NewsBits for March 9, 2005 ************************************************************ Data broker reports breach; 32,000 personal records vulnerable Using stolen passwords from legitimate customers, intruders accessed personal information on as many as 32,000 U.S. citizens in a database owned by the information broker LexisNexis, the company said. The announcement Wednesday comes on the heels of a series of similar high-profile breaches, the most serious affecting another large data broker, ChoicePoint Inc. in which scores of identities were stolen. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11090522.htm http://news.zdnet.com/2100-1009_22-5605736.html http://www.msnbc.msn.com/id/7139522/ http://www.cnn.com/2005/TECH/03/09/lexisnexis.stolen.profiles.reut/index.html http://www.wired.com/news/privacy/0,1848,66842,00.html http://www.newsfactor.com/story.xhtml?story_title=Lexis-Nexis-Breach-Signals-Bad-Security-Trend&story_id=31086 http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-03-09-lexis-nexis-breach_x.htm http://computerworld.com/securitytopics/security/privacy/story/0,10801,100287,00.html Reed subsidiary hack exposes 32,000 http://www.theregister.co.uk/2005/03/09/hackers_attack_reed/ ChoicePoint files found riddled with errors http://www.msnbc.msn.com/id/7118767/ GSA assessing charge card contractors security policies http://www.gcn.com/vol1_no1/daily-updates/35251-1.html - - - - - - - - - - Worldwide anti-piracy sweep nets three Three members of organised 'warez' groups have pleaded guilty to charges criminal copyright infringement as part of 'Operation Higher Education' The US Department of Justice said on Tuesday three men pleaded guilty to criminal copyright infringement, as part of what attorneys called the largest multinational Net piracy investigation to date. http://news.zdnet.co.uk/business/legal/0,39020651,39190639,00.htm http://www.theregister.co.uk/2005/03/09/fbi_piracy_probe/ - - - - - - - - - - 3 Plead Guilty to Copyright Charges Three men whom prosecutors dubbed the "Robin Hoods of cyberspace" pleaded guilty to putting copyrighted computer software on the Internet so that people around the world could make copies for free. All three said they made no money on the scheme and did it just for the sport of it. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-rup9.1mar09,1,3541176.story - - - - - - - - - - eBay fraudster faces possible jail A 17-year-old lad who admitted ripping off people by selling them non-existent goods via eBay could be jailed. Judge Roderick Denyer told the teenager at a hearing at Cardiff Crown Court yesterday: "I take an extremely serious view of defrauding on the eBay and it clearly raises the possibility of a custodial sentence." http://www.theregister.co.uk/2005/03/09/ebay_jail/ - - - - - - - - - - 13 computers stolen from grade school For the second time in less than a month, burglars broke into San Jose's Cureton Elementary School over the weekend, stealing 13 computers from classrooms and peace of mind from the whole student body. ``The children are feeling violated and sad,'' Principal Mary Young Williams said Monday. ``This is their home, an environment where they felt safe.'' http://www.mercurynews.com/mld/mercurynews/news/local/11079505.htm Burglarized school gets raft of support http://www.mercurynews.com/mld/mercurynews/news/local/11088465.htm - - - - - - - - - - S.J. man surrenders in child sex case A former Redwood City middle school teacher turned himself in Tuesday at the Santa Clara County Jail after police seized his home computer and allegedly found child pornography. David Joseph Welsh, who most recently taught at the North Star Academy, was charged with a misdemeanor of possessing child pornography and is being held in lieu of $150,000 bail. http://www.mercurynews.com/mld/mercurynews/news/local/11088448.htm - - - - - - - - - - Police: Man Raped 3-Year-Old For Internet Video A local man who went on the Internet and offered live video of himself having sex with a 3-year-old girl is behind bars, police say. Paul A. Kraft has been charged with two counts of rape and one count of pandering sexually oriented material involving a minor, News 5's Emily Longnecker reported. http://www.channelcincinnati.com/news/4267719/detail.html - - - - - - - - - - Local man connected to Internet fraud scheme A Hudson resident, formerly of Stow, is facing up to 20 years in jail and upwards of $250,000 in fines in connection with an Internet fraud scheme that netted him at least $400,000. Michael Deppe, 20, of 59 Bennett St., Hudson, was arrested in Florida Feb. 4 on charges of fraud. http://www.metrowestdailynews.com/localRegional/view.bg?articleid=92648 - - - - - - - - - - France puts a damper on flaw hunting Researchers who reverse-engineer software to discover programming flaws can no longer legally publish their findings in France, after a court fined a security expert on Tuesday. http://news.zdnet.com/2100-1009_22-5606306.html Net crimes and punishment http://news.com.com/Net+crimes+and+punishment/2009-7349_3-5604239.html - - - - - - - - - - Hacker takes 3 minutes to get your cash A NEW ZEALAND computer hacker has accessed the private bank accounts of dozens of unsuspecting Kiwis, showing how easy it is to break into our internet banking system. The hacker installed software in a Wellington internet cafe that allowed him to gather the user names and passwords of people banking online at the cafe. http://www.stuff.co.nz/stuff/sundaystartimes/0,2106,3208355a6005,00.html - - - - - - - - - - Virus Spread Through Cellphone Messages A new mobile-phone software virus started spreading this week via messages containing photos and sounds, the first of its kind and a threat to cellphones globally, data security firms said. The Commwarrior.A virus tries to replicate tself by sending multimedia messages to people on the phone's contacts list and tries to do the same via Bluetooth wireless connections with other devices, eventually draining the battery. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-rup9.4mar09,1,4720827.story IM malware threat skyrockets http://news.zdnet.co.uk/internet/security/0,39020375,39190781,00.htm http://www.vnunet.com/news/1161807 Exploit released for CA product vulnerability http://computerworld.com/securitytopics/security/story/0,10801,100284,00.html February virus activity report http://www.crime-research.org/news/09.03.2005/1016/ - - - - - - - - - - Federal Anti-Piracy Group Revamped U.S. Atty. Gen. Alberto R. Gonzales is reorganizing the Justice Department's nti-piracy efforts, naming Kyle Sampson as head of its Intellectual Property Task Force. Arif Alikhan, former chief of the cyber and intellectual property crimes section of the U.S. attorney's office in Los Angeles, was named vice chair and executive director. Alikhan, who will relocate to Washington, will be replaced by Assistant U.S. Atty. Elena Duarte. http://www.latimes.com/technology/la-fi-rup9.3mar09,1,4327610.story - - - - - - - - - - Hackers 'poison' search engine results Hackers are increasingly using websites rather than email attachments to spread malicious code, security watchers have warned. In its six-monthly Web Security Trends Report, Websense noted that online criminals may be subverting search engines in a bid to direct unwitting internet users to web pages containing malware. http://www.vnunet.com/news/1161790 - - - - - - - - - - Virus authors switch from havoc to profit The last quarter of 2004 was categorised by a distinct trend of virus writers moving away from merely trying to create disruptions to developing malicious code that could potentially generate revenue. http://www.vnunet.com/news/1161793 - - - - - - - - - - Summit on battle against e-crime Police and computer experts in Wales will join force for an event aimed at finding ways of tackling the growing problem of internet crime. They first e-crime conference in Wales is being held in Cardiff on Tuesday. From credit card fraud to identity theft, high-tech crime is increasingly affecting consumers, business and even government. http://news.bbc.co.uk/1/hi/wales/4245163.stm - - - - - - - - - - On EBay, E-Mail Phishers Find a Well-Stocked Pond Donald Jay Alofs got a call last fall at home asking if he had recently bought several thousand dollars worth of electronics. Mr. Alofs had not, and he had a good reason for not being on a spending spree: he was in the hospital at the time. http://www.nytimes.com/2005/03/07/technology/07ebay.html - - - - - - - - - - Banks must pay up for security Leader Internet banking is a cash cow, and one which cybercriminals are keen to milk. It's time that the financial sector got serious about authentication. The phenomenal rise of the Internet has created more than its fair share of fortunes, from day-traders and domain-name grabbers to dot-com pioneers and the engineers and coders who make the whole thing possible. But one of the biggest winners has been the banking sector. http://comment.zdnet.co.uk/0,39020505,39190646,00.htm - - - - - - - - - - DHS' Kelly casts wary eye toward national IDs The chief privacy officer for the Homeland Security Department is not a supporter of a national identification card. Im not a fan, Nuala OConnor Kelly said at a March 8 cybersecurity conference sponsored by GCN. We have huge issues with managing identification and getting identification right, Kelly added. http://www.gcn.com/vol1_no1/daily-updates/35252-1.html - - - - - - - - - - Passwords: How difficult can it be to get this right? Despite a welter of warnings in recent years it appears employees are still failing to engage their brains when it comes to the simplest of tasks managing their passwords effectively. Recent findings show a staggering 50 per cent of employees still write down their passwords while one-third of employees share their passwords. http://software.silicon.com/security/0,39024655,39128518,00.htm - - - - - - - - - - ID stolen? Call a privacy gumshoe. Every year, millions of Americans have their computers hacked or personal information compromised. Now, 21st-century Sam Spades can make your problems go away - for a price. http://www.csmonitor.com/2005/0309/p12s01-stin.html - - - - - - - - - - Curious business school applicants get costly lesson His decision came late at night, with his laptop propped in front of him in bed. Instructions on a Web site promised business school applicants like him an early online peek at whether they'd been accepted. Intrigued, he began typing. A minute later he'd accessed the Harvard Business School's admission site, though all he saw was a blank page. That split-second decision cost the 28-year-old New Yorker a chance to attend the school this year. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11087686.htm Stanford won't reject hackers http://www.mercurynews.com/mld/mercurynews/news/local/11088460.htm - - - - - - - - - - How to meet the SCADA security challenge Computerized process-control systems run some of the most critical infrastructures in the U.S., such as power utilities, water treatment plants, chemical plants and mass-transit systems. Until recently, little attention was given to securing these systems from a cybersecurity perspective. This is in large part because they were perceived as operating in a closed environment. However, this perception has led to a false sense of security, especially against a backdrop of increasing information security risks. http://computerworld.com/securitytopics/security/story/0,,100204,00.html - - - - - - - - - - Assessing the privacy risks of MP3 players A variety of technologies are designed to collect and use information about purchasers and end-users as part of normal functioning and operations. Such technologies include MP3 players, as these players can collect personal information and track user musical preferences. http://www.usatoday.com/tech/columnist/ericjsinrod/2005-03-09-sinrod_x.htm - - - - - - - - - - FBI ends faltering effort to overhaul software The Federal Bureau of Investigation declared an official end Tuesday to its floundering $170 million effort to overhaul its computer software and said it would take at least three and a half years to develop a new system. http://news.com.com/FBI+ends+faltering+effort+to+overhaul+software/2100-7350_3-5605713.html http://computerworld.com/governmenttopics/government/story/0,10801,100286,00.html - - - - - - - - - - We Need Spy Blogs An Army officer calls for better information gathering. It's an open secret that the US intelligence community has its own classified, highly secure Internet. Called Intelink, it's got portals, chat rooms, message boards, search engines, webmail, and tons of servers. It's pretty damn cool for four years ago. http://www.wired.com/wired/archive/13.03/view.html - - - - - - - - - - Rocky Road for 'Black Boxes' As James Fitzgerald wheeled his tractor-trailer down Interstate 40 near the Nashville International Airport last summer, little did he know that a small black box aboard the truck might later help clear him of homicide charges. His truck collided with a police car, killing an officer who had stopped to assist a disabled vehicle. Police alleged that Fitzgerald was traveling at least 80 mph at the time of the crash, and he was jailed on charges of vehicular homicide and aggravated assault. http://news.com.com/Rocky+road+for+car+black+boxes/2009-1041_3-5604449.html - - - - - - - - - - Tax collector employs technology to snare deadbeats Sam Byers heard a commotion outside his house, but by the time he got to the window his Ford Explorer was gone. City marshals, armed with a new tool that photographs auto license plates and instantly matches them against a tax scofflaw database, had towed Byers' car right out of his driveway. http://www.cnn.com/2005/TECH/03/09/enforcer.camera.ap/index.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.