NewsBits for June 9, 2004 ************************************************************ Suspect in Lucent secrets case is on the lam A former scientist for Lucent Technologies was declared a fugitive on Wednesday, nine months before he was to go to court on charges he stole secrets from his one-time employer. Hai Lin, accused with two others in the case, was last seen by authorities May 25 when a court officer visited his new workplace on Long Island, N.Y., Assistant U.S. Attorney Scott A. Christie said. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8882880.htm - - - - - - - - - - Scottish dealer jailed for chip VAT fraud A Scottish businessman has been sentenced to four years in jail for failing to pay VAT on computer chips he imported from EC countries, sold to UK customers with VAT included and then failed to pass the tax onto the Revenue. Michael George Voudouri, 36, from Bridge of Allan, Stirling evadedPS3m in VAT payments. Trading as Computer Technics (GB) Ltd, Cortek Management and Fairwood Trading Ltd he imported processors from Denmark, Ireland and Luxembourg which were sold to him without VAT in accordance with EC regulations. He then sold the chips on, adding 17.5 per cent VAT, but he never paid the tax. http://www.theregister.co.uk/2004/06/09/vat_fraud_customs/ - - - - - - - - - - Encryption firm says secrets for sale at auction Laptops containing sensitive financial details and all manner of corporate secrets can be snapped up at auctions for a pittance, a security company said Wednesday. Stockholm, Sweden-based Pointsec Mobile Technologies, which sells encryption software and other products designed to protect sensitive information on mobile devices, said it bought 100 laptop computers from a host of Internet and public auctions over the past two months to show how vulnerable data can be. http://zdnet.com.com/2100-1105_2-5229544.html http://news.zdnet.co.uk/hardware/mobile/0,39020360,39157146,00.htm http://www.msnbc.msn.com/id/5173972/ http://money.cnn.com/2004/06/09/technology/personaltech/bc.tech.laptop.reut/index.htm http://www.usatoday.com/tech/news/computersecurity/2004-06-09-laptop-security_x.htm - - - - - - - - - - Drug ring indicted in odd identity theft case Federal authorities said Tuesday they have cracked a twisted case of drug trafficking in the Baltimore- Washington area that reveals how organized crime rings can use identity theft to supplement income from other criminal sources. Among the allegations in the indictment: that dozens of conspirators got their victims hooked on cocaine, crack or heroin, then took out life insurance policies in their names and collected when the victims died. http://www.msnbc.msn.com/id/5166112/ - - - - - - - - - - Web operator's terrorism trial reports partial verdict The jury in the trial of a Saudi graduate student accused of using the Internet to foster terrorism told the judge Wednesday that it had reached verdicts on some counts but was deadlocked on others. The jury announced the impasse on its sixth day of deliberations in the case against Sami Omar Al-Hussayen, a 34-year-old Ph.D. candidate in computer science at the University of Idaho. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8882508.htm - - - - - - - - - - "Bride scam" Russia, a young man Z. registered on acquaintance website using name of his girlfirend, the girl didn't know of it. In order to speed up the process of tempting foreign admirers, he attached a sexy photo of the other woman. Afterwards, having entered into correspondence with US resident, he started to swindle money out of him under the pretence of preparation to get visa and leave for the US. http://www.crime-research.org/news/09.06.2004/412/ - - - - - - - - - - Judge rejects passenger data lawsuits against NWA A Minnesota judge dismissed seven class-action lawsuits brought against Northwest Airlines by passengers whose personal information was provided to NASA for an aviation-security research project. U.S. District Judge Paul Magnuson rejected the plaintiffs' contention that Northwest had violated the Electronic Communications Privacy Act and the Fair Credit Reporting Act, saying attorneys failed to show that passengers were harmed by the data sharing. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8881877.htm http://www.securityfocus.com/news/8867 - - - - - - - - - - Hearing Set in Corona E-Mail Case A Riverside County judge on Tuesday scheduled a July hearing to determine whether two Corona councilmen's personal e-mails about their defunct energy consulting firm prompted the city to drop its bid to take over Southern California Edison facilities. Community activists have urged the city to release the 338 e-mails, saying the messages will prove that Councilmen Darrell Talbert and Jeff Miller had a conflict of interest when they were pushing the city to take over Edison power lines and other facilities, an unsuccessful effort that cost the city $3 million. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-corona9jun09,1,614046.story - - - - - - - - - - Europe 'near agreement' on cybercrime fight European countries are finally close to agreeing a uniform approach to fighting activities such as denial-of-service (DoS) attacks and hacking, after more than a year of disagreement about the issue. Philippe Gerard, director general of the Information Society of the European Commission, said on Monday that member states of the European Union will agree within weeks to bring in common laws to combat cybercrime. http://news.zdnet.co.uk/internet/security/0,39020375,39156968,00.htm Europe to finally outlaw computer crime http://www.crime-research.org/news/09.06.2004/421/ Criminal Legal Description of Computer Crimes: Methods and Practice of Investigation http://www.crime-research.org/articles/416/ - - - - - - - - - - Report: More Spam Violates Law The federal government's highly touted anti-spam law is being widely disregarded by spammers, according to a new study that shows fewer junk e-mailers are complying with the statute's labeling requirements. Only 1 percent of the unsolicited e-mail messages circulating on the Internet in May complied with the federal Can-Spam Act, despite several high-profile cases in which junk e-mailers have been sued, convicted and sentenced to jail, according to the report released by Denver-based anti-spam company MX Logic. http://www.washingtonpost.com/wp-dyn/articles/A29136-2004Jun9.html Firms won't pay extra for spam filters http://www.vnunet.com/news/1155722 - - - - - - - - - - Feinstein opposes passport delay A Democratic senator said she would oppose any extension giving visa-waiver countries more time to embed their passports with biometric identifiers, as U.S. law now requires. At a Senate Judiciary Committee hearing today, Sen. Dianne Feinstein (D-Calif.) also said management of the Visa Waiver Program (VWP) which allows citizens of certain countries to travel to the United States for tourism or business for 90 days or less without obtaining a visa was "sloppy and in great disarray." http://www.fcw.com/fcw/articles/2004/0607/web-feinst-06-09-04.asp http://www.govexec.com/dailyfed/0604/060904cdpm1.htm - - - - - - - - - - ID cards 'alarm' information commissioner The UK's data-protection chief is increasingly worried about how the government intends to operate its national identity card scheme. Information commissioner Richard Thomas is "increasingly alarmed" about the UK Governments proposals for a national identity card, MPs were told on 8 June, 2004. Thomas heavily criticised the proposals covering cards and an identity register at a home affairs select committee hearing. http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,39157149,00.htm - - - - - - - - - - Russian providers fight Hamas Russian hosting provider "Arbatek" stopped to provide web hosting for a number of websites that have a direct relation to Palestinian terrorist organization Hamas, Webplanet informs. Arbatek's specialists took notice of some details that testify about a direct relation of these sources to terrorists. After preliminary consultation with officers of High Tech Crime Unit "K" of the Russian Federation, a joint decision was made to stop hosting of websites having a direct relation to terrorist organization Hamas. http://www.crime-research.org/news/09.06.2004/415/ - - - - - - - - - - Government cyberattack profiles vary from global average Hackers seem to be attracted to government Web servers and file sharing applications, a managed security services provider says. Eight of the top 10 attacks directed against government systems were associated with Web servers or applications, according to a study of cyberattack trends in the last half of 2003 by Symantec Corp. of Cupertino, Calif. http://www.gcn.com/vol1_no1/daily-updates/26161-1.html - - - - - - - - - - Four-fifths of networks bleeding Wi-Fi data The vast majority of global business networks are routinely suffering from large-scale data loss and manipulation as the advent of wireless technology makes them vulnerable to malicious attack by hackers, new research has claimed. http://www.vnunet.com/news/1155700 The Wi-Fi explosion: a virus writer's dream http://www.theregister.co.uk/2004/06/09/wi_fi_virus_writers/ - - - - - - - - - - Police to lurk in chatrooms Police plan to patrol Internet chatrooms as part of a multinational crackdown on paedophile rings. They will also seize the finances of website operators who peddle child pornography and freeze the credit cards of their customers. "We want to create the equivalent of a beat cop for the Internet," said National Crime Squad assistant chief constable Jim Gamble. http://news.zdnet.co.uk/internet/security/0,39020375,39157148,00.htm http://www.cnn.com/2004/TECH/internet/06/09/crime.internet.reut/index.html http://www.theregister.co.uk/2004/06/09/police_chat_rooms/ http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2004/06/10/nweb10.xml http://news.xinhuanet.com/english/2004-06/10/content_1518316.htm Paedophiles face credit card blacklist http://www.theregister.co.uk/2004/06/09/paedo_credit_card_blacklist/ - - - - - - - - - - First "counterstrike software" for Internet hackers gets rocky start The first commercial software to strike back at computer vandals and spammers has run into crossfire from experts, who fear it could unleash "a cyber bloodbath" that could engulf the Internet, New Scientist says. The product, launched in March by Texas security company Symbiot, gives companies an escalating list of options to defend themselves against hackers and other sources of unwanted traffic. http://story.news.yahoo.com/news?tmpl=story&ncid=1209&e=1&u=/afp/20040609/tc_afp/internet_computers&sid=96001015 - - - - - - - - - - Internet Explorer carved up by zero-day hole Two new vulnerabilities have been discovered in Internet Explorer which allow a complete bypass of security and provide system access to a computer, including the installation of files on someone's hard disk without their knowledge, through a single click. Worse, the holes have been discovered from analysis of an existing link on the Internet and a fully functional demonstration of the exploit have been produced and been shown to affect even fully patched versions of Explorer. http://www.computerworld.com.au/index.php?id=117316298&eid=-255 Microsoft Warns Flaw Could Shut Games Microsoft Corp. says a flaw in its Windows operating system software could allow hackers to shut down online video games. A flaw in most versions of the Windows operating system would let a hacker shut down video games that are based on Microsoft's DirectPlay technology. The flaw doesn't affect Microsoft's Xbox game console. http://news.zdnet.co.uk/0,39020330,39157137,00.htm http://www.latimes.com/technology/la-fi-rup9.8jun09,1,1767123.story Microsoft game for plugging two security flaws http://software.silicon.com/security/0,39024655,39121201,00.htm http://news.zdnet.co.uk/internet/security/0,39020375,39157136,00.htm http://www.theregister.co.uk/2004/06/09/ms_june_patch_batch/ IE flaws used to spread pop-up toolbar http://zdnet.com.com/2100-1105-5229707.html Apple security patch problems fixed http://www.theregister.co.uk/2004/06/09/apple_security/ - - - - - - - - - - Cisco flaw resets network hardware A flaw in the operating system for Cisco Systems' Catalyst switches could be used to shut down and reset the hardware, the network device maker said in an advisory released Wednesday. The flaw affects the way the CatOS handles Telnet, HTTP (Hypertext Transfer Protocol), and SSH (secure shell) sessions, the advisory said. http://news.com.com/Cisco+flaw+resets+network+hardware/2110-1033_3-5229901.html - - - - - - - - - - Security specialist to add Web-filtering tools ServGate, a security software and device specialist, will add Web-filtering tools to its package of IT defense applications next week. The company on Monday said it will begin offering software aimed at helping customers block pop-up ads, inappropriate Web sites and viruses borne by Web browsers. The application will be sold as an add-on module to ServGate's existing products and will cost $895 for 50 users. http://zdnet.com.com/2100-1105-5229489.html - - - - - - - - - - Keeping the courts tech-savvy There's a lesson to learn from Mel Bryson's tenure as head of information technology at the Administrative Office of the U.S. Courts: Not every chief information officer is a technophile. The soft-spoken native of Utah is a budget expert, not a techie. He is not a member of the CIO Council, which represents executive agencies. And Bryson uses the Clinger-Cohen Act and other legislative mandates as helpful hints since they don't apply to the judicial branch. http://www.fcw.com/fcw/articles/2004/0607/mgt-savvy-06-07-04.asp - - - - - - - - - - Beware of keystroke-logging RATs! Robbing a bank used to involve risk of serious physical harm. Now, bandits may develop carpal tunnel syndrome, but that's about it. Without leaving the house, a criminal hacker, or cracker, can create a Trojan horse to clear thousands of dollars in fraudulent bank transactions. Trojan horses are little programs that promise one thing-- say, a smiley face cursor--but do another--for example, record every keystroke you make or every Web site you visit. http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5138146.html - - - - - - - - - - VoIP needs serious security review, say experts Internet Protocol-based voice networks may be the wave of the future, but they will require a whole new approach to security, warned telecoms experts at the VON Europe voice-over IP (VoIP) conference in London on Tuesday. A wide-ranging programme ranged from the nuts and bolts of connecting 3G and IP networks to a look at "disruptive" VoIP systems that could permanently change the way people use telephony. http://www.techworld.com/comms/news/index.cfm?NewsID=1699&Page=1&pagePos=2 - - - - - - - - - - CSO survey: Companies lack plans in case of terrorist attacks A majority of security executives surveyed said their companies don't have plans to cope with an unconventional terrorist attack, even though most believe that a terrorist attack of some kind is likely to occur in the coming months, according to the results of a poll released by CSO magazine today. http://computerworld.com/securitytopics/security/story/0,10801,93741,00.html - - - - - - - - - - Cingular systems open door to fraudulent credit card transactions In an e-mail to me, Priester wrote, "I figured you might like this. Cingular has now implemented a new feature on their site that will allow you to look up basic account information with only a cell number and a zip code." That, by itself, is of course a privacy violation. But it gets worse. Kevin's note went on to say, "Once you find that basic account information, if the account holder has ever paid on Cingular.com http://techupdate.zdnet.com/techupdate/stories/main/Cingular_opens_door_to_fraudulent_credit_card_transactions.html - - - - - - - - - - TCP/IP Skills for Security Analysts (Part 2) In the first part of this article series we covered the skills that a network security analyst should have in order to do their job properly. Now, this second part of the article will put these skills into context by simulating a "day in the life" of a network security analyst. I will give real life examples of why you need the specific skills that I noted earlier. Following this will be a brief discussion on the value of certification, and some of the ones I would suggest. http://www.securityfocus.com/infocus/1784 - - - - - - - - - - Surveillance gets a satellite assist Just after Laci Peterson disappeared in Modesto, Calif., on Christmas Eve 2002, her husband, Scott, assured police that he had nothing to do with it. But police were suspicious. Without Peterson's knowledge, they received court permission to attach global positioning system (GPS) tracking devices to the undersides of three vehicles he was known to drive. The devices, which use cell phone networks and signals from orbiting satellites to pinpoint land locations, indicated that twice in January 2003, Peterson drove to a San Francisco Bay marina near where the bodies of his wife and unborn son washed ashore three months later. http://www.usatoday.com/tech/news/techinnovations/2004-06-09-gps-tracking_x.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.