NewsBits for April 6, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Man pleads innocent to tracking co-worker's computer keystrokes A 46-year-old man pleaded innocent Monday to charges he stole computer passwords and documents from a top executive at a business where he worked by planting a device that recorded every keystroke made by the executive's secretary. http://www.mercurynews.com/mld/mercurynews/8362438.htm http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8367186.htm http://www.usatoday.com/tech/news/computersecurity/2004-04-06-keycapture_x.htm - - - - - - - - - - Ukrainian hacker Maxim Kovalchuk appeared in the court Maxim Kovalchuck appeared in regional court of San-Jose, California, the USA. As CCRC informed earlier , May 2003, a 25-year-old citizen of Ukraine was arrested in Thailand. The US intelligence tipped off Thailand police on his location. He is accused of selling pirate software to the amount of more than $3M. http://www.crime-research.org/news/06.04.2004/175 - - - - - - - - - - Arrests key win for NSA hackers A computer hacker who allowed himself to be publicly identified only as ''Mudhen'' once boasted at a Las Vegas conference that he could disable a Chinese satellite with nothing but his laptop computer and a cellphone. http://www.globetechnology.com/servlet/story/RTGAM.20040406.gtterror06/BNStory/Technology/ - - - - - - - - - - Kazaa, eDonkey brace for attack File-sharing Web sites Kazaa and eDonkey are steeling themselves for a distributed denial- of-service attack expected Wednesday from a clutch of new variants of the NetSky worm. http://zdnet.com.com/2100-1105-5185783.html New Netsky worms change their stripes http://computerworld.com/securitytopics/security/virus/story/0,10801,91978,00.html Worm 'did not cause' US blackout http://news.zdnet.co.uk/internet/security/0,39020375,39150938,00.htm - - - - - - - - - - Working group offers 25 ways to improve IT security A combination of new legislation, public outreach and insurance changes would enhance government and corporate cybersecurity, according to an industry and academic workgroup. The Corporate Information Security Working Group penned 25 recommendations on steps the private sector can take to improve IT security. It created the list for Rep. Adam Putnam, chairman of the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. http://www.gcn.com/vol1_no1/daily-updates/25514-1.html Last draft released for security guide http://www.fcw.com/fcw/articles/2004/0405/web-nist-04-06-04.asp Group backs new computer security requirements for agencies http://www.govexec.com/dailyfed/0404/040604tdpm1.htm - - - - - - - - - - Next: Outlawing Spyware? Utah has become the first state to make spyware a crime, passing a law that makes it illegal to install such programs on a PC without approval. Starting in early May, violators face a fine of $10,000 per incident, under the new Spyware Control Act. The Utah law aims to regulate the use of spyware and other advertising software, which is infamous for annoying computer users by tracking and reporting their Web whereabouts and displaying ads. http://www.pcworld.com/news/article/0,aid,115527,00.asp - - - - - - - - - - Online phishing uses new bait A new phishing attack is being used to hook unwary web users, the Anti-Phishing Working Group (APWG) has warned. When a phishing victim clicks on a link in an email pretending to come from their bank or another company, they are sent to a fake website which will then try to steal bank account details or other information. http://www.vnunet.com/News/1154101 - - - - - - - - - - Stock spammers get rich quick A large increase in the amount of spam that appears to offer inside information on company shares is being put down to spammers attempting to boost the performance of their own portfolios. For example, a spammer who owns 1,000 shares in a company sends out an e-mail saying "buy these shares, they're about to really take off" and if enough people are tempted it not only become a self-fulfilling prophecy but it makes them a tidy packet in the process. http://zdnet.com.com/2100-1105_2-5185902.html Spam clampdown starts to win victories http://news.zdnet.co.uk/internet/security/0,39020375,39150964,00.htm Europe's war on spam takes charge http://msnbc.msn.com/id/4677236/ http://www.usatoday.com/tech/news/techpolicy/2004-04-06-EU-war-on-junk-mail_x.htm Mounting Business Losses Boost Anti-Spam Market http://www.newsfactor.com/story.xhtml?story_title=Mounting_Business_Losses_Boost_Anti_Spam_Market&story_id=23613 - - - - - - - - - - F-Secure warns on software flaw Security vendor F-Secure is urging users to patch their systems after the discovery of two flaws in a version of its antivirus software that leaves users vulnerable to hackers and virus writers. http://www.vnunet.com/News/1154100 - - - - - - - - - - Apple releases patches for Jaguar, Panther Apple released updates for the Panther and Jaguar versions of Mac OS X that fix security issues in the operating systems' printing, mail and encryption capabilities, as well as a critical vulnerability in the handling of Web addresses. Apple gave little information about the patches, which were published Monday on the company's site. However, information on two of the vulnerabilities could be found at the Web site of the Common Vulnerability Encyclopedia, which is an attempt by the MITRE Corporation to create a complete database of software flaws. http://zdnet.com.com/2100-1104_2-5185918.html - - - - - - - - - - MCI adds SSL VPN, boosts secure remote access MCI announced plans for a host of new security features and a new partnership today that it said will provide more security for mobile and remote workers. The company said that it will partner with Aventail Corp. to deliver Secure Sockets Layer (SSL) virtual private network (VPN) technology and that it plans to add features to its Remote Access suite of services, including technology to detect online fraud and scramble user passwords sent over MCI's global network. http://computerworld.com/mobiletopics/mobile/story/0,10801,91972,00.html - - - - - - - - - - Start-up takes a crack at blocking hackers A Silicon Valley start-up launched on Tuesday with the goal of helping software companies shut out hackers. The Menlo Park, Calif.-based company, Fortify Software, is offering a set of tools designed to test software for potential flaws, while products are still being built. The tools allow companies to examine the underlying code programmers write more closely, cutting down on the likelihood of security weaknesses, according to Fortify. http://zdnet.com.com/2100-1105_2-5185830.html - - - - - - - - - - Firm invites experts to punch holes in ballot software VoteHere, a maker of security software for voting machines, published the source code for its product online in hopes of garnering additional analysis of its method for verifying the integrity of electronic votes. http://news.com.com/2100-1002_3-5186016.html E-voting firm opens up its code http://msnbc.msn.com/id/4677716/ - - - - - - - - - - Too much information, too little trust The meaning of privacy is changing in important ways as technology eliminates conventional notions of maintaining secrets. "We are moving from a classic democracy with limited monitoring and surveillance into a fishbowl society in which monitoring and surveillance are widespread," said Richard Hunter, an analyst with the research firm, Gartner. http://techupdate.zdnet.com/techupdate/stories/main/too_much_information.html - - - - - - - - - - The Joe Job DoS attack A problem with the way that non-delivery notifications are sent by many mail servers could be exploited to launch "mail bomb" denial of service attacks. Incorrectly configured mail servers may respond to mail delivery failure with as many non-delivery reports as there are undeliverable cc: and bcc: addresses contained in the original email. By forging the source of an email, hackers could bombard systems with spurious emails. http://www.theregister.co.uk/2004/04/06/joejoe_dos_attack/ - - - - - - - - - - Are fingerprints really infallible, unique ID? How unique are your fingerprints? It's general held (and as er, The Register confidently stated just yesterday) that your fingerprints being found at the scene of the crime tied you up with it pretty conclusively, but a report published earlier this year by New Scientist claims that there is little scientific basis for the infallibility of fingerprints, and that the only research indicating that there is, is fatally flawed. http://www.theregister.co.uk/2004/04/06/identity/ - - - - - - - - - - Child protection system goes live Web-based system allows authorities to log and monitor concerns about vulnerable youngsters. Three local authorities have completed pilots of a new computerised child protection system which launches nationally today. http://www.vnunet.com/News/1154108 - - - - - - - - - - Mobiles used in high-tech terror Mobile phones are in the hands of millions of people around the world. And increasingly, it appears, in the hands of terrorists. The bombers who targeted commuter trains in Madrid on March 11 used the built-in alarm clock in mobile phones to set off explosives. http://www.cnn.com/2004/TECH/04/04/mobile.terror/index.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.