NewsBits for July 7, 2004 ************************************************************ Hooked on Phonics fined by FTC The makers of the popular reading education program Hooked on Phonics were fined Wednesday by the Federal Trade Commission for sharing private consumer information -- including information about children -- with outside marketing firms, despite promises made in its privacy policy. http://www.msnbc.msn.com/id/5386195 http://computerworld.com/securitytopics/security/privacy/story/0,10801,94369,00.html - - - - - - - - - - Scotland Yard and the case of the rent-a-zombies Vast networks of home computers are being rented out without their owners' knowledge to spammers, fraudsters and digital saboteurs, security experts said on Wednesday. The terminals have been infected by a computer virus, turning them into "zombies"-- slaves to the commands of a malicious and unseen controller. Connect them all up, and the result is a powerful network of zombie PCs that security experts call a "botnet." http://zdnet.com.com/2100-1105_2-5260154.html - - - - - - - - - - Dutch slap cuffs on race-hate rappers The Centre of Information and Documentation on Israel (CIDI) yesterday lodged a police complaint against the makers of a song that uses racist language against Jews, homosexuals and Amsterdam soccer team Ajax. The song, recorded by supporters of the Rotterdam football team Feyenoord under the name of Sluipschutters (Snipers), was released through the peer-to-peer file sharing service Kazaa. http://www.theregister.co.uk/2004/07/07/race_hate_rappers/ - - - - - - - - - - You've Got Mail (and Court Says Others Can Read It) When everything is working right, an e-mail message appears to zip instantaneously from the sender to the recipient's inbox. But in reality, most messages make several momentary stops as they are processed by various computers en route to their destination. Those short stops may make no difference to the users, but they make an enormous difference to the privacy that e-mail is accorded under federal law. http://www.nytimes.com/2004/07/06/technology/06net.html - - - - - - - - - - Congress mulls new Net phone rules Two key members of Congress announced legislation Tuesday that could create a sweeping federal regulatory framework for Internet phone calls. Reps. Rick Boucher, D-Va., and Cliff Stearns, R-Fla., assert that the Federal Communications Commission-- not state governments or regulators--should oversee rules regarding phone calls made over the Internet. Their bill would beat back attempts by regulators in states such as New York, California and Minnesota to extend their jurisdiction to the fledgling technology known as voice over Internet Protocol, or VoIP. http://news.com.com/2100-7352-5258191.html - - - - - - - - - - Court refuses to lift California e-voting restrictions The California Secretary of State and proponents of paper audit trails for voting machines garnered a judicial win Tuesday when a U.S. District Court judge refused to strike down the state's decertification of e-voting systems in 14 counties. The ruling freezes a bid by four California counties and the American Association of People with Disabilities to avoid having to find alternatives to their electronic voting systems come the November presidential elections. http://news.com.com/Court+refuses+to+lift+California+e-voting+restrictions/2100-1028_3-5260214.html http://computerworld.com/governmenttopics/government/legalissues/story/0,10801,94372,00.html Lots of questions, few clear answers on e-voting http://www.gcn.com/vol1_no1/daily-updates/26515-1.html E-voting security: looking good on paper? http://www.theregister.co.uk/2004/07/07/e_voting_security/ - - - - - - - - - - Great Britain: A new law on cybercrime is being elaborated The threats facing Britain's Internet-enabled companies and consumers are so great that new laws are needed to fight the problem, and fix the mistakes made by the government in its previous attempts to combat spam. That was the message from the Communications Management Association (CMA) on Monday, as it kicked off a debate into Broadband Britain at the Enterprise Networks show. http://www.crime-research.org/news/07.07.2004/474/ - - - - - - - - - - Old-school worm loves Windows applications The latest Lovgate worm variant can destroy access to hundreds of Windows applications as it spreads. The latest variant of the Lovgate worm scans PCs for executable files and then renames them, a tactic used by viruses from a much older generation, according to antivirus companies. http://news.zdnet.co.uk/internet/security/0,39020375,39159870,00.htm - - - - - - - - - - Password-stealing Trojan cut off at source A malicious program that tried to steal banking passwords has been stopped, says Symantec. An attempt to pinch user information from banking sites using a malicious pop-up program has been nipped in the bud, says Symantec. Last week, security experts uncovered a Trojan horse -- dubbed PWSteal.Refest by the security software maker -- which installs itself through a pop-up advertisement when users logged onto the Web sites of any one of nearly 50 targeted banks. http://news.zdnet.co.uk/internet/security/0,39020375,39159780,00.htm - - - - - - - - - - Lax data security seen at many Japanese companies A Japanese government report published yesterday says at least 40% of companies surveyed are taking no special measures to ensure the privacy and security of personal data stored on computers. Results of the survey were included in the government's annual White Paper on Information and Communications in Japan, which was published by the Ministry of Public Management, Home Affairs, Posts and Telecommunications (MPHPT). It comes after several incidents in the last year in which personal information on customers, sometimes numbering into the millions of people, has beenleaked or stolen from Japanese companies. http://computerworld.com/securitytopics/security/story/0,10801,94368,00.html - - - - - - - - - - 36 percent of software worldwide pirated, trade group says O&O Software, with only 28 employees, has built a $3 million-a-year business developing award- winning utilities for personal computers. How much bigger it might be without the plague of software piracy is impossible to say, but it's clear sales are being lost. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9097724.htm Software piracy losses double http://zdnet.com.com/2100-1104_2-5259395.html http://www.cnn.com/2004/TECH/biztech/07/07/software.piracy.reut/index.html http://www.newsfactor.com/story.xhtml?story_title=Software-Piracy-Soars&story_id=25750 UK firms 'forget' to pay PS1bn for software http://news.zdnet.co.uk/business/legal/0,39020651,39159797,00.htm http://www.vnunet.com/news/1156500 Software pirates cost $9.7bn in Europe - BSA http://www.theregister.co.uk/2004/07/07/bsa_software_piracy_study/ - - - - - - - - - - VoIP hacks gut Caller I.D. Implementation quirks in Voice over IP are making it easy for hackers to spoof Caller I.D., and to unmask blocked numbers. Caller I.D. isn't what it used to be. Hackers have discovered that the handy feature that tells you who's calling before you answer the phone is easily manipulated through weaknesses in Voice over IP (VoIP) programs and networks. They can make their phone calls appear to be from any number they want, and even pierce the veil of Caller I.D. blocking to unmask an anonymous phoner's unlisted number. http://www.securityfocus.com/news/9061 - - - - - - - - - - Two more from NIST Two new publications from the National Institute of Standards and Technology provide technical help for government agencies and businesses that are required to protect information systems. One publication offers a starting point for organizations to understand basic information security principles. The other gives technical tips for setting up electronic authentication using guidelines issued by Office of Management and Budget officials. http://www.fcw.com/fcw/articles/2004/0705/web-nist-07-07-04.asp - - - - - - - - - - PC: Hey, your mobile's being stolen! Researchers at Leeds University are developing technology that will allow Bluetooth devices to keep tabs on - and potentially protect - each other. Bluetooth, the short-range personal area networking technology, may have found a new application as a guard dog for notebooks and smartphones. http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,39159785,00.htm - - - - - - - - - - Another day, another IE flaw... Yet another vulnerability has been unearthed in Microsoft's Internet Explorer - the company is working on a 'series of updates', it says. A computer science researcher has highlighted the shortcomings of Microsoft's latest patch for its Internet Explorer browser by identifying another way that online vandals could run malicious programs on a Web surfer's computer. http://news.zdnet.co.uk/0,39020330,39159868,00.htm Microsoft, biometrics firm to tackle homeland security http://zdnet.com.com/2100-1105_2-5259889.html - - - - - - - - - - Multi-Layer Intrusion Detection Systems A business critical system has been breached by attackers. Responding to the event, you grab your gear and head down to where the system is. En route a red faced executive seemingly about to explode brushes past you in a hurry, suddenly turning around upon realization that you are the specialist responding to the very incident which has him on the brink. Already knowing the words about to come out of his mouth, the man begins to spout, "We need this system back up immediately!! http://www.securityfocus.com/infocus/1788 - - - - - - - - - - Attention, Shoppers: You Can Now Speed Straight Through Checkout Lines! Radio-frequency chips are retail nirvana. They're the end of privacy. They're the mark of the beast. Inside the tag-and-track supermarket of the future. I'm in a supermarket called the Extra Future Store in Rheinberg, Germany, 40 kilometers north of Dusseldorf, jonesing for a bit of Philadelphia cream cheese. I feed my request into the touchscreen console on my shopping cart, and up pops a map showing the optimal path to the dairy section. I steer over and grab a box - regular in name but far smarter than the average cream cheese. The package carries a computer chip that talks to a 2-millimeter-thin pad lining the shelf under the box. When I pick up the cheese, sensors in the pad notify the store's database that the box has been removed. http://www.wired.com/wired/archive/12.07/shoppers.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.