NewsBits for July 12, 2005 ************************************************************ UK police chase pics, email, phone records in bomber hunt London police have asked the public to turn in mobile phone still and video pictures as they hunt the terrorists behind last Thursdays bomb attacks on the UK capital. The call came as Britains authorities sought to secure email and mobile phone records as they continue their hunt for the bombers. http://www.theregister.co.uk/2005/07/10/london_bomb_sunday/ - - - - - - - - - - Hoax e-mail seeking donations for London bombing victims The Australian Red Cross warned Monday of hoax e-mails purporting to seek funds for victims of the terror bombings in London last week. The charity's chief executive, Robert Tickner, said in a statement that a small number of people in Australia had contacted the Australian Red Cross saying they had received e-mails seeking donations on behalf of the British Red Cross. http://news.findlaw.com/ap/o/51/07-11-2005/abe00005e0d305fd.html - - - - - - - - - - Iron Mountain Loses More Tapes City National Bank has become the second company in two months to experience a loss of backup tapes in transit by Iron Mountain Inc. The Los Angeles- based bank disclosed Thursday that two tapes containing sensitive data, including Social Security numbers, account numbers, and other customer information, were lost during transport to a secure storage facility. http://www.informationweek.com/story/showArticle.jhtml?articleID=165701015 - - - - - - - - - - Dutch file-swapper case collapses The Dutch Protection Rights Entertainment Industry Netherlands (BREIN) has lost its case against five Dutch ISPs who refused to hand over the names of 42 suspected song swappers. BREIN knew these individuals only by their IP address. http://www.theregister.co.uk/2005/07/12/dutch_p2p_case/ - - - - - - - - - - UK's Nasa hacker breaks his silence The British man thought to have hacked into 53 US government agencies' computer systems has spoken out about his discoveries in Nasa's networks. The 39-year-old from north London told The Guardian he initially started his hacking career when looking for evidence of a UFO cover-up. Using a software program, Gary McKinnon was able to discover senior network administrators who didn't use passwords. http://software.silicon.com/security/0,39024655,39150245,00.htm - - - - - - - - - - British government lost 150 PCs this year The Home Office might be in charge of law and order but it's not very good at keeping hold of its own property - it has lost more computers this year than any other department. http://www.channelregister.co.uk/2005/07/12/homeoffice_thieves_paradise/ - - - - - - - - - - CERT Warns on Latest Trojan Horse Attacks CERT (the US Computer Emergency Readiness Team), issued an alert today warning of heightened trojan virus attacks against companies and individuals. While there were numerous reports of slowdowns at various Web sites, the cause has largely been attributed to increased Web use following the Live8 multi-venu concert event and the terrorist bombings in London. http://www.esecurityplanet.com/alerts/article.php/3519236 - - - - - - - - - - China to Increase Piracy Prosecutions China agreed to increase criminal prosecutions of pirates of copyrighted movies and music and to delay imposing rules that would make it harder for U.S. software companies to sell to the Chinese government, the U.S. said Monday. At a trade summit in Beijing, Chinese Vice Premier Wu Yi made pledges to curb counterfeiting, including coordinating with U.S. customs and FBI agents to stem exports of illegal copies of movies, razors, auto parts and pharmaceuticals, the U.S. government said. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-china12jul12,1,1559060.story - - - - - - - - - - ICANN warns world of domain hijacking A report by the internet's leading security experts has warned the world of the risk of domain name hijacking and told the industry to pull its socks up. ICANN's Security and Stability Advisory Committee has outlined several famous and recent thefts of websites, including Panix.com, Hushmail.com and HZ.com, and listed where the system went wrong and what can be done to correct the flaws. http://www.theregister.co.uk/2005/07/12/icann_domain_hijacking/ - - - - - - - - - - Government free from hacker attempts? Government departments have been prodded into revealing some of the details of hacker attempts against them. It's unsurprising that the MoD has reported the most hacking attempts. After all, with all those military secrets it is likely to be a far more interesting target for hackers than, say, the Department for Environment, Food and Rural Affairs. http://software.silicon.com/security/0,39024655,39150281,00.htm Government hack attacks dropping Many departments claim not to have been the victim of any cyberattacks for several years, and the MoD admits that most incidents are coming from within. The UK government's IT infrastructure continues to be targeted by hackers, new figures have revealed. In response to a series of parliamentary questions by Liberal Democrat Paul Burstow, government departments have revealed the level of hacking attempts against them in recent years. http://news.zdnet.co.uk/internet/security/0,39020375,39208651,00.htm - - - - - - - - - - UK police help fight outsourcing cybercrime Faced with incidents such as UK bank details being sold from India, the UK police and the 53 nations of the Commonwealth get together to keep outsourcing free from crime. The Metropolitan Police and the Commonwealth Business Council (CBC) have joined forces to set up a working party to tackle the increasing threat of global cybercrime especially in offshoring companies. http://news.zdnet.co.uk/business/legal/0,39020651,39208832,00.htm - - - - - - - - - - Manchester police call for backup after cyberattack Computer crime experts at the National Hi-Tech Crime Unit (NHTCU) have been called in to help investigate an attempted DoS attack on the Greater Manchester Police (GMP). GMP chief constable Michael Todd was bombarded with 2,000 emails per hour at the beginning of May in what is believed to have been an attempt to crash the force's computer systems. http://news.zdnet.co.uk/internet/security/0,39020375,39208831,00.htm - - - - - - - - - - EU discord over data retention The UK is leading a charge for swifter changes to pan-European data retention laws, as it fears that the current process will take too long. The European Union is split over how to introduce a law requiring phone and Internet usage records to be stored to help fight terrorism in the wake of the London bombings, an EU official said on Monday. http://news.zdnet.co.uk/internet/security/0,39020375,39208654,00.htm - - - - - - - - - - PCs falling victim to Windows flaws Hackers are actively exploiting two serious security vulnerabilities in Windows, Microsoft warned on Tuesday as it released "critical" alerts about the flaws. One of the problems affects the Microsoft Color Management Module, a component of Windows that handles colors. The other relates to the JView Profiler, part of Microsoft's Java Virtual Machine. The vulnerabilities could be used to commandeer a PC, Microsoft said. http://news.zdnet.com/2100-1009_22-5785181.html - - - - - - - - - - More zombies mean more money scams Attackers are becoming increasingly aggressive as they look to grow their zombie armies of infected PCs, according to anti-virus vendor McAfee. The company reported that the number of systems infected with malicious software that allows the PC to be used for unauthorised purposes jumped by 303 percent during the second quarter of 2005 compared to the previous quarter. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4015 http://software.silicon.com/security/0,39024655,39150263,00.htm Botnets and spyware still on the rise McAfee has warned that 63 percent more machines were compromised in the first half of this year than in all of last year. Personal computers that play unwitting host to zombie code are proliferating at a startling pace, according to a new report. http://news.zdnet.co.uk/internet/security/0,39020375,39208661,00.htm http://www.msnbc.msn.com/id/8545778/ http://www.wired.com/news/privacy/0,1848,68167,00.html - - - - - - - - - - Linux Compression Format Flaw Found A critical flaw in a compression format widely used in Linux and Unix can give hackers a way into machines, security experts said Friday. A patch for the zlib library isn't available, but several Linux and BSD distributors have rolled out fixes of their own. http://www.informationweek.com/story/showArticle.jhtml?articleID=165701026 - - - - - - - - - - Mozilla patches bugs in Firefox, Thunderbird The Mozilla Foundation today fixed a number of security bugs in its Firefox Web browser, many of which will also be patched in upcoming releases of Mozilla's Thunderbird e-mail client and Mozilla Internet software suite. None of the bugs had been publicly divulged before today, and they are generally not considered to be critical, said Chris Hofmann, director of engineering with The Mozilla Foundation http://computerworld.com/securitytopics/security/story/0,10801,103159,00.html - - - - - - - - - - Sophos glitch leaves PCs hanging A recent security update from Microsoft is tripping up users of Sophos's flagship anti- virus scanning software. Some enterprise users of Sophos Anti-Virus (SAV) for Windows version 5 found their machines were taking up to 15 minutes to log on to the network after applying Microsoft's Update Rollup 1 for Win 2000 SP 4. http://www.securityfocus.com/news/11247 - - - - - - - - - - Microsoft eyes ID theft As the chief privacy strategist for Microsoft, Peter Cullen has an onerous responsibility. Microsoft software routinely collects information from millions of computers around the world, quietly, and often without the owner's explicit knowledge. http://news.zdnet.com/2100-1009_22-5785118.html - - - - - - - - - - HSBC rolls out anti-fraud software to card owners HSBC is deploying anti-fraud software that detects unusual spending behaviour among its card holders. The third-largest bank in the world, with more than 100 million bank cards in circulation, is using software from SAS that analyses and monitors card-owner spending patterns, and freezes transactions if it suspects they are fraudulent. http://software.silicon.com/security/0,39024655,39150271,00.htm - - - - - - - - - - New .mobi Web suffix for phones Consumers will soon be able to recognize Web sites specially designed for use by mobile phones by the new ".mobi" suffix, which will be introduced alongside the popular ".com" and other top-level domain names. The new suffix was approved by the Internet Corporation for Assigned Names and Numbers at a Luxemburg meeting Monday. The first Web sites for mobile devices, which will be fit for a small screen and limited memory and bandwidth, will be ready in 2006. http://www.cnn.com/2005/TECH/internet/07/11/phones.web.reut/index.html - - - - - - - - - - Firms ignorant of hacker risk Although a network security breach is rated the number one worry keeping IT managers awake at night, most admit that they have no way accurately to measure and report on the degree of risk posed by hackers. http://www.pcmag.co.uk/vnunet/news/2139635/firms-ignore-hacker-risk - - - - - - - - - - Spammers Most Likely Users Of E-Mail Authentication On the eve of an industry summit to discuss how e-mail authentication can stem the flood of spam, one security firm says that spammers are already using the protocols -- to slip their junk mail past filters. http://www.informationweek.com/story/showArticle.jhtml?articleID=165701378 - - - - - - - - - - Industry Looks into Cloudy Future for Authentication ISPs, large enterprises and e-mail security companies are hoping that an industry meeting in New York this week will breathe life into a flagging effort to thwart spam and e-mail viruses through the adoption of e-mail sender authentication technology. http://www.eweek.com/article2/0,1759,1835292,00.asp - - - - - - - - - - Industry tries to unite to tackle spyware...again The Anti-Spyware Coalition (ASC), a group of IT companies and public interest bodies, is hoping to succeed where a previous organisation failed in tackling spyware. The ASC has released an agreed-upon draft definition of spyware that it hopes will promote public comment and ultimately result in users becoming better educated about the dangers of spyware. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4017 http://www.theregister.co.uk/2005/07/12/asc_anti-spyware_coalition/ - - - - - - - - - - McAfee Shares Internal Web-Services Security Tool Security firm McAfee is offering one of its internal tools to the enterprise community for free, with the aim of increasing Web services security and protection. Coming out of the company's security services group, Foundstone Professional Services, the WSDigger is an open-source tool that helps identify vulnerabilities in Web services implementations. http://www.eweek.com/article2/0,1759,1835869,00.asp - - - - - - - - - - AirMagnet binds Cisco kit into Wi-Fi security Wi-Fi security vendor AirMagnet has increased the support for Cisco access points in AirMagnet Enterprise 6, as well as adding multi-tasking sensors, making set-up easier and adding intelligence to spot new attacks.. http://www.arnnet.com.au/index.php/id%3B522910689%3Bfp%3B8%3Bfpid%3B0 - - - - - - - - - - Giving New Meaning to 'Spyware' Supreme Court Justice Potter Stewart famously said that he couldn't define obscenity, but that he knew it when he saw it. The same has long been the case with spyware. It's not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads. http://www.wired.com/news/privacy/0,1848,68167,00.html - - - - - - - - - - Fear, Anger, Distrust Can your users change when it comes to security? Yes, probably. At least that's what two surveys that came out last week suggest. The Pew Internet & American Life Project polled 1,300 Internet users about spyware and related problems. http://www.computerworld.com/securitytopics/security/story/0,10801,103060,00.html - - - - - - - - - - When management sets the wrong security culture Fourteen years ago I warned MyBank (which is not one of my clients; I am one of its) about using Social Security numbers as solid identification. The bank's head of security said he would look into it. Since then, the security at MyBank has gone from bad to worse. It's still a recipe for ID theft. http://www.it-observer.com/news.php?id=5270 - - - - - - - - - - Why Microsoft AntiSpyware Is Untrustworthy Just when you think Microsoft did something important the right way, it does the worst possible thing. What is going through the company's head? I'm still waiting for the explanation that makes it all make sense, but it doesn't look good. I have the nasty feeling Microsoft was disappointed with its good-guy/good-technology approach to anti- spyware. http://www.eweek.com/article2/0,1759,1836008,00.asp - - - - - - - - - - Introduction to IPAudit IPAudit is a handy tool that will allow you to analyze all packets entering and leaving your network. It listens to a network device in promiscuous mode, just as an IDS sensor would, and provides details on hosts, ports, and protocols. It can be used to monitor bandwidth, connection pairs, detect compromises, discover botnets, and see whos scanning your network. http://www.securityfocus.com/infocus/1842 - - - - - - - - - - Double duty for power lines The company that owns the power lines throughout Houston is running a pilot of the system in a Greenway Plaza-area residential neighborhood, offering Internet access at speeds more than one-and-a-half times the speed of services offered through cable modems. http://www.chron.com/cs/CDA/printstory.mpl/tech/news/3259278 - - - - - - - - - - Cellphone Cutoff in N.Y. Is Questioned Cellphone service was disabled inside the four tunnels leading into Manhattan after the terrorist bombings in London, but Mayor Michael R. Bloomberg on Monday questioned whether the move "makes the most sense." Cellphones have been used to detonate explosives in Madrid and elsewhere. But cutting off cell service in tunnels beneath the Hudson and East rivers means that drivers can't dial 911 in an emergency. (LA Times article, free registration required) http://www.latimes.com/technology/la-na-nysecurity12jul12,1,5665088.story - - - - - - - - - - Drugs, phonecams, privacy and GPS tracking Police in London want your mobile phone snaps and video footage, and the government wants all your emails and phone records. Following the rather unpleasant events of last week, the authorities are calling on ISPs to co-operate with efforts to gather mobile phone and email traffic data, sparking speculation that the EU's data retention plans could be given a new lease of life. Isn't it fun to be in demand? http://www.theregister.co.uk/2005/07/12/letters_1207/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.