High Tech "NewsBits" for 01/16/03

January 16, 2003 Driver's license spam scam quashed by federal regulators Several unscrupulous "spammers" have been shut down after bombarding Internet users with e-mail offers for allegedly bogus international driver's licenses, the U.S. Federal Trade Commission said Thursday. The move should put the brakes on a common scam that has evolved into one of the most prevalent forms of unwanted junk e-mail over the past several years. http://www.usatoday.com/tech/news/techpolicy/2003-01-16-spam-scam_x.htm - - - - - - - - Child porn seized in raid Investigators seized computer equipment containing child pornography during a late-night raid Tuesday in Sky Harbour. Sheriffs department Jerry East said deputies also took a bite out of crime Tuesday afternoon when they raided an illegal dental lab in Tolar. Several sets of illegally made dentures were seized at the location, East reported. Deputies and investigators from the Texas Attorney Generals office seized a computer, several floppy disks and several CD roms containing child pornography from a residence in Sky Harbour, East said. http://www.hcnews.com/news/get-news.asp?id=4720&catid=1&cpg=get-news.asp - - - - - - - - Hackers Humble Security Experts A wisecracking group of hackers confirmed that its claim this week that it spread an antipiracy virus was nothing but a hoax aimed at garnering fame. But members of the group, known as Gobbles Security, conceded that a program it released to demonstrate the problem was a Trojan horse capable of destroying files on the computers of unwary Unix users. Experts said the bizarre incident, which caused a brief frenzy among some security firms and fans of music file sharing, follows a grand tradition of pranks by the playful hacking group. http://www.wired.com/news/infostructure/0,1377,57229,00.html - - - - - - - - Librarians Split on Sharing Info In the year following the passage of the Patriot Act, librarians' response to law enforcement requests for patrons' records has been sharply divided, according to a nationwide survey. The Patriot Act allows investigators to seize patrons' book-borrowing and Internet-surfing records to investigate terrorist leads; it also prohibits library staff from publicizing law enforcement requests for such materials. http://www.wired.com/news/privacy/0,1848,57256,00.html - - - - - - - - Review lame hacker law, says business Number of prosecutions under Computer Misuse Act far fewer than justified by the number of attacks. Only 15 hackers were jailed for breaking the Computer Misuse Act in 2001, the government has revealed. This brings the total number of custodial sentences handed out to hackers to just 22 since 1999. Of those jailed in 2001, eight were imprisoned just for hacking; the others had also committed other crimes. http://www.vnunet.com/News/1138049 - - - - - - - - Calif. top court may weigh in on Sex.com California's high court could rule on whether a domain name can be considered property, as part of a long-running dispute over the Sex.com domain. In an order issued earlier this month, the U.S. Ninth Circuit Court of Appeals asked the California Supreme Court to rule on the question. The appellate court said it was asking the state's highest court to decide the matter because the case "raises a new and substantial issue of state law in an arena that will have broad application." http://news.com.com/2100-1023-980960.html - - - - - - - - Rumsfeld orders .mil Web lockdown U.S. defense secretary Donald Rumsfeld this week directed the armed service to strip military Web sites of information that could benefit adversaries, citing a terrorist training manual and a year-long review of the Department of Defense's 700-gigabyte Web presence. "An al Qaeda training manual recovered in Afghanistan states: 'Using public sources openly and without resorting to illegal means, it is possible to gather at least 80% of information about the enemy,'" Rumsfeld wrote in a memo electronically circulated throughout the armed services. http://online.securityfocus.com/news/2062 http://news.com.com/2100-1023-981057.html - - - - - - - - Senator seeks ban on Defense, Homeland Security data mining Sen. Russ Feingold, D-Wis., said Thursday he would introduce legislation to halt funding for controversial data mining projects at the Defense and Homeland Security departments. The move comes amid growing protests by privacy advocates and civil libertarians that the Bush administration is encroaching upon civil rights with many of its new homeland security initiatives. http://www.govexec.com/dailyfed/0103/011603h1.htm http://www.wired.com/news/politics/0,1283,57253,00.html Lawmakers blast Pentagon's data dragnet http://www.usatoday.com/tech/news/techpolicy/2003-01-16-privacy-congress_x.htm ACLU: Surveillance devices multiply When it comes to snooping on Americans, Big Brother has a lot more gadgets at his disposal. In its new study, "Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society," the American Civil Liberties Union (ACLU) blames the unchecked use of technological tracking features for an increase in surveillance by both the government and the private sector. http://zdnet.com.com/2100-1105-980964.html http://www.wired.com/news/politics/0,1283,57226,00.html - - - - - - - - MS seeks malware, bust phones after SPV security crack A quite bizarre CNET report reveals that Microsoft's Security Response Center began investigations into the circumvention of security on the SPV smartphone on Tuesday, searching - so says CNET, anyway - for reports of rogue programs on the network and damaged phones. Furthermore, says an anonymous source "familiar with the situation," unlocking an SPV "is a difficult process that sometimes involves taking the phone apart." Oh really? One hazards a guess that this particular source is familiar with the situation as they would like it to be, and as it no doubt will be by version 2.0 or 3.0 - security hard-wired into the silicon, and the client irretrievably controlled/owned by somebody out there, not you. http://212.100.234.54/content/59/28898.html Hackers attack new smart phones http://zdnet.com.com/2100-1103-980803.html http://news.zdnet.co.uk/story/0,,t269-s2128840,00.html - - - - - - - - FAA CIO says security system development tops '03 priorities The Federal Aviation Administration this year intends to develop mission support systems and boost cybersecurity within the enterprise architecture it created last year, said Daniel Mehan, assistant administrator and CIO at FAA. Enterprise architecture is a remarkably complex subject, but its like the architecture of a house, Mehan said today at a meeting sponsored by Input of Chantilly, Va. You need to know where the plumbing goes. http://www.gcn.com/vol1_no1/daily-updates/20884-1.html - - - - - - - - FedCIRC prepares to launch new security patch service The Federal Computer Incident Response Center introduced systems and security administrators to its new patch distribution service today. Two administration officials recommended that agencies take advantage of the offering. It is critical for federal users to upload patches in a timely manner, said Mark Forman, associate director for IT and e-government at the Office of Management and Budget. http://www.gcn.com/vol1_no1/daily-updates/20885-1.html - - - - - - - - CERT warns of DHCP vulnerability The Computer Emergency Response Team (CERT) Coordination Center has warned of a serious security vulnerability in the Internet Software Consortium's (ISC) DHCP (Dynamic Host Configuration Protocol) software, which is shipped with multiple operating systems including popular Linux and BSD variants. DHCP software is used to assign IP address information to computers on a network as they require it. For example, when a user selects "Obtain an IP address automatically" in their Windows networking settings, its a DHCP server attached to the network that issues this IP address information to the users computer. http://zdnet.com.com/2100-1105-980957.html - - - - - - - - Internet squatting continuing to damage brands When it comes to corporate branding, imitation is not considered the most sincere form of flattery - especially when the purpose of the exercise may be to wrest dollars out of the brand's owner. In the online world, problems associated with cybersquatting, including the practice of registering a domain name similar to that of an existing high-profile company for the apparent purpose of wresting a lucrative sum from that company, continue to reign. http://www.zdnet.com.au/newstech/ebusiness/story/0,2000024981,20271284,00.htm - - - - - - - - FAA smart card pilot delayed The Federal Aviation Administration has delayed a pilot program for smart cards but is moving forward on several other procurements, according to a top official. The FAA plans to release a screening information request this month for Broad Information Technology Services II, a $1.3 billion contract set aside for small businesses. In order to qualify as a prime contractor, a company must have total revenue of $36 million in the past three years. An award is expected in June. http://www.fcw.com/fcw/articles/2003/0113/web-faa-01-16-03.asp - - - - - - - - Kerio MailServer 5.5 for Mac OS X filters viruses Kerio Technologies Inc. has introduced Kerio MailServer 5.5 for Mac OS X. The secure corporate messaging server now features integration with McAfee's Anti-Virus Engine. Kerio MailServer offers POP3, IMAP, WebMail and WAP access to e-mail services. Beside anti-viral protection, the software also offers secure access capabilities and spam blocking. Kerio Technologies Inc. claims its MailServer is the only one available for the Mac that integrates McAfee's Anti-Virus engine. http://maccentral.macworld.com/news/0301/16.kerio.php - - - - - - - - Risky business: Keeping security a secret Is open-source software better for security than proprietary software? The open-source movement argues that it's better because "lots of eyes can look at it and find the bugs." Those who favor proprietary software offer two counter arguments: The first is that a lot of hostile eyes can also look at open-source code --which, they say, is likely to benefit attackers more than anyone else. The second point is that a few expert eyes are better than several random ones; a dedicated organization with responsibility for the software is a better custodian than the many eyes of the open-source community. http://zdnet.com.com/2100-1107-980938.html - - - - - - - - Copyright ruling is a ripoff of consumers Swipe a CD from a record store and you'll get arrested. But when Congress authorizes the entertainment industry to steal from you -- well, that's the American way. We learned as much Wednesday when the U.S. Supreme Court ruled that Congress can repeatedly extend copyright terms, as it did most recently in 1998 when it added 20 years to the terms for new and existing works. http://www.siliconvalley.com/mld/siliconvalley/4959745.htm - - - - - - - - Perspective: Decrypting the secret to strong security Is open-source software better for security than proprietary software? The open-source movement argues that it's better because "lots of eyes can look at it and find the bugs." Those who favor proprietary software offer two counterarguments: The first is that a lot of hostile eyes can also look at open-source code--which, they say, is likely to benefit attackers more than anyone else. http://news.com.com/2010-1071-980462.html - - - - - - - - Campaign illustrates interdependency of technology During Operation Enduring Freedom, troops often relied on satellite communications systems, computer-targeted weaponry and precision-guided munitions. But the Afghanistan campaign also illustrated that smart warfighters, not just smart technology, help win battles, the Navys undersecretary said yesterday. Although advances were made in Afghanistan in how the military used technology to fight, Susan Morrisey Livingstone said technology was more an enabler of a larger transformation taking place throughout the services. http://www.gcn.com/vol1_no1/daily-updates/20881-1.html - - - - - - - - N.M. preps ID management system "They've got a huge amount of legacy systems and they're all disconnected, running on different operating platforms, different services on the back end, and they just don't work together, and there's no comprehensive security mechanism to control security for all of these applications," said Nand Mulchandani, co-founder and chief technology officer for Cupertino, Calif.-based Oblix Inc., a developer of identity-based products for the public and private sectors. http://www.fcw.com/geb/articles/2003/0113/web-nm-01-16-03.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.