NewsBits for May 6, 2004 ************************************************************ Prison time for cyber stock swindler A young investor with more wiles than trading luck was sentenced to 13 months in prison Wednesday for using a Trojan horse program and someone else's online brokerage account to sell thousands of worthless stock options to an unwilling buyer. Van T. Dinh, 20, was the first to be charged by the Securities and Exchange Commission with a fraud involving both computer hacking and identity theft, according to the SEC. http://www.securityfocus.com/news/8564 - - - - - - - - - - E-Mail That Warns of Gang Rite Is a Hoax, Anaheim Police Say An e-mail advising nighttime drivers not to signal cars that have their headlights off, lest they become the victim of a violent rite of passage among gangs, is a hoax, Anaheim police said. According to the e-mail, the driver of the car with its lights off is involved in a gang initiation and is to follow and shoot the driver of any car that flashes its lights. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-hoax6may06,1,6212103.story - - - - - - - - - - Security experts warn of nastier Sasser worm Computer security experts warned yesterday that the Sasser worm could merge with earlier viruslike programs to wreak more havoc on the Internet, just as companies and PC users clean up from the last attack and authorities hunt for those responsible. Since appearing over the weekend, the fast-moving Sasser computer worm has hit PC users around the world who run the ubiquitous Microsoft Windows 2000, NT and XP operating systems. It is expected to slow down as computer users download antivirus patches. http://computerworld.com/securitytopics/security/virus/story/0,10801,92936,00.html Net watchers wary of Sasser fallout Although the damage wrought by Sasser failed to reach the levels of MSBlast and other major infections, security experts are warning that there could still be more trouble to come from the worm. One researcher warned on Thursday that the group of online vandals suspected of creating both the Sasser worm and several variations of the Netsky virus could combine the two threats. The resulting blended threat could dodge security inside corporate systems via e-mail messages and then spread quickly, once inside those networks. http://zdnet.com.com/2100-1105_2-5207634.html http://www.crime-research.org/news/06.05.2004/258 Sasser boosts AV share prices http://www.theregister.co.uk/2004/05/06/av_cartel/ - - - - - - - - - - MS mounts covert anti-piracy op Almost 25 per cent of Belgian PC retail shops encourage users to buy illicit software, according to research by Bare Associates. As part of its ongoing effort to stamp out the use of pirated software, Microsoft paid Bare to send secret investigators or "mystery shoppers" to 400 computer retailers in Belgium. http://www.theregister.co.uk/2004/05/06/ms_anti_piracy_op/ - - - - - - - - - - New DVD copying software tries to skirt law Court rulings have pulled the most popular software for copying DVD movies off the market, but a new program, already on sale at CompUSA and Wal-Mart, is trying to get around these rulings and still let users duplicate copy-protected discs. The new software, called 123 Copy DVD, sells for as little as $19.99. Out of the box, it won't copy the vast majority of commercial DVDs, which are protected by encryption. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8605291.htm http://www.usatoday.com/tech/news/techpolicy/2004-05-06-avoiding-copy-laws_x.htm Developers seek to hide file-swappers http://news.zdnet.co.uk/software/developer/0,39020387,39153926,00.htm - - - - - - - - - - Gartner: Phishing attacks up against U.S. consumers A new study by research firm Gartner Inc. found that the number of online scams known as "phishing" attacks has spiked in the past year and that online consumers are frequently tricked into divulging sensitive information to criminals. The study, which ended last month, surveyed 5,000 adult Internet users and found that around 3% of them reported giving up financial data or other personal information after being drawn into phishing scams, which use e-mail messages and Web pages designed to look like correspondence from legitimate online businesses. http://computerworld.com/securitytopics/security/story/0,10801,92948,00.html http://www.vnunet.com/News/1154975 http://news.com.com/2100-7355_3-5207297.html http://msnbc.msn.com/id/4915850/ http://www.cnn.com/2004/TECH/internet/05/06/internet.phishing.reut/index.html How to avoid Internet fraud http://www.crime-research.org/news/06.05.2004/236 - - - - - - - - - - 'P2P' Firms Join Child-Porn Fight Online file-sharing networks, used by millions of consumers to trade digital music, videos, games and software, are beginning to work with law enforcement to crack down on child-pornography purveyors who use their systems. Officials of two trade associations representing several companies doing such "peer-to- peer" -- or P2P -- file sharing said yesterday that they are cooperating with the FBI to attack the problem, which has drawn the ire of several members of Congress. http://www.washingtonpost.com/wp-dyn/articles/A5659-2004May5.html http://msnbc.msn.com/id/4917677/ P2P group suggests porn-related 'most wanted' list http://news.com.com/2100-1028_3-5207629.html - - - - - - - - - - Customers won't tolerate security breaches Latest research shows that firms who fall victim to hacking, viruses or phishing may have to worry about more than just patching up their systems. A survey, which was carried out by telecoms firm Energis, found the rate of customer attrition in the business-to-business sector rose by 47 per cent after a firm fell victim to hacking, a virus, a denial of service attack or a phishing fraud. http://software.silicon.com/security/0,39024655,39120501,00.htm - - - - - - - - - - E-voting system security, integrity under fire IT security researchers have uncovered significant vulnerabilities in the electronic voting systems that nearly 30% of all registered voters will use in the upcoming presidential election, raising concerns about what already looks to be one of the most divisive elections in U.S. history. In testimony before the U.S. Election Assistance Commission yesterday, security researchers said that without voter-verifiable paper receipts, the 50 million Americans who will use electronic voting machines this fall will have no way of knowing if their votes were recorded properly. Even worse, the code base powering the systems is so large and complex that there's little way for election officials to be sure it is free of malicious code designed to manipulate election results. http://computerworld.com/securitytopics/security/story/0,10801,92950,00.html - - - - - - - - - - Spammers use free porn to bypass Hotmail protection Spammers have found an ingenious way to bypass the protection put in place by Hotmail and Yahoo to stop bots from opening email accounts - they're offering free porn. Spammers are bypassing a security protection that is designed to stop automated bots from automatically opening Web mail accounts, by offering humans access to free porn. http://news.zdnet.co.uk/internet/security/0,39020375,39153933,00.htm - - - - - - - - - - China shuts more than 8,600 Internet cafes for letting in minors China has shut down more than 8,600 Internet cafes since February, many of them for illegally admitting juveniles, the official Xinhua News Agency reported Thursday. ``Any such place allowing juveniles to enter or allowing unhealthy information to spread through the Internet will face rigid, severe penalty,'' Xinhua said. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8604706.htm - - - - - - - - - - Quantum crypto gets a speed boost NIST scientists transfer a quantum key made of single photons at a rate of 1Mbps. A team of US scientists from the National Institute of Standards and Technology (NIST) in Colorado and Acadia Optronics, Maryland, claims to have built the worlds fastest quantum cryptography system (Optics Express 12 9). http://optics.org/articles/news/10/5/2/1 - - - - - - - - - - Microsoft revisits NGSCB security plan Microsoft Corp. is revisiting its Next-Generation Secure Computing Base (NGSCB) security plan because enterprise users and software makers don't want to be forced to rewrite their code to take advantage of the technology, the company said yesterday. In response to feedback from users and software makers, Microsoft is retooling NGSCB so that at least part of the security benefits will be available without the need for recoded applications, said Mario Juarez, a Microsoft product manager, in an interview yesterday at the vendor's Windows Hardware Engineering Conference (WinHEC). http://computerworld.com/securitytopics/security/story/0,10801,92941,00.html - - - - - - - - - - UK lags behind Estonia in ID card technology The UK's ID card proposal fails to include facilities for a digital signature, which puts Britain behind Estonia and at least six other EU member states. The UK's ID card proposals are technically years behind the systems being implemented in at least six European countries, including Estonia and Austria. http://news.zdnet.co.uk/internet/0,39020369,39153932,00.htm ID cards set back by equipment failure http://news.zdnet.co.uk/business/legal/0,39020651,39153748,00.htm - - - - - - - - - - Getting a grip on federated identity The growth of partnerships into e-business networks is one of the most significant trends in the evolution of Internet commerce. Some of the most successful global businesses have achieved a high level of coordination between their own IT systems and those of their customers, suppliers and partners. In business- to-consumer environments, where end users communicate with one company that presents products or services from multiple partners simultaneously, access to shared resources must be secure and structured to meet the requirements of each partner in the business relationship while also meeting the end users' needs. http://computerworld.com/securitytopics/security/story/0,10801,92737,00.html - - - - - - - - - - Piecemeal security solutions cost firms dearly A piecemeal approach to information security - added to market confusion - is resulting in companies spending too much for incomplete protection. According to security vendor Aladdin, companies are unwittingly purchasing and managing overlapping security solutions, sending their total cost of ownership sky-high. Aladdin reckons a set of point products to tackle anti-virus, anti-spam, Web filtering, URL blocking and application filtering could be as much as three times as expensive to run as an integrated system. http://www.theregister.co.uk/2004/05/06/holistic_security/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.