NewsBits for April 14, 2005 ************************************************************ Data theft at Polo Ralph Lauren leaves thousands vulnerable Data apparently stolen from the popular clothing retailer Polo Ralph Lauren Corp. is forcing banks and credit card issuers to notify thousands of consumers that their credit-card information may have been exposed. HSBC North America, a division of London-based HSBC Holdings PLC, has begun notifying holders of the HSBC-issued, General Motors-branded MasterCard that criminals may have obtained access to their credit card information and that the cards should be replaced. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11393838.htm http://www.msnbc.msn.com/id/7501064/ http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-04-14-polo-data-theft_x.htm Some MasterCard holders exposed to data theft http://news.zdnet.com/2100-1009_22-5670509.html It's official: ChoicePoint, LexisNexis rooted many times http://www.theregister.co.uk/2005/04/14/privacy_invasion_is_good_for_you/ Taking a swipe at two-factor authentication http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1077406,00.html Scope of credit card security breach expands http://computerworld.com/securitytopics/security/story/0,10801,101101,00.html - - - - - - - - - - Danish court convicts eight in nation's largest software piracy case Eight men were convicted Thursday of making and selling illegal copies of copyrighted music, games and software worth 3.4 billion kroner ($585 million) in Denmark's largest computer piracy case. The group made about 1 million illegal copies abroad and sold them in Denmark on the Internet, the Copenhagen City Court said. The court did not specify in what country the illegal copies were made. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11394688.htm - - - - - - - - - - S.J. man guilty of trading in stolen electronics A federal jury convicted a San Jose man Wednesday of conspiracy in connection with a plot that shipped about $1 million worth of fraudulently obtained or stolen electronic parts from Mexico to a shell company he operated in the East Bay. Vinh Quang ``Vincent'' Duong was convicted following a five day trial in Oakland. http://www.siliconvalley.com/mld/siliconvalley/news/local/11394626.htm - - - - - - - - - - Worm attack forces Reuters IM offline Reuters has shut down its instant messaging system after suffering an onslaught from anew Kelvir worm, the company confirmed Thursday. The London-based international media company decided to take its Reuters Messaging system completely offline after noticing the attack on its network earlier on Thursday, a Reuters representative said. http://news.zdnet.com/2100-1009_22-5671139.html - - - - - - - - - - A crackdown on online porn in world's most wired country The world's most wired country is raiding cyberspace's red-light district in a campaign pitting Confucian morals against modern technology. Since January, the main prosecutor's office in Seoul has issued arrest warrants for about 100 people charged with spreading obscene material under South Korea's telecommunications law, a crime carrying penalties of up to a year in jail or a nearly $10,000 fine. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11394681.htm - - - - - - - - - - Congress primed to require disclosure of data thefts Responding to outrage from consumers whose personal information has been stolen from companies, Congress is primed to pass new laws to try to prevent break-ins and to require businesses to confess to customers when private data is taken. The government's new interest in requiring such embarrassing disclosures reverses years of efforts by the FBI and U.S. prosecutors to shield corporations that have been victims of hackers from bad publicity by keeping such crimes out of headlines. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11396297.htm - - - - - - - - - - DHS set for failing FISMA grade again The Homeland Security Department likely will earn its third "F" in a row this fiscal year for compliance with the Federal Information Security Management Act, outgoing CIO Steven I. Cooper said today. Testifying before the House Homeland Security Subcommittee on Management, Integration and Oversight, Cooper predicted that in 2006, DHS' FISMA grade would finally improve to a B. "We might sneak in at a D- [this year]," Cooper said. "We are moving up in every category." http://www.gcn.com/vol1_no1/daily-updates/35548-1.html - - - - - - - - - - Spamming the Wrong Message Last week, many netizens cheered when Jeremy Jaynes, the eighth-ranked spammer in the world, was sentenced to nine years in prison. Jaynes, who also went by the name Gaven Stubberfield, was famous for pushing "zoo" porn and operating various spam scams. He fired off millions of e-mail messages, clogging ISP servers and inboxes with various come-ons while amassing a fortune estimated at about $24 million. But that's not why he's going to jail. A Loudoun County, Virginia, jury found him guilty of three counts of forging e-mail headers. http://www.wired.com/news/culture/0,1284,67213,00.html - - - - - - - - - - British banks to provide extra Web security Major British banks are set to agree on a physical security device for all U.K. online customers to use. This move to two-factor authentication could make customers more secure when banking online. Such systems use a physical security device that generates a password to be used only once. http://news.zdnet.com/2100-1009_22-5671175.html Banks nearing agreement on Web security http://news.zdnet.co.uk/0,39020330,39195067,00.htm - - - - - - - - - - CIO Council drops out of controversial cybersecurity forum The federal Chief Information Officers Council formally withdrew its support Thursday for the Chief Information Security Officers Exchange, a controversial public-private forum that drew criticism for its model of charging technology firms to participate in policy-related discussions with federal officials. http://www.govexec.com/dailyfed/0405/041405p1.htm - - - - - - - - - - IAC willing to host security forum The Industry Advisory Council board voted unanimously April 13 to create a forum for public and private sector chief information security officers (CISOs) if the CIO Council requests it. "We'd be willing to help," said Bob Woods, IAC chairman. "We'd like something in terms of a request, or at least a get- together to figure out how to do this." http://www.fcw.com/article88591-04-14-05-Web - - - - - - - - - - Spam and phishing According to recent study conducted by the Pew Internet and American Life Project, email users get more spam, but the harmful impact of unsolicited messages is diminishing for them. More than a third of email users have gotten phishing solicitations. More than a year after the CAN-SPAM Act became law, email users say they are receiving slightly more spam in their inboxes than before, but they are minding it less. http://www.crime-research.org/news/14.04.2005/1147/ - - - - - - - - - - Hackers harness popularity of blogging Blogs used to harbour malicious code. Cyber- criminals are now taking advantage of blog site to snare unsuspecting victims. It warned webblogs are being used to harbour malicious code such as Trojans and keystroke loggers warned security firm Websense. The company, which said it had uncovered hundreds of bogus blog sites, said blogging was an attractive vehicle for hackers for several reasons. http://www.vnunet.com/news/1162470 http://www.theregister.co.uk/2005/04/14/toxic_blogs/ - - - - - - - - - - Putting teeth into U.S. cybercrime policy It wasn't so long ago that interest in the topic of online crime was limited to a small circle of technologists. Nowadays, senior government officials talk about it as a potential national security threat. That's where Paul Kurtz comes in. As the executive director of the Cyber Security Industry Alliance, a consortium of CEOs pressing for more-effective cybersecurity legislation, Kurtz is hoping to make sure any new regulations carry real weight. And since the 41-year-old Kurtz's resume includes a stint on the White House's National Security Council, as well as a period as senior director for national security at the Office of Cyberspace Security, it's a good bet that he'll find an audience willing to hear him out. http://news.com.com/Putting+teeth+into+U.S.+cybercrime+policy/2008-7348_3-5670019.html - - - - - - - - - - Prying eyes are everywhere But with an $80 piece of software intended to track what his son was doing on the Internet, the 36-year-old Phoenix real estate investor uncovered some information about what his wife now his ex-wife was doing online as well. http://www.usatoday.com/tech/news/2005-04-13-spyware_x.htm - - - - - - - - - - Study finds Chinese Internet filters sophisticated The Chinese government has become increasingly sophisticated at controlling the Internet, taking a multilayered approach that contributes to precision in blocking political dissent, a report released Thursday finds. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11393833.htm http://www.wired.com/news/privacy/0,1848,67221,00.html - - - - - - - - - - Privacy groups assail future passport technology Will the wireless chip in next-generation passports act as a beacon identifying Americans to terrorists or are privacy fears overblown? Privacy advocates took the U.S. government to task on Wednesday for the government's plans to add a wireless chips to next-generation passports. http://www.securityfocus.com/news/10908 - - - - - - - - - - High-tech ID planned for government workers As part of the Bush administration's effort to tighten security at federal facilities, millions of federal employees and contractors will later this year start receiving ID badges with chips storing information such as digital fingerprints. The ``smart card'' IDs will have security features designed to keep outsiders from breaking into federal buildings or computer systems. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11392744.htm Liberty Alliance releases ID spec guidelines http://news.zdnet.co.uk/internet/webservices/0,39020378,39195071,00.htm - - - - - - - - - - Clarke calls for ID cards after imagining huge poison terror ring Analysis Yesterday's conviction of Kamel Bourgass for terrorism offences prompted some spectacular spin from the security services, an al-Qaeda ricin feeding frenzy in this morning's press and - of course - claims from Home Secretary Charles Clarke that the case highlighted the need for ID cards. The snag is that there was no ricin, the security forces' case for an al-Qaeda link had been discredited in an earlier court case last week, and a further eight individuals claimed as co-conspirators were cleared or had charges against them dropped. http://www.theregister.co.uk/2005/04/14/wood_green_ricin_case/ Labour promises 'voluntary' compulsory ID card http://www.theregister.co.uk/2005/04/14/labour_2005_manifesto/ - - - - - - - - - - Vatican on lookout for eavesdroppers From bugs to lasers to cell phones, the Vatican is on alert for high-tech eavesdropping ahead of Monday's opening conclave to elect a new pope to lead the Roman Catholic Church. Vatican observers say the church's security force is expected to repeatedly sweep the Vatican grounds for bugs and other gadgets before and during the secret meeting of the College of Cardinals. http://www.cnn.com/2005/TECH/04/14/pope.spying/index.html - - - - - - - - - - Introduction to Spyware Keyloggers Spyware is a categorical term given to applications and software that log information about a user's online habits and report back to the software's creators. The effects of these programs range from unwanted pop-up ads and browser hijacking to more dangerous security breaches, which include the theft of personal information, keystroke logging, changing dialup ISP numbers to expensive toll numbers, and installing backdoors on a system that leave it open for hackers. http://www.securityfocus.com/infocus/1829 - - - - - - - - - - Human firewalls are a must, says Mitnick There is no point spending millions on security if employees can be persuaded to divulge log-in details, says the infamous hacker, who has plenty of examples of just how pointless it can be. Companies can better protect their confidential information by creating an incident response department to deal with suspicious queries, says infamous ex-hacker Kevin Mitnick. http://news.zdnet.co.uk/business/management/0,39020654,39195060,00.htm Kevin Mitnick and the art of intrusion - Part 2 http://www.vnunet.com/features/1162443 - - - - - - - - - - Identity theft: Attack the right issue Identity theft is the new crime of the information age. A criminal collects enough personal data on someone to impersonate a victim to banks, credit card companies and other financial institutions. Then he racks up debt in the person's name, collects the cash and disappears. The victim is left holding the bag. While some of the losses are absorbed by financial institutions --credit card companies in particular--the credit-rating damage is borne by the victim. It can take years for the victim to clear his name. http://news.zdnet.com/2100-9588_22-5471346.html - - - - - - - - - - Surveillance Works Both Ways Surveilling the surveillers. It's an idea that Number 6, the nameless hero of the classic British TV show The Prisoner, would have loved. In an attempt to establish equity in the world of surveillance, participants at the Computers, Freedom and Privacy conference in Seattle this week took to the streets to ferret out surveillance cameras and turn the tables on offensive eyes taking their picture. http://www.wired.com/news/privacy/0,1848,67216,00.html - - - - - - - - - - Bush fears his personal e-mail would be made public President Bush said Thursday that he does not send e-mail, not even to his twin daughters, because he fears "my personal stuff" would be made public. "There has got to be a certain sense of privacy," he told the American Society of Newspaper Editors. Bush volunteered his aversion to e-mail during a discussion on whether his administration is sufficiently responsive to requests made under the Freedom of Information Act. http://news.com.com/Bush+fears+his+personal+e-mail+would+be+made+public/2100-1028_3-5671409.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.