NewsBits for April 26, 2005 ************************************************************ Hacker sentenced for damaging firms' computers A former Los Alamos National Laboratory computer specialist was sentenced to eight months in prison Monday for hacking into and damaging the computers of several high-tech companies, including San Jose online auction giant eBay. Jerome T. Heckenkamp, 25, of Santa Monica, pleaded guilty to two counts in January 2004 in the attacks, which took place before he joined the laboratory. http://www.mercurynews.com/mld/mercurynews/business/11491110.htm http://www.technewsworld.com/story/Specialist-Gets-Eight-Months-for-Hacking-116001HSPYJO.xhtml http://www.theinquirer.net/?article=22798 http://www.msnbc.msn.com/id/7640120/ http://www.usatoday.com/tech/news/computersecurity/hacking/2005-04-26-ebay-hacker-sentenced_x.htm - - - - - - - - - - Data protection charges for sale of police data Blackfriars Crown Court gave four men two-year conditional discharges last week over charges relating to their sale to the press of confidential data held by the police national computer on celebrities, according to reports. Two private investigators, John Boyall and Stephen Whittamore, civilian police worker Paul Marshall, and retired police officer Alan King, were involved in a conspiracy to sell details relating to actor Ricky Tomlinson, London Mayor Ken Livingstone and EastEnders actress Jessie Wallace. http://www.theregister.co.uk/2005/04/26/data_protection_charges/ - - - - - - - - - - Houston hospital says patient records compromised Officials at a Houston hospital said a stolen computer may contain medical records and Social Security numbers of hundreds of its patients. Christus St. Joseph Hospital has sent letters to about 16,000 patients, informing them of the possible security breach. The machine was one of two computers taken from Gateway File Systems earlier this year. Gateway was converting paper medical records to digital files. http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-04-26-hospital-data-theft_x.htm - - - - - - - - - - Child porn trafficker gets 12 year sentence William Hayes thought all along that the woman he was speaking to over the Internet and telephone the woman to whom he transported graphic child pornography via computer was 14. Instead, she was an FBI agent. A federal judge Monday sentenced Hayes, 57, to 12 years, 7 months in prison for distribution of child pornography. When arrested by federal authorities last year, Hayes was on probation for a misdemeanor sexual abuse charge stemming from an incident in which he fondled a 12-year-old girl. http://www.democratandchronicle.com/apps/pbcs.dll/article?AID=/20050426/NEWS01/504260331/1002/NEWS - - - - - - - - - - Child porn offender breaches house arrest A former teaching assistant at Upper Canada College who was convicted last year of possessing child pornography was detained on the weekend for breaching the terms of his house arrest. Ashley Chivers was a staff member at UCC, working with children as young as six, until his arrest almost two years ago on child-pornography charges. Police said that they found thousands of criminal images on his home computers. http://www.theglobeandmail.com/servlet/ArticleNews/TPStory/LAC/20050426/CHIVERS26/TPNational/Toronto - - - - - - - - - - CoP warns against downloading new films Chennai police Commissioner R Nataraj today warned that stern action would be taken against all those downloading recently-released Rajnikanth-starrer Chandramukhi from a web site. Chandramukhi starring Rajnikanth was released on Tamil New Year's day and has been drawing good crowds in theatres. There were several raids by the police personnel in the last one week during which several copies of the pirated versions CDs of the film were seized from various places in the city. http://newstodaynet.com/26apr/rf11.htm - - - - - - - - - - Web Server Attacks, Defacements Increase The Zone-H report concluded with the projection that the currently rising numbers will surely rise further, perhaps as high as 80,000 hacks every day, once third-generation VoIP phones enter the mainstream. http://www.newsfactor.com/story.xhtml?story_id=12300002GDKX - - - - - - - - - - Digital world forces copyright rethink Traditional copyright protection legislation cannot cope with the increasingly complex online world, delegates at the Les Blogs, Blogs and Social Software Conference at the Senat in Paris were told today. http://www.vnunet.com/news/1162714 - - - - - - - - - - China plans rules to curb online piracy China will soon enact new regulations aimed at curbing online piracy of copyrighted material that will hold Web sites responsible for stolen material, state media reported Wednesday. The ``Administrative Measures on Internet Copyright Protection'' are due by the end of April, the official Xinhua News Agency said, quoting Yan Xiaohong, deputy director of the National Copyright Administration. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11497492.htm - - - - - - - - - - Push for new money laundering pact fails Antonio Maria Costa, executive director of the UN Congress on Crime Prevention and Criminal Justice, claps as Executive Secretary of Congress Eduardo Vetere embraces Justice Minister Suwat Liptapanlop during the announcement of the Bangkok Declaration as the congress comes to a close. Antonio Maria Costa, secretary-general of the Congress, said while developing countries were still demanding that a new convention on money laundering and cyber crime be issued to deal with crimes of this specific nature, the developed countries had insisted that such a convention will only make redundant what they already have in place and will also interrupt the ongoing efforts among developed countries. http://www.bangkokpost.com/News/26Apr2005_news05.php Your Money Under More Scrutiny http://www.wired.com/news/privacy/0,1848,67249,00.html - - - - - - - - - - Illegal drug trade outsourced to India, too High-speed communication links combined with lower costs in comparison with the United States is what led to the outsourcing of jobs to India. This now appears to apply to crime, too. In what has been described as the biggest illegal bust involving Indians, a multimillion-dollar drug racket has been unearthed by US and Indian authorities. A year-long investigation by Indian and US authorities has revealed that narcotics and psychotropic tablets (pharmaceutical controlled substances as well as medicine) in huge bulk were illegally exported from India to the US through orders placed via Internet pharmacies, hundreds of which dot cyberspace. http://www.atimes.com/atimes/South_Asia/GD27Df04.html - - - - - - - - - - Insecurities over Indian outsourcing A case of bank fraud involving an India-based outsourcer has rekindled a debate about using overseas contractors for tasks involving sensitive data. Some say there's little risk, while others warn of serious hazards, including a threat to America's national sovereignty. In the incident, former call center employees of Mphasis are accused of taking part in a theft of $350,000 from U.S. consumers' bank accounts. http://news.zdnet.com/2100-9595_22-5685170.html Security worries hit offshore outsourcing Security and privacy concerns are becoming the biggest issue for companies considering outsourcing their IT projects to companies offshore. Analyst house Gartner said that this year concerns about job losses will be overshadowed by these security issues. Gartner research director Ian Marriott commented: "This will become the top issue for companies taking their work to other parts of the world." http://management.silicon.com/itdirector/0,39024673,39129859,00.htm Web services promise new security headaches http://www.vnunet.com/news/1162721 - - - - - - - - - - Email porn flooding into work computers While police investigators face the sober task of probing more than 300 employees accused of knowingly exchanging email porn, thousands of New Zealand businesses receive and store child pornography and other objectionable electronic material every day without realising it. "If everyone who is sent unsolicited child porn images or suddenly finds them stored on their computers called us about it, the phone would never stop ringing," says Martin Kleintjes, the e-crime national manager for the police. http://www.nzherald.co.nz/index.cfm?c_id=5&ObjectID=10122263 - - - - - - - - - - Online crime spirals out of control The increasing number of criminals using the internet means that companies will have to completely rethink security practices, according to security guru Bruce Schneier. Hacking activity has shifted over the past two or three years from being an amateur activity to one where organised crime has taken over. The two groups are very different and security officers will have to change tactics to deal with new threats. http://www.vnunet.com/news/1162703 - - - - - - - - - - Cybercrime Costs Billions But How to Report It? Cybercrime costs societies billions of dollars every year, but it is not easy for European citizens to report that their digital identity has been stolen, according to anti-virus software companies and police. Britain's National Hi-Tech Crime Unit (NHTCU) three weeks ago estimated the nation's cost of computer crime at $4.7 billion a year. Yet common computer break-ins such as hacking, phishing and identity theft must be reported to the local police. http://www.reuters.com/newsArticle.jhtml;j?type=internetNews&storyID=8295655 - - - - - - - - - - High tech crime fighting feted Computer crimes are like viruses - they infect many and quickly, mutating as technology grows ever more complex. In the Solano area, though, there's an antidote - "NC3TF." In layman's terms, that's the Northern California Computer Crimes Task Force, a Napa-based criminal justice outfit with a Redding bureau that celebrates its fifth birthday in June. http://www.timesheraldonline.com/Stories/0,1413,296~31531~2834995,00.html - - - - - - - - - - Most computer hacking an 'inside job' The vast majority of computer hacking is done by current and former employees, according to the Metropolitan Police. In a panel session at this year's InfoSecurity Europe conference, Detective Inspector Chris Simpson of the Metropolitan Police Computer Crime Unit told delegates that one of the first steps in any investigation is to check employee details. http://www.vnunet.com/news/1162718 - - - - - - - - - - Hackers plot more phishing, mobile viruses Mass-mailer viruses like Bagle, Netsky and Mydoom are so passe. Hackers in the know are now concentrating on devising mobile phone viruses, executing phishing scams and exploiting vulnerabilities, according to McAfee Inc. The antivirus vendor is set to release its quarterly report on Internet threats today, with an eye on the dangers that lie ahead. http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,101325,00.html - - - - - - - - - - 'Highly critical' flaw reported for Netscape software An unpatched flaw in some versions of the Netscape browser could let an attacker into vulnerable systems, security company Secunia has warned. The vulnerability is "highly critical," according to an advisory released by the Danish company late Tuesday. Version 6.2.3 and 7.2 of Netscape are affected and other versions may also be susceptible, the company said. http://news.zdnet.com/2100-1009_22-5685688.html - - - - - - - - - - Unpatched Machines Seen As Major Security Threat Hackers will keep cranking out exploits that take advantage of known software vulnerabilities because, although patches are available, a minority of machines are fixed, security vendor McAfee said Monday. In releasing its quarterly security analysis, McAfee's "AVERT" virus research team noted that exploited vulnerabilities are becoming a dominant threat to both consumers and enterprises. http://www.smallbizpipeline.com/showArticle.jhtml?articleID=161502553 - - - - - - - - - - Cybersecurity Monitoring Center Begins Pilot Project A cybersecurity monitoring organization that was set up two years ago as part of a private/ public partnership opened its operations center at the University of Pennsylvania last week and said it has launched a pilot project involving about 30 companies. The Cyber Incident Detection Data Analysis Center (CIDDAC) will install specially built sensor devices on the networks of participating companies. The sensors will automatically report attacks to CIDDAC, which will evaluate the intrusion data and pass it on to law enforcement agencies and the participating companies without identifying the one that was attacked. http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,101296,00.html - - - - - - - - - - Sheet could shelter Wi-Fi from eavesdroppers Wireless hackers in the United Kingdom could soon face a new obstacle to stealing information. The British government has endorsed a transparent film that can block Wi-Fi transmissions and other wireless signals from traveling through windows. The film, called SpyGuard, can be laminated or fitted inside windows to prevent remote eavesdroppers from penetrating rooms with infrared or Wi-Fi signals to steal information or access private networks. http://news.zdnet.com/2100-1009_22-5685431.html - - - - - - - - - - Trust in Online Banking: Hard to Earn, Easy to Lose The good news for banks courting online customers is that consumers have greater confidence in banking on the Web compared with visiting a branch. They also like the convenience and the privacy online banking offers. The bad news is that they can be fickle and unforgiving. http://www.computerworld.com/securitytopics/security/story/0,10801,101341,00.html - - - - - - - - - - Infosecurity showgoers place law above technology Information security isn't as much about technology anymore as it is about legislation and law enforcement. That was the view of some experts and attendees at the Infosecurity Europe show in London today, where technology vendors rubbed shoulders with law enforcement experts on the show floor. "Information security has turned into an arena for organized crime," said Stuart Okin, an associate partner at Accenture Ltd. http://www.computerworld.com/securitytopics/security/story/0,10801,101339,00.html - - - - - - - - - - Cybercrime: around-the-clock alert The new trends, threats and challenges faced by the international community in countering cybercrime, bridging the digital divide among nations and harmonizing of laws dealing with cybercrime were among the issues discussed at the concluding session of a workshop on Computer- Related Crime held today at the Eleventh United Nations Congress on Crime Prevention and Criminal Justice in Bangkok. The workshop was organized by the Korean Institute of Criminology. http://i-newswire.com/pr17057.html - - - - - - - - - - ISPs urged to bear security burden ISPs should be taking care of internet security and offering "clean" internet connections, according to security experts speaking at this year's InfoSecurity Europe event. Bruce Schneier, chief technical officer at Counterpane, maintained that ISPs should be the gatekeepers for security and be able to offer safe internet access, even if it comes at a price. http://www.vnunet.com/news/1162720 - - - - - - - - - - Collapse builds a new idea AUSTRALIA'S biggest corporate collapse helped spawn a multinational software business for the one-time policeman who investigated HIH's computer records. Former Australian Federal Police officer Graham Henley helped prepare the prosecution of disgraced HIH directors Rodney Adler and Ray Williams. They were sentenced to jail term last week for their role in the giant insurer's collapse. Mr Henley, a computer forensics expert, combed HIH's database, recovering deleted files to be presented as evidence. Now he has teamed with another former policeman, John Hunter, to develop a consumer version of the software they used to resurrect incriminating files. http://www.heraldsun.news.com.au/common/story_page/0,5478,15061642%255E664,00.html - - - - - - - - - - Apple in denial over security Apple has shrugged off security concerns about its latest MacOS version, named Tiger, proving that it's not only leopards that don't change their spots. Asked whether users could be assured that the OS was secure, product marketing manager Brian Croll said: "There are no absolutes in security but we have done our utmost to ensure that there are no security issues outstanding." http://www.techworld.com/security/news/index.cfm?NewsID=3558 - - - - - - - - - - Gates demos 'more secure' Windows Microsoft boss Bill Gates has demonstrated key features of the next Windows operating system, code-named Longhorn, at a developers' conference. The revamp is promised to be the biggest update to the operating system since Windows 95 launched in 1995. Longhorn, whose December 2006 release could still shift after previous delays, should offer users more security features, much richer graphics technology, and faster performance. http://news.bbc.co.uk/2/hi/technology/4484967.stm http://www.latimes.com/technology/la-fi-micro26apr26,1,7256116.story http://www.securityfocus.com/news/11005 Longhorn security technology scrapped http://www.techworld.com/security/news/index.cfm?NewsID=3553 Longhorn security gets its teeth kicked out http://www.vnunet.com/news/1162710 Microsoft reveals hardware security plans http://www.theregister.co.uk/2005/04/26/microsoft_hardware_security_plans/ Spamhaus hits out at ISPs, praises Microsoft http://news.zdnet.com/2100-1009_22-5685488.html - - - - - - - - - - SurfControl, Tenebril Make Anti-Spyware Splash It's becoming a bit crowded in the enterprise anti-spyware business. One week after Symantec Corp. hopped aboard the anti-spyware gravy train, two new companiesSurfControl plc. and Tenebril Inc.announced plans to jostle for elbow room in the burgeoning sector. http://www.eweek.com/article2/0,1759,1789602,00.asp - - - - - - - - - - Government regulation driving ID management New research by RSA Security shows that government regulation is increasingly driving companies to build proper identity management systems. Over three quarters of the IT directors questioned considered identity management as a priority, and 74 per cent said that government regulation was a driving factor. http://www.vnunet.com/news/1162697 'Who goes there?' - firms miss identity issue http://software.silicon.com/security/0,39024655,39129858,00.htm - - - - - - - - - - Feds Rethinking RFID Passport Following criticism from computer security professionals and civil libertarians about the privacy risks posed by new RFID passports the government plans to begin issuing, a State Department official said his office is reconsidering a privacy solution it rejected earlier that would help protect passport holders' data. http://www.wired.com/news/privacy/0,1848,67333,00.html ACLU seeks results of passport 'tag' test A civil liberties group is seeking the results of tests the government has conducted on computerized tags it plans to place on all U.S. passports, charging in a statement that officials have "inexplicably kept the details of this testing process secret." http://www.govexec.com/dailyfed/0405/042605h1.htm - - - - - - - - - - Schneier slates misuse of 'cyberterrorism' We should save 'terror' for the things that deserve it, not things that piss us off, says the security guru. Organisations are abusing the word "cyberterrorism" by using it to fuel their budgets, a security guru has claimed. Speaking at the Infosec conference in London on Tuesday, renowned author and cryptography expert Bruce Schneier called cyberterrorism a myth that has yet to become to a threat to human life. http://news.zdnet.co.uk/internet/security/0,39020375,39196324,00.htm http://news.zdnet.com/2100-1009_22-5685500.html - - - - - - - - - - Internet fraud is based on trust The Internet is entering into our lives and it seems not so exotic as it did in the past. It is a new tool for usual people and also for so-called virtual con artists. Namely, these con men use the global network that grants opportunities of anonymity to earn profits by means of virtual scams. http://www.crime-research.org/news/04.26.2005/1182/ - - - - - - - - - - Encryption: the key to secure data? Is there such a thing as totally secure encryption? And which technologies are commercially viable? For as long as modern computers have been around, they have been associated with encryption in one way or another. It is no coincidence that the first semi-programmable computer, Colossus, was developed to decrypt messages during the Second World War. http://www.computerweekly.com/articles/article.asp?liArticleID=138108 - - - - - - - - - - New career option: Ethical Hacking With the growth of the Internet, computer security has become a major concern for business houses, government organisations and individual users. Most of them, however, are constantly worried about the possibility of being hacked. There are plenty of individuals waiting to test and probe your organisation's security stance. These individuals range from government and corporate spies, to hackers, crackers, script kiddies, or those who write and release malicious code into the wild. http://economictimes.indiatimes.com/cms.dll/articleshow?msid=1088110 - - - - - - - - - - The facts about remote data recovery Losing data is an overwhelming situation. One minute, everything is working fine, and the next, everything is gone. Why did this happen? How did this happen? What are you going to do? The good news is that lost data can be recovered. Once users understand that all is not lost, they want to know how fast they can get their data back and return to normal operations. There are several options for recovery, including restoring from backup, sending the media/hard drive to a lab for engineers to work on in a clean room, or do-it-yourself software. Another option that isn't used as often is remote recovery. http://www.computerworld.com/securitytopics/security/story/0,10801,101218,00.html - - - - - - - - - - Ten Tips to Prevent Identity Theft How much information does someone really need to know in order to impersonate you to a 3rd-party? Your name? Birth date? Address? Armed with easily found information such as this, and maybe a couple other key pieces of information such as the high school you went to, your dogs name or your mothers maiden name, an individual might be able to access your existing accounts or establish new loans or credit in your name. http://www.it-observer.com/news.php?id=4979 - - - - - - - - - - Security for the Paranoid Paranoia is the key to success in the security world. Is it time to worry when other security professionals consider you too paranoid? Something strange happened to me recently: a friend told me I was too paranoid when it comes to security. It was strange because he was the third person to tell me that in a couple weeks. Sure, I expect most people to call me paranoid, but these were all colleagues in the security industry. Is it time to worry when security professionals consider you too paranoid? http://www.securityfocus.com/columnists/320 - - - - - - - - - - I Attended This Hacker Conference and All I Got Was All the Data on Your Hard Drive Its July in Las Vegas, and the relentless midday desert sun has already pushed the outside temperature into three digits. But here inside the Alexis Park Resort, its cool and dark. The bar is open, and the room is beginning to fill up. Its 1 p.m., the big game has just begun, and, as youd expect in the world epicenter for sports gambling, the room glows with the light from dozens of screens catching every nuance of the action. http://www.popsci.com/popsci/computers/article/0,20967,1047679,00.html Increasing Security with Limited User Accounts In Windows XP Home Edition, there are two basic types of local user accounts (in addition to the guest account): administrators and limited users. With XP Pro, things get a bit more complicated. Users can be placed into groups to control what they can and cant do, or Group Policy can be used to assign specific rights to individual users. http://www.windowsecurity.com/articles/Increasing-Security-Limited-User-Accounts-Restricted-Groups.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.