NewsBits for April 21, 2005 ************************************************************ Carnegie Mellon reports computer breach 5,000 warned personal data may have been accessed. Carnegie Mellon University is warning more than 5,000 students, employees and graduates that their Social Security numbers and other personal information may have been accessed during a breach of the school's computer network. http://www.msnbc.msn.com/id/7590506/ http://computerworld.com/securitytopics/security/story/0,10801,101230,00.html - - - - - - - - - - Peeping Tom Trojan suspect cuffed in Cyprus A 45-year-old man from Cyprus was arrested Monday on sexual harassment charges after allegedly hacking into a webcam in order to take illicit pictures of a young woman in her bedroom, the Cyprus Mail reports. The unnamed suspect, a computer technician from Nicosia, Cyprus, is alleged to have spied on the 17-year-old girl through her webcam after infecting her PC with an unspecified Trojan horse. http://www.theregister.co.uk/2005/04/21/peeping_tom_trojan_arrest/ - - - - - - - - - - Bank attack used key-loggers costing just PS20 PS220m theft attempt used battery-sized bugging devices. The hacker attack on Sumitomo Mitsui bank last month involved the use of keyboard logging devices costing as little as PS20 each, according to sources. Computing has learned that the attempt to steal an estimated PS220m from the London office of the Japanese bank relied on battery-sized hardware bugging devices plugged into PCs? USB ports. http://www.vnunet.com/news/1162595 - - - - - - - - - - 20 busted in e-pharmacy takedown Twenty people have been arrested as part of an international crackdown on the sale of prescription drugs online. The arrests - in the US, India, Asia, Europe and the Caribbean - formed part of a year-long investigation targeting e-traffickers who distributed drugs using "rogue" internet pharmacies. http://www.theregister.co.uk/2005/04/21/dea_drugs_bust/ http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,101247,00.html http://www.latimes.com/technology/la-na-drugs21apr21,1,4302396.story http://www.usdoj.gov/dea/pubs/pressrel/pr042005.html - - - - - - - - - - Toronto nurse pleads guilty to child porn charges A nurse who used to work with cancer patients at Toronto's Hospital for Sick Children has pleaded guilty to child pornography charges. Scott Faichne was given a nine-month conditional sentence Wednesday for possessing and sharing sexually explicit images involving children. Faichne has lost his job as a nurse at the hospital, as well as his volunteer positions with Boy Scouts and Air Cadets. http://www.cbc.ca/story/canada/national/2005/04/21/nurse-porn050421.html - - - - - - - - - - Doctor jailed over child-porn pictures A DOCTOR has been jailed for two years for downloading and distributing "disturbing pornographic pictures" of children. The father of two was working as a GP in Otley and Bradford when police searched his home computer and found 604 emails containing indecent images, with 184 at the higher end of the scale of severity. http://www.leedstoday.net/ViewArticle2.aspx?SectionID=39&ArticleID=1005653 - - - - - - - - - - Child porn blitz nets 28 suspects An operation that Greek police began in February, as part of an EU-wide crackdown on child pornography, led to 28 people being charged with distributing indecent images, many of which were also produced in the country, officers said yesterday. The recently formed electronic crimes squad of the Attica police wrapped up the operation, code-named Purity, on Tuesday after arresting nine Greeks red-handed and bringing charges against another 19. Seven of the suspects have been remanded in custody. http://www.ekathimerini.com/4dcgi/_w_articles_politics_100014_21/04/2005_55467 - - - - - - - - - - Teen charged with making child porn A teenager who tried to humiliate his ex-girlfriend on the Internet is facing some very serious charges. The 16-year-old boy was in a relationship with a 15- year-old girl for about a year. They broke up last October. Police say he got his hands on five nude pictures of her. Earlier this year, the boy was arrested and charged with Assault and Extortion relating to the girl. Not long after that, police say, he created a web page that was made to look like the girl made it herself. It included initmate details of her life, portrayed her as being promiscuous, and it included the five nude pictures. The boy is now charged with Personation with Intent, and three child pornography offenses. http://www.680news.com/news/local/article.jsp?content=20050421_093717_8108 - - - - - - - - - - Wood River student expelled for hacking into computer A case of "senioritis" took a turn for the worse after a former Wood River High School senior discovered how to excuse his absences. "A buddy of mine and I found a security hole," said Noah Brod, 18, of Hailey. The security hole enabled Brod, at the time a WRHS senior, along with four other WRHS students to crack the school's attendance system. http://www.mtexpress.com/index2.php?issue_date=04-20-2005&ID=2005102706 - - - - - - - - - - High-tech crime investigators tackle BigPond assault BigPond, Australia's largest Internet service provider (ISP), has asked the Australian High Tech Crime Centre to investigate recent attacks on its domain name server (DNS) system from Trojan-infested PCs. The Telstra-owned ISP has been temporarily disconnecting compromised computers from its network to stem a tide of bogus DNS requests swamping its servers and delaying customer e-mail and Web site requests. http://www.zdnet.com.au/news/security/0,2000061744,39188769,00.htm - - - - - - - - - - Man unearths MoD secrets at rubbish dump A Hampshire man has found sensitive Ministry of Defence plans on a laptop he was given at a rubbish dump. Martin Dunn, 31, was foraging for computer parts when a woman gave him a bag containing a laptop she was about to ditch, The Sun reports. A subsequent investigation of the PC revealed "70 top-secret files" giving details of contingency plans at Army and Navy bases about what do in the event of a terrorist attack. http://www.theregister.co.uk/2005/04/21/mod_laptop_probe/ - - - - - - - - - - NZ police under investigation for e-mail images Some 330 New Zealand police are under investigation after after auditors found sexually explicit e-mail images in their work accounts. Police Commissioner Rob Robinson said Thursday some of the officers caught may face criminal prosecution and possible dismissal as a result of an internal e-mail system audit by police staff. None of the e-mail images involved child pornography, Robinson said. http://news.findlaw.com/ap/o/51/04-21-2005/a88900097941af33.html - - - - - - - - - - Warez site riddled with mobile malware A search of sites hosting cracked versions of apps for Symbian phones has unearthed 52 "previously unidentified Trojans", according to New Zealand-based mobile anti-virus specialist Simworks. Other anti-virus experts reckon that the infected files found by Simworks are more properly described as repackaged versions of previously identified malware. http://www.theregister.co.uk/2005/04/21/simworks_trojan_alert/ Symbian Trojan concerns mount http://news.zdnet.co.uk/hardware/mobile/0,39020360,39195794,00.htm Sprint sees mobile device security neglect http://computerworld.com/securitytopics/security/story/0,10801,101265,00.html - - - - - - - - - - IRS security flaws may expose taxpayer, banking data The Internal Revenue Service is putting taxpayers at risk of identity theft or other unauthorized uses of their personal data because of computer security flaws, according to the Government Accountability Office. Even as IRS has fixed some security weaknesses, others have emerged, and the tax agency may not even know if data has been compromised. IRS has repaired 32 of 53 previously identified security weaknesses, but auditors uncovered 39 more during their review process, the GAO said in a report this week. http://www.gcn.com/vol1_no1/daily-updates/35579-1.html - - - - - - - - - - Army of zombies invades China CipherTrust reports 20 percent of new zombies are in China. China's rapid Internet growth has brought with it a somewhat disturbing side effect: multiplying zombies up to no good. Zombies, or Internet-connected computers infected by worms or viruses and under the control of a hacker, are used to launch denial of service (DoS) attacks, or send spam or phishing e-mails. http://www.infoworld.com/article/05/04/21/HNzombiesinvadechina_1.html http://computerworld.com/securitytopics/security/story/0,10801,101231,00.html - - - - - - - - - - Apple slapped for sloppy security response Buffer overflow flaw left open for three months Apple has released a security patch for a vulnerability in its iSync application bundled with the OS X operating system. But it took the vendor at least three months to release the fix. The iSync application allows users to synchronise data such as mp3 files, address book entries or calendar appointments between a PC and mobile devices such as iPods, mobile phones or PDAs. http://www.vnunet.com/news/1162618 http://www.theregister.co.uk/2005/04/21/apples_big_virus/ - - - - - - - - - - RealNetworks fixes 'highly critical' flaw RealNetworks has released a security patch aimed at plugging a flaw in its multimedia software that could allow hackers to run their own code on people's computers. The flaw, rated a "highly critical" risk by security company Secunia, affects most recent consumer versions of the RealPlayer media player software, for both Windows and Macintosh operating systems. Also at risk are some, but not the most recent, versions of the software for Linux. The flaw exists in some RealOne Player versions too, RealNetworks said. http://news.zdnet.com/2100-1009_22-5680040.html - - - - - - - - - - Online Hunting Firm Is Now the Quarry Lawmakers nationwide are targeting a website that allows computer users to fire at game roaming a Texas ranch. So far, John Lockwood has had only two customers for his new Internet-based business, yet lawmakers in California, 14 other states and Congress are moving to shut it down. http://news.com.com/Calif.+lawmakers+vote+to+ban+Internet+hunting/2100-1028_3-5680282.html http://www.latimes.com/technology/la-me-liveshot21apr21,1,1609803.story - - - - - - - - - - Soldier's Kin to Get Access to His E-Mails E-mail provider Yahoo! has pledged to give the family of a Marine killed in Iraq full access to their son's e-mail account, ending a court battle that began after his parents sought messages he wrote before his death. An Oakland County probate judge signed an order Wednesday directing Yahoo! Inc. to provide the contents of the e-mail account used by Lance Cpl. Justin M. Ellsworth, 20, who was killed Nov. 13 while inspecting a bomb in Al Anbar province. http://news.findlaw.com/ap/o/632/04-21-2005/a2f8000cf16978f4.html - - - - - - - - - - U.S. gets new cyberterrorism security center Its goal is to better protect critical private industries. A new private-sector cyberterrorism security center that aims to watch over much of the nation's critical business infrastructure with its own real-time cyberthreat-detection network opened here today at the University of Pennsylvania. http://computerworld.com/securitytopics/security/story/0,10801,101251,00.html http://www.nwfusion.com/news/2005/0420cyberattac.html - - - - - - - - - - Cybersecurity office bill gains steam The House subcommittee in charge of cybersecurity has approved a bill that would create a new cybersecurity czar. The House Homeland Security Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity on Wednesday voted unanimously in favor of H.R. 285, the Department of Homeland Security Cybersecurity Enhancement Act of 2005. http://www.fcw.com/article88649-04-21-05-Web - - - - - - - - - - Congress confuses file sharing with manslaughter Making a movie available electronically prior to its release can now result in a three year sentence, thanks to the Family Entertainment and Copyright Act approved Tuesday by the House. The Senate has already passed its own version, and the final bill is expected to be signed by the President. http://www.theregister.co.uk/2005/04/21/p2p_is_murder/ - - - - - - - - - - UK spam laws are failing to stop spammers According to anti-spam organisation Spamhaus, loopholes in UK law render legislation useless in the fight against spammers. The majority of spam originates from the US but there are a handful of hardcore UK-based spammers. Since the law came into force over a year ago no UK spammers have been fined or prosecuted. http://news.bbc.co.uk/2/hi/technology/4466053.stm - - - - - - - - - - Symantec wins piracy judgment Security specialist Symantec said Wednesday that it has been granted a $3.1 million default judgment in its California lawsuit against an accused software pirate. Under the terms of the ruling, handed down by the U.S. District Court for the Central District of California, the individual charged with running the piracy ring, identified by the court as Sam Jain, was found guilty of violating Symantec's intellectual- property rights by selling counterfeit versions of the company's products. Jain could not immediately be reached for comment. http://news.com.com/2110-7350_3-5677940.html - - - - - - - - - - Child-porn charges up, Statistics Canada says The number of child-pornography charges laid by officers in recent years has skyrocketed, a trend fuelled both by police departments' increased enforcement and criminals' use of ever-cheaper technology. In a new report on children as victims of violent crime, Statistics Canada said yesterday that charges relating to child porn increased eight-fold between 1998 and 2003. http://www.theglobeandmail.com/servlet/ArticleNews/TPStory/LAC/20050421/CRIME21/TPNational/ - - - - - - - - - - AOL Toughens Campaign Against Phishers America Online Inc. on Wednesday boosted its weaponry against phishers by starting around- the-clock searches for websites looking to fleece subscribers and joining forces with a security firm specializing in uncovering scam sites in the financial industry. The Dulles, Va. portal said its latest efforts launched a major campaign against phishing, which is the use of emails disguised as coming from banks or other companies to lure people to bogus sites that seek credit-card numbers, PINs, and passwords to online banking and other personal information. http://www.informationweek.com/story/showArticle.jhtml?articleID=161500021 - - - - - - - - - - Security guru wants access to bug databases Cambridge academic Ross Anderson argues that empirical analysis of software bug records will prove whether open source code is more secure than closed source, and show the true value of techniques like peer review and extreme programming. Security expert Ross Anderson has called for empirical research to be conducted into whether open source or closed source software is more secure, and into the impact that development practices such as extreme programming (XP) have on code quality. http://news.zdnet.co.uk/software/applications/0,39020384,39195801,00.htm - - - - - - - - - - Privacy watchdog warns job seekers to beware Would-be workers need to be more cautious with resume services and posting their personal information online. Online fraudsters and scammers are waiting. Online fraudsters are increasingly taking advantage of vulnerable job seekers by using online resumes to steal their identity, a privacy expert warned this week. http://www.securityfocus.com/news/10976 - - - - - - - - - - Cyberterrorism Who are cyber terrorists? From American point of view the most dangerous terrorist group is Al-Qaeda which is considered the first enemy for the US. According to US officials data from computers seized in Afganistan indicate that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure. http://www.crime-research.org/news/21.04.2005/1167/ - - - - - - - - - - Smile: you're under global surveillance A newly-published report warns that a global infrastructure of registration and surveillance is emerging through the efforts of groups such as the EU, G8 and ICAO. According to the report, which was produced by the American Civil Liberties Union (ACLU), Focus on the Global South, Friends Committee (US), International Civil Liberties Monitoring Group (Canada), and Statewatch, anti-terror and security measures being driven largely by the US are being used to roll back freedom, increase powers and exercise increasing control over individuals and populations. http://www.theregister.co.uk/2005/04/21/icam_surveillance_report/ - - - - - - - - - - U.S. will not be able to read high-tech foreign passports The United States will not be prepared to read high-tech passports of foreign visitors this fall, even if Congress does not extend the deadline for certain foreign countries to have the imbedded biometric technology. http://www.govexec.com/dailyfed/0405/042105tdpm1.htm - - - - - - - - - - Man Says He Won't Link XVI to XXX on Net An American who registered the Internet domain name BenedictXVI.com before the new pope was chosen said Wednesday that he had not decided what to do with it, but he ruled out pornography and doubted that he would accept an offer from a gambling site. (LA Times article, free registration required) http://www.latimes.com/technology/la-fg-popeweb21apr21,1,4134606.story - - - - - - - - - - Google enables users to view personal search histories Google Inc. is experimenting with a new feature that enables the users of its online search engine to see all of their past search requests and results, creating a computer peephole that could prove as embarrassing as it is helpful. Activating Google's ``My Search History'' service, unveiled Wednesday afternoon at http://labs.google.com, requires users to create a personal login with a password. Users of Google's e-mail, discussion groups and answer services can simply use their existing log-ins. http://www.mercurynews.com/mld/mercurynews/business/technology/11444325.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.