NewsBits for February 4, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Mydoom virus starts to fizzle out Slowly but surely the Mydoom virus is dying out. Figures from mail filtering firm MessageLabs show that the number of copies of the virus being caught everyday are swiftly diminishing. The peak day of infection was 28 January when 4.5m copies of the malicious program were caught. http://news.bbc.co.uk/1/hi/technology/3459363.stm MyDoom is most expensive virus yet http://www.vnunet.com/News/1152514 Microsoft takes action on phishing http://www.vnunet.com/News/1152513 - - - - - - - - - - Victory for commonsense in nuke lab hacking case Its rare one might say even unprecedented - when both sides are equally happy with the outcome of a criminal case. But thats what happened in court five at Londons Southwark Crown Court on Tuesday afternoon when a teenage hacker who caused a major security alert at a US Department of Energy research lab escaped jail. http://www.theregister.co.uk/content/55/35346.html - - - - - - - - - - NYU not alone in its SSN woes Yet NYU is by no means unique in its troubles. Technological snafus and security breaches are quickly becoming a growing problem among the nation's collegiate computer systems, leaving in its wake a slew of identity theft horror stories. http://www.nyunews.com/news/campus/6640.html - - - - - - - - - - Senator calls for mandatory reporting of viruses Sen. Charles Schumer (D-N.Y.) said the Homeland Security Departments virus alert system is flawed and called for a centralized plan for government response to cyberthreats. Schumer said the e-mail alert system announced last month by DHS National Cyber Security Division could do more harm than good. http://www.gcn.com/vol1_no1/daily-updates/24843-1.html - - - - - - - - - - Congress Eyes Internet Fraud Crackdown Congress is expanding its focus on the growing business of online fraud with the introduction of new legislation that would mandate stiffer sentences for anyone who commits a crime using a Web site registered under a false name. http://www.washingtonpost.com/wp-dyn/articles/A13538-2004Feb4.html - - - - - - - - - - 90% of web apps vulnerable to hackers WebCohort has announced the results of four years of penetration testing on more than 250 web applications including e-commerce, online banking, enterprise collaboration, and supply chain management sites. The vulnerability assessments conducted by WebCohort's Application Defense Center (ADC) concluded that at least 92% of web applications are vulnerable to some form of hacker attacks. http://www.in-sourced.com/article/articleview/1261/1/1/ - - - - - - - - - - Check Point warns of firewall flaws Two flaws in Check Point Software's flagship firewall software could allow an attacker to crash or compromise its firewall products, the company said Wednesday. The flaws--found by security firm Internet Security Systems (ISS)--may give intruders access to corporate networks through the devices designed to keep attackers out. http://news.com.com/2100-1002_3-5153635.html - - - - - - - - - - IE security patch nixes some apps Microsoft last week announced that a modification to its IE browser would stop the insecure practice of including sensitive information in links. The update, which was released Monday, had some Web site programmers up in arms Wednesday due to complaints from Web users that they could no longer log in to sites that secure entry through credentials included in the URL. http://msnbc.msn.com/id/4165095/ - - - - - - - - - - New security features for Windows In a further attempt to improve security, Microsoft has announced the release of Service Packs for Windows Server 2003 and Windows XP for the second half of this year. http://www.vnunet.com/News/1152482 - - - - - - - - - - How to make spam unstoppable Putting random words in spam is becoming popular Good news for spammers, the smart filtering software used to catch spam can be beaten. With a little ingenuity it is possible to create messages that get past anti-spam filters every single time. http://news.bbc.co.uk/2/hi/technology/3458457.stm - - - - - - - - - - Why Sardonix Failed Sardonix has conceded that the project has largely been a failure, putting open-source security auditing back on the drawing board. The Sardonix project was born from the successes and eventual failure of the Linux Security Auditing Project (LSAP). Through it's design Sardonix encouraged the use of an OpenBSD-style software auditing process. http://www.securityfocus.com/columnists/218 - - - - - - - - - - Spyware cures may cause more harm than good Web surfers battling "spyware" face a new problem: so-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase. Millions of computers have been hit in recent years by ads and PC-monitoring software that comes bundled with popular free downloads, notably music-swapping programs. The problem has attracted dozens of companies seeking to profit by promising to root out the offending software. http://news.com.com/2100-1032_3-5153485.html - - - - - - - - - - IT regulations may weaken security Tightening global IT regulations may actually weaken IT security, delegates at the UK's first Homeland Security conference heard this week. New legislation in the US, and better funding for regulatory authorities in the developing world, are putting an increasing burden on business, warned Richard Hackworth, group head of IT security at HSBC. http://www.computing.co.uk/News/1152481 - - - - - - - - - - EU Commission plots global travel surveillance system Observers of the European Commission's negotiations with the US Department of Homeland Security over the transfer of airline passenger data might easily run away with the impression that the Commission has meekly capitulated to the US' extraterritorial and unilateralist demands. http://www.theregister.co.uk/content/6/35347.html Travel Privacy Probe Spins Wheels http://www.wired.com/news/privacy/0,1848,62152,00.html - - - - - - - - - - Pentagon Kills LifeLog Project The Pentagon canceled its so-called LifeLog project, an ambitious effort to build a database tracking a person's entire existence. Run by Darpa, the Defense Department's research arm, LifeLog aimed to gather in a single place just about everything an individual says, sees or does: the phone calls made, the TV shows watched, the magazines read, the plane tickets bought, the e-mail sent and received. Out of this seemingly endless ocean of information, computer scientists would plot distinctive routes in the data, mapping relationships, memories, events and experiences. http://www.wired.com/news/privacy/0,1848,62158,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.