NewsBits for August 3, 2005 ************************************************************ Government-computer hacker sentenced The co-founder of a San Diego computer security firm was sentenced by a federal judge yesterday to 60 days in a work-release program for hacking into government and private computers to show they were vulnerable and to drum up business. http://www.signonsandiego.com/news/metro/20050802-9999-1m2hack.html - - - - - - - - - - Hackers again hit CU A computer security breach at the University of Colorado at Boulder has left all 29,000 students, some former students and as many as 7,000 staff members vulnerable to identify theft, the school warned Monday evening. Hackers gained access to information on the CU-Boulder identification Buff OneCard used by students. The card contains Social Security numbers, names and photographs. The incident marks the third computer security breach at CU-Boulder since July 21. http://www.denverpost.com/news/ci_2906977 - - - - - - - - - - Teacher's home had stash of child porn A former Westport art teacher is under arrest after federal agents found "a treasure trove" of child pornography in his home. Agents from the federal Department of Homeland Security's Bureau of Immigration and Customs Enforcement arrested Paul Held, 66, of North Avenue, Westport, Tuesday morning. http://www.connpost.com/news/ci_2909504 - - - - - - - - - - Chinese cyber-dissident jailed A Chinese cyber-dissident has been jailed for five years for posting essays and reports - including the lyrics of a punk song - on the net.Zhang Lin has been behind bars since January this year for posting material which authorities described as "contrary to the bases of the constitution". http://www.theregister.co.uk/2005/08/03/china_internet/ - - - - - - - - - - Confidential data found on used servers NSW State Transit Authority (STA) payroll data, financial information and a high-level code for Sydney's ticketing systems were found on an IBM server picked up for AU$20. Sydney computer engineer Geoffrey Huntley found the material on computers he bought at a government auction recently. And it wasn't just one server -- there were 12 of them. http://www.zdnet.com.au/news/security/soa/Confidential_data_found_on_used_servers/0,2000061744,39205197,00.htm - - - - - - - - - - Justice may get privacy officer, more data-sharing The House Judiciary Committee has cleared a version of H.R. 3402, the Justice Department authorization bill for fiscal 2006, that includes provisions for a privacy officer under the attorney general for the first time and for improved federal data-sharing with state and local law-enforcement agencies. http://www.gcn.com/vol1_no1/daily-updates/36564-1.html - - - - - - - - - - FBI Flight Plans Hit Turbulence An FBI proposal to shoehorn a sweeping and sophisticated internet wiretapping capability into emerging in-flight broadband services would be illegal, unconstitutional and costly to implement, a civil liberties group is arguing. http://www.wired.com/news/privacy/0,1848,68407,00.html - - - - - - - - - - Banks let phishers get away with $2.75bn Better bank security could have prevented $2.75bn in losses from the fraudulent use of ATM and debit cards, analyst firm Gartner has alleged in a newly published study. http://www.vnunet.com/vnunet/news/2140690/banks-let-phishers-away-75b South African bank readies defenses for online attacks At a security briefing held last week, Standard Bank of South Africa outlined the steps it intends to take toward ensuring safer Internet banking, and highlighted what it believes will be threats facing the online community going forward. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,103644,00.html - - - - - - - - - - Cyber-terrorists copying hackers: US Cyber-terrorists are attempting to penetrate government networks using the same methods as hackers and many nations are vulnerable to the threat, a US State Department official claims. Michael Alcorn, branch chief of the State Department's Office of Anti-Terrorism Assistance, said on Tuesday that terrorists were becoming more tech-savvy. http://www.theage.com.au/news/breaking/cyberterrorists-copying-hackers-us/2005/08/03/1122748669953.html - - - - - - - - - - Protect kids from cyber-molesters It was just a coincidence, perhaps, but Saturday's paper was packed with stories about alleged or substantiated sexual abuse: On the front page was a story about Tracene Jo Usko, the 47-year- old Newberry Township woman convicted of charges related to filming herself sexually molesting a 23-month-old boy. Police found images of her molesting the child on her computer. http://ydr.com/story/opinion/79654/ - - - - - - - - - - Computer crime: child abuse State police received several calls from parents whose children had contact with a reporter charged with soliciting sex from an undercover officer posing as a juvenile, but theres no evidence at this point that there are additional victims, a trooper said Tuesday. Trooper Brian Murphy of the state police Computer Crime Task Force is seeking information from persons who dealt with Steve Sembrat either during his tenure as a sports writer for the Times Leader, or through a field hockey club he formed in April. http://www.crime-research.org/news/08.03.2005/1404/ - - - - - - - - - - Study: Ring tones heavily shoplifted Online sound snippets intended to help market ring tones sold by phone operators and other distributors often are illegally downloaded and used free of charge, a new study found. Cell phone operators and ring tone sellers typically make available on their Web sites ring tone previews of 15 to 30 seconds. http://news.com.com/Study+Ring+tones+heavily+shoplifted/2100-1041_3-5817528.html - - - - - - - - - - Google now a hacker's tool Somewhere out on the Internet, an Electric Bong may be in danger. The threat: a well-crafted Google query that could allow a hacker to use Google's massive database as a resource for intrusion. "Electric Bong" was one of a number of household devices that security researcher Johnny Long came across when he found an unprotected Web interface to someone's household electrical network. To the right of each item were two control buttons, one labelled "on," the other, "off." http://www.networkworld.com/news/2005/080205-black-hat-google.html - - - - - - - - - - eEye Flags Another IE Code Execution Flaw The software giant's acknowledgement follows the release of a brief advisory from Aliso Viejo, Calif.-based eEye Digital Security that the flaw could put millions of users at risk of code execution attacks. http://www.eweek.com/article2/0,1759,1842980,00.asp - - - - - - - - - - Cisco security flap leaves millions scrambling for help The aftermath of a security breach involving Cisco's customer portal has left customers scrambling to get new passwords. Cisco reset passwords to Cisco Connection Online as a precaution following the discovery of a security bug in a Cisco.com search tool that could expose log-ins of registered users. http://www.theregister.co.uk/2005/08/03/cisco_password_backlog/ Cisco portal password security compromised http://www.theregister.co.uk/2005/08/03/cisco_password_security_flap/ Weak links in the Net's armor http://news.com.com/Weak+links+in+the+Nets+armor/2009-1009_3-5817090.html - - - - - - - - - - Microsoft aims to host regular hacker meetings Microsoft is working on plans to make a recent hacker meeting held on its Washington, campus a twice-yearly event, according to a spokesman for the vendor's security group. The company plans to host another Blue Hat security event in the fall, though no specific date has been set, Stephen Toulouse, a program manager in Microsoft's security unit, said on Monday. http://www.computerworld.com.au/index.php/id;1269907695;fp;16;fpid;0 http://www.newsfactor.com/story.xhtml?story_id=003000002F16 Worm hole found in Windows 2000 http://news.com.com/Worm+hole+found+in+Windows+2000/2100-1002_3-5817400.html - - - - - - - - - - Key bugs in core Linux code squashed Serious security bugs in key parts of the latest Linux code have been fixed, but some small glitches have been introduced, according to a recent scan. In December, Coverity looked at version 2.6.9 of the Linux kernel, the heart of the open-source operating system, and found six critical defects in the core file system and networking code. http://news.com.com/Key+bugs+in+core+Linux+code+squashed/2100-1002_3-5817471.html - - - - - - - - - - CA plugs serious hole in backup software A serious security flaw in Computer Associates backup products could put corporate systems at risk of cyberattack, security companies have warned. http://news.zdnet.com/2100-1009_22-5817704.html - - - - - - - - - - The CardSystems blame game On July 21, 2005, the United States House of Representatives Committee on Financial Services, Subcommittee on Oversight held a hearing on "Credit Card Data Processing: How Secure Is It?" Of course, just by asking the question,you already know what the answer is going to be: not a disaster, but about as secure as you might imagine. http://www.securityfocus.com/columnists/344 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.