NewsBits for April 29, 2005
************************************************************
Florida Uni on brown alert after hack attack
Students and staff at Florida International
University (FIU) were warned they are at risk
of identity fraud this week after techies
discovered hackers had broken into college
systems. A file found on a compromised
computer showed that an unknown hacker
had access to the username and password
for 165 computers at the University,
sparking a major security alert.
http://www.theregister.co.uk/2005/04/29/fiu_id_fraud_alert/
- - - - - - - - - -
LSU dean arrested on child porn charges
LSU's associate dean of students has been arrested
and charged with possession of child pornography.
A worker reported finding a picture of three nude
boys on the printer in 60-year-old James C. Welles'
campus office. Major Ricky Adams of LSU Police says
all four of Welles' office computers had numerous
amounts of child pornography on them. LSU has
placed Welles on administrative leave with pay.
http://www.katc.com/Global/story.asp?S=3277425&nav=EyAzZFZ3
- - - - - - - - - -
Porn on school's computer sparks Internet alarm
A Dartmouth couple wants the school board
to further restrict Internet use in schools
after their 10-year-old son was exposed to
gay porn on a classroom computer. Julian
Maughan, a Grade 4 student at Southdale-North
Woodside Elementary, was told by a substitute
teacher to do schoolwork on a computer with
two other boys during class on April 15,
his mom, Lynn Maughan, said in an interview
Wednesday afternoon. He was pressured by
the two boys to go to the website, she said.
http://www.halifaxherald.com/stories/2005/04/28/f247.raw.html
- - - - - - - - - -
China's anti-hacking alliance regrouped
The "Red Hacker Alliance," the largest
and earliest hacking legion in China,
was regrouped recently after a short
break. The alliance, attracting 20,000
hackers, once ranked the fifth in the
world in terms of the number of its
members. Its Web site, set up at the
end of 2000, had nearly 80,000
registered members at its peak.
http://news.xinhuanet.com/english/2005-04/26/content_2879866.htm
- - - - - - - - - -
Porn-surfing Norwegians awarded $40k
We are seriously considering relocating
the entire Vulture Central editorial staff
to occasionally-sunny Norway after learning
thattwo workers sacked for hunting net smut
at work have been awarded 250,000 Kroner
($40,000) a head for unfair dismissal,
Aftenposten Norway reports.
http://www.theregister.co.uk/2005/04/29/norwegian_compensation_claim/
- - - - - - - - - -
Mass. Bill Targets Online Buzz Marketers
A Democratic state representative in Massachusetts
is introducing a bill aimed at shielding children
from so-called buzz marketing. The lawmaker,
Michael E. Festa of Melrose, calls for children
under 16 to obtain their parents' permission
to participate in online "word-of-mouth" sales
campaigns.
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=161601966
- - - - - - - - - -
State Bill to Limit RFID
While civil libertarians battle the federal
government's decision to embed RFID chips
in new U.S. passports, a California bill is
moving swiftly through the state legislature
that would make it illegal for state agencies
and other bodies to use the technology in
state identification documents.
http://www.wired.com/news/privacy/0,1848,67382,00.html
State Department official defends passport efforts
http://www.govexec.com/dailyfed/0405/042905tdpm1.htm
- - - - - - - - - -
Release of child witness photo brings no major breaks in case
highly unusual step of releasing the photo of
a young girl described as a material witness
in an international child-pornography case
did not produce any major breaks in the
first 24 hours, police in Florida say.
http://www.theglobeandmail.com/servlet/ArticleNews/TPStory/LAC/20050429/GIRL29/TPNational/Toronto
- - - - - - - - - -
Software police issues warning on IT staff
The Federation Against Software Theft (Fast)
has warned companies that their IT departments
might be leaving them open to court action.
In a recent investigation of a UK financial
services firm, the organisation found 5,800
illegal digital music files in a software
audit of 2,500 PCs. The vast majority of
these had been downloaded by members of
the firm's IT department.
http://www.vnunet.com/news/1162778
- - - - - - - - - -
Bagle Worm Seen As 'Blueprint' For Web Criminals
A pair of research reports have explored the
long-running Bagle worm and laid out a chronology
that points to a professional developer who,
like counterparts in the commercial software
world, is constantly testing, tweaking, and
improving his code for profit, not pride of
ownership.
http://www.internetweek.com/showArticle.jhtml?articleID=161601929
- - - - - - - - - -
Virus writers take spring break
Only one new virus, Mytob.Z, made it into the
top 10 list for April, according to antivirus
data from Sophos. Top of the list was Zafi.B,
which accounted for nearly half of all viruses
detected. This is the fifth month Zafi.B has
topped the charts.
http://www.vnunet.com/news/1162789
- - - - - - - - - -
Hackers to test U.K. lawmakers' systems
Hackers are to be employed to test the
effectiveness of the IT security defences
for the computer systems in the House
of Commons, home of the British parliament.
A three-year IT security contract is up
for grabs to conduct internal and external
penetration testing on routers, firewalls
and critical servers using a range of
independent vulnerability assessment
techniques.
http://news.com.com/Hackers+to+test+U.K.+lawmakers+systems/2110-7355_3-5690318.html
- - - - - - - - - -
F-Secure pros issue hacker challenge
DEVELOPERS AT F-Secure have issued a challenge
to hackers to find an embedded message in
a .EXE file. The challenge looks quite tricky,
and the winner gets a free ticket to the T2'05
info sec conference in Finland, but unfortunately
only if she or he lives in Finland.
http://www.theinquirer.net/?article=22879
http://news.com.com/This+week+in+Net+attacks/2100-7349_3-5689805.html
- - - - - - - - - -
Fraud propels demand for forensics training
In the 'if you can't beat 'em, join 'em stakes',
computer-based crime is driving more and more
IT professionals to study the skills and tools
needed to unravel and reveal the inner workings
of cyber fraudsters. The general upsurge in
computer skills in the population is reflected
equally amongst criminals and malcontents and
law enforcement agencies frequently confiscate
computers to search for evidence of alleged
misdeeds.
http://www.computerworld.com.au/index.php/id;263054876;fp;16;fpid;0
- - - - - - - - - -
Wireless leaders hook up to address security
Cisco and Intel announced a formal alliance
at InfoSec Europe to promote better security
for users of wireless networks. The trio are
concerned that fears about security will harm
the rollout of wide-scale wireless networks,
and have produced advice sheets for businesses,
homes and public Wi-Fi access points. "Wireless
moves security beyond physical boundaries so
organisations need to protect their complete
working environment, especially as they
collaborate more," said David Lacey, director
of information security at Royal Mail, and
working group leader of the Jericho Forum.
http://www.pcw.co.uk/news/1162761
- - - - - - - - - -
InfoSecurity show proves anything but
The InfoSecurity show may have ended, but
exhibitors were left with red faces after
two companies highlighted major security
lapses among attendees. Kensington, manufacturers
of laptop security devices, conducted regular
sweeps of the hall and found less than half
of the computers on stands with any kind of
physical lock to keep them from being stolen.
http://www.vnunet.com/news/1162794
- - - - - - - - - -
Backup tapes are backdoor for ID thieves
Large companies are reconsidering their
security and backup policies after a handful
of financial and information-technology
companies have admitted that tapes holding
unencrypted customer data have gone missing.
Last week, trading firm Ameritrade
acknowledged that the company that handles
its backup data had lost a tape containing
information on about 200,000 customers.
http://www.theregister.co.uk/2005/04/29/backup_tapes_are_backdoor_for_id_thieves/
- - - - - - - - - -
Citrix Program Agent Buffer Overflow Vulnerabilities
Two vulnerabilities were identified in Citrix
Program Neighborhood Agent, which may be
exploited by remote attackers to execute
arbitrary commands. The first flaw is due
to a stack overflow error in the client
code responsible for handling the caching
of information received from the server,
which may be exploited via a malicious
server to execute arbitrary code on the
client host.
http://www.frsirt.com/english/advisories/2005/0390
MySQL MaxDB Webtool Remote Stack Overflow Vulnerabilities
Three vulnerabilities were identified in
MySQL MaxDB, which may be exploited by
remote attackers to execute arbitrary
commands. The first flaw is due to a stack
overflow error that occurs when processing
specially crafted HTTP GET requests
containing a percent sign (%) followed by
a long string, which may be exploited by
a remote attacker to execute arbitrary
commands with SYSTEM privileges.
http://www.frsirt.com/english/advisories/2005/0389
eGroupWare SQL Injection and Cross Site Scripting Vulnerabilities
http://www.frsirt.com/english/advisories/2005/0387
MailEnable Enterprise/Professional Buffer Overflow Vulnerabilities
http://www.frsirt.com/english/advisories/2005/0383
HP Security Update Fixes Multiple Mozilla Vulnerabilities
http://www.frsirt.com/english/advisories/2005/0394
Sun Solaris Multiple libtiff Vulnerabilities
http://secunia.com/advisories/15113/
Oracle Products Contain Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA05-117A.html
- - - - - - - - - -
Criminal legal description of computer-facilitated crimes
Among top-priority steps of state policy
in sphere of counteraction to computer
criminality is an appearance of new
Criminal Code dated September 1, 2001.
Its new Section 16 in the Criminal Code
of Ukraine - Crimes in Sphere of Computers,
Systems and Networks. Having recognized
information as a subject of theft,
assignment, extortion and other criminal
acts, criminal law has confirmed status
of information as an object of the property
right that is coordinated with substantive
regulations of information legislation.
http://www.crime-research.org/articles/Golubev0305-2/
- - - - - - - - - -
Linux targeted with two-factor authentication
CryptoCard is offering authentication software
for backend Linux servers. A Canada-based
security company is looking to target the
Linux community with a security product
offering two-factor authentication. Two-factor
authentication systems requests something in
a users possession (a smart card, for example)
and something they know (such as their PIN),
before the user is allowed to access a system.
http://news.zdnet.co.uk/internet/security/0,39020375,39196891,00.htm
- - - - - - - - - -
Giants offer WLAN security tips
Concerns that the perceived security problems
of wireless networks of all sizes could cause
companies to delay deployment has prompted
three industry giants - BT, Cisco and Intel -
to issue Wireless Security Guidelines for
organisations.
http://www.pcw.co.uk/news/1162771
- - - - - - - - - -
BAA prepares for RFID rollout
The airports operator is staying tight-lipped
as to the nature of the project, but it admits
to having high hopes for the impact of the
tracking tech on its business. Airport operator
BAA is experimenting with RFID, which it says
could create a "step-change" in the way it
does business.
http://news.zdnet.co.uk/communications/wireless/0,39020348,39196892,00.htm
- - - - - - - - - -
Combating Gadget Theft
As electronic products shrink in size, they
grow in allure, not only to consumers but
also to thieves. Lightweight and easy to
conceal hand-helds, laptops and music players
are sleek, valuable and often carried around
as casually as a set of keys
http://www.nytimes.com/2005/04/28/technology/circuits/28theft.html
- - - - - - - - - -
DHS chief floats idea for collecting private citizens' information
Call it Total Information Awareness, homeland-
style. Homeland Security Secretary Michael
Chertoff this week floated an idea to start
a nonprofit group that would collect information
on private citizens, flag suspicious activity,
and send names of suspicious people to his
department. The idea, which Chertoff tossed
out at an April 27 meeting with security-
industry officials, is reminiscent of the
Defense Department's now-dead Total Information
Awareness program that sought to sift though
heaps of foreign intelligence information
to root out potential terrorist activity.
http://www.govexec.com/dailyfed/0405/042905nj1.htm
- - - - - - - - - -
Jailhouse Friends and Family Web
Keith Maydak's jail cells are roomier than
most. Must be all that cyberspace. State and
federal prisons don't let inmates use internet
computers behind bars -- and the Allegheny
County Jail doesn't either. Yet Maydak has
answered a reporter's e-mails from the
Pittsburgh jail, and later an Ohio lockup,
while he awaits sentencing for violating
probation on a 900-number phone scam that
cost AT&T $550,000 dollars.
http://www.wired.com/news/culture/0,1284,67399,00.html
Inmates use intermediaries to escape to the Internet
http://www.usatoday.com/tech/news/2005-05-01-inmates-internet_x.htm
***********************************************************
Search the NewsBits.net Archive at:
http://www.newsbits.net/search.html
***********************************************************
The source material may be copyrighted and all rights are
retained by the original author/publisher. The information
is provided to you for non-profit research and educational
purposes. Reproduction of this text is encouraged; however
copies may not be sold, and NewsBits (www.newsbits.net)
should be cited as the source of the information.
Copyright 2000-2005, NewsBits.net, Campbell, CA.