NewsBits for May 18, 2004 ************************************************************ Police probe Sasser informant The informant who led police to the self-confessed author of the infamous Sasser worm is himself under investigation. Marle B. - the man who provided the tip-off to Microsoft that led to the arrest of Sven Jaschan, 18 - has become a suspect in the German police's computer sabotage inquiry. Munich-based weekly Focus reports that a criminal investigation would blight Marle B's chances of a share in the $250,000 reward money from Microsoft's Anti-Virus Reward Program that caused him to come forward in the first place. http://www.theregister.co.uk/2004/05/18/sasser_informant_turns_suspect/ Funds sought to aid virus writer http://news.bbc.co.uk/1/hi/technology/3725531.stm - - - - - - - - - - Cisco Networking Code May Have Been Stolen Cisco Systems Inc. said yesterday that it is investigating the possible theft of some of the core software code that runs its networking gear, which makes up much of the backbone of the Internet. A sample of the raw programming was posted online by Russian Web site SecurityLab.ru over the weekend. A spokesman for the FBI said it is working with Cisco to investigate the matter. http://www.washingtonpost.com/wp-dyn/articles/A34629-2004May17.html http://www.siliconvalley.com/mld/siliconvalley/8692547.htm http://www.mercurynews.com/mld/mercurynews/news/8692547.htm http://www.latimes.com/technology/la-fi-cisco18may18,1,2734129.story http://www.cnn.com/2004/TECH/biztech/05/18/cisco.code.ap/index.html http://www.usatoday.com/tech/news/techpolicy/2004-05-18-cisco-source-leak_x.htm FBI opens probe into Cisco code leak http://www.msnbc.msn.com/id/4998837/ http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,93237,00.html - - - - - - - - - - Dutch Man Pleads Guilty in Google IPO Scam A Dutch man pleaded guilty Monday to swindling wealthy New Yorkers by promising an inside track to stock in Google Inc. and blazing through $350,000 of their money in a three-month spree of opulent hotels, pricey restaurants and Atlantic City gambling. Late last year, as speculation swirled around the possibility that the search-engine company would go public, Shamoon Rafiq began meeting investors in New York and telling them he was a venture capitalist and college friend of the company's founders, prosecutors said. http://www.washingtonpost.com/wp-dyn/articles/A35560-2004May18.html http://www.mercurynews.com/mld/mercurynews/news/8692552.htm http://news.zdnet.co.uk/business/legal/0,39020651,39155027,00.htm http://www.usatoday.com/tech/news/2004-05-17-google-swindler_x.htm http://www.theregister.co.uk/2004/05/18/google_share/ - - - - - - - - - - Symantec Detects Heavy Kibuv.b Worm Attacks Symantec's DeepSight Threat network Monday detected a very high level of unusual traffic on TCP port 5000 that indicates a worm's at work. The latest alert, which notes "extremely heavy activity" on port 5000, is "almost certainly a worm-related activity," said Alfred Huger, the vice president of engineering for Symantec's virus watch group. The suspected culprit is the Kibuv.b worm, which hit the Internet over the weekend and exploits a vulnerability in Windows' Universal Plug and Play (UPnP) service within Windows 98, Me, and XP. The UPnP vulnerability was first disclosed and patched in late 2001. http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=1212&e=10&u=/cmp/20040518/tc_cmp/20301297 - - - - - - - - - - Safari, IE flaw could allow malicious code execution In what is being described as a "highly critical" vulnerability, security firm Secunia on yesterday issued an advisory to all Mac OS X users that surf the Web with Microsoft Corp.'s Internet Explorer or Apple Computer Inc.'s Safari Web browsers. The vulnerability, which was first reported by lixlpixel and confirmed by Secunia, takes advantage of the "help" URI handler and "allows execution of arbitrary local scripts (.scpt) via the classic directory traversal character sequence using 'help:runscript.'" http://computerworld.com/securitytopics/security/story/0,10801,93233,00.html - - - - - - - - - - Skills not money needed to fight cybercrime Security training, not money or legislation, will help reduce cybercrimes and bring cybercriminals to justice, according to EURIM. Law enforcement agencies require a bigger pool of skilled investigators and digital forensic experts, not more money or legislation, according to a study by EURIM that was presented at the House of Commons on Tuesday. http://news.zdnet.co.uk/internet/security/0,39020375,39155138,00.htm UK police lack e-crime savvy officers http://www.theregister.co.uk/2004/05/18/police_e-skills_crisis/ Police 'need more e-crime skills' http://news.bbc.co.uk/2/hi/technology/3725305.stm UK fraud laws to get millennium facelift http://www.theregister.co.uk/2004/05/18/fraud_law_reforms/ - - - - - - - - - - Panel Urges New Protection on Federal 'Data Mining' A federal advisory committee says Congress should pass laws to protect the civil liberties of Americans when the government sifts through computer records and data files for information about terrorists. "The Department of Defense should safeguard the privacy of U.S. persons when using data mining to fight terrorism," the panel says in a report to Defense Secretary Donald H. Rumsfeld. The report, expected to be issued in about two weeks, says privacy laws lag far behind advances in information and communications technology. http://www.nytimes.com/2004/05/17/politics/17privacy.html - - - - - - - - - - Financial firms spend less on information security Canada's financial sector spends about 50 per cent less on information security services than their U.S. counterparts, a new study by Deloitte and Touche LLP found. In addition, many financial institutions in this country are ''less prepared'' than U.S. companies for an emergency or a disaster that may test security measures, said Adel Melek, Deloitte's global leader of IT Risk Management and Security Services. http://www.globetechnology.com/servlet/story/RTGAM.20040518.gtrnews18-4/BNStory/Technology/ - - - - - - - - - - Fla. congressman pushes for optically scanned votes Recently revealed shortcomings in electronic voting machines that Florida officials plan to use have renewed a Congressman's resolve to delay use of the machines. Rep. Robert Wexler (D-Fla.) had already filed a lawsuit seeking to force the 15 Florida counties that will use the touch-screen machines to implement a mechanism to conduct a manual recount of votes. Now he has contacted officials to urge them to use optical-scan machines in the November elections, citing a reported glitch in the audit systems of some of the machines. http://www.usatoday.com/tech/news/techpolicy/2004-05-18-eye-vote_x.htm - - - - - - - - - - Microsoft is promoting its anti-spam efforts The release dates have not been nailed down, but Microsoft Corp. says it will soon begin implementing new technology to help keep spam from ending up in your inbox. Two new features would identify and filter outbound spam on clients and enterprises and would make computers sending e-mail pay a small computational price, making spam less affordable as a mass marketing tool. http://www.gcn.com/vol1_no1/daily-updates/25957-1.html - - - - - - - - - - SCO beefs up user identity management SCO Group has unveiled a secure user identity management server that centralises Unix and Windows user identity management within Microsoft Active Directory. The product, which succeeds SCO Authentication 2.1 for Microsoft Active Directory, has been dubbed Vintela Authentication from SCO Release 2.2. http://www.vnunet.com/News/1155244 - - - - - - - - - - Senforce puts 'Tupperware-like' seal on mobile data One of the thorniest problems facing enterprises with increasingly mobile workforces is how to keep the sensitive data on their notebook computers from getting into the wrong hands. Senforce Technologies calls its Enterprise Mobile Security Manager (EMSM) a one-of-a-kind solution that uses centrally controlled group policies to manage notebook users' access to the various conduits through which sensitive data can be siphoned. http://techupdate.zdnet.com/techupdate/stories/main/Senforce.html Computer crimes to block business activity http://www.crime-research.org/news/18.05.2004/276 - - - - - - - - - - US, Belgian biometric passports give lie to UK ID scheme Belgium is to begin issuing biometric passports before the end of the year, while in the US (which could be said to have started all this), the State Department is to begin a trial run this autumn, with full production hoped for next year. Belgium has been reported elsewhere as being the first EU country to roll with biometric passports, but as a Register reader kindly sent us scans of his nice new biometric Netherlands passport recently, we suspect this is not the case. http://www.theregister.co.uk/2004/05/18/biometric_passport_intro/ - - - - - - - - - - Zombie RFID tags may never die Businesses are all too keen to talk up the potential of radio frequency ID (RFID) while privacy campaigners are similarly vocal in calling for some hardcore data protection to go with the new tagging technology, and one of the emerging battlegrounds is all about when exactly the tracking chips need to die. Item- level tagging is some way off yet, mainly due to cost rather than retailers' lack of enthusiasm but, when it does kick off in earnest, it's worth putting money on consumers being at loggerheads with retailers over when exactly to switch off and kill the chips. http://zdnet.com.com/2100-1103_2-5214648.html Wal-Mart Maps RFID Expansion Plans http://www.informationweek.com/story/showArticle.jhtml?articleID=20600021 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.