NewsBits for April 19, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ New Phatbot worm may be on the loose A new variant of the Phatbot worm may be on the loose and attempting to attack SQL Server ports, according to a warning the SANS Institute issued Monday. Last month, Phatbot made the rounds, attacking Windows systems by acting as a Trojan horse. Phatbot would then link infected computers into an underground network for sending spam or launching other attacks. http://zdnet.com.com/2100-1105_2-5194719.html - - - - - - - - - - Phishing attacks up 1,000-fold since September The number of phishing emails have increased from fewer than 300 a month to more than 300,000 The number of phishing emails circulating on the Web has increased from 279 to 215,643 over the past six months, according to email security http://news.zdnet.co.uk/internet/security/0,39020375,39152445,00.htm http://news.com.com/2100-7355_3-5194807.html http://www.vnunet.com/News/1153549 EarthLink aims to block 'phishing' scams http://news.com.com/2100-7355_3-5194778.html - - - - - - - - - - Last part of security strategy released A cybersecurity task force recommended improvements today to a variety of technical standards and practices. Organized by the National Cyber Security Partnership, the task force issued a 104-page report with recommendations for the federal government and industry. The report is the last of five documents prepared by industry and academic experts on the President's National Strategy to Secure Cyberspace, a general blueprint for improving the nation's cybersecurity readiness. http://www.fcw.com/fcw/articles/2004/0419/web-ncsp-04-19-04.asp Homeland Security seeks corporate cybersecurity alliance http://www.govexec.com/dailyfed/0404/041904tdpm2.htm - - - - - - - - - - FTC to Look Closer at 'Spyware' A relatively new kind of software that resides in many computers and tracks its users' Web- surfing habits or triggers pop-up advertisements has come under scrutiny by federal regulators who have already cracked down on deceptive or misleading spam. http://www.washingtonpost.com/wp-dyn/articles/A22514-2004Apr18.html http://www.newsfactor.com/story.xhtml?story_title=Next_on_FTC_s_Hit_List__Spyware&story_id=23747 http://www.usatoday.com/tech/news/techpolicy/2004-04-18-spyware_x.htm 'Spyware' emerges as new online threat http://msnbc.msn.com/id/3032118/?ta=y http://www.usatoday.com/tech/news/techpolicy/2004-04-18-spyware_x.htm - - - - - - - - - - Privacy group steps up Gmail complaints Google's free e-mail service, Gmail, came under fresh fire on Monday when an international privacy rights group said the soon-to-be-launched service violates privacy laws across Europe and elsewhere. London-based Privacy International, which has offices in the United States and Europe, said it has filed complaints with privacy and data-protection regulators in Australia, Canada and 15 countries in Europe. http://zdnet.com.com/2100-1104_2-5194417.html Read My Mail, Please http://slate.msn.com/id/2098946/ - - - - - - - - - - Hollywood's new lesson for campus file swappers Hollywood is poised to up the ante in its war against file swappers, with new technology that could make it easier to remove suspected pirates from campus networks, CNET News.com has learned. Movie studios, record labels and technology companies have been testing the system for months, according to sources familiar with the project. http://zdnet.com.com/2100-1105_2-5194341.html http://www.newsfactor.com/story.xhtml?story_title=Entertainment_Industry_Takes_Anti_Piracy_Offensive_to_Campuses&story_id=23746 MS clamps down on illegal software http://www.vnunet.com/News/1154472 - - - - - - - - - - Victims of cyber crime Companies are the main victims of cyber crimes. But neither state authorities, nor individuals are insured against cyber criminals. A survey, what was carried out among companies in the USA, showed that 85% of companies at least once incurred network attacks. In the report of the British Communication Systems Management Association researchers note that one third of firms and state institutions deal with hackers. http://www.crime-research.org/news/17.04.2004/212 Internet crimes and security http://www.crime-research.org/news/19.04.2004/214 - - - - - - - - - - Protection of Copyright and Adjacent Rights on the Net Copyright Law guarantees certain exclusive rights to the owners of intellectual property. Let's consider the most typical delusions about copyrights on the Internet. - "There is no copyright on the Internet. I may use all that I have found." It's not true. http://www.crime-research.org/articles/Belousov0404 - - - - - - - - - - The Trojan that wasn't FEAR, uncertainty and doubt swirled through the Macintosh community last week as an antivirus software company said it had uncovered the first Trojan horse software to hit Mac OS X. Unix-based Mac OS X, released three years ago, has been completely free of viruses, worms and Trojans, in sharp contrast to the infestations that continually sweep the Windows world. http://australianit.news.com.au/articles/0,7204,9304815%5E15423%5E%5Enbv%5E15309,00.html - - - - - - - - - - Seized Web Servers Raise Freedom Concerns For $9.95 a month, a small company offered access to a search tool that would scour electronic bulletin boards for millions of "uncensored" movies and photographs and serve up "an all-you-can-eat taste of 'the Internet gone wild!'" http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8456258.htm http://msnbc.msn.com/id/4780312/ - - - - - - - - - - Spam slips though the maintenance gap Even though most organisations know that they are not tackling spam adequately, many are still failing to take the elementary steps necessary to protect themselves. http://www.vnunet.com/News/1154452 - - - - - - - - - - Company to license device-security tools Now that it has received needed patents, Cryptography Research will embark on a more aggressive effort to license technology that can protect devices from differential power analysis, a type of decryption attack. With differential power analysis, or DPA, a hacker monitors variations in the electrical consumption of a card that performs encryption functions-- then performs reverse analyses to determine passwords. http://zdnet.com.com/2100-1105_2-5193696.html Encryption key to mobile data security http://www.vnunet.com/News/1154453 Data security: expect the unexpected http://www.itweek.co.uk/Analysis/1154468 - - - - - - - - - - What is cyber-terrorism? What is "cyber-terrorism"? Cyber-terrorism is the same terrorism, which uses computers and electronic networks for terrorist attacks. As a criminal legal phenomenon, 'terrorism' has an international impact and, according to a number of international laws, it means many international crimes. Last time its impact has been distributed to new forms and displays - cyber-terrorism or electronic terrorism. http://www.crime-research.org/news/18.04.2004/222 - - - - - - - - - - Office workers sick of passwords Office workers are sick and tired of passwords and would much rather log on to their IT systems using a smart card, fingerprint reader, or other biometric authentication device. According to a survey by the organisers of the Infosec security conference, 80 per cent of those surveyed said they were fed up with using passwords and would prefer some kind of smart card or biometric device for authentication to secure systems, whether at home or home. http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=56242 Fingerprints as ID - good, bad, ugly? http://www.theregister.co.uk/2004/04/19/biometrics/ Smart cards arm against decryption attacks http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,39152301,00.htm - - - - - - - - - - Shhh! The FBI's listening to your keystrokes The FBI is trying to convince the government to mandate that providers of broadband, Internet telephony, and instant-messaging services build in backdoors for easy wiretapping. That would constitute a sweeping expansion of police surveillance powers. Instead of asking Congress to approve the request, the FBI (along with the Department of Justice and the Drug Enforcement Administration) are pressing the Federal Communications Commission to move forward with minimal public input. http://news.com.com/2010-1028_3-5193750.html - - - - - - - - - - Disaster Recover: A Report Preparing for the Worst. Power outages, fires, floods and terrorism are near-constant threats for today's IT-dependent businesses. Plus the coming hurricane season is expected to be worse than usual. Here's how to get ready. http://computerworld.com/securitytopics/security/report/0,,04192004,00.html - - - - - - - - - - Solaris 10 Security In recent years, IT organizations have endured relentless and increasingly sophisticated attacks to their infrastructure and data. Most of these attacks are launched from the Internet, but increasingly, security violations are reported from inside the organization. These attacks, which include viruses, worms and buffer overflow exploits, exponentially increase the risks corporations face in conducting business. http://www.securityfocus.com/infocus/1776 - - - - - - - - - - Climbing firewalls In the past, if you were looking for a mental image for the ubiquitous firewall you could have pictured it as that old western film stand-by, the circled wagon train. But these days, as well as being extremely politically incorrect, this IT illusion is out of date. Because as well as protecting the perimeter, the firewall now helps to create a defence in depth, cropping up in new areas such as the desktop and multifunction appliances. http://www.vnunet.com/Features/1154467 - - - - - - - - - - Bluejacking spawns 'toothing' on trains Bored commuters are employing Bluetooth phones to set up sex with strangers. British commuters take note -- the respectable person sitting next to you on the train fumbling with their cell phone might be a "toother'' looking for sex with a stranger. "Toothing'' is a new craze where strangers on trains, buses, in bars and even supermarkets hook up for illicit meetings using messages sent via the latest in phone technology. http://news.zdnet.co.uk/communications/wireless/0,39020348,39152298,00.htm http://www.theregister.co.uk/2004/04/19/blue_tooth/ *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.