NewsBits for September 14, 2005 ************************************************************ Teen Pleads Guilty to Hacking Paris Hilton's Phone A Massachusetts teenager has pleaded guilty to hacking into the cell-phone account of hotel heiress and Hollywood celebrity Paris Hilton, a high-profile stunt by the youngest member of the same hacking group federal investigators say was responsible for a series of electronic break-ins at data giant LexisNexis. http://www.washingtonpost.com/wp-dyn/content/article/2005/09/13/AR2005091301423.html http://news.zdnet.com/2100-1009_22-5865391.html http://news.com.com/Hilton+hacker+sentenced+to+juvenile+hall/2100-7349_3-5865391.html http://www.msnbc.msn.com/id/9343344/ http://www.usatoday.com/life/people/2005-09-14-hilton-hacker-jail-time_x.htm http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,104620,00.html http://software.silicon.com/security/0,39024655,39152303,00.htm - - - - - - - - - - Fort Carson records stolen Soldiers, civilians are urged to watch for signs of fraud Fort Carson has cautioned thousands of its soldiers to watch their credit records carefully following the theft of computerized personnel records from the post. Thieves broke into the Soldier Readiness Processing center over the weekend of Aug. 20-21 and stole four computer hard drives containing thousands of personnel records, Fort Carson spokeswoman Dee McNutt said Monday. http://www.rockymountainnews.com/drmn/state/article/0,1299,DRMN_21_4076654,00.html - - - - - - - - - - Personal data exposed via eBay storage A trawl of 150 pieces of removable storage available for auction turned up a rich mix of passwords, letters, phone numbers and addresses. Security codes, passwords, phone numbers and home addresses are being found in storage sold on eBay, according to a UK- based data recovery firm. http://news.zdnet.co.uk/internet/security/0,39020375,39218125,00.htm - - - - - - - - - - Child porn sentence of 30 years is upheld A federal appeals court on Tuesday upheld a 30-year sentence for a Fulton, Mo., man convicted on child pornography charges. Jack Wayne Rogers was sentenced in April 2004 after investigators found about 1,000 images of child pornography at his home and business. Among the photographs, investigators also found evidence that Rogers performed voluntary nullifications, a procedure in which a males sexual organs are removed. http://www.kansascity.com/mld/kansascity/news/local/12637846.htm - - - - - - - - - - Ex-judge to go on trial in child-porn case today Stephen W. Thompson's attorneys planned to cite war injuries as part of an insanity defense. After a week of jury selection, opening statements in the child-pornography trial of former state Superior Court Judge Stephen W. Thompson are expected to begin in federal court in Camden this morning. Thompson's attorneys plan to argue an insanity defense, saying Thompson suffers from post-traumatic stress disorder from his Vietnam War injuries. http://www.philly.com/mld/inquirer/news/local/states/new_jersey/12639305.htm - - - - - - - - - - Businessman in court over child porn A 32-year-old East London businessman appeared briefly in the town's magistrate's court on Tuesday for possession of pornographic photographs of five- year-old girls. He will remain in custody until his next appearance on September 21, when a formal bail application will be made, a court official said. http://iafrica.com/news/sa/486211.htm - - - - - - - - - - Mistaken child-porn raid leads to lawsuit Brian and Sarah Doom were shocked when police showed up at their Wichita home accusing them of child pornography. The Dooms had never been in trouble with the law. On Aug. 12, 2004, they found themselves being accused of activity that disgusted them. But the police had the wrong house, based on mistaken information from the Dooms' Internet service provider, Cox Communications. http://www.kansas.com/mld/eagle/news/local/crime_courts/12620843.htm - - - - - - - - - - Doctor in child porn case closing Waterbury office A longtime local eye surgeon arrested in April on charges of possession of child pornography has notified his patients that he will close his Wolcott Street office next week. Dr. James R. Coppeto recently began notifying patients by letter that they can pick up their medical records. http://www.rep-am.com/story.php?id=27236 - - - - - - - - - - Resellers slam black market in Microsoft software The problem of fake copies of Microsoft products in the channel is getting worse, warn software resellers. Microsoft's UK partners are increasingly concerned about the amount of counterfeit and unlicensed software being sold in the UK reseller channel, which they say is threatening the reseller industry at large. Fake copies of Microsoft software are most commonly distributed because it has such a vast user base and is easier to sell on, they warned this week. http://news.zdnet.co.uk/0,39020330,39218126,00.htm - - - - - - - - - - New Firefox, Mozilla releases coming to fix bugs The Mozilla Foundation plans to "shortly" release new versions of its Firefox and Mozilla Web browsers to address a recently disclosed serious security bug as well as several additional flaws, a representative said Wednesday. The decision for new, so-called point releases was made after the disclosure last week of a problem in the way the browsers handle International Domain Names, or IDNs, Web addresses that use international characters. http://news.com.com/New+Firefox%2C+Mozilla+releases+coming+to+fix+bugs/2100-1002_3-5865882.html - - - - - - - - - - Keyboard clicks can lead to security hacks A new security vulnerability has been discovered: the clickety clack of the keyboard. An audio recording of an individual's typing can be transposed into a transcript of what was typed, according to University of California at Berkeley researchers. The technique works because each key makes a distinct sound when hit, and users, who typically type about 300 characters a minute, leave enough time between keystrokes for a computer to isolate the individual sounds. http://news.zdnet.com/2100-1009_22-5865318.html - - - - - - - - - - Microsoft Unveils Internet Explorer 7 Beta 2 The next IE7 beta will include new capabilities for managing tabs, zooming in on text and images, and ActiveX security. The Internet Explorer development team has revealed details of upcoming key features that will land in the next beta of IE 7. Among the features demonstrated Tuesday at a Microsoft Professional Developer Conference presentation, then outlined on the IE team's blog, were Quick Tabs and Page Zoom. http://www.informationweek.com/story/showArticle.jhtml?articleID=170703246 - - - - - - - - - - Security Patch Watch: Apple Plugs Mac OS X Java Holes Apple Computer Inc. late Tuesday posted a Java security update for Mac OS X to plug five vulnerabilities that could cause system hijack, security bypass, data manipulation and privilege escalation attacks. In a security advisory, Apple posted a Java Security update for users of Mac OS X 10.3.9 and recommended that customers running Mac OS X 10.4 or later apply the Java 1.3.1 and 1.4.2 Release 2 update. http://www.eweek.com/article2/0,1759,1859120,00.asp - - - - - - - - - - UK ID card access to be graded The Home Office has outlined plans for controlling access to ID card information in a bid to allay fears over misuse and to manage the possible load on the database system. According to the government department, business and public sector organisations are to be given graded access depending on need. http://www.vnunet.com/vnunet/news/2142286/uk-id-card-access-graded - - - - - - - - - - And now from Visa, child porn IF ITS not illegal, then its OK. That is the secular, moral relativist approach to life which I am attacking in a television programme tomorrow evening. To take one example of where it leads, just look (if you can bear it) at a revolting website called lilamber.com, featuring underage girls in provocative poses. This site, because its girls are scantily clad rather than naked, and are not shown as victims of obvious abuse, counts as soft rather than hardcore porn. It will thus not be covered by the Governments commendable, if belated, planned legislation against extreme sexual content on the internet. http://www.timesonline.co.uk/article/0,,3284-1775941,00.html - - - - - - - - - - Companies urged to move beyond passwords In today's security climate, passwords are apparently no longer enough to guarantee user authentication. Companies are "fiddling while Rome burns" by continuing to put their faith in passwords to guarantee user authentication, according to a Gartner analyst. Speaking at the Gartner IT Security Summit in London on Wednesday, research vice-president Ant Allan warned that "passwords are no longer adequate as threats against them increase." http://news.zdnet.co.uk/internet/0,39020369,39218136,00.htm - - - - - - - - - - Lessons Learned from a Teenage Hacker Security pros need to learn from those who succeed in hackingsuch as a Massachusetts teen who wreaked havoc for over a year. When the fire alarms are not sounding and calling us to immediate reactive action, security pros need to be kicking back a bit and taking a look at how a serious security problem unfolds. That's why we should take a look at a Massachusetts teenage who pled guilty of, among other things, hackingto see what, if anything, could have been done to prevent him and his buddies from succeeding in doing what they did. http://www.eweek.com/article2/0,1759,1858615,00.asp - - - - - - - - - - More tech fails to exorcise security risks Current IT systems are inherently insecure and growing complexity will simply increase these risks, a leading academic has warned. Users should rebel and demand vendors compensate them for security foul-ups, said pugnacisous Professor Klaus Brunnstein of the University of Hamburg. http://www.theregister.co.uk/2005/09/14/complexity_risk_gartner_keynote/ - - - - - - - - - - The Software Practices Police Squad "Anti-Spyware" (I hate that term) is becoming a lot more complicated than just scanning files. Now they have to scan the whole business. Let's hope it's more Jack Webb than Leslie Neilson. I used to think that the whole category of anti-spyware software was redundant because the established anti-virus products should be perfectly capable of detecting all the threats detected by anti-spyware. They just weren't looking for them. http://www.eweek.com/article2/0,1759,1859108,00.asp *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.