NewsBits for June 7, 2004 ************************************************************ Michigan man pleads guilty to wireless hack into stores A Michigan man pleaded guilty on Friday to four counts of wire fraud and unauthorized access to a computer after he and two accomplices used a vulnerable wireless network at a Lowe's Companies Inc. store in Michigan to attempt to steal credit card numbers from the company's main computer systems in North Carolina and other Lowe's stores in the U.S. Brian Salcedo could face up to 18 years in prison for the crime, which the government claims could have caused more than $2.5 million in damages. http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,93708,00.html http://www.theregister.co.uk/2004/06/07/us_wardriver_guilty_plea/ - - - - - - - - - - New virus cracks credit cards A new computer virus "Korgo" raging now in Europe, Asia and North America decodes numbers of credit cards used in online systems, an Austrian Internet service provider "Vienna Online" informed. Therein virus looks like its predecessor "Sasser" worm, which incurred huge damage to companies and individuals, ISP experts said. http://www.crime-research.org/news/07.06.2004/409/ - - - - - - - - - - UK law firms fall down on security One in 10 UK legal firms has suffered an IT security failure and one in 20 has lost a client because of it, a report claims. Research by NOP, commissioned by security VAR Evolution Systems, also found worryingly high levels of IT insecurity among the 100 legal practitioners it surveyed. http://www.vnunet.com/news/1155655 - - - - - - - - - - Cities Say No to the Patriot Act Forget drug-free and nuclear-free zones. A growing grassroots movement seeks to make the United States a Patriot Act-free zone, one city at a time. Or, at the very least, the people behind the movement hope to make their cities constitutional safe zones. In the past two years, more than 300 cities and four states have passed resolutions calling on Congress to repeal or change parts of the USA Patriot Act that, activists say, violate constitutional rights such as free speech andfreedom from unreasonable search and seizure. http://www.wired.com/news/privacy/0,1848,63702,00.html - - - - - - - - - - Virus writers deploy bulk mail software Hackers have used spamming software to distribute thousands of copies of a new Trojan. Email filtering firm MessageLabs alone has intercepted more than 4,000 copies of the Demonize-T Trojan over the last 24 hours. Demonize-T is a multi-stage Trojan that uses an object data exploit in Internet Explorer (patch here) to download and execute an encoded visual basic script from a website. http://www.theregister.co.uk/2004/06/07/demonize_trojan/ - - - - - - - - - - BT blocks consumer access to child porn An elaborate software filter will stop broadband Internet customers accessing a list of suspected child porn sites. Websites carrying pornographic images of children will be off-limits to BT Group's one million broadband Internet customers, the telecoms giant says. The effort is believed to be the biggest scheme of its kind by an Internet service provider (ISP) to bar its customers from child porn sites. It comes as law enforcement officials around the globe step up pleas to the industry for help. http://news.zdnet.co.uk/internet/security/0,39020375,39156894,00.htm http://www.msnbc.msn.com/id/5158457/ http://www.usatoday.com/tech/world/2004-06-07-bt-cleanfeed_x.htm http://www.theregister.co.uk/2004/06/07/bt_iwf_trails/ BT's modest plan to clean up the Net http://www.theregister.co.uk/2004/06/07/bt_cleanfeed_analysis/ Parental Internet fears put kids at risk http://www.theregister.co.uk/2004/06/07/kids_online_training/ - - - - - - - - - - IT security budgets expected to rise Enterprise investment in information technology security in the United States is likely to hit 12 percent of total IT budgets over the next couple of years, according to a new study. The average security investment will peak at 8 percent to 12 percent by 2006 in the United States and reach the same level in Europe and Asia by 2007. These budgets will stabilize between 5 percent and 8 percent by 2008 in the United States and in Europe and the Asia-Pacific region by 2009, the Meta Group said in a new study released on Monday. http://news.com.com/IT+security+budgets+expected+to+rise/2100-1009_3-5227840.html http://www.gcn.com/vol1_no1/daily-updates/26147-1.html Security takes the stage http://zdnet.com.com/2100-1105_2-5226943.html - - - - - - - - - - Apple patches 'critical' OS X flaw Apple Computer on Monday released a security patch that fixes what the company called the first "critical" Mac OS X flaw. A combination of holes disclosed by security researchers last month could have allowed an attacker to take over a vulnerable Macintosh, though no such exploits have been reported. Apple issued a partial fix last month, but security researchers had said that the Mac remained open to attack. http://zdnet.com.com/2100-1105_2-5228038.html http://www.wired.com/news/mac/0,2125,63756,00.html - - - - - - - - - - Cisco extends relationship with Trend Micro Networking giant Cisco on Monday said it will incorporate tools and virus signatures from Trend Micro into the security software that runs on its routers, switches and other gear. As recently as March, security analysts said millions of networks around the world lack protection from malicious code. Additionally, research company Gartner has recently said that spam, worms and viruses constitute more than 30 percent of the traffic on some network backbones. Cisco is the market leader in networking products. http://zdnet.com.com/2100-1103_2-5228008.html http://www.usatoday.com/tech/techinvestor/2004-06-07-cisco-trendmicro_x.htm - - - - - - - - - - New Armor to Thwart Hacks A small cadre of vendors is set to release a new class of host-based security technologies that protect applications and processes running in memory. While many enterprises are still adjusting to the concept of signatureless defenses such as intrusion prevention systems,Determina Inc., a startup founded by a group of security-industry veterans, and Immunix Inc., a top Linux security provider, are rolling out solutions designed to lock down server memory space and allow only explicitly permitted operations among applications and processes. http://www.eweek.com/article2/0,1759,1607585,00.asp Linux gains virus armour http://news.zdnet.co.uk/internet/security/0,39020375,39156880,00.htm - - - - - - - - - - Network Associates gets proactive with viruses Network Associates has announced the beta release of McAfee VirusScan Enterprise 8.0, which combines proactive and reactive security measures in one software package. http://news.zdnet.co.uk/internet/security/0,39020375,39156967,00.htm http://www.vnunet.com/news/1155686 - - - - - - - - - - CPU-based security for Windows XP, Red Hat Linux coming Microsoft Windows XP Service Pack 2 and the next version of Red Hat Enterprise Linux 3 will support new CPU-based security protections designed to stop incoming malicious executable code from being triggered. http://computerworld.com/securitytopics/security/story/0,10801,93712,00.html - - - - - - - - - - NIST keeps publishing One way to quantify the growth in importance of computer security work is to count the pages of security guidelines published by the National Institute of Standards and Technology in the past year. The total is 1,200 pages, said Ed Roback, chief of the Computer Security Division. Speaking June 4 in Washington, D.C., at the E-Gov Institute's Annual Government Solutions Forum, Roback said documents on topics as unremarkable sounding as security categorization often generate strong responses. http://www.fcw.com/fcw/articles/2004/0607/web-nist-06-07-04.asp - - - - - - - - - - Data theft detective work begins at the office Intellectual property and other sensitive consumer data are seeping out the doors of corporations at an alarming rate -- and the culprits aren't necessarily a cracker with a broadband connection holed up in his mom's basement, or a wiseguy who's Dumpster diving. Users nestled inside the enterprise firewall with an abundance of unmanaged privileges are most often to blame, according to a soon-to-be-released study conducted by the director of an identity theft program at Michigan State University. http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci968920,00.html Passwords can sit on hard disks for years http://www.newscientist.com/news/news.jsp?id=ns99995064 RSA focuses anew on the password problem http://computerworld.com/securitytopics/security/story/0,10801,93711,00.html - - - - - - - - - - The Deadly Duo: Spam and Viruses A small nugget of good news lies buried among the mountains of unsolicited commercial e-mail: the spam volume held steady from April to May, according to two leading e-mail processing firms. Brightmail's Probe Network found that spam leveled at 64 percent, while Postini measured the monthly volume unchanged at 78 percent. According to Brightmail's assessments, the last time the spam volume was unchanged was August 2003 when it maintained a 50 percent level. http://www.internetnews.com/stats/article.php/3364421 - - - - - - - - - - The Free & The Unfree The notion that ideas can be protected, like land or gold, from bandits predates Gutenberg's printing press. But only in the digital age has the concept of intellectual property set off an international free-for-all. On the one side are the intellectual property holders, predominantly citizens of Western nations. They're squaring off against IP outlaws, who tend to live in developing countries. The propertied class loudly asserts its ownership and control. The insurgents cry for openness and exploit technological loopholes with abandon. http://www.wired.com/wired/archive/12.06/free.html - - - - - - - - - - Confidentiality, integrity and accessibility: security key elements Increased popularity of the Internet, in particular, for commercial and communication purposes extended companies' capabilities to develop new systems of delivery, to use global human resources more efficiently. These opportunities introduced additional requirements from a point of security: continuous business activity and emergency management; these global technologies may lead to global threats. Security tasks develop in intensity and complicity directions. http://www.crime-research.org/news/07.06.2004/320/ - - - - - - - - - - Web-linked cameras let users play Big Brother New surveillance cameras allow anyone with a broadband Internet connection to keep a 24-hour watch on nearly anything from anywhere. Want to monitor your house from the office? Connect one of the cameras to an Ethernet or wireless computer network at home, then navigate your browser to a Web site linked to an Internet address assigned to the camera. http://www.cnn.com/2004/TECH/internet/06/07/broadband.cameras.reut/index.html http://www.wired.com/news/privacy/0,1848,63738,00.html - - - - - - - - - - Terrorists relocate to the Internet While American troops report of a seizure of a regular "Al Qaeda" camp in Afghanistan, experts raise an alarm: terrorists start relocation to the Internet.The Internet is a very powerful tool in hands of terrorist organizations. It's not only because it gives them the opportunity to join and coordinate their actions. Through the Internet terrorism is able to popularize its ideas and vision worldwide. One may easily get accessto such material; you simply need to click on a link. http://www.crime-research.org/news/05.06.2004/318/ - - - - - - - - - - FBI's terror trawl and Emergent computer goofs Letters Our story analyzing why technology let the FBI down - Emergent cheese-sandwich detector enlisted in War on Terror - with catastrophic results, drew an impressive mailbag. If you recall, the Spanish authorities found a fingerprinted bag full of explosives a week before the Madrid bombings, and the FBI was convinced it had their Man. They had the wrong man - but a combination of faith in their"social software" and poor quality digital fingerprint led them to the wrong conclusion. http://www.theregister.co.uk/2004/06/05/emergent_fbi_letters/ - - - - - - - - - - Think before you text A few hours after NBA star Kobe Bryant had sex with a Vail-area hotel worker last summer, the woman exchanged cell phone text messages with a former boyfriend and someone else. What's in those messages could help determine whether the sex was consensual or whether Bryant is guilty of rape as charged. The judge himself said the content may be "highly relevant" to the case. http://www.cnn.com/2004/TECH/ptech/06/07/text.messaging.records.ap/index.html http://www.usatoday.com/tech/news/techpolicy/2004-06-07-bryant-text-msgs_x.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.