NewsBits for June 7, 2005 ************************************************************ Alleged Pentagon hacker arrested A British man accused by the United States of hacking into scores of military computers and disrupting operations was arrested in London on Tuesday to face an extradition hearing, police said. http://www.msnbc.msn.com/id/8134903/ - - - - - - - - - - Customer Data Lost, Citigroup Unit Says 3.9 Million Affected As Firms' Security Lapses Add Up. A unit of financial services giant Citigroup Inc. said yesterday that a box of computer tapes with account information for 3.9 million customers had been lost in shipment, exposing a vast new swath of Americans to the increased possibility of identity theft. http://www.washingtonpost.com/wp-dyn/content/article/2005/06/06/AR2005060601682.html http://www.nytimes.com/2005/06/07/business/07data.html http://software.silicon.com/security/0,39024655,39131020,00.htm http://news.zdnet.com/2100-1009_22-5733971.html http://news.zdnet.co.uk/business/0,39020645,39202163,00.htm Citibank admits: we've lost the backup tape http://www.theregister.co.uk/2005/06/07/citigroup_lost_tape/ http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-06-06-citifinancial-lost-data_x.htm Citigroup to encrypt data sent to credit bureaus http://computerworld.com/securitytopics/security/story/0,10801,102315,00.html Software is just one component of security: Citigroups lost tapes http://blogs.zdnet.com/open-source/?p=318 Citigroup says UPS lost its data http://computerworld.com/securitytopics/security/story/0,10801,102296,00.html - - - - - - - - - - Microsoft red faced over web-mail flaw Microsoft took part of its MSN website offline over the weekend, after it learned of a flaw that could let an attacker gain access to Hotmail accounts, the company said. The MSN website, http://ilovemessenger.msn.com/, contained a so-called cross-site scripting flaw, a Microsoft representative said on Monday. In its initial review of the issue, the company found that an attacker could use the vulnerability to obtain "cookies" from Hotmail users by getting them to click on a malicious URL. http://software.silicon.com/security/0,39024655,39131015,00.htm http://news.zdnet.com/2100-1009_22-5734448.html - - - - - - - - - - Hackers use phishing A 20-year-old school dropout has broken into an online banking system and stolen some 50 million won ($A66,111), causing alarm over the security of South Korea's widely-used internet banking services. Police on Friday arrested the man, identified only by his family name Lee, and an unidentified accomplice, for stealing the money from the account of a 42-year-old housewife in May. http://www.crime-research.org/news/07.06.2005/hackers-use-phishing/ - - - - - - - - - - Firefox flaw reopens old wounds A seven-year-old flaw that could let an attacker place malicious content on trusted websites has resurfaced in the most recent Firefox browser, Secunia has warned. The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames, which are a way of showing web content in separate parts of the browser window. http://software.silicon.com/security/0,39024655,39131016,00.htm Firefox spoof bug returns from the dead http://www.theregister.co.uk/2005/06/07/firefox_spoof_bug/ http://news.zdnet.com/2100-1009_22-5734121.html http://computerworld.com/securitytopics/security/story/0,10801,102313,00.html - - - - - - - - - - New Look IT glitch raids customers bank accounts A computer glitch at high-street retailer New Look has resulted in customers having duplicate payments taken directly out of their bank accounts without authorisation. New Look is blaming a "technical issue with credit data" that resulted in transactions in up to 30 stores being processed twice by GE Capital. http://software.silicon.com/security/0,39024655,39130998,00.htm - - - - - - - - - - Hi-tech bullies target young victims Bullies are increasingly using phones with built-in cameras to torment their victims. One in ten children has felt threatened or embarrassed after bullies snapped their picture using a camera phone, according to a survey published today by children's charity NCH. Seven per cent of those harassed by bullies in this way believe the picture were also forwarded to others, claims the research. http://www.theregister.co.uk/2005/06/07/mobile_bullying/ http://www.guardian.co.uk/online/news/0,12597,1501100,00.html - - - - - - - - - - China orders all Web sites to register with government Authorities have ordered all China-based Web sites and blogs to register or be closed down, in the latest effort by the communist government to police the world of cyberspace. Commercial publishers and advertisers can face fines of up to 1 million yuan ($120,000) for failing to register, according to documents posted on the Web site of the Ministry of Information Industry. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11836230.htm http://news.com.com/China+to+close+unregistered+domestic+Web+sites/2100-1028_3-5735514.html http://www.msnbc.msn.com/id/8131497/ - - - - - - - - - - Security breaches challenge academia's 'open society' While all the attention lately has been focused on security breaches at our nation's data consolidators, U.S. universities have also been notifying thousands of employees, students and alumni to monitor their personal accounts for unusual activity. The University of Iowa recently became at least the 16th college this year to publicly disclose a breach of its information security. http://www.computerworld.com/securitytopics/security/story/0,10801,102298,00.html - - - - - - - - - - Threats shift to databases Cryptography has diminished somewhat in importance as threats to information security shift from eavesdropping to attempts to gain control of computers and networks, a cryptographic expert said this week at the Gartner IT Security Summit in Washington, D.C. http://www.it-observer.com/news.php?id=5185 - - - - - - - - - - Hollywood Foots Bill for Spy Cams Every 10 feet or so in Santee Alley, there's someone standing behind a cardboard box full of discs. Each mumbles the same mantra: "DVD, DVD, DVD, DVD, Estar Guars" -- Spanglish for Star Wars. They're DVD bootleggers, and they're the target of a new system of surveillance cameras recently installed by the Los Angeles Police Department with money from the Motion Picture Association of America. http://www.wired.com/news/privacy/0,1848,67768,00.html Shanghai cracks down on pirated movies ahead of film festival http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11837296.htm - - - - - - - - - - Big Blue's Tivoli takes on ID theft IBM unveiled software and services designed to help companies combat identity theft on Tuesday. Centralized reports and other new features in its Tivoli Identity Manager will let businesses manage user accounts and passwords better, Big Blue said. Version 4.6 of the software, set for release in the third quarter, also includes a new policy simulation tool to lock down access rights before processes are changed. http://news.com.com/Big+Blues+Tivoli+takes+on+ID+theft/2110-7355_3-5735772.html - - - - - - - - - - FaceTime to add antispyware technology to IM products Enterprise instant messaging vendor FaceTime Communications Inc. has acquired antispyware vendor XBlock Systems LLC and will integrate its technologies into FaceTime's IM and peer-to-peer product lines. http://computerworld.com/securitytopics/security/story/0,10801,102314,00.html - - - - - - - - - - Is Intel a safe bet for Apple security? Apple Computer's switch to Intel chips is no reason to raise the security alarm, experts say. Yes, Macs will have the same hardware at their core as Windows PCs, but it is the operating system, not the hardware, that has made those Microsoft-based computers vulnerable to attacks, analysts and security researchers said. http://news.com.com/Is+Intel+a+safe+bet+for+Apple+security/2100-7347_3-5736003.html - - - - - - - - - - Pharming and other security woes hector VoIP There are few clearer signs that an information technology has hit the mainstream than when it becomes the focus of pharming and other security attacks. Low-cost voice over Internet Protocol (VoIP) phone services now capturing the general public's imagination are indeed being targeted by online attackers, who have been known to eavesdrop on calls, deny customers access to their VoIP service and cause "clipping," or degraded service quality, on some accounts, say executives gathered here for Supercomm 2005, a major phone trade show. http://news.zdnet.com/2100-1009_22-5734117.html - - - - - - - - - - Seven Microsoft Application Blocks in One Neat Little Package The problem with developing enterprise applications is you have to reinvent the wheel for each key area, such as configuration, database access, or security. Microsoft has addressed this problem in the past by providing application building blocks. However, one of the biggest problems with these application blocks was they were not very well integrated with each other. So, Microsoft's Pattern & Practices Group has released the Enterprise Library, a large configurable and extensible software library that consists of seven integrated application blocks. http://www.it-observer.com/news.php?id=5186 - - - - - - - - - - PSP Hackers Go Retro That's the traditional phrase that programmers display when they create their first piece of software for an unfamiliar operating system. Owners of Sony's handheld PSP game system were delighted to hear May 5 that a hacker had managed to write a small program that displayed those words on a PSP. They wondered what would be next. http://www.wired.com/news/games/0,2101,67742,00.html - - - - - - - - - - Woodward: Are our computers safe? Even Bob Woodward doesnt trust the Internet. Last week, after Vanity Fair surprised everyone last week by disclosing the identity of Deep Throat, The Washington Post published a lengthy, detailed retrospective by Woodward on W. Mark Felt, the FBI agent who served as his secret informant during Watergate. Woodward had the story essentially ready to go, because he had been preparing it for when Felt died. http://www.msnbc.msn.com/id/8121590/ - - - - - - - - - - The politics of .xxx Now that pornographers have a domain name suffix reserved exclusively for them, look for politicians to become more eager than ever before to target sexually explicit Web sites. Last week, the Internet Corporation for Assigned Names and Numbers approved the creation of .xxx, a kind of virtual red-light district that's scheduled to go live by the end of the year. http://news.com.com/The+politics+of+.xxx/2010-1071_3-5731275.html - - - - - - - - - - Security and backup for Small.biz Quocircas Changing Channels. Few small and mid-sized businesses (SMBs) have the luxury of managing their different IT requirements separately. Often a single person, with responsibility for IT, will have to cope with everything and it may not even be their primary function. All the better then if they can single source their requirements from a reseller or IT supplier. http://www.theregister.co.uk/2005/06/07/security_and_backup_for_smbs/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.