NewsBits for November 18, 2004 ************************************************************ Russian fined for virus-writing exploits A Russian member of well-known 29A virus writers group has been fined 3,000 roubles (approximately PS57) after he admitted writing malicious code. Eugene Suchkov (AKA Whale), from the little-known Russian republic of Udmurtia, admitted writing the Stepan and Gastropod viruses. He posted live code for the viruses alongside the source code necessary to create variants onto a number of underground virus exchange websites. http://www.theregister.co.uk/2004/11/18/russian_vxer_fined/ http://www.vnunet.com/news/1159522 - - - - - - - - - - Microsoft accused of destroying e-mails Burst.com, in court papers unsealed this week, also accuses Microsoft of destroying e-mails crucial to Burst's lawsuit against the software giant even after the trial judge ordered it to retain the documents. http://www.msnbc.msn.com/id/6515347/ - - - - - - - - - - Pedophile actor sentenced An actor from West Orange, who allegedly arranged to meet a 14-year-old boy in Hamilton for sex through the Internet but instead hooked up with a state investigator, was sentenced to six years in jail yesterday in Mercer County Superior Court. Steven Shriner, 43, of Rollinson Street, was charged with third-degree luring, third-degree endangering the welfare of a child, fourth-degree sexual contact and fourth-degree endangering the welfare of a child with pornography. http://www.zwire.com/site/news.cfm?newsid=13309133&BRD=1697&PAG=461&dept_id=44551&rfi=6 - - - - - - - - - - Pedophile Accused Of Solicitation A 46-year-old pedophile from York County is under arrest for allegedly attempting to solicit two young children. Walter Himmelreich was arrested by Delaware County's Internet Crimes Against Children Task Force on Wednesday. CBS 3 has learned Himmelreich is charged with trying to solicit a seven and 11-year-old girl. Police apparently apprehended him when he reportedly arrived for a planned meeting with the girls in Media, PA. http://kyw.com/Local%20News/local_story_315233612.html - - - - - - - - - - Website blamed for student suicide A Coroner has condemmed an online suicide guide after a medical student hanged himself following directions on the site. Liverpool Coroner Andre Rebello asked Yahoo! to pull the plug on the Holland-based site, but the company refused. Arwel Davies, 22, was found hanging from a hook on his bedroom door, the Coroners court heard. http://www.theregister.co.uk/2004/11/18/suicide_website/ - - - - - - - - - - Trojan steals banking information Computer Security Experts warns about new Trojan Banker-AJ. With the help of this program fraudsters steal money from the accounts. The most alarmed clients of the banks Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide NatWest, which lost tens thousand dollars. Trojan Banker-AJ was created specially for these banks. Penetrating into PC Trojan does not show itself until users browse web-sites of the banks. http://www.crime-research.org/news/18.11.2004/798/ - - - - - - - - - - IE in fresh security drama IE is subject to a trio of unpatched vulnerabilities, security firm Secunia warned yesterday. It warns that two of the three unfixed security bugs are on the "critical" list. These "deadly duo" could be exploited in tandem to bypass security features in Windows XP SP2 and trick users into downloading malicious files. http://www.theregister.co.uk/2004/11/18/ie_security_bugs_again/ - - - - - - - - - - AOL Concentrates On Security Issues With New Software America Online Inc. is releasing a new version of its software today that focuses on increasing online safety and security, which the company hopes will help it hold on to more subscribers. Dubbed AOL 9.0 Security, the latest version of America Online's software will give dial-up and high-speed subscribers free McAfee antivirus software and automatic upgrades. Previously, AOL had charged $3.95 a month for upgrades. http://www.washingtonpost.com/wp-dyn/articles/A58849-2004Nov17.html http://www.usatoday.com/tech/products/services/2004-11-18-aol-security_x.htm http://www.msnbc.msn.com/id/6522427/ http://news.zdnet.com/2100-1009_22-5457348.html - - - - - - - - - - Oracle moves to quarterly patch release schedule Users want a more predictable process for applying security fixes. Oracle Corp. today announced that it is moving to a quarterly patch release schedule in response to user demands for a more predictable process for applying needed security fixes to the company's software. The move comes amid continuing criticism of the company's handling of a recent major security update by analyst firm Gartner Inc. http://computerworld.com/securitytopics/security/story/0,10801,97625,00.html http://www.vnunet.com/news/1159521 http://news.zdnet.com/2100-1009_22-5458541.html - - - - - - - - - - ID Theft/Credit Card Protections The Federal Bureau of Investigation wants everyone shopping this holiday season to enjoy purchasing gifts for loved ones and friends without the fear of becoming a victim of credit card fraud, credit card ID theft and financial information fraud. There are plenty of protections you may easily take to protect yourself from the unscrupulous criminal element looking to steal your money. http://www.fbi.gov/pressrel/pressrel04/idtheft111704.htm - - - - - - - - - - How the Grinch spammed Christmas Computer security firm says 90 percent of all e-mail will be spam; offers tips to avoid trouble. As the holidays approach, a leading computer security company is warning that during this hectic season consumers are more at risk to be taken advantage of by spammers and Internet-related scams. http://money.cnn.com/2004/11/17/technology/holiday_spam/index.htm - - - - - - - - - - Strong network security sales driven by fear Appliances, routers and switches with integrated security selling well. Security has been one of the few growing areas of the networking market over the past two years owing to a combination of fear factors including increased global instability, paranoia and real threats. http://www.vnunet.com/news/1159503 - - - - - - - - - - New security standards to strengthen SCADA Industrial control systems seen as vulnerable to Internet threats. The security of critical- infrastructure processes, long festering as a thorny issue in securing everything from food and water to energy and transportation, will be getting a boost from proposed standards for industrial controls. http://computerworld.com/securitytopics/security/story/0,10801,97606,00.html Erecting secure infrastructure http://computerworld.com/securitytopics/security/story/0,10801,97460,00.html - - - - - - - - - - Air Force turns to Microsoft for network security The U.S. Air Force is drafting Microsoft to help simplify its networks and software contracts, which could improve its computer security and deliver savings of $100 million. http://news.zdnet.com/2100-1009_22-5457344.html - - - - - - - - - - XML security device unveiled Web-services security company Digital Evolution released on Monday an appliance designed to authenticate access into business networks. The company has developed what it calls a virtual private network product specifically designed for applications that use XML and XML-based protocols to format and exchange data. http://news.com.com/XML+security+device+unveiled/2110-7345_3-5458998.html - - - - - - - - - - DHS to upgrade enforcement systems The Homeland Security Departments Immigration and Customs Enforcement agency has issued a task order to Sytel Inc. and EDS Corp. to upgrade several critical systems. Sytel, based in Bethesda, Md., led a team that received a task order under ICEs Starlight contract to carry out the Enforcement Systems Program. The task order includes an initial $6.5 million base year and as many as five option years that could bring the value of the contract to as much as $34 million, EDS said. http://www.gcn.com/vol1_no1/daily-updates/27941-1.html - - - - - - - - - - Phishing Feeds Internet Black Markets William Jackson never thought he would be grateful for going bankrupt. Nine months ago, the 44-year- old resident of Katy, Texas, got an e-mail message from what appeared to be eBay's PayPal online payment division. It warned him that his account would be suspended unless he updated it with his personal financial data. http://www.washingtonpost.com/wp-dyn/articles/A59347-2004Nov18.html Catch a Phish: Take The Quiz http://www.washingtonpost.com/wp-srv/technology/articles/phishingtest.html Phishing Schemes Scar Victims http://www.washingtonpost.com/wp-dyn/articles/A59349-2004Nov18.html A Brief History of Phishing http://www.washingtonpost.com/wp-dyn/articles/A59350-2004Nov18.html How to Fend off Phishing http://www.washingtonpost.com/wp-dyn/articles/A59383-2004Nov18.html - - - - - - - - - - Detection of 'counterfeit reality' becoming a new specialty During the past decade, the DNA technology used to solve crimes and settle paternity suits has become a big business. The federal government alone spent $232 million this past fiscal year promoting the use of a technology that barely existed 20 years ago. Now two information- technology experts with Florida ties are predicting the use of digital forensics to police -- what they call ``counterfeit reality'' -- will soon join DNA science as a growth industry. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10215847.htm - - - - - - - - - - Security must be key part of outsourcing When businesses and government departments outsource parts of their technology operations to third-party specialists, IT security needs to be given greater focus, according to analyst firm Meta Group. http://www.computing.co.uk/features/1159513 - - - - - - - - - - The dual firewall approach Firewalls must inspect at the application layer to address today's threats. Each week vnunet.com asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. http://www.vnunet.com/news/1159506 - - - - - - - - - - Detecting Kernel-level Compromises With gdb This article is intended to outline useful ways of detecting hidden modifications to a Linux kernel. Often known as a rootkit, this stealthy type of malware gets installed in the kernel of an operating system and requires special techniques by Incident handlers and Linux system administrators to be detected. http://www.securityfocus.com/infocus/1811 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.