NewsBits for July 25, 2005 ************************************************************ Renewed Patriot Act Gets Boost in House, Senate Panel Within hours of a second attack on the London transit system, lawmakers in the House and Senate pushed ahead yesterday with starkly different bills to extend the controversial USA Patriot Act anti-terrorism law. http://www.washingtonpost.com/wp-dyn/content/article/2005/07/21/AR2005072102338.html - - - - - - - - - - UK police chiefs seek powers to attack terror web sites The Association of Chief Police Officers has asked for new legislation giving the security services "powers to attack identified websites". The proposal, along with one for a new offence covering "use of the internet to prepare, encourage, facilitate acts of terrorism" was part of the terror law 'shopping list' presented by ACPO at the Prime Minister's meeting with law enforcement agencies on Thursday. http://www.theregister.co.uk/2005/07/23/acpo_seeks_new_terror_powers/ http://news.zdnet.com/2100-1009_22-5803380.html http://www.it-observer.com/news.php?id=5303 - - - - - - - - - - Music sites suffer 'widespread' ring-tone theft A third of US and European music websites are vulnerable to ring-tone theft, according to a study by content software specialists Qpass. The company estimates that such theft has cost the mobile and music industries PS22m since early 2004, and will cost PS82m by 2007. http://www.vnunet.com/vnunet/news/2140291/ringtone-theft-widespread - - - - - - - - - - Attackers lurk on photo sites, firm warns Cybercriminals are increasingly using blog sites and other free online services to spread malicious code, Websense has warned. In the first two weeks of July, the security company's labs saw more than 500 incidents of such attacks, Websense said on Monday. The free services are being abused to install software designed to steal personal information or hijack a victim's PC. http://news.zdnet.com/2100-1009_22-5803863.html - - - - - - - - - - Study: Hackers target flawed backup software Flawed backup software has emerged as the latest target for hackers looking for corporate secrets, according to a survey released today. The survey by the nonprofit SANS Institute found new holes in widely used software products, even as computer users are getting better at patching some favorite hacker targets. http://computerworld.com/securitytopics/security/holes/story/0,10801,103471,00.html http://www.msnbc.msn.com/id/8702071/ http://www.gcn.com/vol1_no1/daily-updates/36485-1.html - - - - - - - - - - Security holes add up in second quarter More than 422 new Internet security holes were found during the second quarter, according to data released Monday by the SANS Institute. This represents an increase of 10.8 percent compared with the number found in the first quarter, and a jump of 20 percent compared with the second quarter of last year, the institute said in its quarterly report. http://news.zdnet.com/2100-1009_22-5803078.html - - - - - - - - - - Oracle releases security patch fixes; MySQL flaw surfaces Oracle has released two sets of database patches to correct flaws in previously released security patches. One of the affected patches is itself a fix to an earlier set of patches. http://computerworld.com/securitytopics/security/story/0,10801,103466,00.html - - - - - - - - - - 3Com launches vulnerability-buying program TippingPoint, a division of networking giant 3Com, plans to pay researchers for information about unannounced vulnerabilities in major systems and software and will add bonuses for prolific flaw finders, the company announced on Monday. http://www.securityfocus.com/news/11253 - - - - - - - - - - UK ID card to use ICAO reader standard The Government last week confirmed that the UK's planned ID card is intended to operate as a 'passport lite' that could be used for travel within the European Union, and signalled that Home Office thinking may be moving towards the use of a PIN as a common mechanism for verification. The card's operation as a passport, said Under Secretary of State Andy Burnham, dictates that it will need to use ICAO standard RFID contactless reader technology, while use of chip and PIN would allow it to be compatible with banking and retail systems. http://www.theregister.co.uk/2005/07/25/id_card_goes_icao/ - - - - - - - - - - Cyberspace: The scene of the crime Crime fighting in the old days was simple for a detective determine what crime was committed, go to the crime scene, gather evidence and if all went well, start making arrests. But in todays society, with computers a part of everyday life, the crime scene isnt always a scene, but often just a thin piece of metal with some circuits on it a computer hard drive. And, dusting for fingerprints on a hard drive tends to be a little more difficult than your average evidence-gathering procedure. http://www.mnsun.com/story.asp?city=Hopkins&story=161509 - - - - - - - - - - Sidebar: Other Nonviral Malware Adbots: Adbots, like spyware, are usually installed along with user-selected freeware. They deliver unwanted advertisements. Dialers: Dialers call 900 numbers and run up phone bills. DDoS zombie agents: These programs allow infected computers to be used in distributed denial-of-service attacks. The zombie agents are coordinated to request service from the same server. http://www.computerworld.com/securitytopics/security/story/0,10801,103379,00.html - - - - - - - - - - Security Fix Is Heading to Vegas I'll be heading into the soul-crushing heat of Las Vegas for six days next week to cover Black Hat and Defcon, two of the largest hacker conventions in the country. I'm planning to blog like a madman at the conferences, and hopefully trying out some interesting audio, video and other multimedia firsts for the blog. http://blogs.washingtonpost.com/securityfix/2005/07/security_fix_go.html - - - - - - - - - - The 100-Year Archive Dilemma As more organizations store more data longer, the IT industry seeks a better way. A record is a record, whether it's a sheet of paper, an e-mail, an electronic document or a digital image. "It's the content that drives retention, not the media it's written on," says Adam Jansen, a digital archivist for the state of Washington. And recent federal regulations are requiring more companies to save more content for longer periods of time. http://www.computerworld.com/securitytopics/security/story/0,10801,103382,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.