NewsBits for February 2, 2005 ************************************************************ Police cuff US student keystroke logger A Houston High School student faces a fine possible $2,000 fine or 180 days' jail after admitting rigging a keystoke logger to a teacher's PC and using it to download exams, Houston's Local 2 reports. http://www.theregister.co.uk/2005/02/02/student_keystroke_logger/ - - - - - - - - - - Heise.de under DDoS attack German tech publication Heise.de has been targeted by a persistent and determined denial of service attack, it says. The origin of the attack is unknown so far, and Heise's publishing house is offering a 10,000 reward for information leading to the arrest of the attacker. http://www.theregister.co.uk/2005/02/02/heise_ddos/ - - - - - - - - - - Los Alamos lab penalized in 'missing' disk case A report by the National Nuclear Security Administration (NNSA) has determined that two classified computer disks that apparently disappeared at the Los Alamos National Laboratory last year never even existed. Instead, according to the report, bar codes were generated for the disks, but the actual disks were never made. http://www.computerworld.com/securitytopics/security/story/0,10801,99425,00.html - - - - - - - - - - Supreme Court puts hacker sentences up for grabs A landmark U.S. Supreme Court decision last month giving judges more leeway in deciding federal prison terms could be good news for computer intruders who don't fit the classic criminal mold, legal experts say. In U.S. v. Booker, decided January 12th, the court ruled 5-4 to overturn part of a 1984 law that required judges to sentence offenders strictly by a book of written guidelines produced and periodically revised by a seven-member, presidential appointed commission. http://www.securityfocus.com/news/10404 - - - - - - - - - - Internet Auction Complaints Increase Americans are increasingly turning to Internet auction sites to buy and sell goods from around the world, and a growing number think they might be getting a raw deal online. The number of complaints filed with the Federal Trade Commission over Internet auctions has nearly doubled from 51,000 in 2002 to more than 98,000 last year, the agency said Tuesday in its annual report on consumer fraud and identity-theft complaints. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-auctions2feb02,1,2810129.story US hit for $548m in fraud losses Identity theft topped the list of complaints received by the US Federal Trade Commission for the fifth successive year, accounting for 39 per cent of consumer fraud complaints filed with the agency last year. Credit card fraud was the most common form of reported ID theft (28 per cent), followed by phone or utilities fraud (19 per cent), bank fraud (18 per cent), and employment fraud (13 per cent). http://www.securityfocus.com/news/10400 - - - - - - - - - - Spamming and phishing to rocket in 2005 This year will see a dramatic rise in phishing attacks and a plague of viruses written for spammers, security watchers have warned. Security appliance manufacturer Fortinet reported a big increase in phishing during 2004 which is expected to increase this year. Meanwhile, viruses written specifically for criminals are predicted to reach epidemic proportions. http://www.vnunet.com/news/1160938 - - - - - - - - - - Rowling warns Harry Potter fans about Net scams Author J.K. Rowling is warning Harry Potter fans to watch out for Internet fraudsters claiming to sell electronic copies of her latest wizard saga --they are trying to steal bank and credit card details. In the latest phishing scam, fans were asked to hand over their bank details to pay for a supposed copy of "Harry Potter and the Half- Blood Prince" which is to be published on July 16. http://news.zdnet.com/2100-1009_22-5560051.html - - - - - - - - - - For kids, danger lurks a click away The Web can open up a fascinating world for kids, but in an instant it can also bring graphic pornography and sexual predators into your home. When it comes to your kids, reports "Today" show anchor Katie Couric, the most dangerous place in the house can be just one keystroke away. http://www.msnbc.msn.com/id/6893488/ - - - - - - - - - - Police introduce stick icon to curb paedophilia Children will be able to instantly report suspected paedophiles prowling the internet in an initiative announced by Australian Federal Police. Federal Police Commissioner Mick Keelty launched the Virtual Global Task Force website as part of a worldwide crackdown on online child abuse. The system allows children visiting such sites as internet chatrooms and email websites to report suspect messages to authorities by clicking on an icon - a stick figure with an eye. http://www.nzherald.co.nz/index.cfm?c_id=2&ObjectID=10008370 - - - - - - - - - - The 'hacker tool' worm that gurned The old English practice of gurning, in which participants pull a funny or scary face, is being used by a newly discovered worm to distract PC users while their machines are being compromised. The Wurmark-F worm, a variant of Wurmark-D which began spreading last month, arrives as a zipped email attachment and displays a picture of an old man pulling an impressive gurn. http://www.vnunet.com/news/1160945 - - - - - - - - - - Deleting Spam Costs Billions, Study Finds Time wasted deleting junk e-mail costs American businesses nearly $22 billion a year, according to a new study from the University of Maryland. A telephone-based survey of adults who use the Internet found that more than three-quarters receive spam daily. The average spam messages per day is 18.5 and the average time spent per day deleting them is 2.8 minutes. (LA Times article, free registration required) http://www.latimes.com/technology/ats-ap_technology10feb02,1,7826648.story - - - - - - - - - - More women turn to net security Retired people are increasingly going online. Older people and women are increasingly taking charge of protecting home computers against malicious net attacks, according to a two-year study. The number of women buying programs to protect PCs from virus, spam and spyware attacks rose by 11.2% each year between 2002 and 2004. http://news.bbc.co.uk/1/hi/technology/4228891.stm - - - - - - - - - - Microsoft Offering Gov'ts Early Warnings Microsoft Corp. offered Wednesday to begin alerting the world's governments early to cyberthreats and security flaws in its attack- prone software. Microsoft also wants to work with governments to help prevent and mitigate the damage from hacker attacks, said Giorgio Vanzini, the director of Microsoft's government engagement team. (LA Times article, free registration required) http://www.latimes.com/technology/ats-ap_technology13feb02,1,1006306.story http://news.com.com/Microsoft+to+help+governments+with+security/2100-7355_3-5559974.html - - - - - - - - - - Antivirus Tools Fool XP's Security Center Microsoft's Windows XP Service Pack 2 is supposed to improve security. Its Windows Security Center should alert you when your antivirus software is missing or out of date. But in our tests, both McAfee's Internet Security Suite 2005 and Symantec's Norton Internet Security 2005 crippled SP2's ability to deliver accurate alerts immediately after installation. http://www.pcworld.com/news/article/0,aid,119376,00.asp - - - - - - - - - - VeriSign exports e-mail security to Europe Amid similar moves by rivals, VeriSign has started selling its e-mail security services in Europe. The security specialist announced Wednesday that it is extending the market for its services, which are designed to provide automatic updates to eliminate e-mail based threats and reduce time spent on e-mail system management. http://news.zdnet.com/2100-1009_22-5560709.html - - - - - - - - - - Spam fighter has a Honey Pot of an idea Matthew Prince apologized that he couldn't hang around for long after his presentation. He had to catch a plane back to the Sundance Film Festival. Yet when his talk ended, a small crowd gathered around him anyway with the zeal of paparazzi flocking to a Hollywood star. http://www.mercurynews.com/mld/mercurynews/business/technology/10797707.htm Zombie trick expected to send spam sky-high http://news.zdnet.com/2100-1009_22-5560664.html - - - - - - - - - - Linux Kernel Security is Lacking Recent events have shown that the way security in the Linux kernel is handled is broken, and it needs to be fixed right now. During the disclosure of some recent vulnerabilities in the Linux kernel, I learned some things about Linux kernel security that was truly shocking. The way security in the Linux kernel is handled is broken, and it needs to be fixed right now. http://www.securityfocus.com/columnists/296 Linux developers create forum to air core flaws http://news.zdnet.com/2100-1009_22-5561031.html - - - - - - - - - - Clueless about cookies or spyware? Spyware-removal tools are a fairly new commodity from Internet service providers, but some of the software may confuse people as much as it protects them, critics say. In one example, EarthLink's Spyware Blocker program notes several different kinds of potentially unwanted software found on a subscriber's PC, including Trojans that can steal personal information. http://news.zdnet.com/2100-1009_22-5561063.html Instances of spyware on consumer PCs up 230 per cent http://www.vnunet.com/news/1160954 - - - - - - - - - - Is hard time for worm author too harsh? The teenager sentenced to 18 months in prison for unleashing a variant of the MSBlast worm got off easy, a majority of people said in a poll from Sophos. In January, a federal district court found 19-year-old Minnesota resident Jeffrey Lee Parson guilty of modifying the original MSBlast worm, also known as Blaster, and releasing the variant onto the Internet. http://news.zdnet.com/2100-1009_22-5560829.html - - - - - - - - - - Apache 2 with SSL/TLS: Step-by-Step, Part 2 In the first article of this three part series, the reader was shown how to install, configure, and troubleshoot Apache 2.0 with SSL/TLS support. Part two now discusses the recommended settings for the mod_ssl module that lets us achieve maximum security and optimal performance. The reader will also see how to create a local Certification Authority and a SSL certificate based on the free and open-source OpenSSL library. http://www.securityfocus.com/infocus/1820 - - - - - - - - - - SAIC says FBI should deploy its case management system Science Applications International Corp. said Tuesday that it has urged the FBI to fully deploy the Virtual Case File case management system the San Diego company has provided in a pilot version. The troubled VCF project has been the subject of several critical reports and investigations by the Government Accountability Office, the Justice Department Inspector Generals Office, the National Science Foundation and Congress. http://www.gcn.com/vol1_no1/daily-updates/34962-1.html - - - - - - - - - - Plan Unveiled to Speed Cargo Processing A customs official says the use of wireless sensors inside shipping containers would increase security. U.S. Customs and Border Protection Commissioner Robert C. Bonner on Tuesday proposed a system of "smart" cargo containers that could deter terrorist attacks and speed the flow of goods into the U.S. The technology, which is undergoing field tests on vessels using busy shipping lanes between Singapore and Southern California, involves the use of wireless sensors inside cargo containers. The sensors would allow the containers to be monitored for signs of tampering. LA Times article, free registration required) http://www.latimes.com/technology/la-fi-customs2feb02,1,7675865.story - - - - - - - - - - Police places staff data in safe custody West Yorkshire Police has deployed a secure user data access system as it prepares to join a national police directory. The UK's fourth largest police force, which has about 10,000 staff using its systems, wanted to eliminate duplication when updating users' access rights. http://www.vnunet.com/news/1160972 - - - - - - - - - - E-Sponder keeps Super Bowl security in touch Super Bowl XXXIX in Jacksonville, Fla., may wind up being known as the Security Bowl. The Jacksonville Sheriff's Office is coordinating the security activities of 53 local, state and federal agencies, including the FBI, Coast Guard and U.S. Navy, for the Feb. 6 event through a Web-based collaboration system in place since Jan. 5 that was also used during a presidential debate and World Series games in St. Louis last year. http://www.usatoday.com/tech/news/2005-02-02-security-bowl_x.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.