NewsBits for October 11, 2004 ************************************************************ Massachusetts settles its first antispam case A Florida man and his company must pay a $25,000 fine to settle a spam case that was filed against him earlier this year by the Massachusetts attorney general's office. In an announcement last Thursday, Massachusetts Attorney General Tom Reilly said William C. Carson of Weston, Fla., and his business, DC Enterprises, agreed to pay the fine and to stop sending thousands of unsolicited e-mails. The settlement was filed in Suffolk Superior Court in Massachusetts. http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,96585,00.html - - - - - - - - - - Woman ticketed for appearing naked on Net fined $150 A Lincoln woman ticketed for posting nude pictures of herself on the Web that were taken in a downtown bar was fined $150 Thursday. Melissa J. Harrington, 21, was ticketed in December for violating Lincoln's public nudity ordinance by posting pictures on her former Web site "showing her naked at one of our downtown bars and in several other locations around the city," said Police Chief Tom Casady. http://www.usatoday.com/tech/webguide/internetlife/2004-10-09-nebr-flasher-fined_x.htm - - - - - - - - - - Authorities shut down U.K.-based news Web sites U.S. authorities, participating in an international investigation, have shut down 20 independent news Web sites run by the Independent Media Center (Indymedia) by seizing two U.K.-based Web servers, the group said on Friday. Last Thursday morning, a federal order was issued to Web hosting provider Rackspace Ltd. requiring the company to hand over the computer equipment, according to the Indymedia Web site. San Antonio- based Rackspace was hosting the Indymedia Web servers in London. http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,96581,00.html http://www.theregister.co.uk/2004/10/08/fbi_indymedia_raids/ http://www.usatoday.com/tech/news/2004-10-09-indymedia_x.htm Home Office in frame over FBI's London server seizures The US seizure of two Indymedia servers in London last Thursday is likely to have needed the approval of UK Home Secretary David Blunkett, but Blunkett may have acted on tenuous legal grounds, according to a Statewatch analysis. Statewatch considers that the seizure is likely to have been made under a US- UK Mutual Legal Assistance Treaty (MLAT) of 1996, but it seems doubtful that the Indymedia request could have been justified under even the broad terms of this treaty. http://www.theregister.co.uk/2004/10/11/home_office_fbi_mlat_request/ - - - - - - - - - - Anti-spyware company in court on bullying charges The owner of a company selling anti-spyware software has been taken to court in the US over the spyware he used to coerce people into buying his software. The US government has sued a New Hampshire man in its first attempt to crack down on internet spyware that seizes control of a user's computer without permission. http://news.zdnet.co.uk/internet/security/0,39020375,39169918,00.htm - - - - - - - - - - LSU student arrested for child porn Louisiana State University Police and the FBI arrested LSU student Elizaveta Nikonova late Saturday night at Baton Rouge General-Bluebonnet for downloading child pornography on her laptop computer. According to LSUPD Maj. Ricky Adams, Nikonova, a political science junior, was downloading child pornography at her part-time job as a contracted electrocardiogram technician for Southern Medical at Baton Rouge General Hospital. http://www.theplainsman.com/vnews/display.v/ART/2004/10/07/41654e5de5d77 - - - - - - - - - - Case of former cop accused of child porn moves closer to trial A former Rosenberg police officer facing child pornography charges was back in court Monday, over the safety of the former officer's grandson. Authorities say former Rosenberg patrol officer Gary Stone sent a nude picture of himself from his home to a federal agent in Wisconsin, who Stone believed was a 13-year-old girl. And they say that he even tried to set up a meeting with the adult who he thought was a child. http://abclocal.go.com/ktrk/news/100404_local_copporn.html - - - - - - - - - - Megan's Law Coauthor Seeks Probe of E-Mail 'Threat' A state assemblyman who co-wrote legislation to put the Megan's Law database of sex offenders on the Internet has asked the California Highway Patrol to investigate two aggressive e-mails he received. Assemblyman Todd Spitzer (R-Orange) said Friday that he had received two anonymous e-mails claiming to be from a convicted sex offender angry about having the database online. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-megan9oct09,1,2207542.story - - - - - - - - - - Man sacked for hunting ET at work A computer programmer at the Ohio Department of Job and Family Services was last week sacked after running Search for Extraterrestrial Intelligence (SETI) software on his bosses' server, wcpo.com reports. Charles E. Smith, 63, claimed that it wasn't a problem since he was only running the SETI programme between 7pm and 7am and at weekends. Department director Tom Hayes clearly didn't see it like that, and showed Smith the door. http://www.theregister.co.uk/2004/10/11/seti_man_sacked/ - - - - - - - - - - MSN fighting Messenger difficulties, virus People using Microsoft's instant-messaging software, MSN Messenger, may have been a mite lonely this weekend, with only a virus to keep them company. The software giant acknowledged on Monday that it continued to battle a technical glitch that prevented MSN users from logging on to the service's instant-messaging system for the past three days. The problems, which several users complained about on discussion forums frequented by network administrators, caused several hours of outages on Monday morning. http://news.zdnet.com/2100-1009_22-5406282.html Hackers can launch attacks over IM http://news.zdnet.co.uk/internet/security/0,39020375,39169793,00.htm - - - - - - - - - - Schmidt to take greater role in U.S. cybersecurity The United States' former cybersecurity czar, Howard Schmidt, has agreed to take a greater role in the U.S. Computer Emergency Readiness Team (US-CERT) as an adviser, he said Monday. Schmidt, the chief security officer of online auctioneer eBay, currently cooperates with Carnegie Mellon University's Software Engineering Institute and that group's Computer Emergency Response Team (CERT) Coordination Center to advise the nation's incident response team. http://news.zdnet.com/2100-1009_22-5406220.html - - - - - - - - - - Britain, U.S. talk up spam fight Representatives from worldwide governments, including the U.S. Federal Trade Commission, are meeting in London this week to discuss how a united front can help to crack down on the problem of unsolicited bulk e-mail. The initiative represents the latest in a string of events regarding spam, which to date have yielded little result and little agreement on the best approach. John Vickers, chairman of the Office of Fair Trading that is hosting the event, urged the industry, the media and average e-mail users to hold off on cynicism about this most recent initiative until its effect has been witnessed. "Wait and see," he said at a press conference. http://news.zdnet.com/2100-1009_22-5406072.html Transatlantic anti-spam alliance mooted http://news.zdnet.co.uk/internet/security/0,39020375,39169789,00.htm - - - - - - - - - - U.S. Spies on Chat Rooms Amid the torrent of jabber in internet chat rooms -- flirting by QTpie and BoogieBoy, arguments about politics and horror flicks -- are terrorists plotting their next move? The government certainly isn't discounting the possibility. It's taking the idea seriously enough to fund a yearlong study on chat room surveillance under an anti-terrorism program. http://www.wired.com/news/privacy/0,1848,65305,00.html - - - - - - - - - - Police given extra $1m to track Net pedophiles THE Queensland police taskforce responsible for targeting pedophilia has been given a $1 million funding boost. Premier Peter Beattie told State Parliament yesterday that Taskforce Argos would be given the money to fight Internet child pornography by upgrading IT equipment, boosting research into data encryption and employing more forensic computer experts. http://www.news.com.au/common/story_page/0,4057,10982423%255E3102,00.html - - - - - - - - - - SMEs get Data Protection Act guide The Information Commissioner's Office (ICO) has published a new guide for small businesses (SMEs) concerning their responsibilities under the Data Protection Act (DPA). The guide - Getting it right - is supposed to provide a straightforward explanation of data protection and what businesses need to know to meet the requirements of the DPA. http://www.theregister.co.uk/2004/10/11/dpa_help_sme/ - - - - - - - - - - Web of shame Australia's biggest investigation into online child pornography is far from over. Who downloads these images and why do they do it? http://www.theage.com.au/articles/2004/10/08/1097089563745.html - - - - - - - - - - Parents must do more to protect kids online Parents must do more to ensure their kids are safe online, the UK internet group ISPA says. Web-savvy parents insist that their kids use the internet in a communal room, nag their children about being safe online, know who their children are talking to online, surf the net with their little treasures and ensure that their PC is tooled up with the latest online safety software. http://www.theregister.co.uk/2004/10/11/parents_kids_online/ - - - - - - - - - - NIST details minimum security controls Guidelines for setting computer security controls to protect federal information systems are described in a new publication from the National Institute of Standards and Technology. NIST officials said the document forms the basis for security controls that will become mandatory in December 2005. http://www.fcw.com/fcw/articles/2004/1011/web-nist-10-11-04.asp - - - - - - - - - - The IT security vuln league table of fear A list of the worst 20 security vulnerabilities bedevilling Windows and *Nix systems was unveiled last Friday by the SANS (SysAdmin, Audit, Network, Security) Institute. The list, now in its fifth year, is designed to help admins to prioritise their efforts so that they can close the most dangerous security holes first. http://www.theregister.co.uk/2004/10/11/sans_top_20/ - - - - - - - - - - Companies Fight Back Against Phishing Scams The potential erosion of consumer confidence in the online transaction process and the cost to companies resulting from phishing scams has triggered a multifaceted response from some organizations. For example, London-based Barclays Bank PLC said last week that it has signed up for an antifraud service from New York-based Cyota Inc. http://www.computerworld.com/securitytopics/security/story/0,10801,96549,00.html Phishing websites breed like rabbits Websense Security Labs has issued figures showing a massive increase in phishing websites. According to the Anti-Phishing Working Group (APWG), the number of phishing scam websites is rising by roughly 50 per cent month on month. Phishing sites trick people into revealing confidential information such as social security numbers and credit card information details by imitating legitimate business sites. http://www.theregister.co.uk/2004/10/11/more_phishing_sites/ - - - - - - - - - - Intrusion prevention security tipped to boom in Europe Threats such as the JPEG virus means more companies will splash out on IPS systems to protect against security vulnerabilities, vendors claim http://news.zdnet.co.uk/internet/security/0,39020375,39169783,00.htm - - - - - - - - - - Vendors Add Weapons to Battle E-mail Viruses The ability of new e-mail viruses to spread before fixes become available for them is nudging some vendors to look beyond traditional signature-based antivirus technology. Last week, Lindon, Utah-based Avinti Inc., a start-up with over $30 million in venture capital funding, introduced an e-mail security appliance designed to detect and block as-yet-unidentified e-mail viruses. http://www.computerworld.com/securitytopics/security/story/0,10801,96552,00.html - - - - - - - - - - Extending Identity The reduced identity administration costs, improved access to cross-organizational applications and better security promised by federated identity management systems are finally beginning to drive corporate interest, say proponents of the technology. But organizational trust concerns and nagging interoperability problems continue to pose big challenges. http://www.computerworld.com/securitytopics/security/story/0,10801,96490,00.html - - - - - - - - - - CA Buys Netegrity to Expand in IT Security Computer Associates International Inc. last week said it plans to buy Netegrity Inc. in an effort to boost its share of the market for identity and access management software. But the deal may result in short-term uncertainty for users because of what analysts described as a significant overlap between the tools sold by CA and Netegrity. http://www.computerworld.com/securitytopics/security/story/0,10801,96532,00.html - - - - - - - - - - Forget passwords--let your fingerprint do the talking Zvetco Biometrics on Wednesday unveiled the Verifi P3400 USB fingerprint reader, which enables users to secure notebook and desktop PCs without usernames and passwords. Built around the Authentic AES 3400 sensor, which offers twice the scan resolution (500 dpi) of the AES 4000 sensor used in previous readers, the P3400 performs a biometric fingerprint scan when a user places his or her finger on the sensor pad. http://news.zdnet.com/2110-1009_22-5402994.html - - - - - - - - - - UK ID cards to be issued with first biometric passports What's left of the 'voluntary' figleaf to the UK's ID scheme will erode in the next few months, when Home Secretary David Blunkett introduces legislation that will allow implementation of the scheme and include provision for a rolling programme to issue ID cards along with passport renewals. The new model passports are closely linked to the scheme anyway, so even without the ID card, being issued one would mean you were added to the national identity register, but the arrival of an actual card along with the new passport will make its presence far more visible, far earlier, to the general public. http://www.theregister.co.uk/2004/10/11/new_passport_equals_new_id_card/ - - - - - - - - - - Forming a Relationship With Outsourcing Service Providers When outsourcing IT functions, a secure and solid partnership with open lines of communication sometimes sounds like an unattainable utopia. But IT professionals should demand nothing less than this level of alliance with their outsourcing service providers. There are certain steps you can take that will help you build this kind of relationship. http://www.computerworld.com/securitytopics/security/story/0,10801,96411,00.html - - - - - - - - - - ID thieves target enterprises ID thieves are going corporate. Assuming the identity of consumers to obtain loans and credit cards under assumed names has become the US's fastest growing crime. Now fraudsters are applying similar tricks against potential enterprise victims. Here's how it works. Crooks set up websites under the names of legitimate companies and apply for merchant status with credit card payment processing firms. http://www.theregister.co.uk/2004/10/11/corporate_id_theft/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.