NewsBits for September 15, 2004 ************************************************************ Five Fired at Los Alamos Lab Five workers have been fired for their roles in a security and safety scandal at Los Alamos National Laboratory, the lab's director said Wednesday. The fired workers were among 23 suspended this summer after two computer disks containing classified information went missing. The discovery July 7 prompted a virtual shutdown of the nuclear lab, idling roughly 12,000 workers. http://www.wired.com/news/privacy/0,1848,64973,00.html - - - - - - - - - - Man admits guilt in vast identity scam A former help-desk worker has pleaded guilty for his role in an identity theft case affecting more than 30,000 people. A former help-desk worker at a New York company that provides credit reports to banks and other lenders pleaded guilty on Tuesday for his role in what federal prosecutors said was the largest identity theft case ever. http://news.zdnet.co.uk/business/legal/0,39020651,39166814,00.htm http://www.theregister.co.uk/2004/09/15/id_theft/ http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,95941,00.html - - - - - - - - - - Two Germans sentenced for software piracy A German software dealer has been convicted of counterfeiting Microsoft Corp. products and sentenced to three years in prison, authorities said Wednesday. The state court in Stuttgart also convicted the man's father of aiding his son and sentenced him to probation and 100 hours of community service. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9671607.htm - - - - - - - - - - Lodi fire captain arrested on rape, child porn charges A Lodi Fire Department captain was arrested early Tuesday morning on suspicion of forcible rape and possessing child pornography, the San Joaquin County Sheriff's Department reported. Michael Tecklenburg, 42, of Lockeford was taken into custody after child pornography was found on his computer, sheriff's spokeswoman Nelida Stone said. The discovery stemmed from another investigation. http://www.trivalleyherald.com/Stories/0,1413,86~10671~2402610,00.html - - - - - - - - - - Sasser creator hangs on conviction Sven Jaschan, the supposed author of the Sasser virus and several variants of the Netsky virus, was charged last week by German police, but the informant who led authorities to the suspect will have to wait for a promised $250,000 (PS140,000) reward, Microsoft officials said on Friday. http://www.crime-research.org/news/15.09.2004/634/ - - - - - - - - - - DHS moves ahead with cybersecurity R&D efforts The Department of Homeland Security is actively planning several new pilot projects that officials hope will help solve one of the most pressing cybersecurity research problems to date: a lack of real-world attack data. "The cybercommunity has suffered for years from the lack of good data for testing," said Douglas Maughan, security program manager at the Homeland Security Advanced Research Projects Agency, which is part of the DHS's Science and Technology Directorate. That's why the DHS is moving ahead rapidly with a new program called Protected Repository for Defense of Infrastructure Against Cyber Threats (Protect), said Maughan, who spoke at an industry conference here sponsored by the U.S. Secret Service. http://www.computerworld.com/securitytopics/security/story/0,10801,95942,00.html - - - - - - - - - - Electronic clearing of checks takes effect next month A law allowing banks to clear checks electronically takes effect next month, designed to speed the process and lower costs for banks using the new arrangement. The ``Check Clearing for the 21st Century Act,'' known as ``Check 21,'' was enacted by Congress in late 2003. It goes into effect on Oct. 28, a year after President Bush signed it into law. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9672907.htm - - - - - - - - - - Don't Mess With Librarians Media Hack Jessamyn West is a 36-year-old librarian living in central Vermont. But she's not your stereotypical bespectacled research maven toiling behind a reference desk and offering expert advice on microfiche. She's a "radical librarian" who has embraced the hacker credo that "information wants to be free." As a result, West and many of her colleagues are on the front lines in battling the USA Patriot Act, which a harried Congress passed a month after 9/11 even though most representatives hadn't even read the 300-page bill. http://www.wired.com/news/privacy/0,1848,64945,00.html - - - - - - - - - - Scammers use Gmail invite as phishing hook Scammers have caught on to the allure of Gmail and are using the Google e-mail service for a "phishing" scam to harvest e-mail addresses and passwords. For the fashion-conscious techie, a Gmail account seems to be a must-have status symbol. The free service, which is not yet widely available, has even provoked people to try to sell their Gmail addresses on eBay. http://news.com.com/Scammers+use+Gmail+invite+as+phishing+hook/2100-1032_3-5367986.html - - - - - - - - - - Mozilla fixes browser bugs The Mozilla Foundation has fixed 10 security bugs in its open-source Mozilla and Mozilla Firefox browsers and Thunderbird e-mail reader, with the release of new versions of all three products this week. Some of the vulnerabilities could allow attackers to run malicious code on a user's PC via a malicious e-mail, a specially crafted vCard or a malformed graphic on a Web site, project leaders said. http://www.computerworld.com/securitytopics/security/story/0,10801,95934,00.html - - - - - - - - - - Child porn on new computer? A man says he bought a computer for his son only to find kiddie porn on the hard drove. The computer came from the Sam's Club on Aurora Avenue in North Seattle. The regional manager of the chain called police on September 2nd. "Supposedly, an individual purchased the computer which had already been opened," explained Scott Moss with the Seattle Police Department. "He took the computer home and while setting it up with his son, he found pictures of child pornography on the computer," he said. http://www.crime-research.org/news/15.09.2004/648/ - - - - - - - - - - Governments slow off the mark to combat growing threats of cybercrime An international conference opened Wednesday amid warnings that companies, governments and individuals are increasingly vulnerable to Internet attacks by terrorists, hackers and others that rob them of privacy, money, and secrets. The aim of the three-day Council of Europe meeting in Strasbourg, France, is to get governments worldwide to accelerate ratification of the council's 2001 Cybercrime Convention, the first international treaty to combat Internet crimes. http://www.securityfocus.com/news/9510 European council educates governments on cybercrime http://www.usatoday.com/tech/news/computersecurity/2004-09-15-cybercrime-meeting_x.htm http://www.crime-research.org/news/15.09.2004/638/ - - - - - - - - - - Brazil 'home to 80 per cent of world's hackers' If you're a hacker, chances are you're more than familiar with samba - and not just the Unix server software. Federal police in Brazil have declared that eight out of 10 hackers are living in the South American country. The Brazilian capital Brasilia is hosting a meeting - Conferencia Internacional de Pericias em Crimes Ciberneticos - of some 500 experts from 20 countries with a view to tackling cybercrime. http://software.silicon.com/security/0,39024655,39123985,00.htm http://www.crime-research.org/news/15.09.2004/635/ http://www.theregister.co.uk/2004/09/15/brazil_cybercrime_shocker/ - - - - - - - - - - MS offering heads-up on security patches to some customers Microsoft Corp. has quietly begun giving some of its largest customers early warning of security problems with its products. Under the free program, some customers get three business days' notice of how many security fixes Microsoft plans to release in itsregularly monthly bulletins, and what Microsoft products are affected. Customers also can learn how severe a threat the flaws pose before the general public gets that information. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9672928.htm Microsoft warns of poisoned picture peril http://www.theregister.co.uk/2004/09/15/windows_jpeg_bug/ - - - - - - - - - - Symantec labels anti-censorship software a Trojan Software that allows users in China to access government-blocked Web sites has been labelled as a Trojan by Symantec's local office. Symantec's Norton AntiVirus product has blacklisted software that allows users in China to access government-blocked Web sites. http://news.zdnet.co.uk/internet/security/0,39020375,39166696,00.htm - - - - - - - - - - Quantum leap in encryption It's a hacker's nightmare but a dream for bankers and spies: A computer network so secure that even the simplest attempts to eavesdrop will interrupt the flow of data and alert administrators to the snooping. The work by researchers at Harvard University, Boston University and BBN Technologies is the closest scientists have come to a real-world quantum encryption system that uses light particles called photons to lock and unlock information instead of random-number "keys." http://www.globetechnology.com/servlet/story/RTGAM.20040915.gtcryptsep15/BNStory/Technology/ - - - - - - - - - - Reclaim the 'Net, says former cybersecurity czar It's time to take back cyberspace from hackers, phishers and others who are preventing e-commerce and e-government from reaching their full potential. That was the message Richard A. Clarke, former special adviser to President George Bush on cybersecurity, gave at a CIO breakfast meeting in Auckland recently. Clarke, who was visiting New Zealand as a guest of Symantec Corp., also advised President Clinton on terrorism. http://www.computerworld.com/securitytopics/security/story/0,10801,95909,00.html - - - - - - - - - - VIA offers hard disk data scrub code Taiwanese chip company VIA today expanded its PadLock security software suite with a tool to ensure that information deleted from a user's hard drive stays deleted. Padlock Tru-Delete uses the hardwired true random number generator built into the latest generation of VIA's x86-compatible CPUs to overwrite disk sectors containing deleted files with gobbledigook. That, the company claimed, leaves them "virtually unrecoverable" should prying eyes attempt to retrieve the data off a live machine or one that's been stolen or simply thrown out with the garbage. http://www.theregister.co.uk/2004/09/15/via_hdd_padlock/ - - - - - - - - - - Combating seven deadly e-mail sins E-mail can hurt relationships and slow down business, a survey has warned -- and one psychologist says a lack of e-mail etiquette is to blame. The survey, commissioned by handheld and "smartphone" maker palmOne, shows that 61 percent of workers say a lack of e-mail responses are delaying business decisions. http://www.cnn.com/2004/BUSINESS/09/15/email.sins/index.html - - - - - - - - - - Extortion Online Technology can help fight the growing cyberextortion threat, but experts say not enough companies are prepared. It's the kind of E-mail that grabs you by the collar and doesn't let go. On a Saturday afternoon last January, a message hit the in-box of BetCBSports.com, threatening to knock the online gambling site offline in prime sports- betting season if the company didn't pay up. http://www.informationweek.com/showArticle.jhtml?articleID=47204212 - - - - - - - - - - Academia Headaches Academic institutions who have to add, manage, and secure thousands of new users within a period of just a few days face political and social issues on top of the immense technical ones. I really enjoy traveling about the country speaking to various groups about security, technology, and other issues, because it gives me a chance to learn first-hand about life in the trenches for IT folks. http://www.securityfocus.com/columnists/267 - - - - - - - - - - Examining a Public Exploit, Part 2 A Recap of Part 1. The first part of this article series set out to create an environment that allowed readers to examine a public exploit as it was sent across the network. The purpose of this exercise is to help the reader understand the complex world of intrusion detection and low-level packet analysis, so that he can better secure his network. http://www.securityfocus.com/infocus/1801 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.