NewsBits for December 21, 2004 ************************************************************ Guilty plea rejected in AOL spam case He only sold the addresses after all: A federal judge refused to accept a guilty plea today from a former America Online software engineer accused of stealing 92 million e-mail addresses and selling them to spammers. The Manhattan federal court judge said he wasn't convinced Jason Smathers, 24, had actually committed a crime under the federal ``can-spam'' law that took effect earlier this year. http://www.mercurynews.com/mld/mercurynews/business/technology/10468465.htm http://www.latimes.com/technology/la-fi-spam21dec21,1,124113.story http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10468604.htm http://www.usatoday.com/tech/news/2004-12-21-aol-spam-plea_x.htm http://www.msnbc.msn.com/id/6741853/ - - - - - - - - - - Court grants bail to eBay's Indian executive The Delhi High Court on Tuesday granted bail to the head of eBay's Indian subsidiary, an American citizen who was jailed in connection with the online auction of a sex video involving teenagers. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10467641.htm http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,98436,00.html http://www.newsfactor.com/story.xhtml?story_title=eBay-India-CEO-Released-on-Bail&story_id=29202 http://www.cnn.com/2004/TECH/internet/12/21/india.ebay.ap/index.html Sex Tape on Internet Roils Indian Public It was a private act of two hormone-charged teenagers that lasted 2 minutes and 37 seconds on digital video. But offered for sale on the Internet, the fuzzy images of the 17-year-old girl having oral sex with her high school sweetheart has sent shock waves through urban India, exposing the growing friction between the conservative middle class, its increasingly Westernized progeny and modern technology. http://www.mercurynews.com/mld/mercurynews/business/technology/10468534.htm http://www.latimes.com/technology/la-fg-cellsex21dec21,1,5651111.story http://www.guardian.co.uk/online/news/0,12597,1377968,00.html - - - - - - - - - - UK virus teen sentenced for Randex infection They didn't exactly throw the book at him... A British teenager has been sentenced for his part in writing and distributing the Randex worm which turned infected PCs into 'zombies', controlled by spammers to send out vast quantities of unsolicited email. http://software.silicon.com/security/0,39024655,39126660,00.htm http://news.zdnet.co.uk/internet/security/0,39020375,39181787,00.htm Teen virus writer dodges prison http://www.vnunet.com/news/1160180 - - - - - - - - - - Spammer facing Christmas porridge The UK's most notorious spammer is facing Christmas in prison after his case was adjourned until the spring. Peter Francis Clifford McCrae, from St Neots in Cambridgeshire, will enter a plea against four charges of threatening to kill on 21 May 2005. It is alleged that the calls were made to Cambridgeshire Police and a Trading Standards office. http://www.vnunet.com/news/1160183 - - - - - - - - - - Child porn suspect suicide tally hits 32 Thirty-two of the men arrested during UK child porn investigation Operation Ore have committed suicide, police said yesterday. The men were reportedly unable to cope with the shame of their arrests. The revelation has prompted calls that anyone arrested for such offenses be granted anonymity until they are proven to be guilty. http://www.theregister.co.uk/2004/12/21/child_porn_suicide_shame/ - - - - - - - - - - Apple Sues OS X Pirates Apple Computer has sued three men for illegally distributing test copies of the next version of its Mac OS X operating system on a file-sharing website, court records showed on Tuesday. The lawsuit is the second in as many weeks by the maker of the popular iPod digital music players and iconic Macintosh personal computers to thwart the release of its software and details of its unannounced products. http://www.wired.com/news/business/0,1367,66107,00.html - - - - - - - - - - New worm, Santy.A, using Google to spread It infects Web servers running a software package called phpBB. Antivirus companies are warning Internet users about a new, fast-spreading worm that infects Web servers running a popular package of online bulletin board software and uses the Google search engine to find vulnerable servers to infect. http://computerworld.com/securitytopics/security/virus/story/0,10801,98453,00.html http://news.zdnet.com/2100-1009_22-5499725.html http://news.com.com/Net+worm+using+Google+to+spread/2100-7349_3-5499725.html http://www.msnbc.msn.com/id/6742668/ Major bug in PHP opens database security hole Aargh... A SERIOUS BUG in the popular PHP development language can leave databases wide open to intrusion if the proper security steps aren't taken. A posting over the weekend to the development homepage of forum software phpBB highlighted the issue, which had already been picked up by security consultants Secunia on Thursday. http://www.theinquirer.net/?article=20329 Google quickly fixes desktop-search flaw http://www.mercurynews.com/mld/mercurynews/business/technology/10468234.htm - - - - - - - - - - Beware of CoolWebSearch, a program that can change Microsoft Internet Explorer's security settings and wreak havoc on computers. Anti- spyware company Webroot Software said Tuesday that CoolWebSearch self-installs malicious HTML applications and exploits security flaws in IE. http://news.zdnet.com/2100-1009_22-5499609.html Spyware still hijacking Internet Explorer http://news.zdnet.co.uk/internet/security/0,39020375,39181782,00.htm - - - - - - - - - - MP slams Cabinet Office's email destruction Anti-spam lobbyist Derek Wyatt MP is angry that the Cabinet Office is deleting millions of emails just days before the Freedom of Information Act comes into force. http://news.zdnet.co.uk/internet/security/0,39020375,39181931,00.htm - - - - - - - - - - Rogue pharmacies still thriving Pills peddlers, selling medicines with "no prior prescription required", are still thriving on the net, leaving thousands of patients at risk. They often use web sites without proper contact details; let you fill in flimsy online questionnaires to justify the prescriptions; hire spammers or hail products such as "Generic Viagra". http://www.theregister.co.uk/2004/12/21/rogue_pharmacies_still_thriving/ - - - - - - - - - - EarthLink Boosts Anti-Spyware Power EarthLink, which was the first ISP to provide free anti-spyware tools for its members, has updated its anti-spyware offering with an enhancement that provides real-time software scanning to prevent spyware from being downloaded onto a hard drive. http://www.newsfactor.com/story.xhtml?story_title=EarthLink-Boosts-Anti-Spyware-Power&story_id=29190 - - - - - - - - - - 15 firms added to Cisco security effort On Monday, Cisco announced that 15 companies have signed on as partners, promising to deliver products compatible with Cisco's Network Admission Control (NAC) architecture in the first part of 2005. http://news.zdnet.com/2100-1009_22-5499840.html - - - - - - - - - - E-passports go down under The Australian government has awarded a contract to a Herndon, Va.-based company to help develop a secure electronic passport for its citizens. Cybertrust is developing a public-key infrastructure (PKI) technology component, which involves unique and secure electronic identities or credentials, in a 10-month pilot test that will look at 6,000 e-passports for the Department of Foreign Affairs and Trade (DFAT), which is the Australian equivalent of the State Department. http://www.fcw.com/fcw/articles/2004/1220/web-cybertrust-12-21-04.asp - - - - - - - - - - Feds limited on digital signatures Federal officials received a reminder this week not to deviate from a list of acceptable vendors when buying digital signature services. In a Dec. 20 memo, Office of Management and Budget officials asked federal officials to use a government-approved list of digital signature providers. Using commercial providers not on the approved list poses a security risk, according to the memo. http://www.fcw.com/fcw/articles/2004/1220/web-pki-12-21-04.asp - - - - - - - - - - Labour's Zombie Army clinches ID card vote for Clarke Britain's compulsory ID card scheme won a large majority in a Commons vote last night, with 385 MPs voting for and 93 against. The opposition consisted of all 55 Liberal Democrats, 19 Labour and nine Tories, but although the latter two figures are lower than might have been expected, 173 MPs were either absent or abstained, meaning that the numbers opposing could grow as the Bill passes through committee stage. http://www.theregister.co.uk/2004/12/21/id_bill_2nd_reading/ - - - - - - - - - - Security Holes That Run Deep How a seemingly simply Microsoft bug betrayed its author's disdain for a wide range of secure coding principles. A couple months ago, Toby Beaumont reported an ASP.NET vulnerability that, depending on the server configuration, allowed anyone to completely bypass user authentication and access protected files. Microsoft quickly provided a fix and the issue passed without much fanfare, mostly because the flaw wasn't widely exploited, and consequently many people failed to recognize just how serious this attack vector could be. http://www.securityfocus.com/columnists/285 - - - - - - - - - - A bad case of worms With phishing scams, viruses, worms and hacker attacks on the rise, Simon Moores looks at what can be done to make the internet a safe place to communicate and do business. I'm annoyed. Over the past weeks, I've been receiving a constant flow W32-Sober virus attacks, ostensibly from the server of an international hotel chain based in Germany. http://comment.silicon.com/0,39024711,39126666,00.htm - - - - - - - - - - Cybersecurity 4 Terrorism Computers and networks essentially run the operations of most business in the country. Most computer systems, computer software and networks were not designed with security in mind. Even most secure systems are riddled with vulnerabilities due to the underlying technology that could enable an attacker to disrupt operations or cause damage. http://www.prweb.com/releases/2004/12/prweb190065.htm - - - - - - - - - - Police palm print database next year A searchable national palm print database for police should be up and running by the middle of next year, says the Police IT Organisation (Pito). The plan forms part of a PS122m deal to upgrade the current National Automated Fingerprint Identification System (Nafis) signed by the Pito and supplier Northrop Grumman in December. http://www.vnunet.com/news/1160184 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.