NewsBits for February 25, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Worm hits Asia, Europe, is slowed in United States An Internet e-mail worm that leaves a back door on infected systems for possible future attacks spread quickly through Asia and Europe Monday but slowed down as U.S. companies updated their anti-virus software, a computer security researcher said. The Lovegate.C worm, which first appeared in Asia, sends messages to two different e-mail addresses in Beijing once it infects a computer, said Joe Hartmann, director of North American anti-virus research for Tokyo-based Trend Micro. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5256209.htm http://news.zdnet.co.uk/story/0,,t269-s2131014,00.html http://www.cnn.com/2003/TECH/internet/02/25/computer.worm.reut/index.html Lovgate worm thrives on a full inbox http://www.vnunet.com/News/1139042 Lovgate virus packs nasty surprise http://www.vnunet.com/News/1139028 New computer worm spread slowing http://www.usatoday.com/tech/news/computersecurity/2003-02-25-lovegate-worm_x.htm - - - - - - - - - - Hacker ordered to put computer skills to better use The bite has been taken out of computer hacker Jodi "Venomous" Jones, with the 23-year old notching up a criminal conviction for his exploits in cyberspace. Jones was today sentenced to 100 hours of community service and ordered to make reparation payments totalling $3000, for hacking into the network of internet provider Web Internet in November 2001. Jones exploited a flaw in Unix server software to plant a "back door" program on the network of Web Internet, giving him access to the accounts details of the ISP's customers. http://www.nzherald.co.nz/storydisplay.cfm?storyID=3197764 - - - - - - - - - - Appeal in wiretap case denied Secure sites on the World Wide Web that are open only to approved users with passwords appeared to have lost some of their privacy yesterday when the Supreme Court passed up its first opportunity to shore up a legal barrier against electronic intruders. Without explanation, the justices turned aside an appeal by an airline pilot claiming that the company's top executives, targets of his frequent criticism, had eavesdropped on his private website by gaining unauthorized access and monitoring it. http://www.boston.com/dailyglobe2/056/nation/Appeal_in_wiretap_case_denied+.shtml - - - - - - - - - - Software piracy rising again in India, Microsoft official says Software piracy has begun rising again in India, with nearly 70 percent of the programs used in the country now illegal, a Microsoft official said Tuesday. ``It is a matter of great concern for us,'' Rajiv Kaul, managing director of Microsoft India, said at the launch of a school administration software system in Bangalore, India's technology hub. The software was developed by a local company using Microsoft technology. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5258372.htm - - - - - - - - - - Senate approves revised child porn ban The U.S. Senate on Monday approved a bill that would strengthen existing child pornography laws, aiming to help authorities track down pedophiles on the Internet while avoiding free-speech concerns that derailed a similar law last year. The Senate voted 84 to 0 to require those charged in child- pornography cases to prove that their material did not depict actual children, making it easier for prosecutors to use computer images as evidence in trials. http://zdnet.com.com/2110-1105-985861.html http://dc.internet.com/news/article.php/1598551 http://www.usatoday.com/tech/news/techpolicy/2003-02-25-child-porn_x.htm - - - - - - - - - - Bipartisan senators bash FBI, files oversight bill Three key senators on judiciary issues on Tuesday blasted the FBI for ongoing failures and introduced a bill to increase congressional oversight of the agency's surveillance activities. "The FBI is not adequate to provide the American people with intelligence," Sen. Arlen Specter, R-Pa., said in a press briefing. "This failure goes right to the top." http://www.govexec.com/dailyfed/0203/022503td2.htm Chairman plans aggressive oversight of security agencies http://www.govexec.com/dailyfed/0203/022503cdam1.htm - - - - - - - - - - Internet firms seek limits on privacy law The ink is hardly dry on Minnesota's first-of-its- kind Internet privacy law, but already opponents are trying to limit the law's reach, raising concerns among privacy advocates. The Minnesota law, passed last spring and set to take effect March 1, requires Internet service providers to give customers a listing of information they have about them and their Web browsing habits. ISPs often keep records on the sites their customers visit; sometimes they sell that information to advertisers and retailers. http://www.nandotimes.com/technology/story/779256p-5590114c.html - - - - - - - - - - SSL Flaw Discovered and Fixed "Side-channel attacks are causing a fundamental rethink in the way we write encryption software," said Bert Kaliski, head of RSA Labs. Researchers have discovered a new security flaw in Secure Sockets Layer (SSL) protocols, one of the most widely used encryption Latest News about encryption standards. Researchers at the Security and Cryptography Laboratory at the Swiss Federal Institute of Technology in Lausanne found that email passwords sent via SSL are vulnerable to a form of "side-channel" attack. http://www.newsfactor.com/perl/story/20843.html - - - - - - - - - - To Trap a Superworm The Slammer worm's ability to spread so rapidly adds a frightfully new dimension to the species. Does Stuart Staniford have the cure? Fear the superworms. They're coming, and you can't escape. All you can do is contain the damage. That's the message Stuart Staniford has for the computer- security world. A co-founder of information- security company Silicon Defense in Eureka, Calif., Staniford has studied worms for many years as a respected researcher and innovator in the arena of intrusion detection. Such systems can help network administrators spot intrusions and prevent damage or security breaches to linked computers at corporations, universities, and government agencies. http://www.businessweek.com/technology/content/feb2003/tc20030225_4104_tc047.htm - - - - - - - - - - Microsoft security czar critiques company's efforts Listeners praised Microsoft Corp.'s recent efforts to improve product security and patch management after hearing them described in detail by Scott Charney, the company's chief security strategist. But they agreed that Microsoft has not yet shown it can reach its own security goals. Speaking here at the Computerworld Premier 100 Conference, Charney explained how, as part of its Trustworthy Computing initiative, Microsoft has delayed the release of products such as Windows 2003 and Visual Studio .Net. That way, he said, developers who have been trained in areas such as threat modeling and penetration testing can review the software code for flaws. http://www.computerworld.com/securitytopics/security/story/0,10801,78809,00.html - - - - - - - - - - Warchalking hype raises wireless-security consciousness During the Great Depression, hobos drew symbols on sidewalks and buildings to let one another know where to find free food. Flash forward three-quarters of a century to techies on the prowl for a free pass on the high-speed information superhighway. After locating a spot where they can park or stand and get Web access freeloading off a company's signal, they sometimes leave a chalk mark indicating open access for all comers. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5258369.htm - - - - - - - - - - Punters warned about UK Internet Registry Ltd The national Registry for all domain names ending .uk - is calling for people to get in touch if they have received what resembles an invoice from a company called UK Internet Registry Ltd. The company has been sending letters which "resemble invoices" to owners of .co.uk names. In the correspondence from UK Internet Registry it claims that the .com version of the .co.uk name is unregistered and offers to sell it for PS175 a throw. http://www.theregister.co.uk/content/6/29462.html - - - - - - - - - - Johnnie Walker the man loses to Johnnie Walker the whisky A RULING BY NOMINET UK means that a man called John F. Walker, who registered the web site johnniewalker.me.uk as a domain name, must suspend his site after Guinness United Distillers complained it had the rights to the trade mark, Johnnie Walker. Nominet said in its ruling that while special consideration had to be given to the "me.uk" suffix, Mr Walker had associated his site with terms such as Scotland, alcohol, scotch, whisky, blend, malt, liquor, drink, spirits and brewers. http://inquirerinside.com/?article=7975 - - - - - - - - - - Nortel aims to simplify network security Nortel Networks on Tuesday unveiled products designed to boost network security while simplifying the administration of infrastructure. One of the new products, the Alteon Security Manager, monitors and manages in one place the multiple security systems typically scattered across the networks of corporations and service providers. Nortel also announced the Alteon Firewall 5109 for small to medium- size businesses, which is designed to provide networks with a first line of defense against intruders. http://news.com.com/2100-1033-985903.html - - - - - - - - - - What's the worst-case scenario for IT security? What if everything went wrong? That's the possibility security experts confronted here today at Computerworld's Premier 100 conference as panelists with real-world experience in government, software development, Internet service and corporate IT security worked their way through an unfolding fictional scenario of a massive cyberattack on critical U.S. infrastructure after an invasion of Iraq by U.S. and allied forces. http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,78811,00.html - - - - - - - - - - Visualizing network security Auditing regulations mandate that security administrators log and analyze all information that travels within their networks. A firewall can produce more than 1GB of log data, and an intrusion-detection system (IDS) can produce 500,000 messages per day, all of which need to be sorted through by professionals. It's nearly impossible to read all of these logs, which may come from IDSs, virtual private networks, firewalls and Web servers. The company may have time to go through only a sample of them and could risk missing internal inappropriate activity or an intruder in stealth mode. http://www.computerworld.com/securitytopics/security/story/0,10801,78645,00.html - - - - - - - - - - U.S. Information Security Law, Part One: Protecting Private Sector Systems, and Information Security Professionals and Trade Secrets. Information security professionals work within an enterprise to protect it from all non-physical threats to the integrity and availability of its data and systems. Performing this function draws security professionals into simultaneous, ongoing relationships between the enterprise on the one hand and, successively on the other, the enterprise's employees and other agents, its customers, suppliers, competitors, government officials and regulators, to say nothing of unidentified and sometimes unidentifiable actors. http://www.securityfocus.com/infocus/1669 - - - - - - - - - - Congressional group turns spotlight on enhanced 911 A group of lawmakers today launched the congressional E-911 Caucus, a committee of senators and representatives who want to make sure that emergency call centers get the funding they need to comply with the Federal Communications Commissions Enhanced-911 services mandate. When fully in place, the E-911 services will let emergency dispatchers track the location of any cellular phone that is turned on. The group wants to shine the light of day on E-911 so that the technology is spread ubiquitously across the country, Rep. John Shimkus (R-Ill.) said. http://www.gcn.com/vol1_no1/daily-updates/21257-1.html http://www.fcw.com/fcw/articles/2003/0224/web-caucus-02-25-03.asp - - - - - - - - - - Military project seeks to ease adoption of new technologies A division of the Joint Forces Command is developing a new demonstration center to ensure that prospective military technologies work with existing systems before they move into the armed services' acquisitions pipeline. "Interoperability is a challenge for the military with all these disparate systems, especially with commercial, off-the-shelf technology," Air Force Col. Robert Bennett, deputy commander of the six-year-old Joint C4ISR Battle Center, told National Journal's Technology Daily during an interview at the center's Suffolk, Va., headquarters. http://www.govexec.com/dailyfed/0203/022503td1.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.