September 23, 2002 Arrest for Slapper author But a new variant is already out there. A suspect has been arrested on suspicion of authoring the Slapper worm. But although the threat of the worm seems to have been shortlived, a new variant is already set to take up where its predecessor left off. David Morgan, senior consultant for Internet Security Systems (ISS), revealed the news of the arrest. "Slapper mailed the addresses of infected machines back to an email address in the Ukraine," he said. "This email was checked from a traceable location and, as a result, a 21-year-old male has been arrested by the authorities." http://www.vnunet.com/News/1135274 - - - - - - - - Adelphia founder, four others indicted Adelphia Communications Corp. founder John J. Rigas, his sons and two other former executives were indicted Monday for allegedly stealing hundreds of millions of dollars from the nation's sixth-largest cable television company. The 24-count indictment, handed up in Manhattan federal court, charges the men with conspiracy, securities fraud and wire fraud, and seeks $2.5 billion in forfeited assets for the alleged large-scale accounting fraud and corporate looting. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4135012.htm http://zdnet.com.com/2110-1106-959036.html http://www.washingtonpost.com/wp-dyn/articles/A55514-2002Sep23.html - - - - - - - - Woman falls for Nigerian scam, steals $2.1m from law firm A bookkeeper for Michigan law firm Olsman Mueller & James has been taken for $2.1m by Nigerian 419 fraudsters, the Detroit Free Press reports. The 59-year-old woman received a fax from one Dr. Mbuso Nelson of the Ministry of Mining in Pretoria, South Africa, asking for help in getting a cool $18m transferred to the US. We all know what comes next: the hapless victim set up a bank account, only to be told that certain expenses had to be met. Fuelled by greed and stupidity in equal measure, the woman dutifully wired huge sums to accounts in South Africa and Taiwan. Cue popping champagne corks in expensive Lagos restaurants. http://www.theregister.co.uk/content/28/27243.html - - - - - - - - Greece enters web Dark Ages again Government reinstates online games ban. The Greek government's ban on web-based computer games has been reinstated by an appeals court meaning that two cyber cafe owners and their employee could go to prison. A lower court decision earlier this month rejected the case against two Thessaloniki cyber cafe owners and a member of staff, describing the law as unconstitutional. But the appeals court judge disagreed and ordered a retrial. A date has yet to be set for the new hearing. http://www.vnunet.com/News/1135248 - - - - - - - - Energy agency says Web info poses threat Citing the threat of terrorism, the Federal Energy Regulatory Commission (FERC) is proposing new rules to limit the public's access to information about power plants, pipelines and other components of the energy infrastructure. Only those with "a need to know" will have access to the information, and they might be required to sign an agreement that prohibits them from revealing what they have learned. http://www.fcw.com/fcw/articles/2002/0923/pol-energy-09-23-02.asp - - - - - - - - FBI cyber chief heralds interagency cooperation Ron Dick, the director of the FBI's National Infrastructure Protection Center, said the FBI's new effort to partner with the Secret Service on investigating cyber crimes is aimed at marshalling resources. At the launch of the national cybersecurity protection plan last week, the FBI and Secret Service announced a new pilot program where several field offices of both agencies agreed to work together on investigating cyber crimes to determine who is behind a particular attack. http://www.govexec.com/dailyfed/0902/092302td1.htm Justice Department formalizes information sharing guidelines http://www.govexec.com/dailyfed/0902/092302td2.htm - - - - - - - - Join Cyber Corps, get paid to go to school You can get a master's degree at UNC Charlotte or N.C. A&T State University in one of the hottest fields around for free -- free books, free tuition, free room and board. There's a stipend too: $1,000 a month. That's on top of a summer internship with benefits and pay. And when you're finished, you're practically guaranteed a job. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4135141.htm - - - - - - - - Online Gaming Illegal (Wink Wink) Despite the defection of several big-name credit card issuers and a recent Justice Department "advisory" declaring all Internet gambling illegal, many watchers of online casino operations remain convinced the industry is still on a roll. As proof, they cite a federal court decision in Louisiana that could de-fang the Justice Department's virtual bite, Congress' repeated repudiation of such measures as the Internet Gambling Prohibition Act and a successful Nevada ballot initiative directing the state legislature to begin issuing online gambling licenses. (Several Las Vegas casinos now operate online by way of the Isle of Man.) http://www.wired.com/news/politics/0,1283,55202,00.html - - - - - - - - Crypto boffins: let's get physical Researchers at MIT have developed a physical token, based on tiny glass spheres encased in epoxy resin, as a more secure alternative to generating cryptographic keys electronically. With computers getting ever more powerful, especially when quantum-based technology come on the scene, some predict the mathematical algorithms which underpin current encryption techniques could be broken. http://www.theregister.co.uk/content/55/27248.html - - - - - - - - Aussies protest MS security advice Citing Microsoft's own somewhat patchy security record, Australian industry commentators have called into question the software maker's worthiness to advise the Federal Government on the country's cyber security policy. Recent industry reports have suggested that despite its being snubbed by US government officials during formulation of America's official cyber security efforts, Microsoft Australia is playing a key advisory role in relation to Australia's first cybersecurity framework. http://zdnet.com.com/2100-1105-958969.html - - - - - - - - Microsoft issues 51st security bulletin of the year Microsoft Corp. on Thursday disclosed more flaws in its Windows operating systems, the most serious of which could let an outside attacker take over a computer. The software company advised that all users of Windows install a free patch to fix flaws in its "virtual machine" for translating applications written in the Java programming language. Microsoft termed the threat "critical." Microsoft also disclosed "moderate" flaws in Windows 2000 and XP and advises administrators of Windows 2000 servers and end users of Windows XP to download a patch. http://www.nandotimes.com/technology/story/544944p-4305410c.html - - - - - - - - Microsoft spying? Linux is looking better China thinks Microsoft software contains secretly embedded code that the United States government can manipulate at will. So, in case of war between the two countries, a Pentagon official can hit a switch and--presto!--cripple China's computing infrastructure. A senior Microsoft executive, who often confers with the Chinese (sorry, no names), told me this tale. I thought he was joking. He wasn't. Some people in the Chinese government actually believe it's true. http://zdnet.com.com/2100-1107-958762.html - - - - - - - - Want to know how RIAA.org was hacked? Two weeks ago the Recording Industry Association of America website was defaced. Twice. Even more embarrassing, the crackers installed pirate music files on the site for download. But how? zone-h.org, a security site-based in Estonia, has uncovered the elementary mistake in RIAA's robot.txt files which gave the crackers their back door. This is our first exposure to Estonian humour. And we like it. The Register is publishing zone-h's entertaining treatment by permission. http://www.theregister.co.uk/content/6/27230.html - - - - - - - - Who's letting the spam in? Have you helped a spammer today? According to operators of spam-filtering lists, an alarming number of people are unwittingly helping junk mailers shuttle spam, or unsolicited bulk e-mail. Those unassuming victims are running software meant to allow multiple connections over a LAN (local area network) to the Internet through a single line, or what's known as proxy servers. Many proxy servers are installed insecurely, and spammers have discovered tricks to tap into them to send junk mail with little trace--an occurrence relatively unseen a year ago, experts say. http://zdnet.com.com/2100-1106-958847.html http://news.com.com/2100-1023-958847.html - - - - - - - - When is hacking a crime? Kevin Finisterre admits that he likes to hew close to the ethical line separating the "white hat" hackers from the bad guys, but little did he know that his company's actions would draw threats of a lawsuit from Hewlett-Packard. This summer, the consultant with security firm Secure Network Operations had let HP know of nearly 20 holes in its Tru64 operating system. But in late July, when HP was finishing work to patch the flaws, another employee of Finisterre's company publicly disclosed one of the vulnerabilities and showed how to exploit it--prompting the technology giant to threaten litigation under the Digital Millennium Copyright Act. http://zdnet.com.com/2100-1105-958920.html New laws make hacking a black-and-white choice http://news.com.com/2009-1001-958129.htm - - - - - - - - Security--teamwork pays off As organizations continue to invest in dedicated information security resources, developing the capability to respond appropriately to security incidents is becoming imperative. Instituting a security incident response team (SIRT) is aprerequisite for effective information security countermeasures. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2880346,00.html - - - - - - - - Who Goes There? An Introduction to On-Access Virus Scanning, Part 2 By now, most savvy computer users have anti-virus software (AV) installed on their machines and use it as part of their regular computing routine. However, most average users do not know how anti-virus software works. This article is the second in a two- part series that will offer a brief overview of a particular type of anti-virus technique known as on-access scanning. http://online.securityfocus.com/infocus/1626 Who Goes There: An Introduction to On-Access Virus Scanning, Part One http://online.securityfocus.com/infocus/1622 - - - - - - - - Configuring IPsec and IKE on Solaris, Part Three This is the third article in a three-part series on configuring IPsec and the Internet Key Exchange (IKE) on Solaris hosts. The first article covered the basics of IPsec and IKE. The second article focused on configuring IPsec to protect traffic between two Solaris hosts. This article will discuss the configuration of an IPsec VPN tunnel between two Solaris hosts. http://online.securityfocus.com/infocus/1628 Configuring IPsec/IKE on Solaris, Part One http://online.securityfocus.com/infocus/1616 Configuring IPSec and Ike on Solaris, Part Two http://online.securityfocus.com/infocus/1625 - - - - - - - - Cybersecurity plan on the lite side The Bush administration's long-awaited plan for protecting the nation's critical computer systems from cyberattacks is too weak because it does not set specific requirements for federal agencies or the private sector to follow, and politics is mostly to blame for the watered-down plan, information technology experts say. http://www.fcw.com/fcw/articles/2002/0923/news-cyber-09-23-02.asp A Cybersecurity Sleeping Pill From a White House given to dramatic warnings of electronic Pearl Harbors comes an incongruously meek national strategy. Did industry lobbyists slip someone a Mickey? For sixty-five pages, a fat lot of nothing. That's the only sensible verdict possible upon scanning Richard Clarke's much-hyped draft of "The National Strategy to Secure Cyberspace." http://online.securityfocus.com/columnists/110 - - - - - - - - Exploiting online raunch at the polls What is it with state attorneys general trying to stamp out Internet vice around election time? On Oct. 27, 1998, precisely one week before Election Day, the New York State Attorney General's Office raided an Internet provider in Buffalo and confiscated its news server. The charge, according to former Attorney General Dennis Vacco, was that BuffNet carried Usenet newsgroups where child pornography could be found. It could be found, that is, if someone looked hard enough--and Vacco's investigators were nothing if not determined. http://news.com.com/2010-1071-958881.html - - - - - - - - Boston Airport to Install Scanners Logan International Airport in Boston will announce on Monday that it is installing scanners that can check the authenticity of hundreds of kinds of driver's licenses and passports, check the bearer's name against government "watch lists," and generate lists, with photos, of whose document was checked and when. http://www.nytimes.com/2002/09/23/technology/23BOST.htm - - - - - - - - When porn permeates Web personals They look real, their e-mails sound real, but before you know it youre being asked for a credit card number. Her online personal ad said she liked the outdoors, camping, hiking, biking, blading, and yes, even fishing. Don was online looking for love, like millions of other men, and thought Amyloov was sexy, so he dropped her a note through Yahoo.coms personals. http://www.msnbc.com/news/805678.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.