NewsBits for July 19, 2005 ************************************************************ Government computer systems struck by intruders CTV News has learned Canada's ultra-secret spy agency recently detected what the Communications Security Establishment says were: "a series of sophisticated intrusions into the federal government's computer systems." The agency, Canada's national cryptologic agency, says the attacks were minimal, and refuses to divulge exactly what the hackers were after or reveal their identities. But Julie Spillan, federal director of The Canadian Cyber Response Centre, admits: "There is a threat to Canada in the cyber realm." http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/1121363949740_36/ - - - - - - - - - - Hackers get into USC database A University of Southern California database containing about 270,000 records of past applicants was hacked last month, officials said on Tuesday. The breach of the university's online application database exposed "dozens" of records, which included names and Social Security numbers, to unauthorized individuals, said Katharine Harrington, USC dean of admissions and financial aid. http://news.zdnet.com/2100-1009_22-5795373.html - - - - - - - - - - Doctor? ... oh, doctor! Medical answering service accused of salacious hacking of competitor. The founder of a company that runs answering services for doctors allegedly tried to destroy a competitor by hacking into the firms computer so that patients got a busy signal or heard moaning when they tried to call their doctors. Gerald Martin, 37, was charged with computer tampering and possession of a forged instrument. If convicted, he could serve up to seven years in prison. http://www.msnbc.msn.com/id/8633314/ - - - - - - - - - - Hackers shift focus to swiping ID information Computer attacks cost U.S. companies, government agencies and universities far less than they did a year ago, a new survey says. But what was good for them may be bad for consumers and employees. http://www.usatoday.com/tech/news/2005-07-18-security-usat_x.htm - - - - - - - - - - New cyber chief faces challenges as DHS struggles The new cyber-security czar faces numerous challenges as the Homeland Security Department continues to struggle with its responsibilities for protecting key cyber infrastructures. David Powner, director of information technology management issues at the Government Accountability Office (GAO), on Tuesday testified before Congress that the Homeland Security Department has not fully addressed any of the 13 cyber responsibilities that were assigned to the department when Congress created it more than two years ago. http://www.govexec.com/story_page.cfm?articleid=31783 Critical infrastructure needs more cybersecurity protections The Homeland Security Department is failing to adequately protect the nations critical infrastructure and the information technology that supports it, the Government Accountability Office told the Senate today. http://www.fcw.com/article89620-07-19-05-Web http://www.govexec.com/story_page.cfm?articleid=31778 - - - - - - - - - - Study: Internet users ignorant about data privacy U.S. Internet users are dangerously ignorant about the type of data that Web site owners collect from them and how that data is used, making them vulnerable to fraud and misuse of their personal information, a new study finds. http://www.computerworld.com/securitytopics/security/story/0,10801,103332,00.html - - - - - - - - - - Internal report warns of online fraud INTERNET fraud is costing the National Australia Bank about $1 million a month and it could blow out to as much as $30 million a year by 2008. The NAB figures suggest online losses by all banks could already be close to $70 million a year. http://www.heraldsun.news.com.au/common/story_page/0,5478,15974549%255E664,00.html - - - - - - - - - - Company porn creates regulatory nightmare IT directors are putting businesses at financial risk by not enforcing regulation linked to porn prevention in the workplace. Two surveys of U.S. and U.K. businesses found that over half of those who responded were not aware lawyers use company internet records for evidence of sexual harassment, workplace harassment and hostile work environments. http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=0722a1f2-f565-465d-9e57-0db82fb81269 - - - - - - - - - - Attackers turning to fake online greeting cards The next e-card you get could include malware The next e-mail greeting card you get may come with a nasty surprise. According to Internet security vendor SurfControl PLC, attackers are increasingly using fake e-mail greeting cards as a way of getting malicious software installed on computers. http://computerworld.com/securitytopics/security/holes/story/0,10801,103326,00.html - - - - - - - - - - ISPs versus the zombies Internet service providers face mounting pressure to keep their networks free of pests--not only for the benefit of their customers, but also for the good of the Internet in general. In the next few months, ISPs in the United States will begin receiving reports on the zombies, or PCs open to control by hackers, that lurk on their networks. The data will be sent out by the Federal Trade Commission, which said in May that zombies have become such a serious problem that more industry action is required. http://news.zdnet.com/2100-1009_22-5793719.html - - - - - - - - - - Trojans stampede across the web Websites concealing malicious Trojan code are increasing in number faster than ever before, a security firm has warned. Websense Security Labs reported that a high percentage of malicious sites contain so-called Trojan horse downloaders, and banking Trojans designed to create backdoors through which personal data can be sent to hackers. http://www.vnunet.com/vnunet/news/2140028/trojan-horses-stampede-across - - - - - - - - - - DoS flaw extends across Windows range It's not just Windows XP that is vulnerable to the Remote Desktop Protocol flaw, but also Windows 2000 and Windows Server 2003. A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP. http://news.zdnet.co.uk/internet/security/0,39020375,39209674,00.htm - - - - - - - - - - Oracle taken to task for time to fix vulnerabilities Claiming that Oracle has failed to fix six vulnerabilities despite having more than 650 days to issue a patch, researchers at security firm Red Database Security published details of the flaws on Tuesday. I have never seen any take this long. It is odd to go that long. In this case, I think something fell through the cracks. There may have been a miscommunication somewhere. http://www.securityfocus.com/news/11252 Oracle dragging heels on unfixed flaws, researcher says http://news.zdnet.com/2100-1009_22-5795533.html - - - - - - - - - - Spyware as Corporate Espionage Threat Discovering the prevalence of espionage via spyware is a tricky endeavor. Many targeted companies might be unaware of such activities, and those that find the spyware programs might not want to talk about it. Like viruses and worms, spyware has become yet another scourge for enterprises. But it is possible, perhaps even likely, that spyware is becoming far more than a mere nuisance. http://www.newsfactor.com/story.xhtml?story_id=103000029V6L - - - - - - - - - - Wi-Fi Networks Under Attack "Having your Wi-Fi signal stolen is a real risk today," said Janet Kumpu, president and chief executive officer of Fortress Technologies in Tampa, Fla., a networking software developer. "It's not just hackers who want to break into an e-mail account. They want to use your network for their own broadband connection." http://www.newsfactor.com/story.xhtml?story_id=10300002AG8S - - - - - - - - - - Blue Frog Antispam Tech Targets Spamvertized Sites "Blue Security takes an active approach that deters spammers by interfering with their ability to do business, compelling them to comply with the Registry and stop sending spam to Blue Community members," according to the company. http://www.newsfactor.com/story.xhtml?story_id=10300002AHLF - - - - - - - - - - 10,000 surfers slam UK ID cards An online petition against UK identity cards has reached its target of 10,000 signatures, with each respondent pledging PS10 to fight the legislation. The No2ID campaign was set up to oppose the introduction of ID cards in the UK and aimed to get 10,000 people to sign an online petition and pledge PS10 to underwrite legal challenges against the bill. http://www.vnunet.com/vnunet/news/2140013/anti-id-cards-reaches-signup Half of Brits don't have all chip and PIN cards http://software.silicon.com/security/0,39024655,39150544,00.htm - - - - - - - - - - Where the Dangers Are In the world of cybercrime, the bad guys are getting smarter -- and more ambitious. In recent months, hackers have carried out a flurry of increasingly sophisticated attacks, highlighting the vulnerability of key computer networks around the world. Criminals penetrated the database of CardSystems Solutions Inc., nabbing up to 200,000 Visa, MasterCard, American Express and Discover card numbers and potentially exposing tens of millions more. Leading high- tech companies in Israel allegedly planted surveillance software on the computers of their business rivals. http://online.wsj.com/public/article/0,,SB112128442038984802,00.html - - - - - - - - - - Write down your password today Security guru Bruce Schneier has backed calls from Microsoft's Jesper Johansson urging users to write down their passwords. In years gone by scribbling down passwords on Post-It notes was often cited as a top security mistake but the sheer volume of passwords people are obliged to remember means people often use easily-guessed login details, another security faux-pas. Schneier - well known for his original thinking and ability to apply common sense to security issues - advocates a low-tech solution to the password conundrum. http://www.theregister.co.uk/2005/07/19/password_schneier/ - - - - - - - - - - Terror Forum Sows Seeds of Jihad A popular pro-jihadist, London-registered message board -- Tajdeed.org.uk -- is under scrutiny as the fallout from the London terror attack continues. Several private watchdog efforts monitoring the rising tide of terror-related websites say it wouldn't come as a surprise if British police implicate the online forum during their investigation. http://www.wired.com/news/privacy/0,1848,68214,00.html