NewsBits for August 30, 2005 ************************************************************ Zotob and Mytob were originated by Russian hacker One of the two men arrested last week on charges of creating and mailing the Zotob bot worm also authored some, but not all, of the many Mytob worms in circulation, a security firm said Monday. Finnish anti-virus vendor F-Secure identified Farid Essebar, 18, who was arrested by Moroccan authorities, as the author of some Mytobs. http://www.crime-research.org/news/30.08.2005/1462/ Zotob suspects linked to underground network http://news.zdnet.co.uk/internet/security/0,39020375,39215733,00.htm Zotob arrests throws open trade in compromised PCs http://www.theregister.co.uk/2005/08/30/zotob_arrests_follow-up/ Zotob suspect linked to other viruses http://www.vnunet.com/vnunet/news/2141631/zotob-suspect-linked-viruses Zotob worm linked to credit card fraud ring http://news.com.com/Zotob+worm+linked+to+credit+card+fraud+ring/2100-7348_3-5844672.html - - - - - - - - - - Stark State Web sites security breached Some Stark State College of Technology students were surprised Sunday night when they tried to check their personal information on the school Web site. The students couldnt access their own grade in sociology, how many thousands they get in student loans, and whether they are on the dreaded academic probation. http://www.cantonrep.com/index.php?Category=9&ID=239810&r=0 - - - - - - - - - - Conn. man sells Microsoft source code A Connecticut man known on the Internet as "illwill" pleaded guilty in Manhattan federal court on Monday to charges relating to the theft of the source code to Microsoft Corp.'s Windows operating software, considered among the company's crown jewels. http://www.usatoday.com/tech/news/computersecurity/2005-08-29-microsoft-code-case_x.htm http://www.theregister.co.uk/2005/08/30/ms_source_code_fence_guilty_plea/ - - - - - - - - - - Spyware creator and his customers indicted The creator and several buyers of a keylogging software package marketed as a means of checking up on loved ones, have been indicted in the US for accessing computer systems without authorisation, the Associated Press reports. Purchasers of the $89 LoverSpy software would send their target a colleague, lover or child a seemingly harmless electronic greeting card. When opened, the card added software to the targeted computer that would record email messages, chat room conversations, passwords and any other computer activity. http://www.theregister.co.uk/2005/08/30/keylogging_creator_indicted/ http://www.computerworld.com/securitytopics/security/story/0,10801,104249,00.html http://news.com.com/Man+pleads+guilty+to+selling+Windows+code/2100-1016_3-5844505.html - - - - - - - - - - Former Farmington teacher sentenced to prison for child porn A former San Juan College teacher who pleaded guilty to child pornography charges has been sentenced to six years in prison. Forty-two-year-old Joseph Krim was sentenced Monday by state District Judge Thomas Hynes in Aztec. Krim says he never meant to hurt his family by possessing and manufacturing child porn. http://www.kobtv.com/index.cfm?viewer=storyviewer&id=21411 - - - - - - - - - - Man surrenders on charge of possessing child porn A city man has surrendered to police on a charge of possessing child pornography. Peter Brown, 26, turned himself in Monday morning, police said. Police issued a warrant for his arrest after a local business reported finding some child pornography on Brown's computer. The company was downloading material from Brown's old computer to a new computer he'd bought, police said. http://www.fosters.com/apps/pbcs.dll/article?AID=/20050830/NEWS0201/108300027 - - - - - - - - - - Fort Myers High staffer busted for child porn A Fort Myers High School interpreter for deaf students is jailed on child pornography charges, accused of trying to pay for a tattoo with pornographic images of children. William Allen Lane, 34, was arrested Saturday and accused of transmitting child pornography. He's the second Lee County school employee behind bars on child porn charges, joining bus driver Donald Deverso of Cape Coral, who is accused of using the Internet to view child pornography. http://www.news-press.com/apps/pbcs.dll/article?AID=/20050830/NEWS0104/508300460/1075 - - - - - - - - - - UK.gov to ban violent porn UK ministers are considering plans to make downloading violent sexual images from the net a criminal offence. Distributing footage depicting rapes or other so-called extreme pornography is illegal (under the Obscene Publications Act 1959) but current laws do not allow prosecution for simple possession. This contrasts with laws on the possession of images of child abuse. http://www.theregister.co.uk/2005/08/30/violent_smut_crackdown/ http://www.usatoday.com/tech/news/techpolicy/2005-08-30-britain-internet-porn_x.htm http://www.cnn.com/2005/WORLD/europe/08/30/uk.internet/index.html - - - - - - - - - - IT draft law deletes hacking in India IT amendment New act seeks to protect unintentional crimes; video, child pornography are new categories. The Expert Committee on Cyber Law set up to amend the Information Technology (IT) Act has deleted hacking from its list of offences. In what IT and legal experts say seems to be a knee-jerk reaction to the recent spate of MMS porn and BPO- hacking cases, the committee has installed video- porn and child porn as two separate entities, both with higher punishments. http://www.indianexpress.com/full_story.php?content_id=77204 - - - - - - - - - - GAO: Federal data mining not obeying privacy rules Federal agencies are not adequately protecting citizens privacy when they query databases containing personal information, according to a Government Accountability Office report released today. http://www.fcw.com/article90517-08-29-05-Web Data Mining Found to Flunk Privacy Rules http://www.washingtonpost.com/wp-dyn/content/article/2005/08/29/AR2005082901272.html Federal data-mining efforts fail to fully safeguard privacy, GAO says http://www.govexec.com/story_page.cfm?articleid=32114 - - - - - - - - - - Linux/Unix e-mail flaw leaves systems open to attack Two serious security flaws have turned up in software widely distributed with Linux and Unix. The bugs affect Electronic Mail for Unix (Elm), a venerable e-mail client still used by many Linux and Unix systems administrators, and Mplayer, a cross-platform movie player that is one of the most popular of its kind on Linux. http://www.computerworld.com/securitytopics/security/story/0,10801,104260,00.html - - - - - - - - - - HP warns of flaw in network management product Enterprises using a key network management product from Hewlett-Packard Co. may be vulnerable to a serious flaw allowing remote attacks, the company has warned. The problem is in Network Node Manager, an HP OpenView product that carries out auto-discovery, control and monitoring of network devices via the Simple Network Management Protocol. http://www.computerworld.com/securitytopics/security/story/0,10801,104257,00.html HP netman product trips over security hole http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4303 - - - - - - - - - - Vulnerability Flagged in Adobe Version Cue A security flaw was disclosed today in Adobe Systems Inc.'s Version Cue softwarethe second security flaw in the company's software discerned during the last month. The latest flaw was reported Monday by iDefense Inc., a provider of security intelligence to governments and Fortune 500 organizations, based in Reston, Va., near Washington, D.C. http://www.eweek.com/article2/0,1759,1853785,00.asp - - - - - - - - - - Secunia: Malware may hide behind long names in Windows registry Security experts have found a vulnerability in the Windows operating system that could allow malware to lurk undetected in long string names of the Windows Registry. http://www.computerworld.com/securitytopics/security/story/0,10801,104254,00.html Security experts stake out Windows spyware hiding place http://www.vnunet.com/vnunet/news/2141593/security-expert-examine-windows Latest IE6 vulnerability explored http://news.zdnet.co.uk/software/windows/0,39020396,39215734,00.htm Home users rush for data protection http://www.vnunet.com/vnunet/news/2141616/home-users-demand-protection Is Microsoft skirting the issue? http://news.zdnet.com/2100-1009_22-5844520.html - - - - - - - - - - Sack for workers caught accessing porn PUBLIC servants, including government contractors, caught accessing pornography at work have been warned they will be sacked, under new state government guidelines which confirm bosses can monitor employees' e-mails. The policy backs an edict by Premier Peter Beattie last year that anyone caught deliberately accessing pornography should be sacked. http://www.thecouriermail.news.com.au/common/story_page/0,5936,16429847%255E3102,00.html - - - - - - - - - - Cal State combats thieves in cyberspace Every morning, Thomas Dixon goes into his office at California State University, East Bay, knowing that a million attempts will be made each hour to break into the computer system he is charged with protecting. http://www.insidebayarea.com/trivalleyherald/localnews/ci_2982853 http://www.siliconvalley.com/mld/siliconvalley/news/editorial/12516737.htm - - - - - - - - - - Army to better monitor blogs, Web sites Gen. Peter Schoomaker, the Armys chief of staff, wants military leaders to better monitor soldiers Web sites and blogs for the posting of sensitive information that could aid the enemy. Schoomaker said some soldiers, for example, continue to post pictures depicting weapon system vulnerabilities and tactics, techniques, and procedures (TTPs). http://www.fcw.com/article90522-08-30-05-Web - - - - - - - - - - UK Gov must meet biometric standards on ID cards Any national identity card introduced in the UK will have to meet new international standards for biometrics. The standards body, BSI, has published a set of four new BS ISO/IEC 19794 standards, covering the science of biometrics, using biological characteristics to identify individuals, according to reports. http://www.theregister.co.uk/2005/08/30/id_card_standards/ - - - - - - - - - - Something fishy's going on The Trusted Computing Group is an industry consortium that's trying to build more secure computers. It has a lot of members, although the board of directors consists of Microsoft, Sony, Advanced Micro Devices, Intel, IBM, Sun Microsystems, Hewlett-Packard and two smaller companies that are voted in on a rotating basis. http://news.com.com/Something+fishys+going+on/2010-7350_3-5844412.html Net Security Plans Sow Confusion http://www.newsfactor.com/story.xhtml?story_id=13200002ZJSO - - - - - - - - - - I was a teenage crybercriminal "If one teenager can jeopardise over a hundred Web sites from his parent's house, imagine what groups of seasoned cybergangs can do." In 2004, after months of putting a virtual tail on a hacker who called himself Pherk, FBI agent Timothy Nestor had the guy right where he wanted him. Though unsure of Pherk's identity, Special Agent Nestor was tracking every digital footstep the hacker took as he wreaked havoc on dozens of businesses by shutting down their online storefronts. http://www.techworld.com/security/features/index.cfm?FeatureID=1711 - - - - - - - - - - Site allegedly exposes British secret agents The U.K. Foreign Office is slamming an anti-secrecy activist who listed online alleged spies and secret agents. New York-based activist JohnYoung named 276 alleged MI6 agents--including former Liberal Democrat leader Paddy Ashdown--on his Cryptome Web site over the weekend. The list claims Ashdown was an MI6 agent in Geneva in the 1970s. http://news.com.com/Site+allegedly+exposes+British+secret+agents/2100-1028_3-5844524.html - - - - - - - - - - Chinese go mental for nude web chat Pity if you will the poor old Chinese authorities in their fight to stem the tide of internet-provoked social destabilisation. First up, you've got Sister Furong flaunting herself like a two-bit hussy, then there's the thousands of addicts relentlessly gaming themselves into online degeneracy. But it gets worse. One researcher has found that up to 20,000 Chinese regularly log on to chat rooms completely stark bollock naked - a small percentage of the country's estimated 87 million net users, 'tis true, but more than enough to set Beijing alarm bells ringing. http://www.theregister.co.uk/2005/08/30/undressed_web_chat/ Censorware software fails to cut it http://www.theregister.co.uk/2005/08/30/censorware_tests_which/ - - - - - - - - - - Camera Phone Has Life After Theft A New York stock clerk who had his camera phone swiped from his car this month says he was able to peer into the life of the gadget's new owner. The thief evidently didn't realize the copious photos and videos he was taking with the hot phone were accessible through a web account. http://www.wired.com/news/privacy/0,1848,68668,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.