NewsBits for June 10, 2004 ************************************************************ Suspected 'Half-Life' code thieves arrested Game developer Valve Software announced on Thursday that law enforcement authorities have arrested several suspects for allegedly stealing source code for the highly anticipated game "Half-Life 2." Valve CEO Gabe Newell said in a statement that arrests were made in several countries. He credited customers with helping identify the suspects. http://news.com.com/Suspected+%27Half-Life%27+code+thieves+arrested/2100-7355_3-5230761.html http://www.newsfactor.com/story.xhtml?story_title=FBI-Makes-Arrests-in-Half-Life---Theft&story_id=24843 - - - - - - - - - - Woman gets 10 months' jail, $207,460 penalty for GST fraud A 33-year-old woman has been sentenced to 10 months' jail for trying to evade the Goods and Services Tax in Singapore's first GST fraud conviction. Magdalene Chua also has to pay the taxman more than $400,000. She has already repaid almost $215,000 in evaded taxes. But she also has to pay a penalty of $207,460 - three times the amount evaded on the 11 charges she pleaded guilty to. The taxman found the evidence to prosecute Chua after some slick computer forensics. http://www.channelnewsasia.com/stories/singaporelocalnews/view/89384/1/.html - - - - - - - - - - UCLA says stolen computer puts 145,000 at risk of ID theft A stolen laptop computer put 145,000 UCLA blood donors at risk of identity theft because it contained their Social Security numbers, birthdates and other personal information. The UCLA Blood and Platelet Center sent a June 5 letter notifying donors about the November theft of a computer from a locked van. The letter, required by state law, was sent to everyone who gave blood over the last 15 years. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8890294.htm http://news.com.com/UCLA+laptop+theft+exposes+ID+info/2100-1029_3-5230662.html - - - - - - - - - - Woman hacks North Bay Health Care Group According to Computer Crime and Intellectual Property Section, Criminal Division, United States Department of Justice (CCIPS, www.cybercrime.gov), May 27, 2004, United States Attorney McGregor W. Scott announced that Jessica Quitugua Sabathisa, 31, of Vallejo, California was charged with ten counts of fraudulently using her computer to embezzle more than $875,035 from North Bay Health Care Group ("North Bay"). North Bay is a not-for-profit organization which operates hospitals and clinics in Vacaville and Fairfield, California. http://www.crime-research.org/news/10.06.2004/419/ - - - - - - - - - - Subway Attack E-Mail Is Phony, Police Say New York police said there was no truth to an e-mail being circulated that the city's subway system would be attacked Friday. "The police department has received no credible threat information concerning a widely circulated e-mail message that discusses a purported subway attack allegedly planned for Friday, June 11th," Deputy Commissioner Paul Browne said in a statement. (LA Times article, free registration required) http://www.latimes.com/technology/la-na-briefs10.5jun10,1,2315633.story - - - - - - - - - - Witness in trial held on sex charges On the day he was prepared to testify in Redwood City against a former lover in a quadruple murder trial, a Sherman Oaks man was arrested in downtown San Jose on suspicion of trying to solicit sex with an undercover police officer posing as a boy. Howard Gaass, 57, had arrived in the Bay Area on Tuesday as a San Mateo County prosecutor's final witness against Alfredo Valenzuela, a Los Angeles man charged with the 2002 execution- style slayings of four people in a San Bruno apartment. http://www.mercurynews.com/mld/mercurynews/news/local/8887390.htm - - - - - - - - - - Cybercrime getting the attention of DHS Cybercrime is emerging as the leading IT threat, public and private-sector security experts said Thursday at a summit hosted by SecurE-Biz.net in Washington. At the moment, that is the area of greatest interest, said Amit Yoran, head of the Homeland Security Departments cyber security directorate. Crime now ranks above the threat of cyberterrorism on the DHS radar screen. Market forces are seen as the driving force behind this development, and DHS also is relying largely on market forces to combat it. http://www.gcn.com/vol1_no1/daily-updates/26173-1.html Homeland Security has no plans to update cybersecurity strategy The time for reviewing the federal cybersecurity strategy has not come yet despite flaws that need to be addressed, a top official said Thursday. "There is no effort to update" the strategy issued by the White House early in 2003, said Amit Yoran, director of the Homeland Security Department cyber- security division. The strategy was identified as a "snapshot in time," he said. http://www.govexec.com/dailyfed/0604/061004tdpm1.htm - - - - - - - - - - Shortage of computer security experts hampers agencies Bush administration officials and information technology industry experts on Thursday identified areas of cybersecurity that need to be addressed, including more research and development and the training of the next generation of cyber experts in government. "There is an incredibly shrinking pool of IT security professionals in government," said Jack Johnson, chief security officer at the Homeland Security Department. "The bench is not just thin; the bench is non-existent," he added in a sports reference to backup players. "We need to train the next generation" of IT professionals. http://www.govexec.com/dailyfed/0604/061004tdpm2.htm - - - - - - - - - - IE flaws open back door to adware An adware purveyor has apparently used two previously unknown security flaws in Microsoft's Internet Explorer browser to install a toolbar on victims' computers that triggers pop-up ads, researchers said this week. One flaw lets an attacker run a program on a victim's machine, while the other enables malicious code to "cross zones," or run with privileges higher than normal. Together, the two issues allow for the creation of a Web site that, when visited by victims, can upload and install programs to the victim's computer, according to two analyses of the security holes. http://news.zdnet.co.uk/software/applications/0,39020384,39157297,00.htm - - - - - - - - - - Another 'critical' flaw, this time from Oracle Database software maker Oracle warned customers using the most recent version of its e-commerce program of a flaw that puts their systems at risk. In a terse but strongly worded advisory released to customers last week, Oracle said a software flaw in its Oracle 11i E-Business Suite and its Oracle Applications 11.0 could let an attacker take control of the database that powers the programs. "Risk of exposure is high, as any user with browser access and specialized knowledge can exploit" the flaw, Oracle said in the advisory. The company would not provide details. http://news.com.com/Another+%27critical%27+flaw%2C+this+time+from+Oracle/2100-1002_3-5230606.html - - - - - - - - - - Open-source code maintainer filled with flaws Security researchers have found at least six more flaws in the open-software world's most popular program for maintaining code under development. According to a representative of the project that oversees the program, known as the Concurrent Versions System, the vulnerabilities include a flaw that could let an attacker take control of a CVS server from the Internet, putting the code repository's contents at risk. The flaws were discovered as part of an analysis of the program's code following the announcement last month of a similar set of issues. http://news.zdnet.co.uk/software/developer/0,39020387,39157299,00.htm - - - - - - - - - - Mobile porn is a 'time bomb' European mobile phone firms must act to ensure that adult content reaches only adults, a research company warns. Mobile operators face a backlash over adult content if they are unable to balance lucrative revenues with legitimate parental anxieties, according to a report from research company Current Analysis. The warning comes as visual advances in mobile handset technology have led to the widespread introduction of mobile devices capable of taking pictures, videos and watching short video clips and films. http://www.theregister.co.uk/2004/06/10/mobile_adult_content/ - - - - - - - - - - PC Users Play 'Dodge the Hacker' Using a personal computer these days is like playing virtual dodgeball, but with spam and hacker attacks subbing in for the big red ball. Microsoft's Windows operating system continues to be the prime hacking target, especially since it powers more than 90 percent of the world's PCs and is rife with security holes. http://www.washingtonpost.com/wp-dyn/articles/A30871-2004Jun10.html - - - - - - - - - - Report: Computer intrusion losses waning Computer intrusions are on the decline for the third year in a row, at least among respondents to an annual survey conducted by the Computer Security Institute (CSI) and the FBI's computer crime squad. Nearly 500 computer security professionals in U.S. corporations, government agencies, financial institutions, medical institutions and universities responded to the 2004 survey, with 53 percent reporting that their organization experienced unauthorized use of computer systems during the prior 12 months -- down from 56 percent in 2003. http://www.securityfocus.com/news/8883 - - - - - - - - - - Who's Getting Rich on Computer Viruses? "If you're that good of a programmer, you have a bright future ahead, but it's not in writing viruses," said David Perry of Trend Micro. "We need to continue to pursue and apprehend and punish virus writers, and put out the message this is not acceptable behavior." Computer viruses cost businesses and consumers around the world billions of dollars each year. So who -- if anyone -- is profiting from viruses? And if no one is profiting, what is the motivation behind virus creation? The answers are not completely clear. http://www.newsfactor.com/story.xhtml?story_title=Who_s_Getting_Rich_on_Computer_Viruses_&story_id=24513 - - - - - - - - - - Inside the insider threat Six years ago, I warned the U.S. Senate that it was possible to "take down the Internet in 30 minutes." There are still critical weaknesses in central points of the public network. Although more distributed now, remote points can still be harnessed to cause disruption and confusion in ways similar to distributed denial-of- service attacks (DDoS). These methods refer to a threat model embodied by the collective Internet. http://computerworld.com/securitytopics/security/story/0,,93757,00.html - - - - - - - - - - Zombie Machines, Port Blocking, Confusion And Large Bills With the incredible rise of zombie machines that spew spam messages constantly, it looks like different ISPs continue to take very different approaches to dealing with the problem. As expected, Comcast has now started selectively blocking port 25 on accounts from that appear to be compromised. However, others are taking more extreme approaches. Over in the UK, NTL has apparently decided to just start blocking a variety of ports on all their customers without warning. http://techdirt.com/articles/20040610/0650221.shtml - - - - - - - - - - Intelligence sharing is a daunting task, DHS finds The Homeland Security Department is facing a daunting task in deploying the Homeland Security Data Network, said chief security officer Jack Johnson. HSDN is supposed to be at a level of security matching the Defense Departments Secure IP Router Network by the end of the year, and will be used for disseminating classified intelligence throughout the department and to other agencies. http://www.gcn.com/vol1_no1/daily-updates/26174-1.html - - - - - - - - - - 24-hour surveillance cameras planned for Baltimore Authorities in the Baltimore region are trying to build a network of around-the-clock surveillance cameras to target crimes from terrorism to drug dealing, the state's homeland security chief said. ``We're at war,'' said Dennis R. Schrader, director of homeland security for Gov. Robert Ehrlich. Dozens of surveillance cameras are already in place to deter crime throughout downtown Baltimore, but those images are generally taped and reviewed only occasionally. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8890312.htm - - - - - - - - - - Web Site Shows Photos Of Prostitutes' Alleged Customers The Dallas Police Department this week began posting on its Web site the pictures of so-called "Johns" arrested for soliciting prostitution. Names, birth dates and hometowns of the alleged offenders are also listed. Dallas follows other cities such as Denver, St. Paul, Minn., and Raleigh, N.C., that use similar strategies for combatting the nagging problem of prostitution. http://www.wnbc.com/technology/3402980/detail.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.