NewsBits for September 3, 2004 ************************************************************ Hard drive with 23,000 Social Security numbers disappears The disappearance of a laptop hard drive in the California State University (CSU) system hastriggered a year-old state law requiring anyone whose personal information might have been stolen to be notified. The hard drive, which contained names, addresses and Social Security numbers for some 23,000 students, faculty members and employees at seven CSU campuses, is believed to have been accidentally thrown away after it was replaced by an IT technician, said Clara Potes-Fellow, a spokeswoman for the university's chancellor's office. http://computerworld.com/securitytopics/security/story/0,10801,95690,00.html http://www.msnbc.msn.com/id/5905423/ http://www.latimes.com/technology/la-fi-rup3.7sep03,1,4982970.story Old PCs are goldmine for data thieves http://www.theregister.co.uk/2004/09/03/old_pcs_not_wiped/ - - - - - - - - - - Green Beret's Suicide Follows Child-Sex Charge Arrest A Fort Carson soldier who killed himself last week had been arrested in an Internet sting after allegedly trying to arrange sex with a teen-age girl, authorities said. Sgt. 1st Class Andre Ventura McDaniel, 40, whose body was found in a field Saturday, shot himself in the head with a .380-caliber handgun, the El Paso County coroner's office said. McDaniel had been arrested Aug. 20 in Canon City after allegedly arranging to have sex with an undercover officer posing online as a 13-year-old girl. http://www.thedenverchannel.com/news/3705343/detail.html - - - - - - - - - - LAPD nabs pirates, 12,000 counterfeit DVDs A warning to DVD pirates: make sure your vehicle and driver registration details are up to date and accurate. The Motion Picture Ass. of America (MPAA) and the Los Angeles police this week busted a major counterfeiting operation after traffic cops were given false driver ID information. http://www.theregister.co.uk/2004/09/03/lapd_dvd_pirate_arrest/ - - - - - - - - - - Feds try again for wiretapping conviction The U.S. Department of Justice has asked a full appeals court to review a controversial ruling saying an e-mail provider did not violate federal wiretapping laws by allegedly reading messages meant for customers. In an unusual twist, civil liberties groups are joining the government's request to the full 1st Circuit Court of Appeals to revisit a three-judge panel's decision in June that cleared Bradford Councilman, formerly vice president of online bookseller Interloc, of federal wiretapping charges. http://zdnet.com.com/2100-1105_2-5347251.html - - - - - - - - - - Lawmakers to vote on spyware, piracy bills A House of Representatives committee said on Friday that it has scheduled a vote on bills related to spyware and piracy next week. The Judiciary committee plans to meet Wednesday to consider the Internet Spyware Prevention Act (ISPA) and the Piracy Deterrence and Education Act (PDEA). http://zdnet.com.com/2110-1104_2-5347508.html File-swapping legal fight gathers ste http://news.zdnet.co.uk/business/legal/0,39020651,39165421,00.htm - - - - - - - - - - Despite threats, electronic disruptions minimal at convention The electronic disruptions threatened during the Republican National Convention were minimal at most, the convention's infotech head said Friday. One speaker at this summer's Defcon hackers conference advocated disrupting this week's convention, and at least one group had released tools online to mount so-called denial- of-service attacks aimed at overwhelming Republican Websites, including the convention's. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9576688.htm - - - - - - - - - - Porn dialler fraudsters find lucrative loophole German site Dialerschutz (Dialler Protection) is warning internet users about a new scam from Spain that is likely to spread to other European countries. In the past dialler vendors would secretly install trojans on users' PCs that dialled out to expensive (foreign) numbers and racked up punters' phone bills. In Germany and many other European countries, that's no longer allowed. German dialler services currently have to register with German regulatory authorities and commit to operating clean services. If customers have no knowledge of the services they use, they cant be forced to pay. http://www.theregister.co.uk/2004/09/03/spain_rogue_diallers/ - - - - - - - - - - Microsoft: Spyware could bungle SP2 update Though Microsoft's new security update package is all about protecting systems from worms, viruses and spyware, it can't do much about what's already on computers and that could pose a problem. The company is warning users of the Windows XP operating system to check for spyware before downloading the free security update, called Service Pack 2. http://www.usatoday.com/tech/news/computersecurity/2004-09-02-sp2-vs-spyware_x.htm http://www.msnbc.msn.com/id/5899742/ SP2 vs. the plug-ins http://zdnet.com.com/2100-1104_2-5345881.html - - - - - - - - - - EU data mining hacks available for U.S. A U.K. university spinoff company is offering a set of algorithms developed by the European Union that might help U.S. agencies data mine more accurately. numerical Algorithms Group of London (http://www.nag.com) has released Version 2.0 of its Data Mining and Cleaning Components software package. This version makes use of results from a $4.6 million, three-year EU research project called Euredit. http://www.gcn.com/vol1_no1/daily-updates/27146-1.html - - - - - - - - - - Spammers embrace email authentication Spammers have adopted a new standard for email authentication much faster than legitimate emailers, according to a study from security appliance firm CipherTrust published this week. More spam than legitimate email is currently sent using Sender Policy Framework, a recently introduced email authentication protocol. According to CipherTrusts research, 34 per cent more spam is passing SPF checks than legitimate email because spammers are actively registering their SPF records. http://www.theregister.co.uk/2004/09/03/email_authentication_spam/ - - - - - - - - - - First Wi-Fi products get security certificate The Wi-Fi Alliance got its next certification programme off to a flying start, issuing WPA2 badges to a bunch of products that comply with the 802.11i security specification. The Alliance is readying other programmes for quality of service and the 802.11n fast Wi-Fi standard due next year. http://www.computerweekly.com/articles/article.asp?liArticleID=133104 - - - - - - - - - - Linux developers insist on high level security Nine of ten companies developing Linux claim that their systems have never been infected by a virus, while four of five companies assert that their systems haven't ever been down due to hacking. A Summer 2004 Survey conducted by analytic firm Evans Data, that totalled 500 Linux developers of the USA, showed that generally 22% of Linux- based system were hacked. Therein, almost a quarter of cases (23%) involved unauthorized intrusion initiated by companies' employees, i.e. people having available accounts allowing to log in corporate Linux servers. http://www.crime-research.org/news/03.09.2004/605/ - - - - - - - - - - 'Layering' new biometrics buzzword The latest biometrics buzz is all about layering. Biometric authenticators such as fingerprints can be combined with smart cards, passwords, other biometrics and more. http://www.usatoday.com/tech/news/2004-09-03-biometrics-layering_x.htm - - - - - - - - - - Prevx releases free intrusion prevention software Security developer Prevx today released a free version of its host-based intrusion prevention software with the aim of offering consumers protection from new, unknown or zero-day threats. Prevx Home is designed to close the security gap that exists between when a fast spreading internet worm is released and when updated signatures from AV vendors become available. http://www.theregister.co.uk/2004/09/03/prevx_home/ - - - - - - - - - - Some in tech industry critical of Bush's cybersecurity efforts The issue of cybersecurity has not reached a satisfactory level of prominence in the Bush administration for some observers in the technology industry, and an elevation of the issue before the November presidential election is not likely, sources say. http://www.govexec.com/dailyfed/0904/090304td1.htm - - - - - - - - - - CIO Council releases info-sharing guide Federal managers received new policy guidelines this week to help them minimize risks when sharing sensitive information online. The guidelines, issued by the federal Chief Information Officers Council, are supposed to help federal decision-makers balance the often-conflicting demands to guarantee information security and privacy and against demands to carry out their agencies' missions. http://www.fcw.com/fcw/articles/2004/0830/web-fea-09-03-04.asp FEA security, privacy profile issued http://www.gcn.com/vol1_no1/daily-updates/27147-1.html - - - - - - - - - - Simple and Secure isn't so Simple Simple to code does not always mean simple for the user. And simple for the user is often not easy to code. I originally wanted to write a column about how the KISS principle should really be Keep It Simple and Secure and why I thought BSD and Linux had it right. The general consensus in the security world is that, all else being equal, simpler software equates to secure software. I have come to the conclusion that that this is a rather trivial *cough* oversimplification of the problem. http://www.securityfocus.com/columnists/264 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.