NewsBits for May 23, 2005 ************************************************************ N.J. Police Charge Nine for Stealing Bank Account Data Thefts allegedly involved bank workers, took place over a four-year period. Hundreds of thousands of electronic account records were allegedly stolen from four banks and sold to collection agencies and law firms by a New Jersey data-theft ring that included seven bank employees, according to police in the city of Hackensack. http://www.computerworld.com/securitytopics/security/story/0,10801,101914,00.html More arrests promised in bank data theft http://news.zdnet.com/2100-1009_22-5716710.html Banks notify more than 100,000 customers of possible data theft http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11718150.htm http://www.msnbc.msn.com/id/7954620/ Common sense moves by business could protect your personal data http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11718769.htm Protecting Consumer Data on the Cheap http://www.computerworld.com/securitytopics/security/story/0,10801,101885,00.html - - - - - - - - - - MCI: Employee Data was on Stolen Laptop A laptop computer containing the names and Social Security numbers of about 16,500 current and former employees of MCI Inc. was stolen last month, the Wall Street Journal reported on Monday. The computer was stolen from a car that was parked in the garage at the home of an MCI financial analyst in Colorado, the report said. http://www.eweek.com/article2/0,1759,1818897,00.asp http://news.zdnet.com/2100-1009_22-5716534.html http://computerworld.com/securitytopics/security/story/0,10801,101958,00.html http://www.wired.com/news/business/0,1367,67613,00.html http://www.msnbc.msn.com/id/7954289/ - - - - - - - - - - Hacker Break-In The Kellogg School of Management at Northwestern University in Evanston, Ill., is investigating a recent security breach on its computer network. This comes just weeks after at least 119 people used instructions first posted on BusinessWeek Online's forums to hack into and view confidential online admissions information at numerous top MBA programs, including Harvard Business School. However, David Keown, Kellogg's chief information officer and assistant dean for information technology, says there's no reason to believe the two hacking incidents are related. http://www.businessweek.com/bschools/content/apr2005/bs20050412_1226_bs001.htm - - - - - - - - - - Mom runs sting to nab Internet predator Richard H. Johanson, 36, of Short Hills, N.J., was being held Saturday in the Hancock County jail. He has been charged with attempted third- degree sexual abuse and enticing away a minor. http://www.msnbc.msn.com/id/7935361/ - - - - - - - - - - Kenyan cops arrest man over child porn allegations Kenyan police are investigating a retired German national who frequently visits Kenya after he was arrested last week photographing children's genitals and found to be in possession of a pornographic film featuring minors, officials said on Monday. Leo Brock (68) from Cologne, was arrested in the Kenyan port city of Mombasa on May 17 after parents told the police he had been seen taking pictures of children's genitals at a swimming pool and recreation facility. http://www.mg.co.za/articlePage.aspx?articleid=241380 - - - - - - - - - - Sober Worm Makes Up Five Percent of All E-Mail While extremely visible, the Sober worm is not as dangerous as it could have been, said Tim Cranny, security architect for Senforce Technologies. "Melissa and lovebug were also like this," Cranny said. "What makes these so visible is just how they spread themselves. This was really a benign worm. It could've been a whole lot worse." http://www.newsfactor.com/story.xhtml?story_id=11300002DURC - - - - - - - - - - House spending bill would bolster cybersecurity programs The House has increased the Homeland Security Department's fiscal 2006 budget to combat cyber crimes. The House passed the $30.8 billion fiscal 2006 Homeland Security spending bill last week, which would increase funding for cybersecurity programs within the Secret Service, Immigration and Customs Enforcement (ICE), and the Information Analysis and Infrastructure Protection (IAIP) divisions. http://www.govexec.com/dailyfed/0505/052305tdpm1.htm - - - - - - - - - - FTC to push ISPs for zombie crackdown Remote-controlled "zombie" networks operated by bottom-feeding spammers have become a serious problem that requires more industry action, the Federal Trade Commission is expected to announce on Tuesday. http://news.zdnet.com/2100-1009_22-5716576.html - - - - - - - - - - UK banks ignore security audit findings Some UK corporates routinely ignore the findings of security audits treating them solely as a necessary step to satisfy corporate governance regulations, according to an experienced penetration tester. http://www.theregister.co.uk/2005/05/19/audit_ignoramuses/ - - - - - - - - - - Bypass found for Windows piracy check A tool provided by Microsoft could let people get around a check meant to prevent those with pirated copies of Windows from downloading additional software from the company, according to a security researcher. Researcher Debasis Mohanty outlined what he said was a technique to trick Microsoft's Windows Genuine Advantage validation check in a posting to the Full Disclosure security mailing list on Monday. WGA is a software tool that verifies whether a particular copy of the operating system is properly licensed. http://news.zdnet.com/2100-1009_22-5717127.html - - - - - - - - - - Hackers get tricky with pharming Criminals have once again improved their techniques for identity theft. In general, e-mail users have become too informed and sophisticated. At least, they're more sophisticated than hackers would like. I guess even hackers see diminished returns with old products like phishing schemes. http://www.it-observer.com/news.php?id=5115 'Phishing' scam sends money to Russia http://www.gmtoday.com/news/local_stories/2005/May_05/05202005_07.asp Phishers Learn To Exploit VeriSign http://www.newsfactor.com/story.xhtml?story_id=11300002DWEZ - - - - - - - - - - Instant Messaging: A New Front in the Malware War The recent appearance of the Oscabot-F IM worm is the latest in a series of increasingly serious attacks affecting instant messaging networks, a trend that is forcing IT managers to choose between banning the popular chat technology and opening their networks to a host of IM-borne worms and viruses. http://www.eweek.com/article2/0,1759,1818611,00.asp - - - - - - - - - - New tools needed to fight child porn Toronto police had been seeking "the girl in the pictures" for months. She appeared in nearly 200 images traded over the Internet by those who took sick pleasure in her sexual abuse. Investigators had watched the girl, thought to be about 10 years old in the earliest photographs, grow. And they desperately wanted to rescue her from the horrors she endured. http://www.crime-research.org/news/23.05.2005/1250/ - - - - - - - - - - Dutch hacker love-in faces the chop A distinguished hackers' gathering scheduled to take place in July faces a ban by the local municipality. The mayor of Boxtel, in the Netherlands, cites "fear of breaches of law and order and danger to public safety". The organisers of What the Hack have been told they now need a permit for the event to happen. http://www.theregister.co.uk/2005/05/23/what_the_hack/ - - - - - - - - - - Write down your passwords, says Microsoft Companies should not ban employees from writing down their passwords because it forces users to use the same weak term on many systems, according to a Microsoft security guru. Speaking on the opening day of the AusCERT conference on Australia's Gold Coast, Jesper Johansson, senior programme manager for security policy at Microsoft, said the security industry had been giving out the wrong advice to users by telling them not to write down their passwords. http://software.silicon.com/security/0,39024655,39130618,00.htm http://news.zdnet.com/2100-1009_22-5716590.html Policy Commander Automates Windows Security Settings http://www.eweek.com/article2/0,1759,1817475,00.asp Single Sign-on Strategy Faces User Scrutiny http://computerworld.com/networkingtopics/networking/management/story/0,10801,101922,00.html - - - - - - - - - - Secure and Private Browsing with Squid Browsing a site that supports SSL is a definite way to make sure no one can snoop in on what you're doing -- which is a good thing when you're doing something personal like checking email over the web or buying something from amazon. But if you're just doing stuff like reading the daily news or checking movie times, is privacy that important? http://www.it-observer.com/news.php?id=5116 - - - - - - - - - - IP v.6 is tough sell to federal, corporate IT executives Internet Protocol Version 6 is only getting lukewarm support among IT executives and policymakers in the United States despite its many benefits. Lead supporters of the protocol include the Defense Department and a few corporations and agencies that are migrating to IP v.6 to take advantage of its billions of Web addresses, enhanced security and advanced capabilities for military, net-centric operations and other new technologies. http://www.gcn.com/vol1_no1/daily-updates/35895-1.html - - - - - - - - - - Hiring a hacker? Think again, experts warn While a hacker may sound like the perfect person to hire to spot flaws in a company's network security system, these computer whizzes do not actually make for good employees in the industry, experts warn. http://www.it-observer.com/news.php?id=5114 - - - - - - - - - - Preparing for Battle in the Next Security War Opinion: In the future, security will be treated as a service by the internal technology staff or purchased via subscription from an outside provider. The days of piecemeal security upgrades and client- to-client scrambles are quickly coming to an end. http://www.eweek.com/article2/0,1759,1817468,00.asp As Seen on TV: Network Security http://www.eweek.com/article2/0,1759,1817157,00.asp - - - - - - - - - - Can the VOIP 911 Problem Be Solved? Opinion: The immediate situation caused by the FCC is confusing and not a real solution. The long term is murky, but look for VOIP vendors to roll back some of the freedoms they gave to users. There's a lot of confusion out there over VOIP and 911 services. In the wake of Thursday's FCC order to the VOIP industry to provide E911 services within 120 days, I have to count myself among the confused. http://www.eweek.com/article2/0,1759,1818443,00.asp - - - - - - - - - - China blocks popular gay website China has blocked a popular website devoted to providing information and support to the nation's large but closeted homosexual population, even as the nation fights an exploding AIDS epidemic, the site's manager said on Wednesday. http://www.smh.com.au/news/Breaking/China-blocks-popular-gay-website/2005/05/19/1116361652763.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.