NewsBits for August 23, 2005 ************************************************************ Breach Exposes U.S. Air Force Officers to ID Theft More than 33,000 U.S. Air Force officers could be at greater risk of identity theft after a "malicious user" accessed a database containing personal information, an Air Force official said on Tuesday. http://www.eweek.com/article2/0,1759,1851432,00.asp http://www.siliconvalley.com/mld/siliconvalley/news/editorial/12454456.htm http://www.msnbc.msn.com/id/9046116/ http://www.cnn.com/2005/TECH/ptech/08/23/hacker.military.records.ap/index.html http://www.vnunet.com/vnunet/news/2141437/air-force-hacked http://www.internetnews.com/security/article.php/3529046 If You Get Hacked, Are You A Victim Or A Culprit? http://www.it-observer.com/news.php?id=5422 - - - - - - - - - - ID theft spyware scam uncovered Thousands of computer users have been caught out by a huge ID theft ring. Security firm Sunbelt Software said it stumbled across a US-based server storing megabytes of data stolen from compromised computers while researching spyware infections. The server held passwords for online accounts from 50 banks, Ebay and Paypal logins, hundreds of credit card numbers and reams of personal data. The FBI has reportedly now started investigating the ring of ID thieves. http://news.bbc.co.uk/2/hi/technology/4173218.stm http://www.vnunet.com/vnunet/news/2141439/spyware-plague-rise Companies dinged on Web privacy http://news.zdnet.com/2100-1009_22-5842176.html - - - - - - - - - - Pro-Napster hacker claims 60 site scalps Windows NT server operators beware: hacker and Napster fan 'Pimpshiz' has you in his sights and is out to do some serious damage in the run up to the Napster trial, which commences tomorrow. The hacker has been active for the last couple of weeks, defacing around 60 Web sites, including the sites of organisations and companies as diverse as the French national library (zut alors!), Honda UK, 800-Shoes The Martin Short Show and NASA (Houston, we have a security problem). http://www.theregister.co.uk/2000/08/22/pronapster_hacker_claims_60_site/ - - - - - - - - - - 2nd Circuit Splits Over Use of 'Candyman' Warrants What one lawyer described as a "stark" division has emerged among judges in the 2nd U.S. Circuit Court of Appeals over the constitutionality of search warrants used in the roundup of dozens of men nationwide in an anti-child pornography sweep. For the second time in two weeks, a panel of the circuit tackled the issue of a flawed affidavit submitted by a lead child porn investigator. http://www.law.com/jsp/article.jsp?id=1124714414371 - - - - - - - - - - Treasurer's child porn trial put on hold by appeals court The Michigan Court of Appeals has ordered postponement of the child-pornography and eavesdropping trial of Egelston Township Treasurer Brian Lee Hill, which was to start today. The higher court's order is to give the appellate judges time to consider Hill's emergency pretrial appeal of 14th Circuit Judge Timothy G. Hicks' recent ruling on a key question of law: Is downloading photographs from the Internet onto disks for personal use "making" child pornography, a felony punishable by up to 20 years in prison? Or is it simple "possession," a four-year felony? http://www.mlive.com/news/muchronicle/index.ssf?/base/news-7/1124810111309410.xml - - - - - - - - - - Former Marine recruiter ordered to stand trial on child porn A 30-year-old former Marine Corps recruiter in Wausau has been ordered to stand trial on eight counts of possessing child pornography. Marathon County Circuit Judge Dorothy Bain acted Monday in the case of Anthony L. Farisa following a preliminary hearing. A pretrial conference was scheduled for Sept. 13. http://www.gazetteextra.com/recruiter_porn082305.asp - - - - - - - - - - Violent internet porn to get new laws in the UK The Government has said it will announce plans to strengthen laws applicable to violent internet pornography in the next few weeks. Such material is generally illegal to publish but legal to view in the UK under the current regime. http://www.theregister.co.uk/2005/08/23/uk_web_crackdown/ - - - - - - - - - - Web posts spark libel complaint from politician Oklahoma prosecutors will soon weigh whether to take up criminal charges against a former mayoral candidate accused of libeling a longtime state politician on his Web forum. In a police report filed Aug. 16, former state senator and convicted felon Gene Stipe charged that Harold King had published false information about Stipe and his family on his Web forum, the McAlester Watercooler, said Capt. Darrell Miller of the McAlester, Okla., police force. The nature of the information was not disclosed. http://news.com.com/2100-1030_3-5841806.html - - - - - - - - - - IG report calls DHS IT security inadequate The Homeland Security Departments IT systems continue to be plagued by weak access controls and a lack of contingency planning, according to a new report released by the departments Office of the Inspector General. http://www.gcn.com/vol1_no1/daily-updates/36754-1.html - - - - - - - - - - Storm brewing over SHA-1 as further breaks are found Three Chinese researchers have further refined an attack on the encryption standard frequently used to digitally sign documents, making the attack 64 times faster and leaving cryptographers to debate whether the standard, known as the Secure Hash Algorithm, should be phased out more quickly than planned. http://www.securityfocus.com/news/11292 - - - - - - - - - - PHP hit by another critical flaw A fresh security flaw has surfaced in the PHP Web service protocol that could allow attackers to take control of vulnerable servers. The bug was found in XML-RPC for PHP and PEAR XML_RPC as the result of a security audit by the Hardened-PHP Project. The group said it decided to carry out its own audit after other flaws were disclosed in the two libraries earlier this summer. http://www.computerworld.com/securitytopics/security/story/0,10801,104124,00.html CA patches security flaws in multiple products http://www.theregister.co.uk/2005/08/23/ca_security_flap/ CA Plugs Message-Queuing Buffer Overflows http://www.eweek.com/article2/0,1759,1850917,00.asp - - - - - - - - - - Phishers go fishing in July A total of 14,135 unique phishing campaigns were reported in July, according to the Anti- Phishing Working Group. That is down from 15,050 a month earlier, the group said in a report Tuesday. In phishing attacks, fraudulent Web sites are used to trick Internet users into giving up sensitive information such as credit card details and social security numbers. The number of attacks has been increasing steadily, with slight drops only in April and December. July's decrease could just be a summer dip, an APWG representative said. http://news.com.com/Phishers+go+fishing+in+July/2110-7349_3-5842241.html Crimeware epidemic spreading fast http://www.vnunet.com/vnunet/news/2141436/crimeware-epidemic-takes-hold - - - - - - - - - - Intel, Cisco Team to Thwart Security Threats Chip maker Intel Corp. and networking equipment maker Cisco Systems Inc. are joining forces to combine Intel's chip-based Active Management Technology with Cisco's Network Admission Control architecture. http://www.eweek.com/article2/0,1759,1851457,00.asp - - - - - - - - - - What Price Homeland Security? The problem with making the Internet more secure is that the process requires that computer engineers bolt on yet more layers of new functions. The act of strengthening the infrastructure, then, might actually further stress what holds it together. http://www.newsfactor.com/story.xhtml?story_id=11300002JG9B - - - - - - - - - - Releasing zero-day exploits to sell a product? As companies are still picking up the pieces from the Zotob worm and its malicious siblings, a French information security company that sells early exploit warning services has released a zero-day exploit that attacks all versions of Microsoft Internet Explorer. http://blogs.zdnet.com/Ou/index.php?p=93 - - - - - - - - - - Cutting through the hype of continuous data protection Keith Richardt heads up a consultancy called KStar Inc. in Atlanta that provides technology management services for independent insurance agents in the state. So when one of his customers recently called in a panic fearing her firm had lost all its data, Richardt was happy that he could help. http://computerworld.com/securitytopics/security/recovery/story/0,10801,104128,00.html - - - - - - - - - - Satnav fingers bungling burglars In the great British tradition of "rob someone's house then leave your mobile at the scene", two London men have been jailed for burglary after the satnav system in the vehicle used for the blags stored the addresses of every house they hit. Ian Bansie, 33, used his work's motor to ferry 31-year-old accomplice Steve Warrington to ten homes in Reigate, Surrey, completely unaware that the satellite navigation system was dutifully keeping a record of their crime spree. http://www.theregister.co.uk/2005/08/23/satnav_bungle/ *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.