NewsBits for November 2, 2004 ************************************************************ Stolen computers have Wells Fargo customer data Thousands of Wells Fargo & Co. mortgage and student- loan customers may be at risk for identity theft after four computers were stolen last month from a vendor that prints loan statements. The computers were taken from the Atlanta office of Regulus Integrated Solutions LLC contained customer names, addresses, and social security and account numbers. http://www.mercurynews.com/mld/mercurynews/news/10079253.htm - - - - - - - - - - Scammers teach Web students a tough lesson Russian spammers are targeting thousands of Australians with a work-from-home Web training scam, security experts warned on Monday. http://news.zdnet.com/2100-1009_22-5435152.html - - - - - - - - - - Va. Spam Trial Reaches Closing Arguments Trio Accused of Sending Unwanted E-Mail Ads to Tens of Thousands on AOL. Virginia prosecutors yesterday compared a North Carolina man on trial or violating the state's anti-spam law to a modern-day "snake oil salesman" who masked his electronic identity last summer to send tens of thousands of fraudulent e-mail advertisements to America Online subscribers. http://www.washingtonpost.com/wp-dyn/articles/A17314-2004Nov1.html - - - - - - - - - - Online paedophile crackdown urged Children's charities are launching a joint campaign with the police to call for more resources to tackle internet paedophiles. They claim that some paedophiles are escaping justice and children are suffering horrifying sexual abuse because of a shortage of police funding. http://www.itv.com/news/index_641304.html - - - - - - - - - - Old scams pose the 'greatest security risk' The greatest security risk facing large companies and individual Internet users over the next 10 years will be the increasingly sophisticated use of social engineering to bypass IT security defenses, according to Gartner. http://news.zdnet.com/2100-1009_22-5435199.html - - - - - - - - - - Phishing for dummies: hook, line and sinker Recent "phishing" episodes, and two new browser vulnerabilities, show how the bad guys are tricking people into exposing their passwords and bank accounts. Couldn't happen to tech-savvy users, right? Unless you consider how entire nations have been fooled. http://www.theregister.co.uk/2004/11/02/phishing_tabbed_browsers/ - - - - - - - - - - Microsoft denies spoofing is a security flaw Microsoft is rejecting claims from security researchers that a recently discovered spoofing technique on Internet Explorer is a vulnerability in its product. Microsoft has denied that a spoofing technique available on its Internet Explorer browser is a security vulnerability. The software giant accepted the possibility that spoofing could occur on version six of IE, but rejected claims that this was a security flaw. http://news.zdnet.co.uk/internet/security/0,39020375,39172310,00.htm IE exploit is top of the hacks http://news.zdnet.com/2100-1009_22-5436186.html http://www.theregister.co.uk/2004/11/02/web_security_survey_scansafe/ - - - - - - - - - - Illegal Internet Access the Most Popular Internet Crime in Russia For 10 months 2004 Kurganski Branch JointStock Company "UralSviazInform received 21 complaints from Internet users about the fact of queerly quick spending prepaid Internet services. After verification 14 complaints were reported to the police where criminal investigation was initiated. According to local law enforcements, the personal data theft and passwords for illegal Internet access became the most popular cyber crime in Russia, at that number of such incidents steadily increase. http://www.crime-research.org/news/02.11.2004/760/ - - - - - - - - - - Mac OS X, BSD Unix top security survey London-based security firm Mi2g Ltd. yesterday released a report that says Mac OS X and BSD Unix are the "world's safest and most secure 24/7 online computing environments." Linux operating systems offer the worst track record, according to Mi2g, with Windows coming in second. http://computerworld.com/securitytopics/security/story/0,10801,97157,00.html - - - - - - - - - - Postal Service prized for privacy International Association of Privacy Professionals officials have selected the U.S. Postal Service to receive the group's 2004 privacy innovation award. The award, announced today, recognizes government and nonprofit agencies that have developed innovative technologies and policies for protecting personal data. http://www.fcw.com/fcw/articles/2004/1101/web-post-11-02-04.asp http://www.govexec.com/dailyfed/1104/110204dk1.htm - - - - - - - - - - Spam: 'It's a meat,' Hormel insists Spam and phishing E-mail clients Spam filtering Spiced-ham maker Hormel Foods has announced a massive U.K. advertising campaign, in what may be seen as an attempt to separate its flagship "spam" product name from negative associations with unsolicited e-mail. For the first time, Hormel will advertise on British television screens next week with a campaign that cost 2 million pounds ($3.7 million), according to a report on the BBC. http://news.zdnet.com/2100-1009_22-5435338.html - - - - - - - - - - A spyware mystery: Who's behind it? In less than two years, CoolWebSearch has become the bane of the computing industry. Its programmers have managed to reset Web browsers so that searches get rerouted to the CoolWeb search engine. And any time anti-spyware engineers find a way to stop the hijacking, a new variant pops up, sneakier than its predecessor. There are now dozens. http://www.cnn.com/2004/TECH/internet/11/02/spyware.purveyors.ap/index.html - - - - - - - - - - Standardizing terror data Government officials crafting proposals for cross-agency counterterrorism information sharing plan to assign stewardship over a core set of Extensible Markup Language standards. Members of the Information Systems Council will identify XML standards and people responsible for them, said Bill Dawson, intelligence community deputy chief information officer at the CIA. http://www.fcw.com/fcw/articles/2004/1101/web-terrorxml-11-02-04.asp Cross-Atlantic data sharing? http://www.fcw.com/fcw/articles/2004/1101/web-ukus-11-01-04.asp http://www.govexec.com/dailyfed/1104/110204p1.htm http://www.usatoday.com/tech/news/techpolicy/2004-11-02-us-uk-data-sharing_x.htm Afghan data network may launch http://www.fcw.com/fcw/articles/2004/1101/web-ncwaf-11-02-04.asp - - - - - - - - - - Psst...now it's Cisco source code up for sale The Source Code Club has opened up shop again. The group of self-identified hackers has posted files online that it claims contains source code for Pix security firewall from Cisco Systems. The price for the proprietary software: $24,000. "SCC is proud to announce the general availability of Cisco Pix 6.3.1 source code. This release is significant because Pix is vital to the security of many ultra-secure networks," read a Google group posting marked as a Source Code Club newsletter. http://news.zdnet.com/2100-1009_22-5436305.html - - - - - - - - - - Devil's Advocate: Should we lock up virus writers? Seems a little severe... Sending virus writers to jail is unlikely to stop their behaviour, says Martin Brampton. And shouldn't our morally ambivalent society and the creators of vulnerable systems share the blame? Some people want to see more virus writers sent to jail for long periods. The damage they cause can be substantial. But are they really such a threat to society that we should feel justified in locking them up? http://software.silicon.com/security/0,39024655,39125477,00.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.