NewsBits for November 5, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Microsoft offers cash rewards for catching virus writers Applying Wild West bounties to modern Internet crimes, Microsoft Corp. set aside $5 million Wednesday to pay large cash rewards to people who help authorities capture and prosecute the creators of damaging computer viruses. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7191160.htm http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=3759419 http://www.internet-magazine.com/news/view.asp?id=3792 http://www.silicon.com/software/security/0,39024655,39116765,00.htm http://zdnet.com.com/2100-1105_2-5102485.html http://news.zdnet.co.uk/internet/security/0,39020375,39117637,00.htm http://www.gcn.com/vol1_no1/daily-updates/24075-1.html http://www.washingtonpost.com/wp-dyn/articles/A6099-2003Nov5.html http://www.msnbc.com/news/989410.asp http://money.cnn.com/2003/11/05/technology/microsoftbounty/index.htm http://www.newsfactor.com/perl/story/22632.html http://www.theregister.co.uk/content/55/33792.html Interpol, FBI officials weigh in on cyber crime-fighting hurdles Peter Nevitt, the IT director of international crime-fighting organization Interpol, called the antivirus reward program unveiled today by Microsoft a first step toward fighting the problem of computer viruses. But more needs to be done, Nevitt said -- especially in the many countries that lack basic skills and laws to pursue cybercriminals. http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,86863,00.html Experts, IT managers say Microsoft should forget bounty, focus on security http://computerworld.com/securitytopics/security/story/0,10801,86869,00.html - - - - - - - - - - Italian charged in porn dialler virus scam A 39-year-old Italian man accused of running a porn dialler scam has been charged with fraud and virus distribution. Italian police say the unnamed suspect stood to net 104,000 from a scam which tricked users into running a virus, called Marq-A, which altered the Internet dial-up number used by victims to a premium rate line, La Repubblica reports. http://www.theregister.co.uk/content/56/33801.html - - - - - - - - - - 'Massive' DoS attack takes down WorldPay Online payment firm WorldPay, part of the Royal Bank of Scotland Group, is battling to process customer transactions after being hit by a massive denial of service (DoS) attack. The attack started yesterday, flooding WorldPay's web connected systems with huge volumes of bogus requests and bringing its payment and administration systems to a grinding halt. http://zdnet.com.com/2110-1105_2-5102490.html http://www.theregister.co.uk/content/55/33799.html WorldPay prepared to compensate clients http://www.vnunet.com/News/1147344 New Zealand Under Attack of Cyber Swindlers http://www.crime-research.org/news/2003/11/Mess0504.html - - - - - - - - - - Congress vs. Spam Congress is on track to pass a federal anti-spam law before it adjourns for the year. What would the law do? Can any law put an end to spam? What technological solutions to spam are currently in the works? Krim also discussed the latest developments in the Microsoft antitrust case and the FCC's decision on Tuesday to require some electronic components to be built with technology to prevent Internet piracy of digital TV content. http://www.washingtonpost.com/wp-dyn/articles/A43124-2003Oct30.html Spam fighters make a good killing http://www.cnn.com/2003/TECH/internet/11/04/spam.killer/index.html - - - - - - - - - - Bill seeks to iron out wrinkles in visitor-tracking program Lawmakers on Thursday plan to introduce a bill to address concerns with a new visa program at the Homeland Security Department. Rep. Pete Sessions, R-Texas, who sits on the House Select Committee on Homeland Security, along with Reps. Lincoln Davis, D-Tenn., and Randy Neugebauer, R-Texas, are unveiling the Visitor Information and Security Accountability Act at a Capitol Hill news conference. http://www.govexec.com/dailyfed/1103/110503tdpm1.htm - - - - - - - - - - FCC Cracks Down on Piracy Bowing to pressure from Hollywood studios and broadcasters, the Federal Communications Commission on Tuesday ordered consumer electronics and computer manufacturers to redesign their products to help deter piracy of digital television programs. http://www.msnbc.com/news/989371.asp http://www.latimes.com/technology/la-fi-flag5nov05231421,1,5266940.story http://www.newsfactor.com/perl/story/22631.html http://www.theregister.co.uk/content/54/33807.html - - - - - - - - - - 'Critical' patch sent out for Office flaw Microsoft issued the first major patch for the new version of its Office software, fixing a flaw that could result in lost work. The "critical update," released late on Tuesday, applies to three of the four major applications in Office 2003--the Word word-processing program, the PowerPoint presentation application and the Excel spreadsheet software, according to a Microsoft bulletin. http://zdnet.com.com/2100-1104_2-5103267.html http://www.vnunet.com/News/1147421 - - - - - - - - - - Has your phone been 'bluejacked'? Bluetooth, the connectivity technology most commonly found in mobiles and PDAs, looks like it could be spawning a new craze--and possible a new outlet for spammers. Bluetooth enables devices within a few meters of each other to exchange information wirelessly--a technology that users with Bluetooth- enabled mobiles are making the most of to send text messages to strangers anonymously. This drive-by messaging has been dubbed 'bluejacking.' http://zdnet.com.com/2100-1104_2-5102499.html - - - - - - - - - - Data surveillance complaints have zero success rate Hundreds of people have protested that their privacy has been unfairly violated under the Regulation of Investigatory Powers Act, but not a single one has yet been successful. The body set up to protect UK citizens from having their communications data unfairly accessed by the police or secret agents has yet to rule in favour of a single complainant despite receiving hundreds of complaints, the government has revealed. http://news.zdnet.co.uk/0,39020330,39117640,00.htm - - - - - - - - - - Internet more dangerous than ever The internet is more dangerous than it was last year, according to Art Coviello, chief executive of RSA Security. In his opening keynote at the RSA Security Conference in Amsterdam, Coviello warned that the proliferation of web-enabled applications and devices and a lack of fault fixing have made the environment more dangerous. http://www.vnunet.com/News/1147150 - - - - - - - - - - A glimpse inside the virus writer It's not just technical tricks that make viruses successful. When most people catch a computer virus it usually makes them much more diligent and update their anti-virus software more often. But when computer security researcher Sarah Gordon was hit by a virus it did not just make her worry about what was lurking in her inbox. http://news.bbc.co.uk/1/hi/technology/3240901.stm - - - - - - - - - - RSA secures deals for tighter ID Security vendor RSA has signed partnerships with both Microsoft and Accenture for its Identity and Access Management product range.mSoftware giant Microsoft is to build RSA's ClearTrust 5.5 web access management into its own identity and access software. http://www.computing.co.uk/News/1147285 http://www.vnunet.com/News/1147285 - - - - - - - - - - Virtual Battlefield The Answer To Real Threats The battle against hackers is going virtual. The U.S. Department of Justice has awarded Iowa State University a grant worth nearly $500,000 to build an Internet-Scale Event and Attack Generation Environment, or ISEAGE, a lab where "virtual battlefields" will be created. Researchers can conduct computer attacks as if they occurred over the Internet and test how well security tools thwart those attacks. http://www.securitypipeline.com/news/showArticle.jhtml?articleId=16000267 - - - - - - - - - - Effects linger from security breach at Interland Some visitors to Web sites hosted by Interland Inc. are still feeling the effects of an Aug. 28 security breach that allowed their systems to be infected with malicious code. Following up on readers' e-mails about the problem, Computerworld today spoke with Jeff Reich, director of security at Atlanta-based Interland. He acknowledged an ongoing problem, but downplayed its significance. http://computerworld.com/securitytopics/security/holes/story/0,10801,86868,00.html - - - - - - - - - - Cyberterrorism: More sophisticated than past worms No hard evidence exists that shows a cyberterrorism attack on the U.S., but when such an attack comes, it is likely to be much more harmful than the current crop of relatively unsophisticated viruses and worms that have caused billions of dollars in damages, a cybersecurity expert said Monday. Terrorism groups have planned cyberterrorism attacks for years, and those attacks are waiting for a vulnerability to trigger them, predicted Norm Laudermilch, vice president of managed security services for VeriSign Inc. http://www.idg.com.sg/idgwww.nsf/unidlookup/C01F91F3EFF4C6D148256DD5000964B1 - - - - - - - - - - Fighting Child Pornography In time of intensive global computerization humanity faced plenty of challenges, which have quickly turned into real threats to economic and social well-being. Cybercrime and cyberterrorism can be included in list of threats. A phenomenon of cybercrime is so young as it is not well studied. Being a crime which has transnational nature, cybercrime requires special approaches. Among of such widespread cybercrimes as infringement of the work of computers and computer networks, data theft, Internet fraud, blackmail and extortion, distortion of computer information, it is necessary to emphasize and mark out crimes related to manufacture and distribution of child pornography in the Internet. http://www.crime-research.org/library/Saytarly_nov.html - - - - - - - - - - Foolish CEOs flunk security test The fourth European IT security conference opened in Amsterdam Tuesday--with a damning indictment of CEOs who fail to understand the value and the costs of security. While cyberterrorism and other fad-threats haven't turned out to be pose the risks which many experts had predicted, the number one source of tech threat remains inside a business itself--its staff and its internal processes, according to Arjen van Zanten of KPMG's risk management business. http://zdnet.com.com/2100-1105_2-5102962.html - - - - - - - - - - Who falls for e-mail scams? It certainly looked like the real thing. Full of eBay logos and links, the e-mail said their accounts were expiring, and theyd better fill out a form quickly or risk losing their current auctions. So they did typing in everything from drivers license numbers to credit card PINs. Since then, thieves have attempted to steal their money and their private information has been posted on the Internet for all the world to see. The lapse in judgment was momentary, but the consequences continue to unfold. http://www.msnbc.com/news/989183.asp Firms warned over scams http://www.vnunet.com/News/1147314 - - - - - - - - - - Wireless Intrusion Detection Systems Threats to wireless local area networks (WLANs) are numerous and potentially devastating. Security issues ranging from misconfigured wireless access points (WAPs) to session hijacking to Denial of Service (DoS) can plague a WLAN. Wireless networks are not only susceptible to TCP/IP-based attacks native to wired networks, they are also subject to a wide array of 802.11-specific threats. http://www.securityfocus.com/infocus/1742 - - - - - - - - - - Web hijacking VeriSign raised the hackles of the Internet community with its surprise decision to take control of all unassigned .com and .net domain names, a move that has wreaked havoc on many e-mail utilities and antispam filters. The company is redirecting domain lookups for misspelled or nonexistent names to its own site, a process that has confused Internet e-mail utilities and drawn angry denunciations of the company's business practices from frustrated network administrators. http://news.com.com/2100-1083_3-5079060.html - - - - - - - - - - Terrorism lends urgency to hunt for better lie detector In a quiet corner of the University of Pennsylvania campus, professor Britton Chance is using near- infrared light to peek at lies as they form in the brains of student volunteers. http://www.usatoday.com/tech/news/techpolicy/2003-11-04-lie-detect-tech_x.htm - - - - - - - - - - Cheaper traffic-signal change devices threaten intersection chaos It's every motorist's fantasy to be able to make a red traffic light turn green without so much as easing off the accelerator. That naughty dream may now be coming true, with perilous implications. The very technology that has for years allowed fire trucks, ambulances and police cars to reach emergencies faster a remote control that changes traffic signals is now much cheaper and potentially accessible. http://www.usatoday.com/tech/news/2003-11-05-traffic-signal-change_x.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.