October 1, 2002 Bugbear eats credit cards, passwords Bugbear is an Internet worm with a Trojan horse that attempts to steal your passwords and credit card information. Bugbear (w32.bugbear@mm), also known as Tanatos, is about 50KB long and is compressed with the UPX file compressor. Users of Internet Explorer 5.01 or 5.5 who have not patched the Incorrect Mime header flaw are vulnerable to the worm's e-mail attack. All versions of Windows are vulnerable to this worm's ability to arrive via open file sharing. Users of Macintosh, Linux, and Unix are not at risk. Since Bugbear sends infected e-mail and contains a potentially dangerous Trojan horse, it ranks a 6 on the ZDNet Virus Meter. http://zdnet.com.com/2100-1105-960139.html http://news.com.com/2100-1001-960365.html http://www.vnunet.com/News/1135567 E-tailers seek to block "parasiteware" http://zdnet.com.com/2100-1106-960214.html - - - - - - - - Ex-AOL worker may go directly to jail A former America Online call center worker pleaded guilty Monday to exercising the stock options of another employee and diverting tens of thousands of dollars to himself. Jacksonville, Fla., resident Christopher O. Wright, 27, faces up to five years in prison and fines of $250,000 after pleading guilty in federal court in Alexandria, Va., to one count of wire fraud. He also faces the prospect of having to pay back the more than $86,000 he netted from the transaction, the office of the U.S. Attorney for the Eastern District of Virginia said. http://zdnet.com.com/2110-1106-960335.html - - - - - - - - House lawmaker renews push for cybersecurity measures A key House lawmaker is moving to reauthorize legislation that would impose security requirements on federal agencies through two different vehicles, signaling what he sees as the urgency of extending information security measures before Congress adjourns. The House Government Reform Technology and Procurement Policy Subcommittee on Tuesday approved legislation to promote online government and included in that bill, H.R. 2458, a provision based on the Federal Information Security Act (FISMA)to permanently reauthorize 2000 Government Information Security Reform Act (GISRA) and institute other cybersecurity requirements for agencies. http://www.govexec.com/dailyfed/1002/100102td1.htm - - - - - - - - House votes to block Web gambling payments The U.S. House of Representatives voted on Tuesday to outlaw payments to Internet casinos, hoping to choke offshore gambling sites that continue to draw billions of dollars from U.S. customers. The measure passed easily by a voice vote, capping years of negotiations in which lawmakers tried to balance the concerns of state regulators, banks, dog- track owners, Internet providers and social conservatives. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4191763.htm http://www.msnbc.com/news/815789.asp - - - - - - - - FBI aims to patch security holes The G-Men are to focus more on securing system vulnerabilities than chasing potential threats, according to a new intiaitive about to be announced The FBI and a prestigious computer- security research group are set to announce new initiatives to keep companies up to date on the most threatening software vulnerabilities. http://news.zdnet.co.uk/story/0,,t269-s2123148,00.html - - - - - - - - AOL to deliver abducted-children alerts to its members. The nation's largest Internet service, America Online, will begin transmitting Amber Alerts about abducted children onto the screens of computers, pagers and cell phones of more than 26 million subscribers in dozens of states and cities. Beginning in early November, warnings issued across the patchwork of communities that use the system will go to AOL users in those areas who request to receive them. All but one of the existing Amber Alert systems are participating with AOL. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4189885.htm http://www.nandotimes.com/technology/story/558075p-4396765c.html - - - - - - - - Netscape loses privacy dispute Netscape Communications customers suing the company for privacy invasion are not bound by an end-user license agreement forcing them into arbitration, a federal appeals court panel ruled Tuesday. At least three groups of Netscape users have sued the company in recent years, alleging that the AOL Time Warner unit's SmartDownload software invaded people's privacy and violated laws prohibiting electronic surveillance by sending their personal information back to the company. AOL shuttered the tracking feature soon after it was sued. http://news.com.com/2100-1023-960388.html - - - - - - - - DOD limits wireless use, will study vulnerabilities further The Defense Department CIO last week issued a policy imposing restrictions on the use of wireless devices at the Pentagon. Effective immediately, the Pentagon Area Common Information Technology Wireless Security Policy prohibits employees from connecting wireless devices, such as cellular telephones and personal digital assistants, to any classified network and from using such devices as a primary means of communication for mission-critical operations. http://www.gcn.com/vol1_no1/daily-updates/20147-1.html http://www.govexec.com/dailyfed/1002/100102td2.htm http://www.fcw.com/fcw/articles/2002/0930/web-wire-10-01-02.asp - - - - - - - - Professor posts digital device hit list Could singing fish novelties be hooked by a proposed law requiring anti-copying technology in digital devices? Princeton professor Ed Felten thinks so. The computer scientist has launched a site, called Fritz's Hit List, that points out devices that could be forced to carry anti-copying technology if Sen. Fritz Hollings', D-S.C., Consumer Broadband and Digital Television Promotion Act (CBDTPA) passes. The bill, which is designed to thwart piracy, would restrict digital products that don't carry government-approved security technology. http://zdnet.com.com/2100-1105-960317.html - - - - - - - - Mobile phone Java risks 'minimal' Is wireless Java at risk from malicious code attack? The answer appears to be no - for vanilla Java 2 Micro Edition (Java 2 ME). But vendors' proprietary extensions are more problematic, according to Markus Schmall, of T-Mobile. He recently conducted a study of the security of Java 2 ME, using tests on a Siemens SL45 phone. Java 2 ME is defined so that cross-loader functions are limited, maths functions are restricted and no file access is possible. This greatly limits the scope and number of attacks possible on mobile devices running Java 2 ME. http://online.securityfocus.com/news/923 - - - - - - - - Porn diallers and Trojans - the new face of malicious code The profile of malicious code on the Internet is changing with porn diallers and Trojan horses becoming more serious problems. A study on the malicious code blocked last year by managed services firm MessageLabs finds the spread of Trojan horses is becoming more organised. From recording Trojans sporadically, MessageLabs is now intercepting 40-50 Trojans at a time. These are systematic attempts to infect victim's machines, it says. http://online.securityfocus.com/news/922 - - - - - - - - Security agency selects San Diego firm for help sorting data The largest U.S. intelligence agency will spend millions to upgrade the technology it uses to sift through the huge volume of telephone conversations, e-mail and other worldwide communications chatter it monitors, under a new contract. The National Security Agency has signed a $282 million contract with Science Applications International Corp. of San Diego to help develop a more refined system for culling useful intelligence from a flood of data it collects daily. Officials disclosed the 26-month contract on Monday. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4186846.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.