NewsBits for March 23, 2005 ************************************************************ Hacker Sentenced to Nearly Four Years A man who pleaded guilty to hacking into an Arkansas data company's computer system and stealing personal identification files was sentenced Wednesday to nearly four years in federal prison. Daniel J. Baas, 26, of suburban Milford, entered his plea in December 2003, after being indicted that August. http://www.washingtonpost.com/wp-dyn/articles/A61870-2005Mar23.html - - - - - - - - - - Woman Cleared in Mass Obscene E-Mailings A death penalty opponent who sent e-mails laced with obscenities and references to Adolf Hitler and Osama bin Laden to a pro-death-penalty Web site was not guilty of a crime, a judge ruled. Police charged Rachel L. Riffee with misdemeanor electronic harassment after they traced to her two e-mails and three Web site postings sent to a pro-death penalty site run by Frederick A. Romano, the brother of a murder victim. http://www.washingtonpost.com/wp-dyn/articles/A59151-2005Mar23.html - - - - - - - - - - Computers Stolen From Westlake Charter School Thieves broke into the New Academy of Science and Art in Westlake last weekend, making off with 10 computers from the fledgling charter school's office and new computer lab, officials said Tuesday. Principal Andres Versage said he discovered the burglary when he returned to the school Monday morning. Versage estimated the loss at $20,000. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-briefs23.2mar23,1,3429740.story - - - - - - - - - - South Korean swingers in net porn bust More than 150 South Korean swingers found themselves taking a short break from trans-marital rumpy-pumpy yesterday after police busted the owner and users of a wife-swapping website for alleged violation of pornography laws. The caged libertines are suspected of posting nude photographs of themselves on the "Bubu Plus" website - operated from the southern city of Pusan. It is alleged to have attracted 5,000 paying members purely by word of mouth, Reuters reports. http://www.theregister.co.uk/2005/03/23/korea_porn_bust/ - - - - - - - - - - Net Phone Firm Vonage Sued Over 911 Access Emergency services are not included in its basic plan. The carrier may settle the Texas suit. As two gunmen forced their way into her Houston home Feb. 2, Sosamma John yelled to her daughter, Joyce, to call the police. Joyce ran upstairs, grabbed the phone and dialed 911. Instead of getting a police dispatcher, the frantic teen got a recording telling her that 911 wasn't available from the family's phone. http://www.latimes.com/technology/la-fi-911calls23mar23,1,203499.story http://www.washingtonpost.com/wp-dyn/articles/A58598-2005Mar22.html http://www.cnn.com/2005/TECH/internet/03/23/internet.phones.911.ap/index.html http://www.technewsworld.com/story/41678.html Vonage expands UK service http://www.theregister.co.uk/2005/03/23/vonage_spreads_wings/ - - - - - - - - - - Beauty queen sues 59 over net sex romp Former Miss West Virginia Allison Williams is taking the big stick to 59 defendants for allegedly selling a fake sex video of her on the internet. The video - punted via websites showing the real Ms Williams in beauty queen regalia - claims to show the law school student engaged in sex acts in a news truck during a stint as a news reporter. http://www.theregister.co.uk/2005/03/23/beauty_queen_lawsuit/ - - - - - - - - - - Utah Internet Porn Law May Face Challenge Internet service providers that operate in Utah must offer customers a way to block porn sites under a law signed this week. ISPs complained that the law adds nothing to the fight against pornography, and said a legal challenge is likely. "The market has already responded to this issue," said Pete Ashdown, president of Salt Lake-based XMission. "We have for many years provided an optional filter for our customers that they can turn on in Internet browsers." http://www.washingtonpost.com/wp-dyn/articles/A61472-2005Mar23.html - - - - - - - - - - States consider laws to put ID theft on ice Credit bureaus warn 'security freezes' go too far High-profile data leaks at information warehouse companies such as ChoicePoint and Lexis-Nexis are keeping the U.S. postal service busy, with well over 1 million bad-news letters telling consumers they are now vulnerable to identity theft. http://www.msnbc.msn.com/id/7276133/ Hackers kidnapped 32,000 people http://www.crime-research.org/news/23.03.2005/1072/ ChoicePoint's Checks Under Fire http://www.wired.com/news/privacy/0,1848,66983,00.html ID theft is inescapable http://www.theregister.co.uk/2005/03/23/id_theft_cannot_be_escaped/ - - - - - - - - - - Apple settles with Tiger leaker Apple Computer has reached a settlement with one of the men it sued for online distribution of its unreleased Mac OS X Tiger operating system. Apple said on Wednesday that it has reached a settlement with 22-year-old Doug Steigerwald. It did not discuss the details of that settlement, though it does involve money being paid to Apple, according to Steigerwald. http://news.zdnet.com/2100-1040_22-5632119.html - - - - - - - - - - DVD Jon makes Apple crumble Less than 24 hours after Apple blocked software that disabled its iTunes digital rights management system, the author has struck back with redesigned code that works around the block. Norwegian hacker Jon Lech Johansen (also known as DVD Jon after breaking the DVD encryption code) had written an application called PyMusique that allowed Linux users to buy music from Apple and then play it on any music player. http://www.vnunet.com/news/1162112 iTunes Cracked Again http://www.newsfactor.com/story.xhtml?story_title=iTunes-Cracked-Again&story_id=31665 http://www.theregister.co.uk/2005/03/23/pymusique_unblocks_itunes/ - - - - - - - - - - Apple issues nine bug fixes... Apple this week posted security updates to fix nine security vulnerabilities in its Mac OS X operating system. Both client and server versions of the latest version of its software - Mac OS X v10.3.8 - need patching. First up there's two security bugs in the Apple Filing Protocol (AFP) that could create a means for attackers to either launch a denial of service attack or discover the contents of a drop box. http://www.securityfocus.com/news/10754 - - - - - - - - - - IM hacks way up in first quarter Hackers are increasingly using instant-messaging applications to fool users into installing malicious code and revealing personal information, according to security company Websense. The number of combined IM- and Web-based attacks increased by 300 percent in the first quarter, compared with the last quarter of 2004, Websense said. http://news.com.com/IM+hacks+way+up+in+first+quarter/2110-7349_3-5631691.html - - - - - - - - - - Adware dominates PC malware infections Adware rather than spyware is the most common problem code on PCs, according to a recent survey of infected PCs. http://www.vnunet.com/news/1162123 - - - - - - - - - - Symbian Trojan attacks anti-virus protection Malware authors have created a Trojan that targets Symbian smart phones and attempts to remove any anti-virus protection it finds. The Drever-C Trojan attacks mobile anti-virus packages from F-Secure, Kaspersky and Simworks running on Symbian devices. Targeting security protection is common in mainstream Windows PC malware but this is a recent innovation for mobile viruses. http://www.theregister.co.uk/2005/03/23/mobile_trojan_targets_av/ - - - - - - - - - - Cybercrime 'must be taken seriously' EURIM has said that crimes committed online need to be taken as seriously as they would be offline, in a call for an overhaul of laws relating to computer-related crime. Criminals are using computers more than crowbars according to one parliamentary lobbying group which is demanding political parties in the UK amend the laws to reflect the changing face of crime in the 21st century. http://news.zdnet.co.uk/internet/security/0,39020375,39192416,00.htm - - - - - - - - - - Bank customers 'becoming more phishing-savvy' The association that represents British banks is confident that consumers are becoming more clued-up about online fraud, which cost its members PS12m last year. The Association of Payment and Clearing Services (APACS) has claimed that banking customers are waking up to the threats of online fraud. http://news.zdnet.co.uk/internet/security/0,39020375,39192560,00.htm Banks told 'admit you have a fraud problem' http://software.silicon.com/security/0,39024655,39128977,00.htm - - - - - - - - - - Drive-by Trojans exploit browser flaws Analysis Trojans - malicious programs that pose as benign apps - are usurping network worms to become the greatest malware menace. Sixteen of the 50 most frequent malicious code sightings reported to Symantec in the second half of 2004 were Trojans. In the first six months of last year, Trojans accounted for just eight of the top 50 malicious code reports. http://www.theregister.co.uk/2005/03/23/symantec_threat_report/ - - - - - - - - - - Firefox security claims rubbished Mozilla's president has dismissed claims that more flaws will emerge in Firefox just because its market share is increasing. Even with increased popularity, the Firefox Web browser won't face as many security problems as Internet Explorer, according to the president of the Mozilla Foundation. http://news.zdnet.co.uk/internet/0,39020369,39192432,00.htm Firefox add-on lets surfers tweak sites, but is it safe? http://news.zdnet.com/2100-1009_22-5631009.html Mozilla fixes risky Firefox flaw http://news.zdnet.com/2100-1009_22-5632148.html - - - - - - - - - - Programs to keep your passwords safe Admit it: you use the same password for all Web sites. There's no use denying it. You really know better: someone could get hold of your password from an insecure site and use your identity to sell a nonexistent collection of antique garden gnomes on eBay, leaving you to face the furious buyer. http://www.msnbc.msn.com/id/7277781/ SHA-1 flaw seen as no risk to one-time password proposal http://computerworld.com/securitytopics/security/story/0,,100554,00.html - - - - - - - - - - Pentagon pursues compatible signatures Defense Department officials have issued more than 5 million smart cards with digital signature capabilities to identify employees and contractors. But incompatibility problems have forced them to consider an unusual step: requiring commercial desktop applications to be tailored to the Pentagon's unique identity management requirements. http://www.fcw.com/article88381-03-23-05-Web - - - - - - - - - - IBM takes aim at spam Update: Spammers could soon be thwarted by an anti-junk email tool developed by IBM. IBM joined the battle against spam on Tuesday when it launched FairUCE a software product it claims can stop eighty percent of junk email. http://news.zdnet.co.uk/internet/security/0,39020375,39192412,00.htm - - - - - - - - - - Best practice in IT security is crucial How many IT directors were last week asked by their chief executives, following reports of the PS220m attempted cybercrime raid on a Japanese bank in London: 'This couldn't happen to us. Could it?' There can be no underestimating the intent or scale of threat now posed by organised crime gangs looking to crack companies' electronic codes instead of their safe combinations. http://www.vnunet.com/comment/1162109 - - - - - - - - - - Evaluate risk before merging wired and wireless LANs Companies need to do their homework before merging the security and management of their wireless and wired networks, according to industry analysts. http://computerworld.com/securitytopics/security/story/0,,100557,00.html - - - - - - - - - - Defeating Honeypots: System Issues, Part 1 To learn about attack patterns and attacker behavior, the concept of electronic decoys or honeypots are often used. These look like regular network resources (computers, routers, switches, etc.) that are deployed to be probed, attacked, and compromised. http://www.securityfocus.com/infocus/1826 Honeynet: 1mn of compromised PCs http://www.crime-research.org/news/23.03.2005/1073/ - - - - - - - - - - ID cards here to stay The Identity Cards Bill will almost certainly be abandoned before the next election but its proposals are here to stay, according to an all-party group of MPs. Philip Virgo, secretary general of the European Information Society Group (Eurim) told vnunet.com that the levels of support from voters for a single digital identity was such that MPs would have to institute some form of ID system. http://www.vnunet.com/news/1162099 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.