NewsBits for March 10, 2005 ************************************************************ Zen worker arrested over suspected CC theft An employee at UK ISP Zen Internet has been arrested for allegedly misusing credit cards details obtained from work. It's understood that the suspect bought accounts for an online gaming service using stolen credit card details before reselling the gaming packages on eBay. http://www.theregister.co.uk/2005/03/10/zen_police/ - - - - - - - - - - DSW data theft likely to affect hundreds of thousands More than 100,000 customers of a shoe-store chain likely have been affected by a cyber break-in of the company's database, the Secret Service said Thursday. DSW Shoe Warehouse discovered the theft of credit card and personal shopping information last Friday and reported it to federal authorities, the company said. Corporate parent Retail Ventures (RVI) announced the theft Tuesday. http://www.usatoday.com/tech/news/2005-03-10-dsw-theft_x.htm - - - - - - - - - - ID Thieves Tap Files at 2nd Big Data Firm LexisNexis discloses that information on more than 30,000 Americans was breached. Congress plans to begin hearings today on such problems. Identity thieves have struck again, using stolen passwords to tap personal data on more than 30,000 Americans kept by information broker LexisNexis, the company said Wednesday. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-lexis10mar10,1,2795061.story - - - - - - - - - - Hackers cracked bank account of President's husband Hackers tried to transfer money from the personal account of the husband of the President of Latvia Vaira Vike-Freiberga and were caught red-handed. Criminals hacked into PC of the President's husband and obtained access to his personal bank accounts. http://www.crime-research.org/news/10.03.2005/1028/ - - - - - - - - - - Taiwan police seize suspect AMD, fake STM chips Taiwan police raided the premises of Atop Electronics on 8 March, seizing 75,000 'suspect' AMD CPU and 25,000 fake STMicroelectronics flash memory chips, local paper the Liberty Times reports, via Digitimes. The AMD CPUs are worth NT$600m ($19.4m) and the ST chips are worth NT$200m ($6.45m). http://www.theregister.co.uk/2005/03/10/taiwan_police_seize_suspect_amd_chips/ - - - - - - - - - - Feds probe mysterious credit card charges Federal authorities have opened an investigation into a rash of mysterious $30 and $40 charges appearing on consumer credit cards around the country, MSNBC.com has learned. The charges are for the purchase of DVDs and CDs from a company named "Pluto Data Ltd." Thousands of complaints about the charges have appeared on a Web site devoted to the mystery, with consumers saying they've never heard of the company. http://www.msnbc.msn.com/id/7150531/ - - - - - - - - - - French security researcher fined A French court has ruled that security researcher Guillaume Tena acted unlawfully in publishing proof of concept code to highlight security flaws in ViGuard, an antivirus product, from French company Tegam. Tena was given a suspended fine of ?5,000 ($6,700 or PS3,480) in a case that could have big implications for security research in France. http://www.theregister.co.uk/2005/03/10/tegam_verdict/ - - - - - - - - - - Internet payment company sold customer data An Internet payment company has agreed to return the money it earned from selling a list of nearly 1 million customers to telemarketers and junk mailers without permission, federal regulators said Thursday. Utah-based CartManager International sold the names, addresses, phone numbers and purchase history of consumers who used its "shopping cart" software to make purchases on thousands of Web sites, the Federal Trade Commission said. http://www.msnbc.msn.com/id/7149890/ - - - - - - - - - - Revised Spyware Bill Moves Ahead A key committee in the U.S. House of Representatives unanimously approved anti- spyware legislation Wednesday that includes revisions designed to make the bill more palatable to business interests. HR29, the Securely Protect Yourself Against Cyber Trespass Act, or Spy Act, is sponsored by Rep. Mary Bono (R-California). http://www.wired.com/news/politics/0,1283,66848,00.html - - - - - - - - - - Credit card flaws fuel online fraud bonanza Today's credit cards are vulnerable to online fraud because of fundamental design flaws, industry experts warned today. According to Forrester Research, the provision of all security and other functionality on a single physical card makes it intrinsically unsafe. http://www.vnunet.com/news/1161835 Congress edges toward new privacy rules http://news.zdnet.com/2100-1009_22-5609324.html Senator predicts 'overdue' changes to privacy http://news.zdnet.com/2100-1009_22-5608455.html ChoicePoint data loss may be higher than reported http://news.zdnet.com/2100-1009_22-5609253.html FTC chief calls for ChoicePoint regulation http://www.msnbc.msn.com/id/7152421/ http://www.wired.com/news/privacy/0,1848,66863,00.html LexisNexis Breach Fuels Data Security Worries http://www.newsfactor.com/story.xhtml?story_title=LexisNexis-Breach-Fuels-Data-Security-Worries&story_id=31131 - - - - - - - - - - British banks in talks to fight ID theft Major British banks may soon tighten their security in a bid to protect customers from identity theft. RSA Security has been in discussions with all of the major U.K. banks about providing them with better security for their customers, the company said on Thursday. Although U.K. banks have been slow to take up increased security measures, RSA said they are now close to acting on identity theft. http://news.zdnet.com/2100-1009_22-5608885.html UK banks in talks to tighten security http://news.zdnet.co.uk/business/0,39020645,39190817,00.htm - - - - - - - - - - Code to drill CA holes found on Web? A security group has discovered exploit code that could enable attackers to take advantage of flaws in Computer Associates International's licensing software. eEye Digital Security said Thursday that exploit code for the buffer overflow vulnerabilities has been published on the Web by the Hat-Squad Security Group, a band of computer security enthusiasts. http://news.zdnet.com/2100-1009_22-5608578.html - - - - - - - - - - UK firms haemorrhaging data to drive-by hackers The explosion of wireless networks is leaving global businesses wide open to 'drive-by hacking' and other security risks, experts have warned. According to research released today, more than a third of businesses worldwide with wireless networks are open to abuse from hackers and criminals in the street or a neighbouring building. http://www.vnunet.com/news/1161837 - - - - - - - - - - Cell phones to get virus protection Germany--Antivirus company Kaspersky Lab is preparing to release antivirus software for smart phones that use the Symbian operating system. Cell phone viruses are still relatively rare, but Kaspersky's move into mobile antivirus software shows it expects more to break out in the future. http://news.zdnet.com/2100-1009_22-5608794.html Authors of Bagle, Zafi and Netsky working together http://www.crime-research.org/news/10.03.2005/1029/ Virus writers wreak havoc by the hour http://news.zdnet.co.uk/internet/security/0,39020375,39190822,00.htm Global virus epidemics run out of steam http://www.vnunet.com/news/1161826 - - - - - - - - - - Deleted computer files never truly gone What you dont know can hurt you, especially when it comes to deleting computer files. A recent court- martial here involved an Airman who was convicted for possessing child pornography on his home computer. The Airman thought he was covering his tracks by deleting the incriminating computer files from his computer. He even tried to erase the information from the hard drive, said 96th Air Base Wing legal officials. http://www.af.mil/news/story.asp?storyID=123009998 - - - - - - - - - - A "breakthrough" in hacking Windows Dejan Levaja, certain security expert, in his posting to BugTraq archive at Security Focus, noted that Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are vulnerable to "LAND attack". This attack is sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition. http://www.crime-research.org/news/10.03.2005/1027/ - - - - - - - - - - Infection Vectors It's time to pick your favorite virus. The other day I was browsing through the top virus threats for February and March 2005, looking at the assorted nastiness, when a funny thought occurred to me: is it possible to pick a favorite virus (or virus family)? http://www.securityfocus.com/columnists/306 It's time to pick your favourite virus http://www.theregister.co.uk/2005/03/10/time_to_pick_your_favourite_virus/ - - - - - - - - - - Click Fraud: Problem and Paranoia Last week, I served on the "Click Fraud: Problem or Paranoia" panel at the Search Engine Strategies conference in New York. At one point, Jessie Stricchiola, one of my fellow panelists, tried to gauge the extent of the problem by asking the 80 people in attendance to raise their hands if they had ever been victims of "click fraud." About half of the audience members, most of them small businesses owners, raised their hands. http://www.wired.com/news/culture/0,1284,66845,00.html - - - - - - - - - - AT&T's Eslambolchi on software code, SOAs, security He foresees software security problems of 'biblical proportions'. AT&T's top IT leader, Hossein Eslambolchi, this week warned of security problems of "biblical proportions" unless more is done to improve the quality of software code. To help accomplish that, he is working to improve the education of software engineers under a new program at the University of California. http://computerworld.com/securitytopics/security/story/0,10801,100309,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.