NewsBits for March 22, 2005 ************************************************************ Duo charged over DDoS hire for scam The FBI last week arrested a 17 year-old and a Michigan man over suspected involvement in a denial of service for hire racket. The duo allegedly orchestrated an October 2004 attack against a New Jersey company that sells sporting goods over the internet. Jersey-joe.com suffered the loss of "hundreds of thousands of dollars" of business as the result of the disruption caused by the attack, according to a statement by investigators. http://www.theregister.co.uk/2005/03/22/ddos_for_hire_plot_arrests/ - - - - - - - - - - U.S. charges four under 'spam' law Federal authorities say they managed to pierce the murky underworld of Internet spam e-mails, filing the first criminal charges under the government's new "can spam" legislation. Court documents in the landmark case in Detroit describe a nearly inscrutable puzzle of corporate identities, bank accounts and electronic storefronts in one alleged spam operation. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8543317.htm - - - - - - - - - - Woman found not guilty of electronic harassment A death penalty opponent who sent e-mails laced with obscenities and references to Adolf Hitler and Osama bin Laden to a pro-death-penalty Web site was not guilty of a crime, a judge ruled. Police charged Rachel L. Riffee with misdemeanor electronic harassment after they traced to her two e-mails and three Web site postings sent to a pro-death penalty site run by Frederick A. Romano, the brother of a murder victim. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11203041.htm - - - - - - - - - - Hackers Gain Access to Cal State Chico's Servers Hackers attacked computer servers at Cal State Chico and may have gained access to the personal information of 59,000 people affiliated with the school, a university spokesman said. The Northern California campus is alerting students, former students, prospective students and faculty that their personal information, including Social Security numbers, may have been compromised in the attack three weeks ago, spokesman Joe Wills said. http://www.latimes.com/technology/la-fi-rup22.8mar22,1,5317538.story http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11201604.htm http://software.silicon.com/security/0,39024655,39128877,00.htm http://www.msnbc.msn.com/id/7260406/ http://www.cnn.com/2005/TECH/internet/03/22/university.hackers.ap/index.html http://www.wired.com/news/business/0,1367,66974,00.html http://www.newsfactor.com/story.xhtml?story_title=CSU-Breach-Exposes--------to-Hackers&story_id=31601 http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-03-22-data-hack_x.htm - - - - - - - - - - FBI investigating high-tech attack by hacker on UNLV server A hacker has infiltrated a UNLV computer server containing records for thousands of international students. Computer analysts at University of Nevada, Las Vegas were conducting a routine security check on network activity when they found a hacker accessing the Student and Exchange Visitor Information System. http://www.krnv.com/Global/story.asp?s=3104436 - - - - - - - - - - Japan Declared A Cyberwar Against S. Korea South Korea issued a cyber terrorism warning Sunday for its overseas diplomatic missions after the Foreign Ministry's Internet website was attacked by a hacker. The Internet homepage of the Ministry of Foreign Affairs and Trade was down for hours on March 20, following an attack by a suspected Japanese hacker, a ministry official said, speaking on condition of anonymity. http://www.crime-research.org/news/22.03.2005/1067/ - - - - - - - - - - Utah enacts net porn law Utah's governor has defied criticism from technology firms and free speech activists to sign into law a bill designed to protect children from Internet pornography. The controversial bill will require ISPs to block access to websites deemed "harmful to minors" on request. This blacklist will be drawn up by the state's Attorney General. http://www.theregister.co.uk/2005/03/22/utah_filtering_law/ - - - - - - - - - - Worms still hitting businesses hard Survey: Despite increases in security spending, many companies are still having critical services disrupted by malware infections and other security breaches. Almost half of businesses have had a worm outbreak in the last year, despite increases in security spending on compliance efforts, according to a recent survey. http://news.zdnet.co.uk/internet/security/0,39020375,39192256,00.htm Cyber attacks on corporations are rising http://www.msnbc.msn.com/id/7257289/ The Perfect Worm http://slate.msn.com/id/2115118/ - - - - - - - - - - Apple 'fixes' iTunes hack Users no longer able to bypass copy protection Apple has modified its iTunes software to fix what it calls a "security hole" that allowed users to download music without the firm's proprietary copy protection system. Norwegian hacker Jon Lech Johansen (also known as DVD Jon), Travis Watkins and Cody Brocious recently released PyMusique, which allowed users to listen to iTunes downloads on media players other than the iPod. http://www.vnunet.com/news/1162093 http://news.zdnet.com/2100-1009_22-5629084.html http://news.zdnet.com/2100-9588_22-5630703.html http://www.theregister.co.uk/2005/03/22/apple_blocks_pymusique/ Apple patches Safari phishing flaw http://news.zdnet.co.uk/software/mac/0,39020393,39192254,00.htm Report: Hacker attacks on Macs rising http://www.msnbc.msn.com/id/7267986/ http://www.wired.com/news/mac/0,2125,66936,00.html http://www.usatoday.com/tech/products/software/2005-03-22-mac-hackers_x.htm - - - - - - - - - - Porn spammers enlist 'desperate housewives' Malware-infected sex sites masquerading as lonely hearts ads. Spammers are increasingly using emails purporting to come from 'desperate housewives', but recipients clicking on the links are likely to get more than they bargained for. The emails link directly to pornographic websites, where visitors run the risk of picking up a nasty dose of spyware. http://www.vnunet.com/news/1162092 http://www.theregister.co.uk/2005/03/22/lonely_heart_spam/ Sex, drugs and obfuscation http://www.vnunet.com/news/1162085 - - - - - - - - - - UK Officially The Most Hacked Country _Hellfire_ writes "Symantec's Internet Security Threat Report for the second half of 2004 says that the UK is leading the rest of the world with bot networks. The report states that "...25.2% [of bots] are located in the UK. That now puts the country ahead of the US (24.6%), China (7.8%), Canada (4.9%) and Spain (3.8%)". Symantec blames a sudden uptake of residential broadband connections without the awareness of the required security measures." http://it.slashdot.org/article.pl?sid=05/03/22/1411236 - - - - - - - - - - 'Bring crime fighting into the internet age' Criminals are using computers more than crowbars according to one parliamentary lobbying group which is demanding political parties in the UK amend the laws to reflect the changing face of crime in the 21st century. The European Information Society Group (EURIM) claims half of all crime in financial terms is committed using computers, either to plan, commit or process. http://software.silicon.com/security/0,39024655,39128918,00.htm - - - - - - - - - - FBI official, privacy advocate clash over PATRIOT Act Representatives from the FBI and the privacy community on Tuesday clashed over how provisions in a 2001 anti-terrorism law known as the USA PATRIOT Act are being used to access information. "We at the FBI do not want your secrets, unless of course you are a terrorist or a spy," Valerie Caproni, general counsel for the FBI, said at a conference sponsored by the American University National Security and Law Society. http://www.govexec.com/dailyfed/0305/032205tdpm1.htm - - - - - - - - - - Flaw found in Nortel's VPN client A security company has warned of a password flaw in Nortel's VPN software. A fix is planned. Networks company Nortel is returning to the drawing board today after a security researcher claimed to have found a vulnerability in its virtual private network (VPN) software. http://news.zdnet.co.uk/internet/security/0,39020375,39192402,00.htm - - - - - - - - - - Firefox add-on lets surfers tweak sites, but is it safe? A new Firefox extension that lets people customize their experience of the sites they visit is stirring excitement among Web surfers and consternation among security experts. http://news.zdnet.com/2100-1009_22-5631009.html - - - - - - - - - - Should you be worried about IM security? Malware that uses instant-messaging to spread is starting to make its way towards the mainstream. Should you be worried, and what can you do? When Jimmy Kuo gave his 13-year-old daughter permission to begin using America Online's AIM Express, he warned her that if she managed to download any viruses, the result would be no IM for a long, long time. http://insight.zdnet.co.uk/internet/security/0,39020457,39192271,00.htm Does IM stand for insecure messaging? http://news.zdnet.com/2100-1009_22-5629037.html Huge rise in IM backdoor attacks http://www.vnunet.com/news/1162084 - - - - - - - - - - IBM debuts spam assailant tool IBM has developed a new spam weapon--e-mail sorting technology that analyzes domain identity and then works to slow down computers responsible for sending unwanted messages. Unveiled Tuesday, the antispam technology is meant to take an aggressive swing at computers being used to deliver large volumes of unsolicited e-mail. http://news.zdnet.com/2100-1009_22-5629998.html http://money.cnn.com/2005/03/22/technology/ibm_spam/index.htm - - - - - - - - - - Linux riskier than Windows? Companies face greater risks if they run their Web sites on Linux rather than Windows, a Microsoft- funded study has concluded. Last year, Web servers based on Windows Server 2003 had fewer flaws to fix than those based on Red Hat Enterprise Linux ES 3 in a standard open-source configuration, researchers said in a paper released on Tuesday. http://news.zdnet.com/2100-1009_22-5630822.html - - - - - - - - - - Military Plays Its 'Smart' Card In spite of a reputation for being a technological laggard in some respects, the U.S. military is on the leading edge of one high-tech revolution: the use of smart cards. Unlike other photo identifications or conventional financial cards, smart cards have an embedded chip -- not a magnetic stripe -- that allows the cards to hold data such as health records or and even run applications such as public key encryption. http://www.technologyreview.com/articles/05/03/wo/wo_hoffman032205.asp - - - - - - - - - - Kevin Mitnick and the art of intrusion - Part 1 Between 1995 and 2000, Kevin Mitnick was in Federal prison in the US for his hacking exploits. It was a career that made the front page of newspapers across the globe, and frightened the US authorities so much that he was denied the use even of a telephone while he was behind bars, in case he somehow compromised national security. http://www.vnunet.com/features/1162086 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.