NewsBits for September 19, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Accused AOL phisher spammed the FBI An Ohio woman accused in federal court of using mass forged e-mails from "AOL security" to swindle America Online subscribers out of their credit card numbers was allegedly tracked down after spamming exactly the wrong person: an FBI agent specializing in computer fraud, according to court records. Helen Carr pleaded not-guilty last week to a two count federal indictment charging her with conspiring with colleagues in the spam community to send mass e-mails to AOL subscribers purporting to be from "Steve Baldger" from AOL's security department. http://www.securityfocus.com/news/7018 - - - - - - - - - - JetBlue Apologizes for Use of Passenger Records JetBlue Airways apologized yesterday to thousands of passengers whose records were given to a Defense Department contractor to test a security system. David Neeleman, chief executive of the New York- based carrier, said in an e-mail to customers that JetBlue made a mistake a year ago when it agreed to a Defense Department request to provide the data to Torch Concepts Inc. of Huntsville, AL, for a project said to involve military base security. http://www.washingtonpost.com/wp-dyn/articles/A37232-2003Sep19.html http://www.wired.com/news/politics/0,1283,60502,00.html - - - - - - - - - - Child porn investigation nets officer An Addis police officer was arrested after an investigation turned up child pornography in computers he used at work and at home, Police Chief Ricky Anderson said Wednesday. Anderson said that Officer Todd Parker, 32, of Brusly, was booked into the West Baton Rouge Parish Jail about 3 p.m. Monday on one count of possessing pornography involving juveniles. http://www.2theadvocate.com/stories/091803/new_officer001.shtml - - - - - - - - - - New mass-mailing worm is spreading The latest email worm to exploit a flaw in Internet Explorer is called 'Swen'. The worm, also nicknamed 'Gibe', is spreading via email, Internet relay chat, shared networks, and the p2p network Kazaa. The email claims to be from Microsoft, and offers to patch holes in Internet Explorer, Outlook, and Outlook Express. It then mails itself to other addresses stored on the infected computer. http://www.internet-magazine.com/news/view.asp?id=3710 http://www.itweb.co.za/sections/internet/2003/0309190842.asp http://zdnet.com.com/2100-1105_2-5079354.html Swen worm tops virus charts http://news.zdnet.co.uk/internet/security/0,39020375,39116520,00.htm New virus preys on old IE flaw http://www.msnbc.com/news/968691.asp http://www.cnn.com/2003/TECH/internet/09/19/worm.swen.reut/index.html New Worm Targets E-Mail, P2P http://www.newsfactor.com/perl/story/22328.html http://www.usatoday.com/tech/news/computersecurity/2003-09-19-swen-loves-kazaa_x.htm http://www.theregister.co.uk/content/56/32925.html Beware the fake security patch http://www.itweb.co.za/sections/internet/2003/0309191004.asp Worm Comes Disguised As Windows Warning http://www.washingtonpost.com/wp-dyn/articles/A35735-2003Sep19.html - - - - - - - - - - RIAA sues iMesh file-trading firm The Recording Industry Association of America said Friday that it had sued Israeli file-swapping company iMesh, one of the oldest of the peer-to-peer companies still in operation. The record labels' trade association alleges that iMesh has contributed to massive copyright infringement online, much as other file-trading companies before it. The suit marked the clearest sign since the beginning of the RIAA's lawsuits against hundreds of song-swappers that the trade group will continue to pursue software companies as well as individuals. http://news.com.com/2100-1025_3-5079454.html http://www.wired.com/news/business/0,1367,60518,00.html Coleman prepares to tackle RIAA hearings http://www.usatoday.com/tech/news/techpolicy/2003-09-19-coleman-profile_x.htm Harvard symposium debates future of online file-sharing http://www.usatoday.com/tech/news/techpolicy/2003-09-19-swapping-symposium_x.htm File-sharing continues despite suits http://www.msnbc.com/news/969152.asp http://money.cnn.com/2003/09/19/technology/file_sharing.reut/index.htm http://www.nytimes.com/2003/09/19/technology/19TUNE.html http://www.nytimes.com/2003/09/20/technology/20COLL.html - - - - - - - - - - Lawsuit filed against VeriSign over search service An Internet search service launched this week to redirect Web surfers who mistype addresses became the subject of a $100 million antitrust lawsuit filed by a rival. The federal lawsuit was the latest attack on the Site Finder offering from VeriSign Inc., a company that directs much of the Internet's traffic through its control of directories for two of the most popular domain names, ``.com'' and ``.net.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6813813.htm http://www.securityfocus.com/news/7009 http://zdnet.com.com/2100-1105_2-5079059.html http://www.theregister.co.uk/content/6/32933.html http://computerworld.com/governmenttopics/government/legalissues/story/0,10801,85176,00.html Verisign's SiteFinder finds privacy hullabaloo http://www.theregister.co.uk/content/6/32926.html - - - - - - - - - - Bid for tighter web security Consumer agencies are investigating setting up an Australian "web seal" to authenticate business websites and establishing national regulations for e-commerce to combat growing internet fraud. Moves to protect consumers doing business online will be examined by a working party led by Consumer Affairs Victoria, which released a discussion paper on web seals yesterday. Web seals, also known as trust marks, are symbols on websites that indicate an endorsement from an authenticating body. http://www.theage.com.au/articles/2003/09/18/1063625153023.html - - - - - - - - - - Worldwide Internet theft scheme targets job seekers Internet job-seekers, chatters, shoppers and sellers are falling for fraudulent schemes originating in Eastern European countries, Italy and Nigeria, local and federal authorities say. The schemes are fueled by stolen credit card numbers gathered in this country and sent overseas, making it difficult, and sometimes impossible, for law enforcement here to catch the crooks, who set up short-lived Web sites for so-called import/ export companies that do not exist. "It's a complex worldwide theft scheme that first appeared about a year ago," U.S. Postal Inspector Barry Mew said. Mew, based in California, is warning Internet users to beware of the schemes. http://www.cleveland.com/search/index.ssf?/base/cuyahoga/1063359056172910.xml - - - - - - - - - - Arrest fraud in its tracks Many firms could do a great deal more to limit their exposure to crime, writes Will Kenyon. More than half of UK companies suffered from economic crime in the past two years, according to the Price Waterhouse Coopers Global Economic Crime Survey 2003. http://www.telegraph.co.uk/money/main.jhtml?xml=/money/2003/09/19/ccfraud19.xml&sSheet=/money/2003/09/19/ixcoms.html - - - - - - - - - - Privacy advocates turn tide in homeland security debate Ever since the 2001 terrorist attacks, policymakers have pursued a balance between two oft-competing desires: keeping the nation secure and protecting people's privacy rights. The status of two technology- based security initiatives indicates that the scales still can tip either way. http://www.govexec.com/dailyfed/0903/091903cdam2.htm - - - - - - - - - - Security experts find open-source flaws Although Microsoft Windows vulnerabilities get most of the headlines, researchers this week identified vulnerabilities in two commonly used open-source software products. The more serious of the vulnerabilities affects Sendmail, an open-source program for managing e-mail. The vulnerability lies in the way the e-mail server software parses e-mail headers, according to Dan Ingevaldson, engineering manager for Internet Security Systems in Atlanta. http://news.com.com/2100-1002_3-5079549.html - - - - - - - - - - Government backs anti-spam mission to US The government says it is taking the issue of spam seriously, but campaigners have condemned Britain's new anti-spam laws as a 'cock-up' E-commerce minister Stephen Timms is giving his support to a delegation of UK politicians who are travelling to America next month to lobby for stricter spam controls. http://news.zdnet.co.uk/0,39020330,39116517,00.htm http://www.usatoday.com/tech/news/techpolicy/2003-09-19-uk-us-spam-mission_x.htm http://computerworld.com/securitytopics/security/story/0,10801,85120,00.html - - - - - - - - - - Swiss school sets up antivirus center The Swiss Federal Institute of Technology, one of Switzerland's top universities, has joined forces with technology heavyweights to declare war on computer viruses and hackers. Along with IBM, Sun Microsystems Laboratories and Credit Suisse, the Swiss institute has launched a Zurich- based research center to fortify data networks against increasingly potent worms and viruses. "We are trying to benefit from the synergies... to strengthen Zurich as an international center for research in information security," said David Basin, a senior researcher at the Zurich Information Security Center (ZISC). http://zdnet.com.com/2100-1105_2-5079122.html - - - - - - - - - - eBay to Feds: come and get what you want Israeli daily Haaretz has unearthed highly embarrassing, and disturbing comments by an eBay executive. To an audience of law enforcement officials, eBay's Joseph Sullivan boasts that his company's privacy policy is meaningless. "We don't make you show a subpoena, except in exceptional cases," Sullivan told a closed- door session at the CyberCrime 2003 conference last week. http://www.theregister.co.uk/content/6/32936.html http://www.haaretz.com/hasen/pages/ShArt.jhtml?itemNo=264863 - - - - - - - - - - IBM, GE to sell building and computer security package Companies will be able to tighten their security by linking their computer networks with their building monitoring systems as part of a new service coming from IBM Corp. and General Electric Co. The service, which IBM and GE planned to announce Friday and begin selling this fall, would let companies impose security measures that might seem like common sense, but are hard or even impossible if computer networks and physical monitoring systems are separate. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6807058.htm http://zdnet.com.com/2100-1105_2-5079051.html - - - - - - - - - - Security-appliance market sees gains Sales of security server appliances grew 10 percent in the second quarter, as sales of low-end appliance servers dedicated to firewalls and virtual private networks helped bolster the industry, according to an IDC report released Thursday. The double-digit, year-over-year second-quarter growth is in contrast to the roughly 5 percent decline in the first quarter, as companies look to beef up their security in light of the recent spate of worms and viruses. http://zdnet.com.com/2100-1103_2-5079045.html http://news.zdnet.co.uk/business/0,39020645,39116514,00.htm Feds, Oracle team up to boost security http://computerworld.com/securitytopics/security/story/0,10801,85202,00.html IDS is dead, long live IDS http://www.vnunet.com/News/1143747 Software flaws will cost users dear http://www.vnunet.com/News/1143698 - - - - - - - - - - Sun Boosts Support for RFID Another major enterprise IT vendor has further embraced the move toward using radio frequency identification (RFID) tags in manufacturing and retailing. Sun Microsystems Inc. this week announced that it has formed a business unit dedicated to helping customers and partners to develop software and hardware solutions for the use of RFID. At least one piece of new software is already slated for release in March to help bolster the effort, officials at the Santa Clara, Calif., company said. http://www.eweek.com/article2/0,4149,1274050,00.asp - - - - - - - - - - Don't limit offshore outsourcing security Analyst warns companies to consider all legal loopholes in service agreements. Most organisations are not doing enough to ensure that adequate security provisions are factored into their outsourced IT service agreements, new research has warned. http://www.vnunet.com/News/1143741 - - - - - - - - - - Hollywood hacks impress experts In the sequel to the movie ``The Matrix,'' the svelte heroine's return to the futuristic world had a group of security consultants from Irvine's Rainbow Technologies ogling the raven-haired computer whiz. But not just because Trinity looked hot in skin-tight black leather. http://www.bayarea.com/mld/mercurynews/business/technology/personal_technology/6800620.htm - - - - - - - - - - In-car computer monitors teens' driving New 'black box' technology tracks what the brats have been up to with the family car. New technology has been launched to allow parents to monitor how their kids drive. http://www.vnunet.com/News/1143740 *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.