NewsBits for June 21, 2004 ************************************************************ Police nabs a scammer Officers of the Security Service of Ukraine (the SSU) detained a scammer for allegedly squeezing money out of employees of Ukrainian banks. It was a resident of Crimea, Ukraine. According to the press service of the SSU, the scammer arrived in Kiev and phoned to offices of "Prominvestbank", "Aval" and "Privatbank" banks of Kiev and stated that he supposedly possessed confidential information on credit card accounts of their clients. http://www.crime-research.org/news/19.06.2004/437/ - - - - - - - - - - Syrian surfer jailed A Syrian who downloaded and distributed material from a website banned by Syrian authorities has been jailed for two-and-a-half years. Abdel Rahman al-Shaghouri, 32, who had been held since his arrest in February 2003 apparently without access to family or legal representation, was convicted of "publishing false news that saps the morale of the nation". The Human Rights Association of Syria has called for Shaghouri's immediate release and condemned his imprisonment as "a dangerous precedent against Internet users and another step back". Amnesty International agrees - and is highlighting the cases of four other men held on similar charges. http://www.theregister.co.uk/2004/06/21/syrian_surfer_jailed/ - - - - - - - - - - Nation's first spyware laws to go before Parliament A bill outlawing spyware is likely to go before Parliament as soon as September. The Australian Democrats is drafting the proposed bill, under which harvesting without consent corporate or personal information via a Web site or with software applications for marketing purposes will be classified as spyware. http://www.computerworld.com.au/index.php/id;187186972;fp;16;fpid;0 - - - - - - - - - - Akamai Attack Reveals Increased Sophistication An attack last week against Akamai Technologies Inc. demonstrated the disruption of key Web site activity that a well-placed assault on the Internet's Domain Name System can cause. The incident also revealed a troubling capability on the part of hackers to target core Internet infrastructure technologies, security experts said. http://computerworld.com/securitytopics/security/story/0,10801,93977,00.html - - - - - - - - - - IM Worms Could Spread In Seconds Enterprises whose workers use one of the free public instant messaging networks -- the likes of America Online's, Yahoo's, or Microsoft's -- risk malicious attacks that could make the quick-spreading Sasser worm look like a worn-out snail, said a security analyst Friday. "In instant messaging, we have a lot of the same security issues as in e-mail and networks," said Eric Chien, a senior researcher with Symantec's security response team. http://www.internetweek.com/breakingNews/showArticle.jhtml%3Bjsessionid=YKE02ZGNN21GKQSNDBCSKHY?articleID=22101033 - - - - - - - - - - Outlook's security compromised by spammers Spammers who send pornographic pictures in the hope of enticing the recipient to signing up to an adult Web site have discovered a way to bypass Outlook 2003's security features, which are designed to stop potentially offensive content being automatically displayed in the preview window. http://news.zdnet.co.uk/internet/0,39020369,39158241,00.htm - - - - - - - - - - Studios, movie theaters offer rewards to thwart piracy Film studios and movie theaters are joining forces to offer rewards of up to $500 to theater employees who nab people using camcorders to record films. The rewards program is the latest in a series of efforts to stem camcording piracy, which the Motion Picture Association of America estimates costs the industry billions of dollars each year. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8977408.htm - - - - - - - - - - Phishing spreading Phishing is a dangerous kind of internet-fraud, theft of personal data, credit card numbers, passwords, etc. Even illegal operations using PIN codes, as a rule, are eligible and the blame lays on the card owner; that makes this kind of scam the most dangerous. According to Gartner Group, about 57 million of Americans received a "phishing" attack e-mail within the past year, and half of those who responded became victims of identity theft. http://www.crime-research.org/news/21.06.2004/440/ - - - - - - - - - - Workers get into email trouble UK employers are more likely to discipline staff for abusing email than for inappropriate Internet use. A survey from the Chartered Institute of Personnel and Development reveals that nearly half of all respondents have disciplined staff for excessive use of email and a quarter have disciplined staff for inappropriate email attachments. But overall, bosses seem more relaxed about staff using technology and more likely to have a quiet word rather than take formal disciplinary action. http://www.theregister.co.uk/2004/06/21/email_trouble/ - - - - - - - - - - Feds face numerous encryption schemes for securing e-mail Government agencies face a communications dilemma. On one hand, officials are asked to share more information with other agencies, businesses and citizens. On the other, they are under pressure to boost data protection. E-mail, the ubiquitous communication backbone, lies at the center of this quandary. Applications ranging from emergency response to e-government depend on e-mail. But e-mail's universality and openness, typically considered strengths, can be security weaknesses. http://www.usatoday.com/tech/news/2004-06-21-feds-secure-email_x.htm - - - - - - - - - - Fraud Sniffers Companies are starting to use data analytics to detect suspicious transactions. Many companies use business intelligence tools to analyze sales and identify customer buying patterns. But some companies also mine transaction data to detect fraud. Banks, government agencies and large companies have plenty of financial data to sift -- such as checking accounts, purchase orders and sales receipts, most of which record legitimate transactions. But to find that 1% or so that aren't squeaky-clean would frustrate even Sherlock Holmes if the data had to be sorted and matched by hand. http://computerworld.com/databasetopics/businessintelligence/story/0,10801,93892,00.html - - - - - - - - - - New gadgets take on 'Starbucks' security threat The growth in popularity of both wireless technology and mobile computing has created a potent new threat for network administrators: unauthorized intrusions onto their networks by hackers and viruses that take advantage of loosely secured laptop PCs and public computer kiosks. http://computerworld.com/securitytopics/security/story/0,10801,94003,00.html http://www.infoworld.com/article/04/06/21/HNewstarbucksthreat_1.html - - - - - - - - - - IBM offers anti-spam, anti-virus service International Business Machines Corp. said on Friday it is offering a service aimed at reducing e-mail viruses and spam for corporations, putting it in further competition with Microsoft Corp. Armonk, New York-based IBM said the service aims to cut down the amount of time employees spend filtering out e-mails and spam and decrease the volume of e-mail in a companys system. http://www.msnbc.msn.com/id/5240112/ - - - - - - - - - - China pushes self-censorship for Net firms The Chinese government is calling on Internet service providers to sign a ``self-discipline pact'' meant to stop the spread of information that could harm national security as defined by Beijing. The country already requires Internet firms to police their online content and weed out any criticism of the central government. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8975982.htm - - - - - - - - - - Securing Apache 2: Step-by-Step When choosing a web server, Apache very often wins against its competitors because of stability, performance, that fact that it's open source, and many other advantages. But when deciding on which version of Apache to use, the choice is not always so simple. On the one hand there is a very popular, stable version used by millions of users, version 1.3, and on the other hand, there is an enhanced and re-designed version 2.0. http://www.securityfocus.com/infocus/1786 - - - - - - - - - - Who's crashing your favorite Web sites? Surprised? I am, too. But this may be bittersweet news. Speaking at last week's CSI/NetSec 2004 conference in San Francisco, Robert Richardson, editorial director for CSI, suggested that the shift from outright theft to disruption is, relatively speaking, a good thing. If data inside the network isn't being stolen, that shows that corporate security is improving However, as security measures improve, less-sophisticated criminal hackers (crackers ) often turn to easier, but still quite disruptive, practices, including denying visitors service to specific Web sites. http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5140049.html - - - - - - - - - - How do we adjust when cameras are everywhere? Sprint has announced that it will start selling camera-less Treo 600 smart phones from PalmOne, the Milpitas maker of the popular handheld devices. Why? To satisfy customers fearful of corporate espionage inside their businesses. I suppose it's always better to sell what the customer wants. But I have bad news for Sprint's worried customers: This won't help much, because the pace of technology means cameras will soon disappear from view, embedded in clothing and eyeglasses, not just phones. http://www.siliconvalley.com/mld/siliconvalley/8969256.htm - - - - - - - - - - DHS improves foreign student tracking program, according to GAO The Homeland Security Department has taken many effective steps to improve the web-based Student and Exchange Visitor Information System, according to a new General Accounting Office report. The agency has successfully streamlined the process of collecting and recording information on foreign student and exchange visitors, the watchdog agency said in its report (GAO-04-690). http://www.govexec.com/dailyfed/0604/062104e1.htm - - - - - - - - - - Pentagon Seeks U.S. Spy Powers A Pentagon effort to persuade Congress to allow military intelligence agents to work undercover in the United States met with resistance in the House Wednesday when the provision was left out of the highly secretive intelligence funding bill. However, the Senate's version of the Intelligence Authorization Act of 2005 still includes the provision, which exempts Department of Defense intelligence agents from a portion of the Privacy Act, a 30-year-old law that outlaws secret databases on American citizens and green-card holders. http://www.wired.com/news/privacy/0,1848,63917,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.