NewsBits for March 8, 2005 ************************************************************ Man sentenced to 5 1/2 years in ChoicePoint ID theft A Nigerian national who used personal information from ChoicePoint and other companies to commit identity theft against thousands of people was sentenced to 5 1/2 years in federal prison. Besides his term, Adedayo Benson, 38, was ordered Monday to pay nearly $155,000 in restitution to 10 financial institutions. http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-03-08-choicepoint-conviction_x.htm ChoicePoint files found riddled with errors http://www.msnbc.msn.com/id/7118767/ - - - - - - - - - - Three plead guilty in distribution of pirated software Three men prosecutors dubbed the ``Robin Hoods of cyberspace'' pleaded guilty Tuesday to putting copyrighted computer games, movies and software on the Internet so that people around the world could make copies for free. All three said they made no money on the scheme, and did it just for the sport of it. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11083682.htm http://www.msnbc.msn.com/id/7128957/ http://www.usatoday.com/tech/news/2005-03-08-software-piracy_x.htm - - - - - - - - - - U.S. charges four under 'spam' law Federal authorities say they managed to pierce the murky underworld of Internet spam e-mails, filing the first criminal charges under the government's new "can spam" legislation. Court documents in the landmark case in Detroit describe a nearly inscrutable puzzle of corporate identities, bank accounts and electronic storefronts in one alleged spam operation. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8543317.htm - - - - - - - - - - Student Nailed for Sharing An Arizona college student is believed to be the first person in the country to be convicted of a crime under state laws for illegally downloading music and movies from the internet, prosecutors and activists say. University of Arizona student Parvin Dhaliwal pleaded guilty to possession of counterfeit marks, or unauthorized copies of intellectual property. http://www.wired.com/news/business/0,1367,66827,00.html http://www.usatoday.com/tech/news/techpolicy/2005-03-07-az-teen-downloader-convicted_x.htm http://www.theregister.co.uk/2005/03/08/arizona_p2p_boy/ - - - - - - - - - - Student in High School zombie terror threat An 18-year-old US student is today behind bars after police uncovered his plot to raise a zombie army and attack his high school. The wannabe Papa Doc Duvalier's chilling plan was uncovered after the youth's grandparents discovered his written proposal for the outrage in Winchester, Kentucky, lex18.com reports. http://www.theregister.co.uk/2005/03/08/high_school_zombie_threat/ - - - - - - - - - - Atop chief accused of selling stolen AMD chips AMD has accused the chairman of Atop, a Taiwanese electronics firm, of masterminding the theft and re-sale of 60,000 dud chips earlier this year, according to police sources cited by local media. http://www.theregister.co.uk/2005/03/08/amd_accuses_atop_chief/ - - - - - - - - - - Shoe chain says customer data stolen The company discovered the theft of credit card and personal shopping information on Friday and reported it to federal authorities, said Julie Davis, general counsel for the chain's parent, Retail Ventures Inc. The Secret Service is investigating, she said. http://www.msnbc.msn.com/id/7132665/ - - - - - - - - - - ISP sues Dutch gov for snooping costs An Internet Service Provider is suing the Dutch government to recover the costs of making its network accessible to law enforcement. Under Dutch law ISPs are entitled to claim for the administrative cost of each individual wiretap, but not for the cost of equipment which makes such snooping possible. http://www.theregister.co.uk/2005/03/08/isp_sues_police/ - - - - - - - - - - Harvard rejects applicants who peeked into admissions computer Harvard Business School will reject 119 applicants who followed a hacker's instructions and peeked into the school's admission site to see if they had been accepted, the school's dean said. ``This behavior is unethical at best -- a serious breach of trust that cannot be countered by rationalization,'' Kim Clark said in a statement Monday. ``Any applicant found to have done so will not be admitted to this school.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11082291.htm http://www.securityfocus.com/news/10634 - - - - - - - - - - MMS virus discovered The first mobile phone virus capable of replicating via MMS messages has been discovered. Commwarrior-A, which targets Symbian Series 60 phones, is not spreading, but its ability to propagate via Multimedia Messaging Service messages (MMS) worries some experts. To date. Phone viruses have spread over Bluetooth - so they are only capable of affecting nearby phones. http://www.theregister.co.uk/2005/03/08/mms_virus/5 http://money.cnn.com/2005/03/08/technology/personaltech/mobile_virus.reut/index.htm Mobile phone virus could go global in minutes http://www.vnunet.com/news/1161760 Design flaw limits spread of MMS mobile virus http://www.vnunet.com/news/1161787 Trojan gets the cell phone message http://news.zdnet.com/2100-1009_22-5602919.html - - - - - - - - - - Second virus targets MSN Messenger users Spammers on the look out for new recruits? Security watchers have warned that the Kelvir.B worm has begun spreading around the world, dropping a payload in the form of another worm, known as Spybot, on infected PCs. http://www.vnunet.com/news/1161784 http://news.zdnet.com/2100-1009_22-5604060.html Virus writers start new flame war A newly discovered worm has begun spreading in the wild, sparking what security experts warn could be another slanging match between rival virus writers. The Fatso.A worm (also known as Crog and Sumom) spreads via MSN Messenger by sending an instant message with a URL that, when clicked, causes the PC to download the virus. It also spreads as a file on eMule peer-to-peer systems. http://www.vnunet.com/news/1161781 MSN Messenger used for viral gang warfare http://news.zdnet.co.uk/internet/security/0,39020375,39190554,00.htm - - - - - - - - - - Virus authors form unholy alliance Bagle, Zafi and Netsky coders thought to be working together. The authors of the Bagle, Zafi and Netsky viruses have joined forces in an unholy alliance that aims to spread cyber-terror, security experts have claimed. The warning comes from virus analysts at Kaspersky Lab investigating the recent Bagle outbreak and suggest that the authors of Bagle, Zafi and Netsky are "working hand in hand with each other". http://www.vnunet.com/news/1161786 - - - - - - - - - - FTC Urged to Probe Music Sites he Federal Trade Commission is being asked to investigate websites that claim to offer legal music downloads for a low price but actually sell popular software that is available free elsewhere on the Internet and is commonly used to steal songs. Such websites typically charge $30 to $40 and prominently advertise services as "100% legal." Some sites include smaller print warnings that downloading songs without permission violates copyrights and encourage customers to learn more about copyright law at the Library of Congress. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-download8mar08,1,7266594.story - - - - - - - - - - Compliance legislation 'making fraud easier' Vastly increasing the amount of business information stored could be making life easier for fraudsters, according to analysts. The complex and copious amounts of data being stored on corporate networks post-Sarbanes- Oxley may actually be creating greater opportunities for fraud even though the law was a reaction to the huge corporate frauds which rocked Enron and WorldCom. http://news.zdnet.co.uk/business/legal/0,39020651,39190561,00.htm - - - - - - - - - - Nuclear cyber security debate hots up Two companies that make digital systems for nuclear power plants have come out against a government proposal that would attach cyber security standards to plant safety systems. http://www.theregister.co.uk/2005/03/08/nuclear_cyber_security/ - - - - - - - - - - BBC probes Net leak of 'Doctor Who' episode The BBC has launched an inquiry into how a new episode of cult British TV sci-fi series "Doctor Who" has been leaked on the Internet, the network said Tuesday. The classic program, which has been off air since 1989, will make a much-anticipated return to the small screen later this month with Christopher Eccleston starring as the time-traveling hero. Former pop star Billie Piper will play his sidekick. http://news.zdnet.com/2100-9588_22-5603791.html http://www.theregister.co.uk/2005/03/08/drwho_hits_internet/ - - - - - - - - - - Phishers using DNS servers to lure victims? Online thieves looking for personal data may be moving to more active measures by redirecting people from legitimate sites to malicious ones, security experts said this week. http://news.zdnet.com/2100-1009_22-5604555.html - - - - - - - - - - DNS cache poisoning bugs hits Symantec shops Crackers are using a security vulnerability in Symantec's enterprise products to redirect surfers to websites hosting malicious code. The main vector of the DNS cache poisoning attack, detected by the SANS Institute's Internet Storm Centre on 4 March, has been traced back to a vulnerability affecting Symantec firewalls with DNS caching. http://www.theregister.co.uk/2005/03/08/dns_malware_attack/ - - - - - - - - - - Internet paedophile cases increase by 700pc THE scale of Yorkshire's Internet paedophilia problem is exposed by police statistics which show prosecutions have spiralled by up to 700 per cent in only two years. Nationally prosecutions involving downloading obscene images of children or swapping them with other people quadrupled between 2001 and 2003. http://www.yorkshiretoday.co.uk/ViewArticle2.aspx?SectionID=55&ArticleID=963798 - - - - - - - - - - UK card fraud hits PS505m the banking industry hopes that losses in future will be contained by schemes such as Chip and PIN. UK losses to credit card fraud soared last year to PS504m, up 20 per cent on 2003, according to the annual report by banking organisation APACS. http://www.theregister.co.uk/2005/03/08/apacs_fraud_2004/ - - - - - - - - - - Cybercrime in Russia on the rise The number of computer crimes committed via the Internet in Russia increased to 13 thousands in 2004, said Boris Miroshnikov, Chief Officer of the Bureau of Special Technical Measures of the Ministry of the Internal Affairs of Russia. He added at the briefing at the Ministry of Information and Communiacation on Thursday. http://www.crime-research.org/news/08.03.2005/1014/ - - - - - - - - - - Microsoft takes security patch hiatus Microsoft issued on Tuesday an update to its threat removal tool and announced plans to forgo this month's installment of its regularly scheduled patch release cycle. The software giant, which previously noted it would skip the March patch day, will nonetheless offer its regular monthly technical Webcast on security issues Wednesday. http://news.zdnet.com/2100-1009_22-5604988.html Denial-of-service glitch could threaten Windows http://news.zdnet.com/2100-1009_22-5604579.html Windows DoS flaw made public http://news.zdnet.co.uk/internet/security/0,39020375,39190559,00.htm - - - - - - - - - - Group studies infrastructure security The Institute for Information Infrastructure Protection, a consortium of two dozen cybersecurity organizations charged with coordinating a national research and development program, last week began a $8.5 million, two-year research program for securing computer-based systems that control critical infrastructures, such as dams. http://www.fcw.com/fcw/articles/2005/0307/web-scada-03-08-05.asp - - - - - - - - - - PC clock as a fingerprint for your PC Anyone is able to track and id a PC anywhere on the Internet by using its PC clock deviation as a fingerprint. Clock deviation is what a computer thinks the time is as compared to other time-keeping with which it is interfacing. And when measured against other quantifiable processes when the computer is connected to the Internet, it can apparently provide a reliable fingerprint, unique and allowing it to be tracked throughout the Internet. http://www.aunty-spam.com/index.php - - - - - - - - - - Premier 100: Confessions of a corporate spy Ira Winkler offers chilling accounts of espionage A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with product plans and specifications worth billions of dollars. http://computerworld.com/securitytopics/security/story/0,10801,100252,00.html - - - - - - - - - - WEP: Dead Again, Part 2 In part one we examined the latest generation of passive WEP cracking tools that use statistical or brute force techniques to recover WEP encryption keys from captured wireless network traffic. This time, in the second and final article, we take a look at active tools that use 802.11 transmissions to attack WEP networks. http://www.securityfocus.com/infocus/1824 - - - - - - - - - - Kazaa Oz lawsuit wows the crowd The Earth is flat, the Moon landing never happened, the world will end next week and Ashlee Simpson is one of the great recording artists of her generation. It's funny how misinformation can enter the marketplace and get reported as the truth. It's also funny how the misinformation gets reported so widely. http://www.theregister.co.uk/2005/03/08/kazaa_australia_lawsuit/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.