NewsBits for July 13, 2005 ************************************************************ Feds create new post of cybersecurity czar A new cybersecurity czar will join the U.S. Department of Homeland Security's ranks, Secretary Michael Chertoff announced on Wednesday. The assistant secretary for cybersecurity and telecommunications will be "responsible for identifying and assessing the vulnerability of critical telecommunications infrastructure and assets; providing timely, actionable and valuable threat information; and leading the national response to cyber and telecommunications attacks," according to a press release from the 3-year-old department. http://news.zdnet.com/2100-1009_22-5787086.html Nation's Top Cyber-Security Post Elevated As part of a major reorganization outlined today, the Department of Homeland Security announced plans to give more bureaucratic heft to its top official in charge of keeping computer infrastructure secure, a move that critics of federal cyber-security policy have espoused for years. http://www.washingtonpost.com/wp-dyn/content/article/2005/07/13/AR2005071301733.html http://www.govexec.com/story_page.cfm?articleid=31731 DHS shake-up to strengthen technology programs http://www.gcn.com/vol1_no1/daily-updates/36380-1.html DHS creating cybersecurity, intelligence and policy czars http://www.fcw.com/article89563-07-13-05-Web Management directorate left intact under DHS overhaul plans http://www.govexec.com/story_page.cfm?articleid=31734 Chertoff unveils Homeland Security revamp plan http://www.govexec.com/story_page.cfm?articleid=31733 - - - - - - - - - - Trial Begins in Arkansas Hacker Case Four Acxiom Corp. employees told jurors Tuesday about their discovery that the database-management company's computer system had been penetrated, and how they responded. The group testified as federal prosecutors opened their case against a Florida man accused of hacking into Acxiom Corp.'s system and downloading scredit card numbers and other personal information. http://www.washingtonpost.com/wp-dyn/content/article/2005/07/12/AR2005071201423.html - - - - - - - - - - British hacker shines light on poor IT security Gary McKinnon tells ZDNet UK about alarming lapses in IT security, which could be a key factor behind US calls to extradite him to face charges of hacking US Army, Navy, Air Force and NASA computers. The British hacker facing extradition to the US on charges of hacking and causing damage to US defence sites has highlighted poor security as a major factor in his ability to wander through the IT systems of some key defence establishments. http://news.zdnet.co.uk/0,39020330,39208859,00.htm Alleged hacker: U.S. defense sites poorly secured http://news.com.com/Alleged+hacker+U.S.+defense+sites+poorly+secured/2100-7350_3-5786440.html Gary McKinnon: Scapegoat or public enemy? http://news.com.com/Gary+McKinnon+Scapegoat+or+public+enemy/2008-7350_3-5786782.html - - - - - - - - - - Kansan admits to child porn collection Marlon K. Woodward secretly collected pictures in his computer of young children having sex. Then his brother took the machine to a pawn shop. The pawn brokers found the images and alerted authorities. In November, Woodward was among 16 people across Kansas charged by the U.S. Attorney's office with possessing or trafficking in child pornography. Tuesday, Woodward's case ended up like most of the 16: with a guilty plea. http://www.kansas.com/mld/kansas/news/12117826.htm - - - - - - - - - - Child porn reportedly found on computer of ex-Henry coroner The Henry County coroner who resigned amid charges that he propositioned women for sex now faces allegations that child pornography has been found on his computer. Muncie police investigators said they found several images of child pornography on a computer owned by Robert Scott Troxell, the former coroner. http://www.fortwayne.com/mld/fortwayne/news/local/12121495.htm - - - - - - - - - - Man Sent Child Porn Over Internet An 18-year-old Beech Grove man faces charges in Texas and Indiana that he sent child pornography over the Internet. Police told RTV6 he thought he was talking to a young girl in an online chat room. But that "young girl" was really an undercover detective. http://www.theindychannel.com/news/4716937/detail.html - - - - - - - - - - EU antitrust officials raid Intel European regulators raided the offices of Intel and a number of PC-related companies early Tuesday as part of an antitrust investigation into the chip giant. As part of the dawn raid, European Commission officials and national competition authorities in Milan, Italy; Munich, Germany; Madrid, Spain; and Swindon, England, descended on several Intel offices, a Commission representative said and an Intel representative confirmed. The officials also visited a number of companies that manufacture or sell computers. http://news.zdnet.com/2100-9584_22-5784428.html - - - - - - - - - - Bush picks tech lawyer for security post President Bush said Wednesday that he has chosen Stewart Baker, one of Washington's most influential technology lawyers, to be assistant secretary of homeland security for policy. Baker's new job, which requires Senate confirmation, would place him in the prominent position of shaping policy on topics from data mining to the department's planning for "what if" scenarios far off in the future. It also could include evaluating existing department functions for efficiency and creating a national strategy to prevent terrorists from entering the United States. http://news.zdnet.com/2100-1009_22-5787520.html - - - - - - - - - - Penalty plea on cyber criminals Tougher sentences are needed to make sure computer crime is treated seriously by courts and prosecutors, said an MP as he proposed new laws. Labour's Tom Harris wants there to be a specific law forbidding "denial of service attacks" where floods of emails are used to wreck computer systems. http://news.bbc.co.uk/2/hi/uk_news/politics/4676169.stm Tougher cybercrime sentences demanded Tom Harris MP wants convicted hackers to face up to ten years behind bars. A Labour MP is attempting to raise the maximum sentences that can be handed down on UK citizens who are convicted of hacking and DoS attacks. Tom Harris, MP for Glasgow South, introduced a bill on Tuesday to update the Computer Misuse Act. http://news.zdnet.co.uk/internet/security/0,39020375,39208865,00.htm Leave hacker scum to rot, says MP http://www.theregister.co.uk/2005/07/13/longer_sentences_hackers/ - - - - - - - - - - Enhanced In-Air Internet Surveillance Sought Federal law enforcement agencies are seeking enhanced surveillance powers over Internet service on airplanes, an effort to shape an emerging technology to meet the government's concerns about terrorism. Authorities want the ability to intercept, block or divert e-mail or other online communication to and from airplanes after obtaining a court order. Internet providers would have to allow government monitoring within 10 minutes of a court order being granted, be able to electronically identify users by their seat numbers and be required to collect and store records of the communications for 24 hours. http://www.washingtonpost.com/wp-dyn/content/article/2005/07/12/AR2005071201435.html - - - - - - - - - - BofA adds new online security Stung by recent high-profile security breaches, Bank of America Corp. is rolling out a new online banking security system aimed at making it harder for cyberthieves to crack customer accounts. "We definitely want to lead the industry by making online banking more secure," Bank of America e-commerce executive Sanjay Gupta said. "Right now, more than 50 percent of (banking) transactions take place online." http://www.siliconvalley.com/mld/siliconvalley/business/technology/12121900.htm - - - - - - - - - - Commercial piracy in Ukraine The international recording industry today welcomed the adoption by Ukraine of a landmark CD plant law that is a decisive step in the fight against the country's unacceptably high levels of piracy. Ukraine's Parliament Verkhovna Rada) passed the long-awaited Bill of amendments to Ukraine's Law on Laser-readable Discs which is essential to tackle ongoing pirate CD production and illegal exports from Ukraine. http://www.crime-research.org/news/13.07.2005/1358/ - - - - - - - - - - Flaws could open systems to attack Two serious security flaws in a technology widely used for network authentication could expose a swath of software products to hacker attack, experts have warned. The flaws could allow an online intruder to crash or gain access to computers running Kerberos, a freely available authentication technology that was developed by the Massachusetts Institute of Technology. http://news.zdnet.com/2100-1009_22-5787438.html - - - - - - - - - - Microsoft patches IE, Word, Windows Microsoft Corp. has released three software updates that patch critical security flaws in its products, including a patch for an Internet Explorer vulnerability first reported last week. The company also released patches for Microsoft Word and for a feature of the Windows operating system used by a number of applications. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,103158,00.html Microsoft Warns Hackers Are Actively Exploiting Windows XP Flaws http://www.newsfactor.com/story.xhtml?story_id=03200000PJB4 - - - - - - - - - - Major Oracle Patch Covers Enterprise Products, Database Server Oracle has released a set of 49 patches that addresses new flaws in multiple versions of its Database Server, Application Server, Collaboration Suite, E-Business and Applications, and Enterprise Manager products. The patches are available on OTN (the Oracle Technology Network). The product flaws vary in terms of exploitability. Oracle Database has 12 flaws, including a flaw in Database 10g's Oracle OLAP (online analytical processing) that requires Database privilegeexecute on olapsysbut which, according to Oracle's posting, is both easily accessible and would have a wide impact. http://www.eweek.com/article2/0,1895,1836304,00.asp http://news.zdnet.com/2100-1009_22-5786474.html - - - - - - - - - - Firefox patch fixes 12 security flaws Firefox users were today urged to upgrade to the latest version of the browser which is designed to be more stable and fixes 12 security flaws. The patches cover problems with Javascript handling and offer protection against some remote code execution, for example when malicious code is inserted into a spoofed web page. http://www.vnunet.com/vnunet/news/2139752/firefox-patch http://www.theregister.co.uk/2005/07/13/firefox_update/ http://software.silicon.com/security/0,39024655,39150301,00.htm http://computerworld.com/securitytopics/security/story/0,10801,103159,00.html - - - - - - - - - - Could blogging spread computer worms? Could RSS feeds become a conduit for the transmission of computer worms? Security experts are at odds over the possibility. Those who play down the threat point to the fact that no virus has ever used the propagation technique while others say it's only when a network reaches critical mass (as in the case of instant message and file sharing networks) that malware threats show their ugly head. http://www.theregister.co.uk/2005/07/13/rss_security_threat/ - - - - - - - - - - Phlooding attack could leave enterprises high and dry You've got to hand it to the IT security industry for its ability to coin new and impressive sounding terms for security threats. Hot on the hells of WiPhishing and Evil Twins comes the latest buzz word for wireless Lan security: phlooding. Phlooding involves a "group of simultaneous but geographically distributed attacks that targets a business's authentication or network log-in structure, with the goal of overloading its central authentication server," according to wireless security firm AirMagnet, which coined the term. http://www.theregister.co.uk/2005/07/13/phlooding_wifi_security_threat/ - - - - - - - - - - Document security? Tell me another joke Hardly a week goes by without a report of confidential information leaking from a supposedly secure document. Breaches affecting both the public and private sectors are constantly making the news. http://news.com.com/2010-1071_3-5783062.html - - - - - - - - - - Police blogger files complaint after losing job A police officer who claims he was fired because a Web site he operates criticizes New York City's police department--often in crude language--has filed a complaint with the New York State Division of Human Rights. Edward R. Polstein's complaint asserts that he was the victim of retaliation and reverse discrimination. He was fired after he reneged on a retirement deal struck last fall, according to the police department. http://news.com.com/Police+blogger+files+complaint+after+losing+job/2100-1030_3-5786284.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.