High Tech "NewsBits" for 04/26/04

NewsBits for April 26, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ US man on Net stalking rap A South Carolina man has become the first person to be charged under US laws prohibiting Internet stalking. Robert James Murphy, 38, of Columbia, South Carolina, denied 26 counts of using his computer to "to annoy, abuse, threaten and harass" Joelle Ligon, a 35 year-old Seattle woman, at a US District Court hearing last week. Conviction of each of the charges is punishable by up to two years in prison. Murphy was released on bail of $50,000 pending further hearings. http://www.theregister.co.uk/2004/04/26/internet_stalking/ - - - - - - - - - - Coder serves up poetry with newest Bagle The author of the latest variant of the Bagle worm has gone beyond penning just a piece of code: The writer has also included a poem in the document attachment on which the worm piggybacks. The malicious program, known as Bagle.Z, has not spread very quickly, said Vincent Gullotto, vice president of the antivirus emergency response team for Network Associates, which makes security software. http://zdnet.com.com/2100-1105_2-5200017.html Would you like a cherry Bagle with your zombie PC? http://www.theregister.co.uk/2004/04/26/cherry_bagle/ - - - - - - - - - - Microsoft warns of SSL attacks Microsoft is urging customers to immediately install a recent software patch for Secure Socket Layer vulnerabilities in Windows because hackers are preparing to exploit the flaws. The patch, MS04-011, was made available on 13 April and is rated 'critical' by Microsoft. It patches 14 separate vulnerabilities, chiefly bugs in the SSL of all Windows systems. http://www.vnunet.com/News/1154653 More attack code surfaces for recent MS security holes http://computerworld.com/securitytopics/security/story/0,10801,92696,00.html - - - - - - - - - - Lawmakers renew push for data-mining law Sens. Patrick Leahy and Russell Feingold are urging fellow lawmakers to support a bill that would require agencies to report to Congress on data-mining technologies used for homeland security purposes. Feingold introduced the Data-Mining Reporting Act of 2003 last summer, but it stalled in the Judiciary Committee. Now, Feingold (D-Wis.) and Leahy (D-Vt.) are making a renewed push in a letter to fellow senators to gather support for the bill, S 1544. http://www.gcn.com/vol1_no1/daily-updates/25726-1.html Safecom requirements released http://www.fcw.com/geb/articles/2004/0426/web-safec-04-26-04.asp Agencies slow to meet online privacy criteria http://www.fcw.com/fcw/articles/2004/0426/web-p3p-04-26-04.asp - - - - - - - - - - MPs ponder whether 'benign' hacking should be legal With Britain's Computer Misuse Act heading for a revision, some MPs want to explore whether ethical hacking should be allowed. Should UK citizens ever should have the right to launch a hack attack against a computer or a network? A group of tech- savvy MPs are poised to consider this question, as the All-Party Internet Group (APIG) launches an investigation into Britain's cybercrime laws. http://news.zdnet.co.uk/internet/security/0,39020375,39153024,00.htm - - - - - - - - - - US defends cybercrime treaty Critics took aim this week at a controversial international treaty intended to facilitate cross-boarder computer crime probes, arguing that it would oblige the US and other signatories to cooperate with repressive regimes - a charge that the Justice Department denied. The US is one of 38 nations that have signed onto the Council of Europe's "Convention on Cybercrime," but the US Senate has not yet ratified the measure. http://www.theregister.co.uk/2004/04/24/us_defends_cybercrime_treaty/ - - - - - - - - - - Phishing scams cost UK banks PS1m+ Scam emails that form the basis of phishing attacks pose as 'security check' emails from well-known businesses. These messages attempt to trick users into handing over their account details and passwords to bogus sites. The collected details are used for credit card fraud and identity theft. http://www.theregister.co.uk/2004/04/26/phishing_scams/ Beware: traps on the Net http://www.crime-research.org/news/24.04.2004/232 - - - - - - - - - - Telefonica fights 419 lottery tsunami Spanish telecom operator Telefonica says it will work with the police to try and stop the problem of Nigerian scammers operating out of internet cafes and sending thousands of sweepstake scam letters. This week the Abusive Hosts Blocking List - which tracks spam sources, spam friendly providers and other hosts which pose a risk to the Internet - announced it had blocked nearly all of Telefonica's IP space because of the "ever increasing amount of spam and illegal 419" originating from Spain. http://www.theregister.co.uk/2004/04/26/telefonica_419/ - - - - - - - - - - 'Burnt out' IT staff losing virus battle Companies that have yet to centralise the management of their antivirus software are exhausting their IT staff. While the majority of firms have taken users out of the loop of updating antivirus software, those that have not are unable to cope due to the sheer volume of viruses, according to application switching vendor Radware. http://www.vnunet.com/News/1154643 Vendors feel security heat http://www.vnunet.com/News/1154650 - - - - - - - - - - Study: Legal Fears Scare Away Downloaders Driven largely by fears of copyright lawsuits, more than 17 million Americans, or 14 percent of adult Internet users, have stopped downloading music over the Internet, a survey finds. But the overall percentage of people who say they currently do so has inched back up since November, the Pew Internet and American Life Project said in a study Sunday. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8518675.htm http://www.cnn.com/2004/TECH/internet/04/26/downloading.music.ap/index.html - - - - - - - - - - Microsoft joins the fight against Internet paedophilia Microsoft and The International Centre for Missing and Exploited Children have joined forces to battle the Internet's child pornography problem, and have formed the Global Campaign Against Child Pornography. Microsoft worked with ICMEC last year to launch a worldwide series of training programs for law-enforcement personnel who investigate computer-facilitated crimes against children. http://www.crime-research.org/news/24.04.2004/242 - - - - - - - - - - DHS issues wireless interoperability requirements The Homeland Security Department today released technical requirements for future public-safety wireless communications and interoperability. The document, created by DHS Science and Technology Directorate, is the latest attempt to get the troubled Project Safecom back on track. Shifted from team to team, the project has failed to make much progress coordinating public-safety comm in the past 2 1/2 years. http://www.gcn.com/vol1_no1/daily-updates/25728-1.html DOD decentralizes Wi-Fi http://www.fcw.com/fcw/articles/2004/0426/web-wifi-04-26-04.asp - - - - - - - - - - Ask the experts to ensure ID card success The government today unveiled its PS3.1bn plans for biometric identity cards, with the IT industry insisting its advice will be vital to the success of the project. The draft ID Cards Bill, published today by Home Secretary David Blunkett, sets out the legislative framework for introducing the cards. http://www.vnunet.com/News/1154659 ID cards to use 'key database' of personal info http://www.theregister.co.uk/2004/04/26/id_card_draft_published/ 10 years jail for false ID - Blunkett PR deploys rattle of shackles http://www.theregister.co.uk/2004/04/25/blunkett_id_fraud_penalties/ U.K. passport agency begins trial on biometric IDs http://computerworld.com/securitytopics/security/story/0,10801,92695,00.html - - - - - - - - - - Workshare updates document-tracking software Software maker Workshare announced on Monday a new version of its main product for tracking and managing changes to corporate documents. Version 3.5 of Workshare's self-titled application includes new tools for securing potentially sensitive metadata embedded in documents, new e-mail tools and the ability to integrate with leading content management systems. http://zdnet.com.com/2100-1104_2-5200160.html - - - - - - - - - - Crackers Redux: New Attacks Ape Hannover Hackers' Tactics If the recent compromises of Unix and Linux machines at supercomputing centers and research universities around the country do nothing else, they should prove once and for all that there is nothing new under the sun. To security world veterans, the pattern of attacks likely sounds eerily familiar. It is nearly identical to the methods and tactics used by the "Hannover Hackers," who broke into Unix machines at the Lawrence Berkeley National Laboratory in Berkeley, Calif., and several other universities and military facilities in 1986. http://www.eweek.com/article2/0,1759,1573024,00.asp - - - - - - - - - - Common Security Vulnerabilities in e-commerce systems The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software. Other attacks have used vulnerabilities that are common in any web application, such as SQL injection or cross-site scripting. http://www.securityfocus.com/infocus/1775 - - - - - - - - - - Computers' weakest link: Careless password sharers Computer security experts tend not to be easily shocked by people's foolhardy, frequently cavalier attitudes toward online security. But even within this generally hardened breed, some expressed surprise over the results of a recent survey in Britain that underscored the profound vulnerability of the world's computer networks. http://www.iht.com/articles/516980.html Would you trade your password for a candy bar? http://www.chron.com/cs/CDA/ssistory.mpl/tech/news/2531813 - - - - - - - - - - GMail foes send mixed messages The sharp reaction to Google's announcement of the Gmail service earlier this month underscored a deep divide in the tactics and strategies employed by Internet privacy activists. Privacy groups like the Electronic Privacy Information Center in Washington, D.C., and London-based Privacy International denounced Gmail as an intrusion that must not be permitted to exist. http://zdnet.com.com/2100-1107-5199569.html http://www.wired.com/news/privacy/0,1848,63192,00.html - - - - - - - - - - Airport security failures justify CAPPS-II snoop system Recent government reports on the failure of American airport screeners to detect threat objects at security checkpoints may provide ammunition for proponents of the controversial Computer Assisted Passenger Prescreening System (CAPPS II) database solution, which is currently stalled by myriad snafus too numerous to mention. http://www.theregister.co.uk/2004/04/26/airport_security_failures/ - - - - - - - - - - Warning: May Contain Explosives Some companies shipping cargo from Asia and the Middle East this summer will be able to detect whether, where and when saboteurs have placed explosives inside shipping containers. With sensor- equipped shipping containers, and Bluetooth and satellite communications, shippers and homeland security officials will get an unprecedented look inside what many experts consider America's most vulnerable target: its import supply chain. http://www.wired.com/news/privacy/0,1848,63192,00.html - - - - - - - - - - Police in Big Easy watch wirelessly New Orleans is using wireless technology to help it build a police video surveillance system out beyond the limits of wired networks to provide it with one of the first such citywide systems in the country. The wireless system will also be used to give cops using laptops or handheld systems almost instant access to video of suspected crimes happening on their beat. http://www.usatoday.com/tech/wireless/data/2004-04-26-neworleans-wifi-police_x.htm - - - - - - - - - - Teen Drivers Could Face Ban on Use of Cellphones Unwilling to ban the popular motorist pastime of chatting on cellphones, California lawmakers are mulling more limited measures that would forbid phone use by teen drivers while offering more lenient treatment of adults caught driving badly while talking. The new approaches come after the Legislature refused to bar drivers from using hand-held cellphones in each of the last three years, even though a 2002 California Highway Patrol study endorsed the idea. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-phones25apr25,1,2577814.story *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.