NewsBits for June 4, 2004 ************************************************************ Wardriver pleads guilty in Lowes WiFi hacks In a rare wireless hacking conviction, a Michigan man entered a guilty plea Friday in federal court in Charlotte, North Carolina for his role in a scheme to steal credit card numbers from the Lowe's chain of home improvement stores by taking advantage of an unsecured wi-fi network at a store in suburban Detroit. http://www.securityfocus.com/news/8835 Windows XP Bedevils Wi-Fi Users http://www.wired.com/news/technology/0,1282,63705,00.html - - - - - - - - - - Employee accused of selling stolen cell phones online A former cellular phone company employee is facing computer fraud and theft charges for allegedly selling stolen cell phones on an Internet auction site. Paul Richard Cook, 30, of New Llano, was arrested Tuesday on 29 counts of computer fraud and one count of theft, according to Lt. Craig Stansbury, public information officer for Lafayette Parish Sheriffs Office. http://www.usatoday.com/tech/wireless/phones/2004-06-04-stolen-mobile-phones_x.htm - - - - - - - - - - Scottish police target Net paedos Scottish police are questioning scores of suspects over alleged child pornography offences following raids across the country yesterday. Several people have been arrested and around 100 are being questioned following a swoop by eight Scottish police forces and the Scottish Drug Enforcement Agency on suspected paedophiles. Thousands of pounds worth of computer kit for reportedly seized from the home and business premises of suspects. http://www.theregister.co.uk/2004/06/04/operation_falcon/ Study: Web porn entices far more surfers than search http://www.usatoday.com/tech/webguide/internetlife/2004-06-03-popular-porn_x.htm http://money.cnn.com/2004/06/04/technology/porn_search.reut/index.htm - - - - - - - - - - 'Evil' teacher jailed over child porn An infant school teacher who was caught with almost 100,000 images of child pornography was jailed for seven years today. Martin Taylor, 39, of Hucknall, Nottinghamshire, was described as a "genuinely evil" paedophile, who was leading a double life. His stash of indecent photographs was only discovered when police were called to investigate a blaze at his home in Florence Street. A total of 95,227 images were found, including 16 images of the most serious level of child pornography, Tracey Kirwin, prosecuting, told the court. http://www.thisislondon.co.uk/news/articles/11043760 - - - - - - - - - - Welcome to the new pedophile playground It's possibly a mother's worst dream. To find out someone has sexually abused her child. For Lisa Prewitt, that nightmare is now a reality. Her 8-year-old son was sexually abused by a man he had come to trust. In April, Kentucky State Police arrested Robert Barron Greis and charged him with distributing pornography over the Internet. Police said his home computer contained several thousand pictures of child pornography and more than 130 videos of him involved in sexually explicit acts at his home. http://louisville.snitch.com/2004/06/02/pedophile - - - - - - - - - - Ukraine: carders As CCRC informed, in Odessa, Ukraine, officers of Organized Crime Department arrested three young men attempting to illegally withdraw big sum of money from the accounts of the world famous bank through an ATM using counterfeit plastic cards. According to initial data, malefactors repeatedly withdrew big sums from accounts by using access to accounts of one of foreign banks, having stolen more than half million USD. "Hackers" withdrew 10-40 thousand USD from accounts of their victims per one time. http://www.crime-research.org/news/04.06.2004/316 - - - - - - - - - - Three caught recording 'Tomorrow' Three moviegoers were caught recording the recently released disaster flick "The Day After Tomorrow" with handheld video cameras in U.S. and Canadian theaters, the Motion Picture Association of America said Thursday. Two of the purported camcorder pirates were arrested in theaters in Los Angeles and Canada over the weekend trying to record the 20th Century Fox movie on digital video recorders for resale, and a third fled a Los Angeles theater when he was approached by theater personnel, the MPAA said. http://www.cnn.com/2004/SHOWBIZ/Movies/06/04/film.piracy.reut/index.html - - - - - - - - - - 'Potter-mania' fuels spread of NetSky-P The frenzy surrounding the latest Harry Potter cinematic offering is helping to keep the prevalent NetSky-P worm alive. Almost three months on from the first sighting of NetSky-P back in late March the worm still poses a significant threat. El Reg inboxes are bombarded with hundreds of copies of the worm each day and we're far from alone. AV firm Sophos places NetSky-P as the second most common irritant last month, second only to the infamous Sasser worm. http://www.theregister.co.uk/2004/06/04/netsky-p_harryp/ http://www.vnunet.com/news/1155604 http://www.washingtonpost.com/wp-dyn/articles/A15187-2004Jun4.html NetSky still dominates virus hit parade http://www.globetechnology.com/servlet/story/RTGAM.20040604.gtvirusjun4/BNStory/Technology/ Korgo Worm on the Move http://www.newsfactor.com/story.xhtml?story_title=Korgo-Worm-on-the-Move&story_id=24407 - - - - - - - - - - Mutant son of MyDoom plans three-pronged attack Virus writers have used code from the infamous Mydoom worm to create a potentially dangerous new Internet worm which uses multiple methods to spread. Plexus-A spreads using three different methods: infected email attachments, file-sharing networks and Windows vulnerabilities (the LSASS vulnerability used by Sasser and the RPC DCOM flaw used by Blaster). The as yet unknown virus authors used MyDoom source code as the basis for creating Plexus, according to an analysis of the worm by Russian AV firm Kaspersky Labs. http://www.theregister.co.uk/2004/06/03/plexus_worm/ New worm targets two Microsoft vulnerabilities http://computerworld.com/securitytopics/security/virus/story/0,10801,93648,00.html Zombie PCs spew out 80% of spam http://www.theregister.co.uk/2004/06/04/trojan_spam_study/ - - - - - - - - - - Cell phone cameras getting day in court--or not The administrative office for the federal judiciary is now deciding whether cell phone cameras should be allowed in courtrooms, a source said Friday, raising the possibility that the popular devices will be banned from yet another place. Recording devices of any kind are usually banned from inside courtrooms. One of the myriad reasons involves protecting the identity of confidential witnesses or of minors accused of crimes. Courtroom personnel fear that cell phones with embedded cameras, not to mention those with both cameras and video recording capabilities, could be put to use without detection. http://zdnet.com.com/2100-1105_2-5226912.html - - - - - - - - - - Zombies may spoil Microsoft's spam plan One of Microsoft's plans to fight the spam epidemic is unlikely to adversely affect spammers or reduce the quantity of spam, according to security experts. Microsoft's chairman Bill Gates has been calling for the IT industry to work together and eradicate the spam problem. About six months ago he unveiled an initiative called Penny Black, which was a method for reducing a spammer's ability to send large volumes of unsolicited e-mails using Hotmail and MSN accounts. http://zdnet.com.com/2100-1105_2-5226548.html ITU to hold spam summit http://www.vnunet.com/news/1155617 Net Rivals Embrace to Fight Spam http://www.wired.com/news/infostructure/0,1377,63708,00.html - - - - - - - - - - RIAA wants your fingerprints Not content with asking for an arm and a leg from consumers and artists, the music industry now wants your fingerprints, too. The RIAA is hoping that a new breed of music player which requires biometric authentication will put an end to file sharing. Established biometric vendor Veritouch has teamed up with Swedish design company to produce iVue: a wireless media player that allows content producers to lock down media files with biometric security. http://www.theregister.co.uk/2004/06/04/biometric_drm/ - - - - - - - - - - Linksys Wi-Fi router vulnerability discovered Cisco Systems has issued a patch for a security flaw in one of its Linksys routers that could give hackers access to consumers' home networks. Alan Rateliff II, an independent security consultant, on Friday said he discovered a vulnerability in the Linksys WRTS54G 802.11g wireless router. The flaw gives hackers a free pass into the Web-based configuration page of the router when the firewall function is turned off. http://zdnet.com.com/2100-1105_2-5226918.html - - - - - - - - - - Network Associates warms to behaviour blocking Network Associates yesterday announced plans to offer intrusion prevention alongside conventional anti-virus software. The move is something of a watershed for the AV industry with a top-tier vendor acknowledging that conventional AV scanning software alone fails to defend against fast-spreading Internet worms like Sasser and Blaster. Conventional AV technology is inherently reactive and leaves a 'Window of vulnerability' where firms can get hit even if they have the latest AV signature updates, Metwork Associates acknowledges. http://www.theregister.co.uk/2004/06/04/mcafee_debuts_behaviour_blocking/ - - - - - - - - - - IT security faces Olympian challenge If all goes according to plan, the only Trojan Horse causing trouble in Athens this summer will be the one in the Hollywood blockbuster Troy. But with 10,500 computers, 450 servers, 450 Unix boxes, 4,000 results terminals and a predicted 200,000 security alerts a day, the IT organisers face an Olympian challenge of their own. http://www.itweek.co.uk/Comment/1155619 - - - - - - - - - - Vendors, VARs Embrace Endpoint Security It's no secret that remote users are among the most common sources of enterprise attacks. Mobile employees pick up viruses and worms on the road, then infect the corporate network when they access remotely through a VPN or plug in at the office. http://www.crn.com/sections/security/security.jhtml?articleId=18842878&_requestid=72835 - - - - - - - - - - Part III: Insider theft and the role of regulation "Truth be told, everything we've done in the area of extrusion prevention is because of industry regulations. The police were useless in our last extrusion event, and we're developing our self- audit and control capability in order to protect our customer records and actuarial data." "We don't invest in extrusion-prevention technology because it's a criminal offense when one of our employee extrudes critical filings. We feel the legal deterrent is sufficient." http://computerworld.com/securitytopics/security/story/0,,93624,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.