NewsBits for May 24, 2005 ************************************************************ Bank security breach may be biggest yet Bank of America Corp. and Wachovia Corp. are among the big banks notifying more than 670,000 customers that account information was stolen in what may the biggest security breach to hit the banking industry. Account information on the customers was illegally sold by bank employees to a man identified as Orazio Lembo, whom police said was doing business by illegally posing as a collection agency. http://money.cnn.com/2005/05/23/news/fortune500/bank_info/index.htm http://www.it-observer.com/news.php?id=5123 US bank staff 'sold customer details' The sale of sensitive banking details to an allegedly bent debt collection agency has triggered warning letters to more than 100,000 US consumers. Bank of America has told about 60,000 customers and Wachovia a further 48,000 that their financial records have been breached. Both banks have offered affected customers free credit monitoring services for a year. http://www.theregister.co.uk/2005/05/24/us_banks_security_flap/ http://www.wired.com/news/privacy/0,1848,67616,00.html http://www.latimes.com/technology/la-fi-theft24may24,1,1353276.story Bank of America notifying 60,000 customers about stolen data http://www.computerworld.com/securitytopics/security/story/0,10801,101992,00.html http://www.usatoday.com/tech/news/2005-05-23-data-theft_x.htm - - - - - - - - - - Web virus holds computer files 'hostage' Computer users already anxious about viruses and identity theft have new reason to worry: Hackers have found a way to lock up the electronic documents on your computer and then demand $200 over the Internet to get them back. http://www.msnbc.msn.com/id/7961600/ http://news.zdnet.com/2100-1009_22-5718678.html http://www.crime-research.org/news/05.24.2005/Hackers-companies-encounter-rise-cyber-extortion/ http://technology.timesonline.co.uk/article/0,,19509-1625532,00.html http://www.usatoday.com/tech/news/computersecurity/hacking/2005-05-24-web-hostage-scheme_x.htm http://www.newsfactor.com/story.xhtml?story_id=12000002JENC http://www.wired.com/news/business/0,1367,67622,00.html http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/1116939963460_28/ - - - - - - - - - - Data leak at Russian Central Bank, hackers CCRC informed earlier of a theft of the Russian Central Bank's database that had been allegedly stolen and sold. The database was reported to contain information on bank transfers processed by cash settlement centers of the Central Bank from April 2003 to September 2004. The database purported to cover all bank transfers starting from $20,000 wired by all Russian companies plus information on banking details and payments. http://www.crime-research.org/news/05.24.2005/Data-leak-Russian-Central-Bank-hackers/ - - - - - - - - - - House Approves Spyware Penalties The House of Representatives on Monday night approved two measures designed to punish Internet scammers who install "spyware" on people's computers without their knowledge. After abandoning efforts to merge the two measures into a single bill, the House voted 395-1 to pass legislation that would send some spyware distributors to jail for up to five years, and 393-4 in favor of another bill that would impose heavy fines on people and companies that install spyware on people's computers without their permission. http://www.washingtonpost.com/wp-dyn/content/article/2005/05/23/AR2005052302000.html http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,101978,00.html http://www.theregister.co.uk/2005/05/24/anti-spyware_bills_take_two/ http://www.eweek.com/article2/0,1759,1819434,00.asp http://www.usatoday.com/tech/news/techpolicy/2005-05-24-spyware-bill_x.htm Is Deleting Spyware A Crime? http://www.securityfocus.com/columnists/329 Microsoft seeks protection from spyware firms http://news.zdnet.com/2100-1009_22-5718370.html - - - - - - - - - - UK court bans online porn sales Pornmongers in the UK can no longer send videos or DVDs through the post or sell them online. Sex shops in the UK cannot sell adult material except to people who visit their premises. The High Court ruled yesterday that such restrictions are legal because they help prevent pornography being bought by children. http://www.theregister.co.uk/2005/05/24/adultshops_no_mailorder/ - - - - - - - - - - Minnesota court takes dim view of encryption Ari David Levie, who was convicted of photographing a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif. But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict. http://news.zdnet.com/2100-1009_22-5718978.html - - - - - - - - - - LE Officials and Technology Leaders Discuss Global Cybercrime Last week, the Business Software Alliance (BSA) and Center for Strategic and International Studies (CSIS) today convened top law enforcement officials and technology leaders at a forum, "Battling International Organized Cyber Crime," to share information on how to counter the escalating threats from worldwide cyber criminals. http://www.govtech.net/magazine/channel_story.php?channel=6&id=94071 Utility cybersecurity plan questioned http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,101906,00.html - - - - - - - - - - MSU, attorney general planning cybercrime lab Mississippi State University computer security expert Ray Vaughn's dream of establishing a Jackson law enforcement training center devoted to fighting such Internet-related crimes as illegal pornography and identity theft soon will be a reality. The university's Center for Computer Security is joining forces with the state Attorney General's Office, FBI and Jackson State University to create a cybercrime lab that bridges classroom instruction on the Starkville campus with on-the-job training in Jackson. http://www.clarionledger.com/apps/pbcs.dll/article?AID=/20050522/NEWS01/505220364/1002 - - - - - - - - - - International Effort Urges ISPs to Guard Against "Spam Zombies" Government agencies from more than 20 countries today kicked off an international campaign to convince Internet service providers to do a better job of blocking spam and other suspicious or malicious traffic flowing over their networks. The campaign, dubbed "Operation Spam Zombies," sent action letters to more than 3,000 ISPs around the globe, urging them to take more aggressive steps to preventing their customers' PCs from being hijacked by spammers. http://blogs.washingtonpost.com/securityfix/ http://www.theregister.co.uk/2005/05/24/operation_spam_zombie/ FTC: Beware of 'zombies' http://www.computerworld.com/securitytopics/security/story/0,10801,101981,00.html http://www.eweek.com/article2/0,1759,1819487,00.asp - - - - - - - - - - 'Cyber crimes take root in cyber cafes' In India, most of the cyber crimes happen in the cyber cafes as home PC penetration is very less, said the Karnataka IT Secretary, Shankaralinge Gowda. IT tools should be an enabler of economic growth, not of crime, that hampers the growth and causes enormous loss, said Karnataka State IT Secretary, Shankarlinge Gowda. http://www.ciol.com/content/news/2005/105052005.asp - - - - - - - - - - Asia new source of net crime CRIME gangs in Korea and China are the new sources of cyber-fraud schemes aimed at Australia's unprotected home and small business computer users. Without the resources of big companies and government agencies, home users and small businesses stand out as soft targets for internet crime. Unaware of their vulnerability, they do business and bank online, becoming easy prey for sophisticated gangs. http://australianit.news.com.au/articles/0,7204,15384722^15404^^nbv^15306-15322,00.html - - - - - - - - - - Denial-of-Service Flaw Found in DNS Protocol A high-profile security research outfit on Tuesday warned that a newly discovered flaw in the Domain Name System protocol could be exploited remotely to crash vulnerable servers. The vulnerability, which carries a "moderate risk" rating, was flagged by the U.K.-based National Infrastructure Security Co-ordination Centre. http://www.eweek.com/article2/0,1759,1819636,00.asp - - - - - - - - - - Cyber attack flaw blights antivirus engine A high-risk security flaw in several of Computer Associates International's antivirus products could put users at risk of cyber attack, the software vendor warned on Monday. The flaw lies in the scanning engine used in CA's enterprise and consumer antivirus products, the company said. An attacker could gain full control over a victim's PC by sending a specially crafted Microsoft Office document, according to a security advisory published on the CA website. http://software.silicon.com/security/0,39024655,39130654,00.htm http://www.eweek.com/article2/0,1759,1819425,00.asp http://www.computerworld.com/securitytopics/security/story/0,10801,101987,00.html - - - - - - - - - - Witty worm flaws reveal source, initial targets The Witty worm, which infected more than 12,000 servers a year ago, came from a single computer in Europe that used a U.S. military base's vulnerable systems to kick-start the epidemic, an analysis reveals. http://www.securityfocus.com/news/11235 - - - - - - - - - - New Attack Can Recover Complete AES Keys A new timing attack against the AES algorithm can be used to extract entire Advanced Encryption Standard keys from remote servers. Daniel Bernstein, an associate professor at the University of Illinois at Chicago, recently released a paper showing how an attack against a server running the OpenSSL AES implementation could recover the entire encryption key. http://www.eweek.com/article2/0,1759,1818238,00.asp Gartner warns of crypto bug attack tools Weakness in security algorithms 'means trouble', says analyst. The recently discovered bug allowing timing attacks against cryptographic algorithms could allow hackers to measure the behaviour of cryptographic software to reveal information about its keys. Industry experts have warned that this will "inevitability result in the proliferation of new attack tools". http://www.vnunet.com/vnunet/news/2135573/gartner-warns-crypto-bug-attack-tools - - - - - - - - - - Pirates beat Microsoft copy protection Workaround provides access to updates for illegal copies of Windows. Indian security consultant Debasis Mohanty has published a workaround that allows users of illegal copies of Windows to circumvent the software's copy protection technology. http://www.vnunet.com/vnunet/news/2135574/pirates-beat-microsoft-copy-protection - - - - - - - - - - Public worried by online ID theft Concerns about identity theft are beginning to put people off shopping and banking online. In a survey commissioned by software firm Intervoice, 17% of people said they had stopped banking online while 13% had abandoned web shopping. http://news.bbc.co.uk/2/hi/technology/4575255.stm - - - - - - - - - - Microsoft: SP2 makes Windows 15 times safer Computers running Windows XP Service Pack 2 are 15 times less likely than those running XP or XP SP1 to be infected by some of the most dangerous forms of malware, according to a Microsoft security guru. Jason Garms, who heads the company's anti-malware product team, said Tuesday that this improvement had been revealed by an internal analysis of SP2's performance. http://news.zdnet.com/2100-1009_22-5718630.html - - - - - - - - - - DOD IP v.6 transition deadline not written in stone, CIO says The Defense Department has committed itself to move its networks to Version 6 of the Internet Protocols by 2008, but CIO Linton Wells said Tuesday that ongoing combat operations in Iraq and Afghanistan could slow that transition. "DOD is fully committed to moving to IP v.6 as soon as we can," Wells said at the Coalition Summit for IP v.6. But, "we will not impair our operational capability during the transition." http://www.gcn.com/vol1_no1/daily-updates/35901-1.html The road to IP v.6 will be long and winding http://www.gcn.com/vol1_no1/daily-updates/35904-1.html Does "IPv6" ring a bell? http://www.fcw.com/article88961-05-24-05-Web - - - - - - - - - - Obfuscated Shellcode, the Wolf in Sheep's Clothing There are many threats out there today, which are of concern to the network security analyst. Some of the threats can be mitigated to a certain extent through the use of various hardware, and software solutions. A good example of this would be how you defend against that ever-present pest; distributed denial of service attack. http://www.it-observer.com/news.php?id=5121 - - - - - - - - - - Devil's Advocate: A little black book of passwords Keeping track of dozens of user names and passwords is tricky. Martin Brampton asks if there's a better way than writing them down. After all those years when we ridiculed people for writing their computer passwords on sticky notes under the keyboard, Microsoft comes along and says writing them down is exactly the right thing to do. Perhaps they've got a point. http://software.silicon.com/security/0,39024655,39130660,00.htm - - - - - - - - - - Cons should get 'unrestricted' net access - charity The Home Office has rejected plans to give lags access to the internet and email while doing porridge. A report out today by the charity Forum on Prisoner Education (FPE) claims cons should be given "unrestricted access to the internet for 'educational, resettlement, and recreational purposes'". http://www.theregister.co.uk/2005/05/24/lag_internet_jail/ - - - - - - - - - - Grants proposed for tracking sex felons A Florida senator wants to establish a $30 million federal grant program to help fund satellite tracking of registered sex offenders. Under a bill introduced by Sen. Bill Nelson (D-Fla.), earlier this month, the Justice Department would award grants and contracts to state and local governments to use global positioning systems to track sex offenders outfitted with electronic monitoring units. http://www.fcw.com/article88962-05-24-05-Web - - - - - - - - - - FBI to launch new computer system by 2006 The FBI has designed a new computer system to replace a failed $170 million one aimed at helping agents share information but it will not be ready for use until the end of 2006, the FBI director said Tuesday. The need for the system was identified after the Sept. 11, 2001, attacks on the United States, when investigators found deficiencies in the sharing and recording of information by U.S. agencies. http://news.zdnet.com/2100-1009_22-5719082.html Senators grill FBI chief over failed Virtual Case File system http://www.govexec.com/dailyfed/0505/052405tdpm1.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.