NewsBits for October 21, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Bank manager blows customer millions on online betting An Australian bank manager who stole AUD19 million ($13 million) to fund his online gambling addiction faces sentencing on Friday after pleading guilty to crimes spanning five years. http://www.theregister.co.uk/content/6/33502.html - - - - - - - - - - Asian spammers 'hijack broadband PCs' A UK security firm says spammers based in Malaysia, the Philippines and Taiwan are turning vulnerable home and small business PCs in Western countries into spam relays. Home and small business computers in Western countries are being hijacked as spam relays by groups operating in Malaysia, the Philippines, Taiwan and other parts of Asia, according to a security firm. http://news.zdnet.co.uk/internet/security/0,39020375,39117251,00.htm - - - - - - - - - - China suffers virus epidemic About 85 percent of China's PCs have been infected by viruses this year, according to a government survey. A record number of China's computers have been hit by viruses this year, according to a ministry survey. About 85 percent of computers in China were affected by viruses in 2003. This is 1.5 percentage points higher than 2002 and 25.5 percentage points higher than 2001, according to the survey. http://news.zdnet.co.uk/business/0,39020645,39117252,00.htm http://news.bbc.co.uk/1/hi/technology/3210086.stm http://www.news.com.au/common/story_page/0,4057,7624173%255E15322,00.html http://news.zdnet.co.uk/internet/security/0,39020375,39117252,00.htm - - - - - - - - - - U.S. lawmakers to focus on global piracy Several lawmakers on Tuesday said they would push to curb international music, movie and software piracy, bringing new visibility to a problem estimated to cost U.S. businesses billions of dollars in lost sales. http://news.com.com/2110-1028-5094526.html http://www.washingtonpost.com/wp-dyn/articles/A60054-2003Oct21.html - - - - - - - - - - Court: Royalties Must Be Paid for Web Music In a blow to Internet "simulcasting," the 3rd District Court of Appeals has ruled that over-the-air broadcasters must pay royalties to recording artists and labels for the songs they play over the Internet. The appeals panel's opinion, issued Friday, upheld earlier rulings by a federal judge in Philadelphia and the U.S. Copyright Office. http://www.washingtonpost.com/wp-dyn/articles/A55446-2003Oct20.html http://www.latimes.com/technology/la-fi-rup21.7oct21,1,2353395.story http://www.wired.com/news/politics/0,1283,60906,00.html - - - - - - - - - - Victoria's Secret to pay up for poor panty privacy New York Attorney General Eliot Sptizer has sorted through Victoria Secret's dirty undies and is set to doll out a $50,000 fine to the company for online privacy violations. http://www.theregister.co.uk/content/6/33504.html http://www.oag.state.ny.us/press/2003/oct/oct21b_03.html - - - - - - - - - - NIST readies new security documents A new National Institute of Standards and Technology method for categorizing security risk levels of federal systems is on the cusp of final approval. The first public draft of the minimum security requirements for systems in new risk categories will be released in a couple of weeks, project manager Ron Ross said yesterday at an enterprise architecture conference in Vienna, Va. http://www.gcn.com/vol1_no1/daily-updates/23906-1.html - - - - - - - - - - Internet group starts anti-hacker initiative The Internet Software Consortium (ISC) has launched an internet crisis co-ordination centre to help protect the system from hackers. The Operations, Analysis and Research Center (OARC) will be used to study and monitor internet traffic so that technicians will be able to differentiate high-demand traffic spikes from high- intensity attacks on root servers. http://www.computerweekly.com/articles/article.asp?liArticleID=125823 Trend Micro, eEye Digital Security empower solution providers with virus vulnerability assessment http://www.itweb.co.za/sections/software/2003/0310210822.asp - - - - - - - - - - Think tank debate focuses on counterterrorism tools Information technology can be used to help fight terrorism because it places huge amounts of searching information at the fingertips of law enforcement, but the creation of the Terrorist Threat Integration Center (TTIC) and a Sept. 16 presidential directive has some people concerned about the impact that such initiatives may have on civil rights. http://www.govexec.com/dailyfed/1003/102103tdpm2.htm Senators see momentum to limit anti-terrorism powers http://www.govexec.com/dailyfed/1003/102103tdpm1.htm Balancing Utility With Privacy http://www.wired.com/news/technology/0,1282,60871,00.html - - - - - - - - - - Beware! Internet Under forecasts of experts, more than 1 billion computers will be connected to the Internetby 2005. Nowadays, there are several billions web-sites in the Internet, and Internet industry of developed countries is about 5 % of a national product. Volume of the data transmitted through the Internet is doubled quarterly, hence there is a real dependence of the majority of the countries on reliability of the international information infrastructure. http://www.crime-research.org/eng/news/2003/10/Mess2101.html Phone, Power, Computers Vulnerable, Expert Says http://www.wivb.com/Global/story.asp The Security Service of Ukraine Is Powerful In Fighting Cybercrime http://www.crime-research.org/eng/news/2003/10/Mess2103.html - - - - - - - - - - Risk management falls short A new report argues that business leaders have a poor understanding of IT-related risks and responsibilities. Despite a wave of reports regarding security threats from hackers, crackers and organised criminals, most company leaders still believe the biggest threat to firms is the enemy within, according to a report by the Economist Intelligence Unit (EIU) released today. http://www.vnunet.com/News/1145004 - - - - - - - - - - FBI to deploy PKI for systems access The FBI will use Entrust Inc. public-key infrastructure tools to authenticate users before they are allowed access to bureau systems. The bureau is buying the PKI tools from the Dallas company through a subcontract awarded by FBI contractor Northrop Grumman Inc. The FBI also will use the PKI technology to encrypt data and electronically sign documents, Entrust officials said. The bureaus Security Division is deploying PKI as part of the bureau plan to create layered security. http://www.gcn.com/vol1_no1/daily-updates/23911-1.html http://www.fcw.com/fcw/articles/2003/1020/web-pki-10-21-03.asp - - - - - - - - - - Anti-spam enters the Zone Zone Labs is to include spam-fighting software from Cloudmark with its products. Computer-security maker Zone Labs will bundle anti-spam software from Cloudmark with its products, both companies are expected to announce. http://news.zdnet.co.uk/internet/security/0,39020375,39117272,00.htm Yahoo to fool spammers with dummies http://news.zdnet.co.uk/internet/security/0,39020375,39117248,00.htm http://www.msnbc.com/news/983035.asp http://money.cnn.com/2003/10/21/technology/yahoo_spam.reut/index.htm The metaphysics of 'spam' http://www.cnn.com/2003/SHOWBIZ/10/20/hln.hot.buzz.spam/index.html - - - - - - - - - - Ballmer: Raising Microsoft's security game Microsoft CEO Steve Ballmer on Tuesday defended his company's efforts to secure its software and fend off open-source rivals. Ballmer, speaking here at an industry conference market research firm Gartner sponsored, acknowledged that the software maker has been late to introduce better ways for its customers to patch their systems but said Microsoft is now making strides. "I know we need to do better, but we are in this challenging position where the hacker only needs to find one vulnerability, and we need to keep them out," he said. http://zdnet.com.com/2100-1105_2-5094279.html - - - - - - - - - - Federated identity, PingID and standards cartels Speaking at Digital ID World General Motors chief technology officer Tony Scott detailed the difficult path to delivering a federated identity solution. Federated identity management, which supports multiple entities connected within a circle of trust, is one of the major initiatives growing out of Web services that will provide substantial benefits to corporations and consumers. http://techupdate.zdnet.com/Federated_identity_PingID_standards_cartels.html - - - - - - - - - - Web Security Appliance With Apache and mod_security As more and more attacks are being carried out over the HTTP layer there is a growing need to push the envelope and bring Web security to new levels. Most existing tools work on the TCP/IP level, failing to use the specifics of the HTTP protocol in their operation. The need for increased security has lead to the creation of application gateways, tools that are essentially reverse proxies with the added capability of protocol analysis. http://www.securityfocus.com/infocus/1739 - - - - - - - - - - Q&A, Part 2: IBM's Steve Mills on security, thin clients He also touted IBM's WebSphere portal as a way for companies to save money. There was a recent report, posted by the Computer & Communications Industry Association [an anti-Microsoft organization], that said Microsoft's dominance on the desktop was a big security threat [see story]. How are concerns about security affecting customer demand and customer choices on infrastructure and software? http://computerworld.com/securitytopics/security/story/0,10801,86304,00.html Q&A: IBM's Steve Mills sets software sights on middleware, Linux http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,86291,00.html - - - - - - - - - - RFID code of practice for retail LOCAL retailers hope to avoid a consumer backlash over radio frequency ID tags by developing an industry code of practice similar to the supermarket scanning code. Several worldwide pilots have been disrupted by consumer and privacy activists, who fear RFID systems will allow shopkeepers to track customers beyond the point of sale. http://australianit.news.com.au/articles/0,7204,7619017%5E15321%5E%5Enbv%5E15306,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.