty frauds involving components imported from the US and Hong Kong. Omar Bassam, 44, of Girton, Cambridge; Paul Burke, 38, of Shelfield, Walsall; Nicholas Skidmore, 35, Southport, Merseyside; and David Withers, 46, of Sutton Coldfield, Birmingham controlled a network of companies and bank accounts and property in both the UK and the Cayman Islands. The companies involved were Cambridge Computer Supplies, of Cambridge; Computerwise Products, Computerwise Distribution and Microtech Europe, all of Birmingham. http://www.theregister.co.uk/content/51/26050.html - - - - - - - - China vows to catch satellite hackers China vowed Monday to punish members of the banned Falun Gong spiritual movement who hijacked state-run satellite signals during the soccer World Cup finals in one of the groups most daring protests to date. THIS IS EXTREMELY despicable and represents yet another crime committed by Falun Gong, Liu Lihua, director- general of Ministry of Information Industrys (MII) Radio Regulatory Department, told a media conference. The MII said Falun Gong followers had, under the guidance of U.S.-based leader Li Hongzhi, hijacked nine national channels and 10 provincial stations by interfering with signals of state-run Sino Satellite (SINOSAT) company between June 23 to 30. http://www.msnbc.com/news/777515.asp - - - - - - - - Schoolgirl sites raise paedophile fears Police are to look into young women's Web sites that seek to attract attention and gifts from older men. Police are investigating schoolgirl Web sites because of fears they may be targeted by paedophiles offering gifts in return for photographs, according to the Sunday newspaper The Observer. "British girls as young as 14 are inviting strangers to send them presents through their Web sites, sometimes offering intimate pictures in return," the paper said. http://news.zdnet.co.uk/story/0,,t269-s2118662,00.html http://www.cnn.com/2002/TECH/internet/07/08/britain.crime.internet.reut/index.html - - - - - - - - Sheriff's site replaced with hardcore porn Cop investigating after site 'legally' sold Florida residents looking at their sheriff's website are currently being treated to arresting images of hardcore porn. Sheriff Charlie Aycock's office website for the Osceola County Sheriff in Kissimmee was sold from underneath him. The site now offers free lifetime access to hardcore pornography. According to the Orlando Sentinel, Aycock said a Canadian company bought the domain name last week even though it had not been for sale. http://www.vnunet.com/News/1133313 http://www.heraldtribune.com/apps/pbcs.dll/article?Date=20020706&Category=APN&ArtNo=207060516 - - - - - - - - Telecom firm leaks student data to Web A company that provides intra-campus telephone services to small colleges inadvertently posted online the names, addresses and social security numbers of thousands of its student customers, the firm acknowledged on Monday. In the latest of what has become a common Internet problem, the information about more than 2,000 students whose schools use telecommunications manage- ment firm Resicom may have leaked out from the company's Web site. Database files containing students' personal information had the wrong permission settings and could have been accessed using any Web browser as late as Monday afternoon. http://news.com.com/2100-1033-942274.html - - - - - - - - Revenue security flaw taxes government Tax-filing security blunder could affect other government services. The Inland Revenue has admitted that the security flaw which led to its online tax- filing site exposing users' confidential details could affect other government services. The initial problem with the online self-assessment site has now been fixed, after the service was withdrawn on 27 May. But a Revenue spokesman told vnunet.com that other departments using the Government Gateway may also be exposed. http://www.vnunet.com/News/1133243 - - - - - - - - Human rights group condemns Egyptian's conviction over online poem The sentencing to prison of a Web site designer for posting a sexually explicit poem on the Internet was a blow to freedom, Egypt's best- known rights group said Saturday. Shohdy Surur, 40, was sentenced on June 30 to one year in prison and fined $43 for posting a work written by his father, the poet Naguib Surur. The poem, which has an obscene name, had never been published in print because of the language that Surur used to condemn government officials for Egypt's defeat in its 1967 war with Israel. http://www.nandotimes.com/technology/story/458679p-3671243c.html - - - - - - - - Council temp fired after virus outbreak A council worker in Aberdeen has been sacked after technicians traced the spread of a destructive virus - which crippled the authority's network - back to him. An unnamed temporary agency worker, believed to have been employed in Aberdeen City Council's housing department, was fired earlier this week for allegedly allowing a destructive virus to infect the council's computer systems, the Aberdeen Press and Journal reports. http://www.theregister.co.uk/content/56/26067.html - - - - - - - - KWBot worm hits Kazaa Kazaa users attempting to download the Spiderman movie and other popular files from the Web may end up getting bitten by a new bug. The Kazaa file-swapping network has been hit by another worm, just months after the first such attack, according to antivirus vendors. Antivirus company Sophos said it had received several reports of the KWBot worm in the wild. KWBot appears to be the second worm to hit the Kazaa network, which fell prey to Benjamin worm in May. http://news.zdnet.co.uk/story/0,,t269-s2118624,00.html - - - - - - - - Worm blocks access to The Register Having trouble accessing The Register lately? It may not be your crap porn filter, or the ebone shutdown spilling over into DNS error reports at several ISPs. You may need deworming. For virus writers have created a worm which, among other tricks, blocks access to El Reg. The Gunsan is a mass-mailing worm which infects local drives and network shares. On infected machines, it opens a backdoor that allows a cracker to control the computer using IRC. http://www.theregister.co.uk/content/56/26079.html - - - - - - - - W32 viruses top the charts Mass-mailing Windows 32 viruses fill all top ten places in the virus charts for the first six months of this year. Anti-virus vendors blame freely available virus writing tools. This year Windows 32 viruses have accounted for all the positions on the top 10 list, according to a virus occurrence summary. Last month, it was reported that computer viruses were proliferating faster than ever, according to British security company MessageLabs, which found that it had caught as many pests in the first half of 2002 as it did in all of last year. http://news.zdnet.co.uk/story/0,,t269-s2118585,00.html - - - - - - - - Record industry aims to scupper pirates File-swappers beware. Not content with legal victories and out-of-court settlements with file- swapping systems such as Napster and Audiogalaxy, the record industry has now turned its attention to end-users. But there is no need to kill your Kazaa connection just yet, unless you are a big fish in the file-swapping community. This week, reports are emerging that the Recording Industry Association of America (RIAA) is planning to target file-share users who have the biggest caches of music and video files. http://www.vnunet.com/News/1133256 - - - - - - - - Cyberattacks against energy firms rise State's power crisis may have drawn attention. Power and energy companies have become targets for computer hackers, who have managed to penetrate their networks and other systems. The Los Angeles Times reported Monday that energy and power companies have been hit with an average 1,280 significant attacks in the last six months, far more than companies in any other industry. http://www.cnn.com/2002/TECH/internet/07/08/energy.hackers.ap/index.html - - - - - - - - Internet Attacks On Companies Up 28 Percent, Report Says Internet attacks against public and private organizations around the world leapt 28 percent in the past six months, with most targeting technology, financial services and power companies, according to an industry report due out today. The report, conducted by the Internet security firm Riptech Inc. of Alexandria, indicated that the information backbone upon which many countries rely remains vulnerable to cyber-attacks. "The Internet is still an extremely dangerous place and attack activity is increasing at a significant pace," said Elad Yoran, Riptech's executive vice president. http://online.securityfocus.com/news/521 http://www.gcn.com/vol1_no1/daily-updates/19237-1.html http://www.newsfactor.com/perl/story/18495.html - - - - - - - - Cyber-Security Is Underplayed, Industry Says Among the more contentious questions to arise from President Bush's proposal last month for a Department of Homeland Security is one it did not explicitly address: How should the government deal with threats in cyberspace? Bush proposed merging various agencies, scattered around the government, that oversee different aspects of computer security. But the fact that the White House's draft bill doesn't mention "cyber- security" or its variations set off furious lobbying on Capitol Hill. http://www.washingtonpost.com/wp-dyn/articles/A21939-2002Jul3.html - - - - - - - - The Clouds of Digital War Will the Next Terrorist Attack Be Delivered Via Cyberspace? Many security experts fear that the next big terrorist strike against the United States might be on and through the Internet and other vital interconnected computer networks. And the suspected attacks won't just deny Net surfers access to their favorite Web site or increase the risk of damaging computer viruses through e-mail. Rather, experts say the next cyber attack could actually lead to physical damage to real-world targets. http://abcnews.go.com/sections/scitech/DailyNews/cyberwar020708.html - - - - - - - - Study: Israel, Hong Kong hotbeds for hacking attacks Which part of the world has the dubious distinction of being the most active hotbed of computer hacking? Among the most highly wired economies, more cyber attacks originate from Israel and Hong Kong on a per-Internet-user basis than anywhere else, while Kuwait and Iran top the list of the category of countries with fewer Internet users, according to a study released Monday. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3624610.htm - - - - - - - - Mafia will hack entitlement cards Cards valuable enough to be worth hacking Government entitlement cards will be the target of organised criminal gangs, according to privacy and fraud experts. The Home Office has published a consultation paper outlining options for the cards, including the use of existing driving licences and UK passports, and issuing new cards to people who carry neither. The Home Office confirmed that it has rejected the idea of compulsory cards and any changes to police powers. http://www.vnunet.com/News/1133300 - - - - - - - - Greek ban on gaming threatens Internet cafes A Register reader in Greece emails us claiming that the Greek government has effectively outlawed Internet cafes by "all LAN and Internet games and any kind of game that is supported by electrical, electronic or software means." If anybody so much as has something looking like a game on the screen, he tells us, the cafe manager is liable for arrest. http://www.theregister.co.uk/content/6/26041.html - - - - - - - - Stockholm fears Web porn label City officials in Stockholm fear the Swedish capital is about to have its name associated with a pornographic Web site. The city has tried unsuccessfully for 10 years to acquire the domain name -- www.stockholm.com -- initially held by an individual in Florida, information technology department head Kjell Bergefall said. http://www.cnn.com/2002/TECH/internet/07/05/stockholm.name/index.html http://usatoday.com/life/cyber/tech/2002/07/05/stockholm-porn.htm - - - - - - - - Audio copy protection prevents 'ripping' of songs Last year, Music City Records released A Tribute to Jim Reeves, a CD from country music legend Charley Pride. The CD didn't look different from other CDs. But it was the first music CD released worldwide that would not play in a PC. The disc was manufactured using MediaCloQ, created by Phoenix-based SunnComm. MediaCloQ is among the new technologies aiming to diminish illegal music duplication. http://www.usatoday.com/life/cyber/tech/review/2002/7/08/copy-protection-full.htm - - - - - - - - Encryption tool gives privacy buffs new image Hactivismo, the online privacy activist group, is to release its encryption tool - but some warn that it may offer a false sense of security and put lives in danger. Online activist group Hacktivismo is to release an encryption tool that disguises information in images as an antidote to Internet censorship. Called Camera/Shy, the stealth tool disguises Web content in GIF files using a 256-bit strength encryption-key based technology called steganography. http://news.zdnet.co.uk/story/0,,t269-s2118668,00.html Quantum Computing Puts Encrypted Messages at Risk http://www.newsfactor.com/perl/story/18490.html - - - - - - - - Are Apple's OS X updates poisoned? A security mailing list has alerted Apple Computer OS X users to a program that could let a hacker piggyback malicious code on downloads from the company's SoftwareUpdate service. According to the BugTraq mailing list, a hacker named Russell Harding has posted full instructions online for how to fool Apple's SoftwareUpdate feature to allowing a hacker to install a backdoor on any Mac running OS X. http://zdnet.com.com/2100-1105-942282.html http://news.com.com/2100-1001-942265.html Apple: Taking OS X security seriously--finally http://zdnet.com.com/2100-1107-941941.html http://news.zdnet.co.uk/story/0,,t269-s2118730,00.html - - - - - - - - Stealth tool makes big entrance Camera/Shy to launch at Hackfest. The internet underground is warming up for hackfest H2K2, which will take place next weekend (13 July) in New York. One of the most eagerly awaited features of the event will be the launch of a steganography tool that will allow information to be shared across the internet without fear of perusal from unauthorised eyes. http://www.vnunet.com/News/1133292 - - - - - - - - Ohio's spam ban damned Legislation has a fight on its hands. The US state of Ohio is attempting to ban spam, framing legislation that will require senders of spam to formally identify themselves. The antispam bill - which originated in the Ohio senate and was approved by a vote of 84 to 10 - also requires spammers to provide recipients with a procedure for declining additional email, and to keep to the antispam policies of ISPs. http://www.vnunet.com/News/1133288 - - - - - - - - Spam-Cramming Foils Vacationers Vacationers with a sudden yearning to get away from it all are discovering that cyberspace isn't an easy place to escape. After making a bold decision not to check e-mail frequently or at all during vacations, many find that when they do log on again they are greeted by a mailbox crammed with spam -- as well as a message from their Internet Service Provider informing them that their account has reached its allotted capacity and no further e-mail will be delivered until the box has been purged. http://www.wired.com/news/technology/0,1282,53669,00.html - - - - - - - - Palladium tech up for discussion, says MS security chief Unaccountably, Microsoft seems to have forgotten to invite The Register to Tech Ed in Barcelona this week, but we're pleased to see some useful information making it into the public prints. Yesterday, IDG News correspondent Gillian Law obtained some useful information about Palladium from Microsoft UK chief security officer Stuart Okin. http://online.securityfocus.com/news/513 http://online.securityfocus.com/columnists/93 http://www.theregister.co.uk/content/4/26037.html - - - - - - - - Web IDs 'could save the net' Without identification it's all over, says expert. In its current state the internet will die - and the only thing that can save it is an overhaul with security at its core, says antivirus expert Eugene Kaspersky. But his outline for a crime-free web may land him on the wrong side of the fence with the privacy pundits. Kaspersky, who heads up anti virus research at the 200-strong company in Moscow gives the internet as we know it two to four years before the amount of "bad information outweighs good information". http://www.vnunet.com/News/1133260 - - - - - - - - Show us the bugs - users want full disclosure End-users overwhelmingly support the full disclosure of security vulnerabilities, according to a recent survey by analysts Hurwitz Group, which demonstrates widespread frustration about vendor responsiveness to security issues. Based on interviews with more than 300 software security professionals, the report shows that end users overwhelmingly support full disclosure - announcing security vulnerabilities as soon as they are discovered. The end users surveyed for the report are clearly angry that vendors are releasing insecure applications, and then not responding when flaws are detected, Hurwtiz reports. http://online.securityfocus.com/news/520 http://www.theregister.co.uk/content/55/26090.html - - - - - - - - Web Server vulnerability reaches all time high The Web is more vulnerable to attack now than at any time previously. That's the stark conclusion of Netcraft's latest monthly survey of Web servers, which expresses concerns over the emergence of serious vulnerabilities in both Microsoft's IIS and Apache Web servers over the last month. http://www.theregister.co.uk/content/55/26049.html - - - - - - - - Life After AV: If Anti-Virus is Obsolete, What Comes Next? In a previous article, Past Its Prime: Is Anti-Virus Scanning Obsolete?, I discussed the reasons why I believe that anti-virus scanning as we now know it is obsolete and must be replaced. In this article, I will address what I believe will be its replacement - behavioral blocking - including what is currently available, and how behavioral blocking needs to function for it to successfully defeat malicious code. http://online.securityfocus.com/infocus/1604 - - - - - - - - Cracking MS SQL Server passwords The inner workings of the undocumented pwdencrypt() hash function in Microsoft SQL Server have been revealed in a paper by security researcher David Litchfield of Next Generation Security Software (NGSS). pwdencrypt() creates the user's password hash, which is stored in the main database. Litchfield begins by observing that when it's applied to the same input (foo), it will produce different hashes at different times, from which he reckons, assuming the worst, that the salt must be time sensitive in some way. Salting is normally done to prevent collisions and to strengthen hashes against dictionary attacks. http://online.securityfocus.com/news/519 http://www.theregister.co.uk/content/4/26086.html - - - - - - - - High-tech front in the war on terror Measures the energy emitted or reflected from an object. While United States soldiers press on with their mission in Afghanistan and domestic security agencies try to flush out potential attackers, the war on terror is also being fought on another, more subtle front: in the laboratory. New technology -- some of it still under development -- has the potential to increase the effectiveness of intelligence-gathering efforts. http://www.cnn.com/2002/TECH/industry/07/05/intelligence.technology/index.html - - - - - - - - Terrorism plays new role in Web, games Advertisements for suicide bombers, promotions of violence and "shoot-em-up" games have proliferated on the Internet since the Sept. 11 attacks, according to the Simon Wiesenthal Center. "Extremist groups are undoubtedly spending more of their efforts online," Rabbi Abraham Cooper told a news conference convened for the release of the center's annual report on the spread of racism and violent hatred on the Internet, "Digital Hate 2002." http://news.com.com/2100-1040-942098.html - - - - - - - - The Spy Inside Your Cell Phone Every new technology gives birth to new security and privacy fears. When mobile phones first started gaining popularity in the late '80s and early '90s, it seemed anyone who could navigate a Radio Shack could put together a little receiver to intercept random cell traffic from the air. Although carriers have made it a little harder to do that today, the sense that some conversations are better had in person, or over a wired line, has not disappeared. http://www.newsfactor.com/perl/story/18488.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.