July 15, 2002 House votes to boost penalties, investigation of computer crimes Preparing the nation for future cyberattacks, the House voted Monday to increase penalties for computer crimes and make it easier for Internet service providers to disclose dangerous material to government agencies. The legislation also states that immediate threats to national security should be included among emergency instances where law enforcement can tap into computer communications. It passed 385-3. Many think of cybercrime as a form of vandalism, but "it can devastate our businesses, economy or national infrastructure," said Rep. Lamar Smith, R-Texas, the chief sponsor. "A mouse can be just as dangerous as a bullet or a bomb." http://www.nandotimes.com/technology/story/467151p-3735069c.html House OKs life sentences for hackers But time may run out for computer crime bill in Senate. The House of Representatives voted overwhelmingly Monday to create a new punishment of life imprisonment for malicious computer hackers. By a 385-3 vote, the House approved a computer crime bill that also expands police ability to conduct Internet or telephone eavesdropping without first obtaining a court order. http://www.msnbc.com/news/780923.asp http://news.com.com/2100-1001-944057.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3668922.htm http://www.msnbc.com/news/780923.asp - - - - - - - - New e-mail virus found in Japan Not clear how widely 'Frethem' has spread. Japanese software makers said Monday they have detected two strains of a new computer virus that attacks files and disables antivirus software. "Frethem.K" multiplies by sending virus copies to e-mail addresses from a computer's address book, Tokyo-based Trend Micro Inc. said on its Web site. http://www.cnn.com/2002/TECH/internet/07/15/japan.computer.virus.ap/index.html http://www.msnbc.com/news/780651.asp http://zdnet.com.com/2100-1105-943963.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3666846.htm - - - - - - - - Net portals in China agree to filter content Internet portals in China, including Yahoo's Chinese-language site, have signed a voluntary pledge to purge the Web of content that China's communist government deems subversive, organizers of the drive say. The "Public Pledge on Self-discipline for China Internet Industry" has attracted more than 300 signatories since its launch March 16, said a spokeswoman for the Internet Society of China, who identified herself only as Miss Sun. http://www.usatoday.com/life/cyber/tech/2002-07-15-china-net_x.htm - - - - - - - - Security experts say hackers targeting energy industry Power and energy companies are fast becoming a primary target of computer hackers who have managed to penetrate energy control networks as well as administrative systems, according to government cyber-terrorism officials and private security experts. Experts cite a number of potential sources for the post-Sept. 11 increase in hacker attacks, including industrial espionage and malicious mischief, but Ronald Dick, director of the FBI's cybercrime division, said he is concerned that the United States' power grid now may be moving into the cross-hairs of cyber-terrorists. http://www.nandotimes.com/technology/story/466769p-3730092c.html - - - - - - - - Cyberterror test checks connections For the first time ever, federal, state and local government officials are partnering with representatives from the private sector and the utilities community in a exercise designed to identify the links between them in responding to and defending against cyberterror. Operation Dark Screen, the brainchild of Rep. Ciro Rodriguez (D-Texas), is a three-phase exercise that will help all the players involved better understand their roles in preparing for, recovering from, and protecting the nation's critical infrastructure in case of a cyberattack. http://www.fcw.com/geb/articles/2002/0715/web-dark-07-15-02.asp - - - - - - - - Hacker group targets Net censorship Some of the world's best-known hackers unveiled a plan this weekend to offer free software to promote anonymous Web surfing in countries where the Internet is censored, especially China and Middle Eastern nations. An international hacker group calling itself Hactivismo released a program on Saturday called Camera/Shy that allows Internet users to conceal messages inside photos posted on the Web, bypassing most known police monitoring methods. http://news.com.com/2100-1001-943686.html http://www.newsfactor.com/perl/story/18602.html http://news.bbc.co.uk/hi/english/sci/tech/newsid_2129000/2129390.stm http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3667757.htm - - - - - - - - Someone's Watching You: The Web's Secret Police In a never-ending search for con artists, software pirates and digital thieves, U.S. companies with billions of dollars at stake are spending time and resources to curb infringement and catch perpetrators. Their tactics may include scanning the Internet and Web sites for pirated materials, or tracking user registration and behavioral data in search of repeated fraudulent patterns. http://www.newsfactor.com/perl/story/18584.html - - - - - - - - Hack attacks on Linux on the rise Hackers are increasingly targeting Web servers based on the Linux operating system, while the number of successful attacks on Windows systems decreases, according to a new report from a U.K. systems integrator. The study by Mi2g also found that successful attacks on U.K. and U.S. government sites have decreased, which may be due to tougher laws and improved security. http://news.com.com/2100-1001-943911.html http://news.zdnet.co.uk/story/0,,t269-s2119138,00.html - - - - - - - - File-traders in the crosshairs When the recording industry last month let slip plans to sue individuals who trade copyrighted songs on file-swapping services, Web surfers everywhere pulled down their MP3 collections in a frenzy of fear. OK, not really. Despite the music industry's hopes, such threats have so far been met with a collective yawn in the file-swapping community, which has yet to see much damage in spite of repeated legal wrangling with the Recording Industry Association of America. http://news.com.com/2100-1023-943881.html http://zdnet.com.com/2100-1106-943908.html - - - - - - - - Liberty Alliance proposes Web security standards A set of Sun Microsystems Inc-backed web services security specifications could soon pass to a standards-body backed by IBM and Microsoft, Gavin Clarke writes. Liberty Alliance Project members have discussed submission of their pecifications to the Organization for the Advancement of Structured Information Standards (OASIS). http://www.theregister.co.uk/content/23/26183.html http://www.vnunet.com/News/1133545 http://news.com.com/2100-1001-943892.html http://zdnet.com.com/2100-1106-943934.html - - - - - - - - Confirmed: MS to ship beefed up 802.11 security in XP SP1 Microsoft will, as suggested here last week, be shipping a Protected Extensible Authentication Protocol (PEAP) client with SP1 of Windows XP. This will beef up wireless security in XP and will no doubt come in handy for the mysterious security of Microsoft's forthcoming home wireless products. http://www.theregister.co.uk/content/4/26188.html - - - - - - - - Security's the message for Exchange Microsoft is hatching plans for a new Exchange Server e-mail system, with improved security, a facelift for Outlook, and better support for cell phones and other handhelds. Microsoft chief executive Steve Ballmer is expected to elaborate on the new version of Exchange in a speech to business partners Monday at its Fusion conference in Los Angeles. http://news.com.com/2100-1001-943919.html http://zdnet.com.com/2100-1104-944035.html - - - - - - - - Taking a Byte Out of Cybercrime Evolving Crime Cyberforensics Challenge Privacy Rights Nicodemo Scarfo Jr. thought the Internet was a foolproof way of running his gambling operation little did he know that he was under virtual surveillance every time he typed in his computer password. Scarfo, a New Jersey mobster, was sentenced last month to the maximum 33 years in federal prison after pleading guilty to running an illegal gambling ring. http://abcnews.go.com/sections/us/DailyNews/cybersleuth020715.html - - - - - - - - Making the case for forensics training Many IT departments have tools to detect and prevent corporate breaches, but oftentimes, key staff members may not have a good background in investigative computing techniques. Training staff in forensics makes the best use of tools and also helps companies handle liability and legal issues in which information on computer data, access breaches, and user log-in details play a role in criminal and civil court actions. The need for forensics training and certification is increasing due to various factors, according to trainers and certification organizations. http://www.techrepublic.com/article.jhtml?id=r00520020709thr01.htm Imaging and analysis tools for your computer forensics toolkit Basic principles. Everything that a computer forensics professional does should be grounded in certain principles. They are: Never work on original evidence. Use tools that have been tested and are capable of replicating findings. Take copious notes or have tracking capabilities of all efforts. Strictly follow established procedures for evidence preservation. Maintain chain of custody. Use the highest standards of conduct to obtain results. http://www.techrepublic.com/article.jhtml?id=r00520011113ern01.htm - - - - - - - - Security industry's hacker-pimping slammed I spent three days at H2K2 hoping someone would say something worth mentioning in The Register. Finally, on Sunday, a couple of speakers did just that (on which more tomorrow). Best of all was Gweeds' savage synopsis of a thing which world + dog has no doubt long entertained as a vague suspicion, namely the way hackers pimp themselves in hopes of getting hired at great expense by security companies, and the way conferences provide fertile soil for the illusory threat exaggeration on which the security industry feeds. http://www.theregister.co.uk/content/55/26198.html http://online.securityfocus.com/news/533 http://online.securityfocus.com/news/532 - - - - - - - - Net attacks are on the rise...now what? It's not just your imagination. They really are out to get you. While it's true that being a security manager these days requires a certain amount of paranoia, what you're seeing is real. Attacks on Internet-attached networks have increased substantially, and show no sign of abating. According to a report by Riptech , a security services provider in Alexandria, VA, such attacks are up 64 percent in the last six months. More sobering are reports from Riptech and others that this is just the beginning. The number of cyber attacks is going through the roof. http://zdnet.com.com/2100-1107-943792.html - - - - - - - - Crypto Controls are Spreading Internationally Hand over that encryption key, mate, monsieur, sir, bloke. Five years ago, when the Organization for Economic Cooperation and Development (OECD) released their guidelines for cryptography policy, crypto advocates cheered and declared victory. After a hard fought battle, we had forced the OECD to back away from the U.S. government's efforts to restrict encryption worldwide. After the guidelines, countries around the world issued crypto policies that called for the free and unfettered use of encryption products to promote e-commerce and protect privacy. http://online.securityfocus.com/columnists/95 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.