NewsBits for May 4, 2005 ************************************************************ eBay fraud boy detained for year An order preventing Shortman from being named was lifted. A teenage fraudster who conned customers of the internet auction site eBay out of PS45,000 has been sent to a detention centre for a year. Phillip Shortman, now 18, of New Inn, Pontypool, had already admitted 21 counts of fraud at a prior hearing. http://news.bbc.co.uk/2/hi/uk_news/wales/4512709.stm http://news.zdnet.co.uk/business/legal/0,39020651,39197145,00.htm http://www.theregister.co.uk/2005/05/04/teen_ebay_fraudster_sentenced/ eBay: Let's wait and see on tighter security http://news.zdnet.com/2100-1009_22-5695440.html eBay sends out mixed messages on security http://news.zdnet.co.uk/0,39020330,39197288,00.htm eBay customer sends menacing emails to top execs http://www.theregister.co.uk/2005/05/04/ebay_court_action/ - - - - - - - - - - Swedish sports star seized in child porn raid A Swedish champion from "a major spectator sport" has been arrested on suspicion of distributing child pornography on the Internet. He was one of 14 suspected paedophiles caught in a nationwide raid early on Tuesday morning. While the tabloids dropped tantalising hints as to his identity - he has won "many titles, including Swedish gold" and has worked with youngsters in the sport - the man denied the charges. "I consider myself to be innocent," he said, according to Aftonbladet. http://www.thelocal.se/article.php?ID=1377&date=20050504 - - - - - - - - - - Shame as bad as jail time for porno collector The lawyer defending a man charged with possessing child pornography said the embarrassment hes caused himself and family is worse punishment than any the courts could impose. Sean Goudy, 30, pleaded guilty Monday to one count of possession of child pornography. Goudy admitted to downloading pornography from the Internet, and in the process inadvertedly got child porn. http://www.northernlife.ca/policeBeatArticle.asp?28id2-pn=&view=87147 - - - - - - - - - - Former Memphis officer gets bond but still not free A former Memphis police officer at the center of a corruption scandal was granted bond Tuesday but remains jailed on child pornography charges. David Tate, an 18-year police veteran, was charged in November with taking bribes to inform topless club owners before raids, agreeing to take prostitutes to casinos in Tunica, Miss., offering to protect drug couriers and plotting to burglarize the Memphis home of professional wrestler Jerry Lawler. http://www.sunherald.com/mld/sunherald/news/state/11556173.htm - - - - - - - - - - U.S. military security defeated by copy and paste Experts are warning people to be careful with electronic documents that contain sensitive data after a breach in which classified U.S. military information thought to be hidden in a PDF document was uncovered. Portions of the document had been "blacked out" by electronic means. But apparently, it was possible for outsiders to copy and paste the blacked-out sections into another file --and see the text that had been hidden. http://news.zdnet.com/2100-1009_22-5694982.html http://www.businessweek.com/ap/financialnews/D89R8NR80.htm - - - - - - - - - - Sober.p worm causes European epidemic The newly detected Sober.p mutant of the Win32.Sober worm has spread rapidly causing an "epidemic in western Europe", according to IT security experts. http://www.vnunet.com/news/1162823 Sober worm now 4 percent of all email http://news.zdnet.co.uk/internet/security/0,39020375,39197291,00.htm - - - - - - - - - - California to ban hunting over Internet Wildlife regulators took the first step Tuesday to bar hunters from using the Internet to shoot animals, responding to a Texas Web site that planned to let users fire at real game with the click of a mouse. The Fish and Game Commission ordered wildlife officials to prepare emergency regulations to ban the practice. A period of public comment will follow. http://www.cnn.com/2005/TECH/internet/05/04/internet.hunting.ap/index.html - - - - - - - - - - Connecticut Sues Vonage Over 911 Call Disclosure Vonage Holdings Corp., the largest U.S. Internet telephone service provider, was sued by the state of Connecticut, which accused the company of misrepresenting its ability to connect customers to 911 emergency dispatchers. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-rup4.2may04,1,2361526.story - - - - - - - - - - Complexities of identity theft frustrate Congress Executives with several firms that endured recent security breaches encouraged Congress on Wednesday to strengthen regulations governing consumer information, but lawmakers expressed frustration in their search for a way to curb identity theft. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11563397.htm - - - - - - - - - - Computer crime statistics Russia -- Department "K" (a department on fighting high tech crimes) revealed 4,295 crimes in the sphere of high technologies for the first 6 months of 2004, Chief of the Department "K" press center, colonel of police Eugene Yakimovich said. According to his information, the analysis shows that 16% of malefactors who acted in the sphere of "computers" were young men aged between 18 and 25 years, 70% of them had high or incomplete high education. http://www.crime-research.org/news/04.05.2005/1201/ - - - - - - - - - - US reveals intellectual property blacklist The US has published a blacklist of those of its trading partners that are most ineffective when it comes to protecting intellectual property rights (IPRs). The "Special 301" report from the Office of the US Trade Representative (USTR) fingers the Ukraine as the worst offender. http://www.theregister.co.uk/2005/05/04/us_intellectual_property_blacklist/ - - - - - - - - - - IG: Interior faces possible IT security catastrophe Some Interior Department systems that house American Indian trust data are so easy to penetrate, according to the department's inspector general, that they potentially could cause "severe or catastrophic" problems. http://www.gcn.com/vol1_no1/daily-updates/35743-1.html - - - - - - - - - - Mobile-Phone Worm Hits 20th Country A worm that has been infecting mobile phones as it slowly spreads around the world has reached its 20th country, a security firm said Tuesday. Cabir, which was first reported in the wild in the Philippines in August 2004, was recently sighted in Luxembourg, Finland- based F-Secure said. The latest reported brings to 20 the total number of countries where the worms has been seen in Asia, Europe and North America, including the United States. http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=162101235 - - - - - - - - - - Phishing Attempts Decrease, Report Shows Two recent reports suggest that the flood of phishing attacks that has washed over Internet users in recent months may be ebbing. Managed e-mail provider Postini Inc. said Monday that phishing attempts decreased 45 percent between March and April. http://www.eweek.com/article2/0,1759,1791626,00.asp - - - - - - - - - - Microsoft plans to give some pirates a break As part of its growing antipiracy campaign, Microsoft is testing a program that offers free licensed versions of Windows XP Professional to some customers whose copies are found to be bogus. The move is the latest in a series of expansions for the Windows Genuine Advantage program, which Microsoft quietly launched last September. http://news.zdnet.com/2100-3513_22-5695302.html - - - - - - - - - - Protecting Bank Data Requires Internal Security Measures Last week, New Jersey-based branch employees of Commerce Bank, Wachovia Bank, Bank of America and PNC Bank were implicated in a scheme to sell stolen customer data. According to Hackensack police, the alleged ringleader bribed bank employees and a manager at the Department of Labor in order to obtain individuals' personal information. This information was then provided for resale to law firms and collection agencies. http://www.securitypipeline.com/showArticle.jhtml?articleID=162100977 - - - - - - - - - - Spyware scumbags make $2bn a year Spyware invasive programs that generate pop-ups, hijack home pages, redirect searches and poison DNS files generates an estimated $2bn in revenue a year, according to a study by anti-spyware firm Webroot. It estimates the surreptitious spyware and adware market "may be approaching 25 per cent" of the already-established market of online advertising. http://www.theregister.co.uk/2005/05/04/spyware_report/ http://news.zdnet.co.uk/internet/security/0,39020375,39197141,00.htm Spying on the spyware makers The 25-year-old researcher has spent years analyzing how spyware and adware programs work and disclosing his findings publicly. That often results in red faces and, occasionally, lawsuit threats from companies like WhenU and Claria, formerly known as Gator. http://news.zdnet.com/2100-1009_22-5694727.html - - - - - - - - - - Ofcom may have to police internet content Media regulators across Europe could be forced to police internet content for taste and decency in the same way as television programmes, according to proposals under consideration in Brussels. The plans have led to fears at the British media watchdog Ofcom that this may stifle innovation in the nascent broadband content industry and prove impossible to enforce. http://www.guardian.co.uk/online/news/0,12597,1476127,00.html - - - - - - - - - - Same Old Con Tricks, Just Hi-Tech Tools Online fraud is growing as fast as the internet itself, a computer crime investigator claims. The criminals are committing age-old offences but have new means at their disposal, says Gary Probert. It is old crimes, new tools, he said. Deception has always been around, people who try to con people out of money. They are just using new methods to do it. http://news.scotsman.com/latest.cfm?id=4502387 - - - - - - - - - - School camp recruits cyber-crime fighters A less rowdy spring break hardly seems possible: Twenty-eight high school students in New York state recently spent their vacation week at cyber-security camp, looking for vulnerabilities in a wireless network by day and watching patriotic movies by night. http://www.eschoolnews.com/news/showStory.cfm?ArticleID=5636 - - - - - - - - - - Parliament IT security plan THE Palace of Westminster is looking for suppliers to improve IT security at the Houses of Parliament. Plans include installation of improved security software on the Palace network and external testing by a separate contractor to prove the infrastructure is not vulnerable to attack. http://www.vnunet.com/news/1162840 - - - - - - - - - - A really Truste Web site TRUSTe, a non-profit online privacy leader, has just issued its first set of data security guidelines to assist companies evaluating new or existing policies for safeguarding personal information of consumers and employees. TRUSTe states that it has "answer(ed) the call for comprehensive real-world measures providing application-appropriate strategies for strict data security." http://www.usatoday.com/tech/columnist/ericjsinrod/2005-05-04-truste_x.htm - - - - - - - - - - Cisco slammed for RFID staff tracker Wireless RFID server tracks personnel via tags embedded in uniforms. Cisco has come under fire from privacy groups as it prepares to launch a wireless RFID server that can track people and equipment using existing Wi-Fi networks. The Wireless Location Appliance 2700 is designed to track RFID tags down to a few metres and display the location on a central map. http://www.vnunet.com/news/1162835 Staff smartcards to track tube work http://www.vnunet.com/news/1162851 - - - - - - - - - - Experts Scoff at Government's Plans to Secure E-Passports Security experts and civil libertarians reacted with skepticism to the government's recent decision to reconsider data protection measures for new RFID passports. The "e-passports," as they've been nicknamed, were originally slated for spring release in the Los Angeles Passport Agency but are now planned for issuance in August beginning with diplomatic passports, according to a spokeswoman for the Bureau of Consular Affairs. http://www.eweek.com/article2/0,1759,1811516,00.asp?kc=EWRSS03119TX1K0000594 Lawmaker Rips RFID Passport Plans http://www.wired.com/news/privacy/0,1848,67418,00.html - - - - - - - - - - Apple patches a batch of Mac OS X flaws Apple Computer on Tuesday released 20 patches for its OS X operating system designed to fix flaws that could catch users off-guard. The vulnerabilities apply to Mac OS X v10.3.9 and Mac OS X Server 10.3.9, according to Apple's advisory. The announcement comes roughly a month after Apple issued nearly a dozen patches for its Mac OS. http://news.zdnet.com/2100-1009_22-5694907.html http://news.com.com/Apple+patches+a+batch+of+Mac+OS+X+flaws/2100-1002_3-5694907.html - - - - - - - - - - Mtp Target Format String and DoS Vulnerabilities Luigi Auriemma has reported two vulnerabilities in Mtp Target, which can be exploited to malicious people to cause a DoS (Denial of Service) or compromise a user's system. http://secunia.com/advisories/15195/ Web-based threats reach critical levels http://www.vnunet.com/news/1162818 - - - - - - - - - - Security fears put wrench in VoIP networks Worries over viruses and network downtime are keeping chief information officers from going for purely IP networks--and that's why Avaya uses Linux, according to Don Peterson, CEO of the networking company. http://news.zdnet.com/2100-1009_22-5695580.html http://news.zdnet.co.uk/communications/networks/0,39020345,39197287,00.htm - - - - - - - - - - Quantum physics to fox hackers A scientific breakthrough means quantum cryptography could soon provide hack- proof security for voice-over IP and video communications. Last week, IT researchers from Toshiba Research Europe, QinetiQ and US firm MagiQ, successfully demonstrated at a Department of Trade and Industry (DTI) event that the principles of quantum physics can be deployed to protect highly sensitive communications. http://www.vnunet.com/news/1162849 Users to push for encryption standards http://www.vnunet.com/news/1162844 - - - - - - - - - - Trusted Computing releases network connection standard The Trusted Computing Group (TCG), whose promoters include IBM, Microsoft Corp. and Intel Corp., has released details of a new Trusted Network Connect (TNC) architectural standard for authenticating and enforcing security polices on client devices that connect to corporate networks. http://computerworld.com/securitytopics/security/story/0,10801,101531,00.html - - - - - - - - - - Panda Software Claims Zero-Day Virus Defense What is notable about Panda's announcement today is that the company claims the software can work effectively against future viruses and spyware without having to be updated, a claim hitherto unmade in the antivirus community. Panda Software on Wednesday announced TruPrevent 2.0, a new version of the company's antivirus and security technology that Panda claims is "virtually 100 percent effective" in identifying unknown viruses and spyware. http://www.newsfactor.com/story.xhtml?story_id=010000007C0G - - - - - - - - - - Virtual weapon a reality How do you send a hidden message with criminal intent via e-mail? Simple, if you have any picture file or any attachment which is, say, of 80 megabyte, simply encrypt it in a coded way and zip it to say 60 megabyte. When the end user opens the file, and right clicks for the specifications of the attachment, he will find an array of information which for a novice is in alien language but for an expert cyber criminal, carries the information which was desired to be sent to him. http://timesofindia.indiatimes.com/articleshow/1097106.cms - - - - - - - - - - CIOs lose sleep over security, not revenue CIOs are more scared of hackers than they are of their own bosses, according to Cisco CEO John Chambers. Speaking at the Networld + Interop conference today in Las Vegas, the Cisco head said that from his questioning of IT heads, network security is higher up CIOs' list of priorities than hitting the boss' targets. "When you look at CIOs, what they're saying is on their minds is wireless and security," he said. "What's top of mind is security - it's not the CEO's revenue growth." http://software.silicon.com/security/0,39024655,39130094,00.htm Security 'still IT managers' top priority' http://news.zdnet.co.uk/internet/security/0,39020375,39197289,00.htm Firms call for action on wireless security http://www.vnunet.com/news/1162847 - - - - - - - - - - Genome may be future step for virus writers Advances in genetic circuits may mean that virologists will have to look at the mechanics of Internet worms for a model of future threats. Recent technological advances in so-called genetic circuits have brought closer a world where cells and viruses could be modified to more effectively serve humans, but also have raised concerns that programmable life could lead to a host of tailored threats similar to Internet worms. http://www.securityfocus.com/news/11082 - - - - - - - - - - Software Firewalls versus Wormhole Tunnels Hardware and software firewalls promise to protect your system and your network from the dangers of the Internet, but how well do they really fare against cutting-edge attacks? This article presents some of the major differences between hardware and software firewalls and illustrates the real challenges faced by software firewall vendors. http://www.securityfocus.com/infocus/1831 - - - - - - - - - - Next-generation 'zero-day' attacks The cyber-criminal is getting smarter, and so must the methods used to fight back. Each week vnunet.com asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week Nick Ray, chief executive at intrusion prevention firm Prevx, stresses the importance of identifying the characteristics of malicious attack behaviour. http://www.vnunet.com/news/1162848 - - - - - - - - - - If pirating grows, it may not be the end of music world Just picked up a CD by Yu Quan, a duo that is one of the hottest rock acts in China. Danceable. Very dramatic. As if Justin Timberlake had joined Journey and the band sang in Chinese. http://www.usatoday.com/tech/columnist/kevinmaney/2005-05-03-music-piracy-china_x.htm - - - - - - - - - - Malaysia to fingerprint all new-born children Malaysias National Registration Department is doubtful that it would be useful to fingerprint all babies born in the country. Malaysian police are proposing all new-borns should have their fingerprint and footprints taken before they leave hospital, according to the BBC. The National Registration Department is concerned that prints from such a young child will be unreliable for identifying the terrible toddlers. http://www.theregister.co.uk/2005/05/04/malaysia_dabs_kids/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.