High Tech "NewsBits" for 05/10/05

NewsBits for May 10, 2005 ************************************************************ Cisco Says Swede Detained for 2004 Hacking Incident Cisco Systems Inc. said on Tuesday authorities in Sweden had detained a person for stealing its source code, the basic instructions for the machines that direct Internet traffic around the globe. "We are aware that a person has been detained in Sweden related to the IOS source code theft and are encouraged by this action," the San Jose, California, company said in a statement. http://www.eweek.com/article2/0,1759,1814520,00.asp http://www.theregister.co.uk/2005/05/10/cisco_hack_investigation/ http://www.computerworld.com/securitytopics/security/story/0,10801,101637,00.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11611030.htm Hacker infiltrated government computers The FBI confirmed Tuesday the accuracy of a New York Times report that software on routers, computers that control the Internet, were compromised last year by a hacker who claimed that he had infiltrated systems serving U.S. military installations, research laboratories, and NASA. http://www.cnn.com/2005/TECH/05/10/govt.computer.hacker/index.html - - - - - - - - - - Two Plead Guilty Over Counterfeit Software Two Silicon Valley business owners pleaded guilty Monday to trafficking in counterfeit software valued at more than $500,000 and promised to pay Microsoft Corp. more than $380,000 in restitution. Perry Zheng, 51, of Cupertino, and William Jin, 44, of Sunnyvale, told U.S. District Court Judge Ronald M. Whyte they possessed and sold $531,961 worth of counterfeit Microsoft software. The men sold the programs through PTI Inc., a San Jose-based software distribution business. http://news.findlaw.com/ap/f/66/05-09-2005/57a300091f93a18f.html http://www.msnbc.msn.com/id/7795453/ - - - - - - - - - - Police target PS50m business identity theft scam Police have launched a crackdown on an online identity theft scam targeting businesses registered with Companies House that is estimated to rake in more than PS50m a year. The loophole that allows criminals to access a form on the Companies House website and change the registered office for a limited company without them knowing was highlighted by silicon.com earlier this year. http://software.silicon.com/security/0,39024655,39130275,00.htm - - - - - - - - - - Michigan State says computer security breached For additional information on the security breach, visit the Wharton Center Web site at http://whartoncenter.com and scroll down to the "Information Intrusion FAQ." Michigan State University has warned more than 40,000 Wharton Center patrons that a hacker broke into a computer server involved in credit card processing for the performing arts venue. http://www.freep.com/news/statewire/sw115435_20050506.htm - - - - - - - - - - Alerted by FBI, Serbian police crack down on child pornography A 19-year-old has been arrested in western Serbia for alleged distribution of child pornography through the Internet, police said Monday. Acting on a tip from the U.S. Federal Investigation Bureau whose agents had detected the pornographic content being sent from an Internet user in the Balkan republic, the police found the suspect and seized his computer, "packed with horrendous images," police chief Zoran Djokic said. http://news.findlaw.com/ap/o/51/05-09-2005/9fec0006417fa326.html - - - - - - - - - - Man to face more child porn charges Prosecutors unable to reach a plea agreement with a man facing 17 counts of possessing child pornography have filed an additional 64 charges against him based on evidence gathered for the initial charges. VanPierre Joseph McGreck, 50, 17011U2 N. Third St., first was arrested in January 2003 when police searched his 805 Flieth St. apartment and seized 500 items - pornographic movies, movie clips and still images - from various computer discs. http://www.wausaudailyherald.com/wdhlocal/292919299770581.shtml - - - - - - - - - - Sex Offender Arrested on Child Porn Charges Authorities say a convicted sex offender who lives in Spartanburg has been arrested on child pornography charges. The State Law Enforcement Division says 37-year-old Thomas Walter Turner was arrested Friday and charged with two counts each of second and third degree sexual exploitation of a minor. http://www.wltx.com/news/news19.aspx?storyid=27171 - - - - - - - - - - Sheriff's Investigators say Texoma Nurse Caught with Child Porn A Texoma sheriff's department is on the hunt for a man they believe took advantage of an elderly woman and she might not be the only one. KTENs Rich Klindworth has the details. Marshall County resident Thomas Grady, better known TK, is described as a likable person. It looks like that likeability allowed him to use his position for illegal purposes. http://www.kten.com/article.asp?id=7978 - - - - - - - - - - Congress plans scrutiny of Patriot Act Congress is returning to the controversial topic of whether to renew key portions of the Patriot Act. Both the Senate and House of Representatives have scheduled hearings on Tuesday that are part of an extended process of reviewing the portions of the 2001 law that are scheduled to expire on Dec. 31. Many of those 16 portions deal with computer and Internet surveillance. http://news.zdnet.com/2100-1009_22-5700986.html - - - - - - - - - - DHS secure network was rushed IG says The Homeland Security Departments $337 million network for sharing top-secret data was developed in a rush, and as a result is inadequate and does not meet the needs of its users, according to a new report by the departments Acting Inspector General Richard L. Skinner. http://www.washingtontechnology.com/news/1_1/daily_news/26161-1.html http://www.gcn.com/vol1_no1/daily-updates/35758-1.html DHS to lose research exec http://www.fcw.com/article88824-05-10-05-Web Congressman calls for more privacy authority at DHS http://www.gcn.com/vol1_no1/daily-updates/35761-1.html - - - - - - - - - - Cyber law for UAE The UAE is introducing tough new laws to combat cyber crime, legal sources told Gulf News. Included in offences which will attract prison terms and fines are: publishing or downloading pornographic material, using the internet for blackmail, and publishing content that attacks religions or supports terrorist groups. The law is due to be introduced by the end of the year. http://www.ameinfo.com/59712.html - - - - - - - - - - 900,000 ISP customers blacklisted More than 900,000 customers of U.K. Internet service provider Telewest have been blacklisted by one of the most powerful antispam groups on the Web. The Spam Prevention Early Warning System (SPEWS), whose blacklist is referenced by many antispam controls, imposed the block in response to the high number of Telewest customers whose machines have become compromised and taken over for the purpose of sending spam. http://news.zdnet.com/2100-1009_22-5701491.html http://news.zdnet.co.uk/internet/security/0,39020375,39197821,00.htm http://www.vnunet.com/news/1162941 - - - - - - - - - - MyDoom variant opens backdoor IRC channel Security experts have warned of a newly intercepted worm spreading throughout Europe which allows hackers to take remote control of infected PCs. MyDoom.BQ, also known as Mytob.ED, arrives as an attachment in an email claiming that the user's email system has been "locked" for security reasons. http://www.vnunet.com/news/1162938 - - - - - - - - - - Virus writers resort to gorilla tactics A newly discovered email worm, dubbed Wurmark-K, displays a picture of an albino gorilla as it infects compromised PCs. Security experts said today that emails carrying the virus as an attachment have a variety of characteristics including subject lines: 'Hehehe LOL!!' and 'Your Photo Is On A Webpage!!'. http://www.vnunet.com/news/1162944 - - - - - - - - - - Car virus myth debunked Rumours that the Bluetooth systems of cars are at risk from infection from mobile phone viruses have been debunked. Anti-virus firm F-Secure tested a Toyota Prius and failed, despite exhaustive attempts, to infect the car's systems with variants of the infamous Cabir worm, the most wide-spreading piece of mobile code malware to date. http://www.theregister.co.uk/2005/05/10/car_virus_myth_debunked/ http://www.vnunet.com/news/1162920 - - - - - - - - - - Trio of security holes kick sysadmins in teeth RSA, Ethereal and Smail all need patching. Serious security vulnerabilities have been disclosed in three networking tools found in many enterprises: the RSA Authentication Agent for Web for Internet Information Services; ethereal, a network protocol analyser; and smail, a Mail Transfer Agent. http://www.techworld.com/news/index.cfm?RSS&NewsID=3631 - - - - - - - - - - Apple plugs security hole in iTunes Apple Computer has patched a flaw in iTunes that could open the door to a remote attack on a person's computer. The fix was released as part of the company's iTunes 4.8 update. Earlier versions of the music software have a vulnerability within MPEG-4 file parsing, Apple said in a security advisory. People who access a malicious MPEG-4 file could trigger a buffer overflow exploit, which could then allow an attacker to gain remote control of their computer without their knowledge or crash iTunes. http://news.zdnet.com/2100-1009_22-5701556.html - - - - - - - - - - Microsoft fortifies monthly patches with interim advisories Microsoft opened up a new line of communication to its customers on Tuesday, pledging to provide more authoritative information about incidents involving, and changes to, the company's products that could affect customers' security. http://www.securityfocus.com/news/11132 Fix in for Windows flaw http://news.zdnet.com/2100-1009_22-5701804.html Microsoft releases patch to fix remote code-execution hole http://www.computerworld.com/securitytopics/security/holes/story/0,10801,101643,00.html - - - - - - - - - - Symantec Research Labs Creates New Worm Simulator When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures. http://www.it-observer.com/news.php?id=5055 Symantec false alert floors Macs http://www.theregister.co.uk/2005/05/10/symantec_mac_false_alarm/ How Long Can You Fly Under the Malware Radar? http://www.eweek.com/article2/0,1759,1814308,00.asp The missing glue in the fight against malware http://blogs.zdnet.com/BTL/index.php?p=1353 - - - - - - - - - - School Studies Effects of Internet Attacks A new test laboratory at Iowa State University will allow researchers to study how computer networks respond to massive Internet attacks and could lead to breakthroughs in computer defenses and forensics, said a researcher behind the project. http://www.eweek.com/article2/0,1759,1813648,00.asp - - - - - - - - - - Forensics firms clean up through user ignorance Brief: A data recovery firm says users are failing to heed warnings to back up vital data and are fuelling the information recovery industry. Companies are lining the pockets of information- recovery experts by ignoring warnings and failing to back up data, a data forensics company said on Tuesday. http://news.zdnet.co.uk/internet/security/0,39020375,39197831,00.htm - - - - - - - - - - PGP goes the whole hog of encryption PGP Corporation has launched a radical overhaul of its PGP desktop security suite aimed at making its products more comprehensive and easier to use. PGP Desktop 9.0, released Monday 9 May, features "automatic operation so email, instant messaging (IM), whole disk, and file encryption are secure without user interaction or training", the blurb boasts. http://www.theregister.co.uk/2005/05/09/pgp_desktop_revamp/ - - - - - - - - - - Google blackout linked to internet infrastructure A brief blackout at internet search giant Google has drawn attention to the creaking addressing system that underpins the worldwide web. The Google search page disappeared from view for about 15 minutes at 2245 GMT on Saturday, and the company's email and online advertising services also suffered disruptions. Some users reported being redirected to an alternative search service called SoGoSearch, but Google has strongly dismissed suggestions that its servers were compromised in any way. http://www.newscientist.com/article.ns?id=dn7357 Google's Accelerator Breaks Web Apps, Security http://www.eweek.com/article2/0,1759,1813761,00.asp - - - - - - - - - - IBM Rolls Out Federated ID-Management Software IBM's Tivoli division unveiled federated identity- management and information-access software on Monday that's designed to improve communications among business partners. http://www.it-observer.com/news.php?id=5048 http://www.techworld.com/news/index.cfm?RSS&NewsID=3625 - - - - - - - - - - Could you introduce yourself ? I'm a security technologist. My career has been a series of generalizations. I started working in cryptography: mathematical security. Then I realized that all the cryptography in the world won't help if the computer is insecure, and all the computer security won't help if the network is insecure. Since then, I have been concentrating more on the social and economic aspects of security, realizing that all the technology in the world won't help if those aren't done right. http://www.securityfocus.com/columnists/324 - - - - - - - - - - OS makers: Security is job No. 1 Look beyond the bells and whistles, and make sure the security's tough. That's the attitude of operating system makers, who aren't just focusing on features such as snazzy graphics and better networking tools when revamping products. Now they're also providing sturdier defenses. http://news.zdnet.com/2100-1009_22-5697133.html - - - - - - - - - - No Real Debate for Real ID Hundreds of civil liberties groups, immigrant support groups and government associations oppose the Real ID Act, a piece of legislation that critics say would produce a de facto national ID card, cost states millions of dollars and punish undocumented immigrants. Yet despite widespread opposition to the bill, it passed through the House last week and is expected to easily pass through the Senate on Tuesday. http://www.wired.com/news/privacy/0,1848,67471,00.html - - - - - - - - - - Avoid a man in the middle attack Securing the handshake during a Secure Sockets Layer session (SSL) is vital, since almost all of the security involving the connection is set up inside the handshake. Learn how to secure the SSL handshake against a man in the middle (MITM) attack -- in which the intruding party masquerades as another, trusted source. This article also introduces the concept of digital certificates and how the OpenSSL API handles them. http://www.it-observer.com/news.php?id=5057 - - - - - - - - - - Call My Cell Why GPS tracking is good news for inmates. Four days ago, Florida Gov. Jeb Bush signed a law slapping child molesters with a minimum prison sentence of 25 years "followed by probation or community control for the remainder of the person's natural life." During such probation, the offender must "be electronically monitored." Grope a 15-year-old, and you'll be wearing a satellite-linked ankle bracelet that tells the cops where you are every minute until the day you die. http://slate.msn.com/id/2118117/ - - - - - - - - - - Singaporean shuts blog after libel threat A Singapore student said on Monday he has shut down his blog and apologized unreservedly after a government agency threatened to sue for defamation. Chen Jiahao, a 23-year-old graduate student in the United States, told Reuters he closed down his personal Web site after A*STAR, a Singapore government agency focusing on science and research, threatened legal action for what the agency said were untrue and serious accusations. International freedom of speech and media advocates criticized the agency's methods. http://www.reuters.com/newsArticle.jhtml;?storyID=8422422 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.