NewsBits for April 8, 2005 ************************************************************ Judge imposes nine-year prison term on spammer A North Carolina man convicted in the nation's first felony prosecution for spamming was sentenced Friday to nine years in prison, but the judge postponed the sentence while the case is appealed. A jury had recommended the nine-year prison term after convicting Jeremy Jaynes of pumping out at least 10 million e-mails a day with the help of 16 high-speed lines, the kind of Internet capacity a 1,000-employee company would need. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11345981.htm http://www.channelregister.co.uk/2005/04/08/spammer_faces_slammer/ http://www.msnbc.msn.com/id/7432555/ http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/index.html http://www.wired.com/news/politics/0,1283,67172,00.html http://www.newsfactor.com/story.xhtml?story_id=32576 http://www.usatoday.com/tech/news/2005-04-08-spam-sentence_x.htm - - - - - - - - - - Indian police make arrests in outsourcing fraud Police have arrested former employees of an Indian call center that handles U.S. customer accounts for allegedly stealing consumers' funds. The suspected gang members arrested by police in Pune included three ex-workers of Mphasis BPO. Police said the employees allegedly stole customers' personal account information and transferred around $350,000 to fake accounts in Pune. Sanjay Jadhav, the assistant commissioner of police, said about $23,000 (1 million Indian rupees) of the fraud money has already been recovered. The call center workers left their jobs last December. http://news.zdnet.com/2100-9595_22-5660274.html http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,100900,00.html - - - - - - - - - - 185,000 medical group patients warned of security breach In one of the largest cases of stolen medical and financial information nationwide, San Jose Medical Group is alerting 185,000 current and former patients that their sensitive personal data may have been on computers taken during a recent break-in. http://www.siliconvalley.com/mld/siliconvalley/news/local/11345727.htm http://news.zdnet.com/2100-1009_22-5660514.html http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2005/04/09/BABADIGEST3.DTL http://www.msnbc.msn.com/id/7434532/ http://computerworld.com/securitytopics/security/privacy/story/0,10801,100961,00.html They can't steal data that you don't have http://computerworld.com/hardwaretopics/storage/story/0,10801,100717,00.html - - - - - - - - - - Cybercriminals nabbed by the police Police are stepping up the war on cybercrime with two arrests in the past week in opposite corners of Europe. An Eastern European man and a UK man both felt the long arm of law after allegedly committing separate, unrelated crimes. Police in Estonia have arrested a 24-year-old man suspected of creating and distributing a Trojan which enabled him to steal data and commit identity theft against the owners of compromised machines. http://management.silicon.com/government/0,39024677,39129386,00.htm - - - - - - - - - - Further adjournment in 'DEC hacking' case A 17 May hearing is due to set a trial date for an east London man accused of attempting to hack into the Disasters Emergency Committee (DEC) website. Daniel James Cuthbert, 28, of Whitechapel, east London, was charged on 10 February with a single offence under Section One of the Computer Misuse Act. He was accused of attempting to gain "unauthorised access" on 31 December to the site of the organisation co-ordinating fundraising efforts for victims of the Asian tsunami disaster. Cuthbert denies the charge. http://www.securityfocus.com/news/10846 - - - - - - - - - - U.S. Indicts 6 Companies in School Project The Justice Department accuses the electronics firms of bilking the federal program that helps students gain Internet access. Six electronics companies and five individuals were indicted Thursday on charges of defrauding a federal program that gives money to help poor schools and libraries connect to the Internet. http://www.msnbc.msn.com/id/7432882/ http://news.zdnet.com/2100-9595_22-5660433.html http://www.latimes.com/technology/la-fi-erate8apr08,1,2207543.story - - - - - - - - - - Grand National extortion attacks 'unlikely' Police are confident that gambling Web sites will be safe from cybercriminals threatening to disrupt betting on the Grand National. The massive bandwidth extortion attacks that crippled online gambling sites last year are unlikely to be repeated ahead of this year's Grand National horse race, which takes place on Saturday, industry experts predicted on Friday. http://news.zdnet.co.uk/internet/security/0,39020375,39194300,00.htm - - - - - - - - - - Digital Piracy's Reluctant Star Don't bet on Hollywood making a biopic anytime soon about Johnny Ray Gasca, the "prince of piracy" who was arrested Tuesday in a Kissimmee, Fla., hotel room chock full of recording devices and DVDs. No doubt a film (starring reel-world pirate Johnny Depp?) would quickly spread the word that authorities are serious about cracking down on movie piracy. And the bold fashion in which Gasca allegedly ripped off Hollywood studios authorities say he kept a diary that detailed his exploits offers a compelling story line. But Gasca's tale contains plenty of embarrassing material, including how easily he schmoozed his way into screenings and exploited gaping holes in studio security. (LA Times article, free registration required) http://www.latimes.com/technology/la-ed-pirate8apr08,1,6521470.story - - - - - - - - - - WTO Rules for, Against U.S. on Web Gambling The United States can keep some restrictions on Internet gambling, a World Trade Organization appeals panel said Thursday, but it also concluded that some U.S. legislation discriminated against foreign operators. Both sides the Caribbean nation of Antigua and Barbuda versus the U.S. claimed victory in the dispute over whether Washington should drop prohibitions on Americans placing bets in online casinos. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-gamble8apr08,1,365664.story U.S. Limits on Internet Gambling Are Backed http://www.nytimes.com/2005/04/08/technology/08internet.html Britain to set up commission to regulate Internet gambling http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11347228.htm - - - - - - - - - - Phoney Microsoft mail causes concern A phoney email purporting to come from Microsoft is installing Trojan software on computers around the world. The mail was sent out by spammers and asks the reader to install a Microsoft update. It has a link to a realistic looking Microsoft update page but the file installed, named Wupdate-20050401.exe, turns control of the PC over to the spammer. http://www.vnunet.com/news/1162369 http://news.zdnet.com/2100-1009_22-5660042.html Trojan leaps from bogus Windows Update site Hackers set up a fake Microsoft security update website in order to dupe unsuspecting Windows users into visiting a site riddled with malicious code. The bogus site, hosted in Canada, is currently down but security experts warn it would be easy for virus writers to repeat the trick. http://www.channelregister.co.uk/2005/04/08/fake_windows_update_ruse/ http://www.vnunet.com/news/1162369 http://computerworld.com/securitytopics/security/virus/story/0,10801,100954,00.html - - - - - - - - - - DNS attacks attempt to mislead consumers Employees at more than 500 companies have fallen victim to domain attacks in the last month, underscoring the increasing popularity of the tactic among Internet fraudsters, security experts said this week. The attacks aim to redirect consumers to potentially malicious web servers by changing the records used to convert domain names to numerical addresses. Known as domain-name system (DNS) cache poisoning, the decade-old technique has been repurposed as another way for online fraudsters to install aggressive advertising software, or adware, on victims' computers and edirect people to pay-per-click Web sites. http://www.channelregister.co.uk/2005/04/08/dns_attacks_attempt_to_mislead_consumers/ - - - - - - - - - - Eight patches lined up for MS April patch batch Microsoft is due to publish critical updates for Office and MSN Messenger when it delivers its next batch of security updates next Tuesday (12 April). Five patches addressing flaws in Windows and an update for Microsoft Exchange will also feature in Microsoft's plans to deliver a total of eight patches next week. http://www.channelregister.co.uk/2005/04/08/ms_april_patch_preview/ http://news.zdnet.co.uk/internet/security/0,39020375,39194302,00.htm http://computerworld.com/securitytopics/security/holes/story/0,10801,100942,00.html Deep security needs top-level thought http://comment.zdnet.co.uk/0,39020505,39194301,00.htm - - - - - - - - - - Virus attacks up 50% in 2004: study Computer virus incidents grew 50 per cent in 2004 even in the absence of a major new attack, a US security survey claims. The survey by Cybertrust's ICSA Labs found that the frequency of attacks and costs to businesses affected by those attacks increased again for the 10th consecutive year. http://www.smh.com.au/news/Breaking/Virus-attacks-up-50-in-2004-study/2005/04/06/1112489523034.html - - - - - - - - - - Software Chases Down Child Pornographers The FBI has seen a 2,000 percent increase in the number of child pornography images on the Internet since 1996 and Canadian police estimate that more than 100,000 Web sites contain images of child sexual abuse. Experts say at least 95 percent of victims are abused by someone they know, either a relative or neighbor. http://www.newsfactor.com/story.xhtml?story_id=32549 http://www.usatoday.com/tech/news/surveillance/2005-04-08-software-police-aid_x.htm - - - - - - - - - - eBay cybercrime chief tells UK to wise-up Howard Schmidt, the former cybersecurity adviser to the White House, has warned that there aren't enough trained police officers in the world to tackle cybercrime effectively. Schmidt, now the chief security strategist at auction site eBay, told delegates at the e-Crime Congress in London on Wednesday that the issue needs to be addressed as high-tech law-breaking becomes more widespread. http://software.silicon.com/security/0,39024655,39129358,00.htm - - - - - - - - - - Check Point to switch on wireless security Check Point Software Technologies is expected to announce on Monday that it will begin selling wireless security appliances, as it looks beyond the tethered firewall and VPN market. Check Point will debut its VPN-1 Edge W series, which are versions of its existing virtual private network- firewall security devices tailored to wireless connections. The move comes as corporate demand grows for such features and as competitors deliver their own wireless security lines. http://news.zdnet.com/2100-1009_22-5660767.html - - - - - - - - - - Absolute Security is a Myth No operating system is completely immune to security threats, and that includes Apple's OS X. Giving people the impression that their choice in operating systems makes them invulnerable to security threats is a very, very bad idea. http://www.securityfocus.com/columnists/313 - - - - - - - - - - Cyber Alert: crime hits the net Cyber Alert sets out to explain how 'traditional' organised crime is waking up to the huge criminal potential of cyber space and how software manufactures and police are responding, after years of paying the issue insufficient attention. Authors Peter Warren and Michael Streeter use the 260 page book to put a different aspects of cyber crime - ranging from the genesis of offences such as phone phreaking to the rise of botnets - under the microscope. http://www.channelregister.co.uk/2005/04/10/cyber_alert_review/ - - - - - - - - - - Raising alarms about 911 over Net phones Time is running out for fast-growing Net phone providers to fully support 911 emergency services, a key but costly public safety feature that few now provide. In recent weeks, Texas Attorney General Greg Abbott sued Vonage, a pioneer in voice over Internet Protocol to force it to be more open about its 911 deficiencies in the wake of a shooting in Houston. In Canada, meanwhile, officials this week ordered fixed-line VoIP companies to establish viable 911 service support within 90 days-- or shut down. http://news.zdnet.com/2100-1035_22-5660540.html - - - - - - - - - - Underencrypted and Overexposed A girlfriend of mine suffered a sex-tech tragedy earlier this year: Her portable hard drive was stolen from her bag when an airline lost her luggage for three days. The external drive contained pictures, e-mails and IM logs saved from the start of her relationship with a lover -- everything they sent to each other over the course of a year. For some couples, that might not be such a big deal, especially if you live together like this couple usually does. http://www.wired.com/news/culture/0,1284,67159,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.