NewsBits for July 15, 2005 ************************************************************ Firefox marketing site hacked SpreadFirefox.com, the community marketing Web site for the open-source Firefox Web browser, washacked earlier this week, potentially exposing user data. Attackers broke into the Web site by exploiting an unpatched security vulnerability in the software that runs SpreadFirefox.com, the Mozilla Foundation said in an e-mail alert to registered users of the site late Thursday. Mozilla coordinates Firefox development and marketing. http://news.zdnet.com/2100-1009_22-5790030.html Mozilla issues warnings after hack attack Up to 100,000 users of spreadfirefox.com may have had personal details compromised after an attack last weekend. SpreadFirefox.com, the community marketing Web site for the open source Firefox Web browser, was hacked earlier last weekend, potentially exposing user data. http://news.zdnet.co.uk/internet/security/0,39020375,39209424,00.htm - - - - - - - - - - Another pitch to Parliament for Denial of Service law Tom Harris MP presented a bill to Parliament that would amend the UK's 15-year-old cybercrime law to confirm that denial of service attacks are illegal. A similar bill was pitched in March but was defeated by the timetable for the general election. The Labour MP for Glasgow South called for amendments to the Computer Misuse Act of 1990 in his Ten Minute Rule Bill a type of Private Member's Bill that rarely becomes law, but serves to raise Parliamentary awareness of a need for legal reform. http://www.theregister.co.uk/2005/07/15/mp_pitches_denial_of_service_law_to_parliament/ - - - - - - - - - - Windows flaw could spawn DoS attacks A newly discovered and as-of-yet unpatched security vulnerability in Windows XP could let an attacker remotely crash computers. The flaw affects the Windows Remote Desktop Service, which lets users access their Windows PC from a remote location. An attacker could remotely exploit the problem to crash a victim's PC in what's known as a denial-of-service attack, according to a posting on the Security Protocols Web site earlier this week. The user would then see the Windows "blue screen of death." http://news.zdnet.com/2100-1040_22-5790540.html - - - - - - - - - - Flaws in BT chat sites expose users A third party website allowing unrestricted access to Oceanfree and IOL chat sites could enable visitors to view the IP address and domain names of the sites' 'chatters.' Through the use of a third party website, industry experts have discovered a method for logging into BT Ireland's Oceanfree or IOL chat sites without registering on the system, giving them the ability to impersonate other visitors to the site. http://www.theregister.co.uk/2005/07/14/bt_chat_site_flaws/ - - - - - - - - - - Opanki worm lives again on AIM An new version of the worm has been spotted spreading over AOL's instant-messaging service A new version of the Opanki worm that spreads via instant messenger hit users of America Online's AOL Instant Messenger on Wednesday, security company IMlogic said. The worm tricks victims into clicking on a malicious link by sending a variety of messages such as: "Hey check out this link:" or "LOL, click here:" Jon Sakoda, IMlogic's chief technology officer, said. After a victim clicks the link, the worm attempts to install remote control software on the victim's system and sends itself to all the contacts on the user's contact list, Sakoda said. IMlogic rates the new worm a "medium" risk. http://news.zdnet.co.uk/internet/security/0,39020375,39209419,00.htm - - - - - - - - - - Worm spells double trouble for PCs A double-edged threat that attempts to hijack PCs has surfaced in at least three variants, security companies warned on Friday. The new pest, Lebreat, is a combined network worm and mass-mailing worm, F-Secure said. Once run on a PC, it installs a backdoor for hackers, downloads the mass-mailer code and attempts to launch a denial-of-service attack that targets security giant Symantec's Web site, the Finnish antivirus specialist said. The malicious code is also known as Breatle and Reatle at other antivirus companies. http://news.zdnet.com/2100-1009_22-5790416.html - - - - - - - - - - Squatters a major problem for credit-report site Privacy-sensitive U.S. citizens aiming to get their government-mandated annual free credit reports have to be careful not to endanger their sensitive data instead, stated a report released on Thursday. When you have 220 million people who are ready to put in an SSN, but a typo sends them to the wrong domain, then you have a problem. I don't know how a consumer could wind their way through this labyrinth and see all the pitfalls. http://www.securityfocus.com/news/11251 - - - - - - - - - - Panel Suggests Internet Governance Options A United Nations panel created to recommend how the Internet should be run in the future has failed to reach consensus but did agree that no single country should dominate. The United States stated two weeks ago that it intended to maintain control over the computers that serve as the Internet's principal traffic cops. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-rup15.1jul15,1,6693802.story - - - - - - - - - - Stolen data worries financial institutions Recent data losses at financial institutions has increased industry concerns about unauthorized access, according to Deloitte's 2005 Global Security Survey. http://www.computerworld.com/securitytopics/security/story/0,10801,103244,00.html - - - - - - - - - - Cisco Issues VoIP Security Warning Although the Cisco alert should draw the attention of CIOs, and justifiably so, it is important to keep in mind that threats to VoIP systems still are fairly rare, according to Gartner analyst John Pescatore. http://www.newsfactor.com/story.xhtml?story_id=102000029K4C - - - - - - - - - - Sophos promises to sniff out zombie systems Antivirus specialist Sophos has launched a service that uses spam traps to find unsolicited e-mail messages originating from supposedly "protected" computers. The ZombieAlert service uses a large amount of "spam traps" that are configured so they are unlikely to receive legitimate messages, Paul Ducklin, head of technology at Sophos Asia- Pacific, said. When the traps receive spam, the originating IP address of the message is looked up, and if it belongs to a ZombieAlert subscriber, Sophos will inform them that one or more of their computers is being used as a spam relay. The service was introduced Wednesday. http://news.zdnet.com/2100-1009_22-5790292.html - - - - - - - - - - Phishing concerns to delay non-English domain names Concerns about ``phishing'' e-mail scams will likely delay the expansion of domain names beyond non-English characters, the chairman of the Internet's key oversight agency said Friday. Vint Cerf, head of the Internet Corporation for Assigned Names and Numbers, would not speculate on when such characters might appear but said Internet engineers must now spend time ``trying to winnow down, frankly, the number of character (sets) that are allowed to be registered.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/12142234.htm - - - - - - - - - - But that's Big Brother's job Online chat groups may be the new venue for ousting those who break social norms. If you no longer marvel at the Internet's power to connect and transform the world, you need to hear the story of a woman known to many around the globe as, loosely translated, Dog Poop Girl. Recently, the woman was on the subway in her native South Korea when her dog did its business. The woman made no move to clean up the mess, and several fellow travelers got agitated. (LA Times article, free registration required) http://www.latimes.com/technology/la-et-internet15jul15,1,2457186.story - - - - - - - - - - NYPD's Digital Crime-Fighter The $11-million center is designed to supply officers immediate information on suspects. The New York Police Department unveiled a new high-tech command center Thursday that would provide officers crucial data about crimes and suspects including convicts' nicknames and tattoos even before police arrived at a crime scene. The $11-million Real Time Crime Center is the first of its kind and "will transform the way we solve crime," Mayor Michael R. Bloomberg said. (LA Times article, free registration required) http://www.latimes.com/technology/la-na-nypd15jul15,1,246030.story *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.