NewsBits for January 23, 2006 ************************************************************ Dear NewsBits readers - Due to personal and professional obligations, NewsBits took an unexpected hiatus from mid September until now. I hope to maintain daily NewsBits publication from here on out. Sorry for the inconvenience. I appreciate your continued support of NewsBits. RJL ************************************************************ Spanish hacker broke into U.S. submarine base A 19-year-old Spanish hacker broke into a U.S. Navy database, jeopardizing the security of a nuclear submarine maintenance facility in California. The hacker was arrested on January 11 after the U.S. Naval Criminal Investigative Service informed Spain about a hacking attack against the Point Loma naval base from a computer located in the southern Spanish city of Malaga. http://www.financialmirror.com/more_news.php?id=2999 - - - - - - - - - - - Notre Dame probes hack of computer system Two computer-forensic companies are helping the University of Notre Dame investigate an electronic break-in that may have exposed the personal and financial information of school donors. The hackers may have made off with Social Security numbers, credit card information and check images, Hilary Crnkovich, Notre Dame's vice president of public affairs, told CNET News.com. She declined to disclose how many donors may be at risk. http://news.zdnet.com/2100-1009_22-6030229.html University warns of possible hacking http://www.kansan.com/stories/2006/jan/20/hack/ - - - - - - - - - - Hackers attacked parliament using WMF exploit The UK Government was subjected to a concerted attack by Chinese hackers last year, according to the governments email security provider. The British Parliament was attacked late last year by hackers who tried to exploit the WMF flaw within Windows, security experts confirmed on Friday. http://news.zdnet.co.uk/0,39020330,39248387,00.htm http://news.zdnet.com/2100-1009_22-6029691.html Debunking the WMF backdoor Claims that the WMF vulnerability was an intentional backdoor into Windows systems makes for an interesting conspiracy theory, but doesn't fit with the facts. http://www.securityfocus.com/columnists/382 WMF Vulnerability Sparks Patch Program The Windows Metafile (WMF) vulnerability, which emerged in the last week of 2005 and was resolved with a patch that Microsoft released off its regular patch schedule at the end of the first week of 2006, wasn't good news at all. http://computerworld.com/securitytopics/security/story/0,10801,107903,00.html Smash and grab, the hi-tech way http://politics.guardian.co.uk/foreignaffairs/story/0,,1689183,00.html - - - - - - - - - - Hacker pleads guilty to building, renting attack network A 20-year-old hacker admitted Monday to surreptitiously seizing control of hundreds of thousands of Internet- connected computers, using the zombie network to serve pop-up ads and renting it to people who mounted attacks on Web sites and sent out spam. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13693354.htm http://www.usatoday.com/tech/news/computersecurity/2006-01-23-botnet-hacker-guilty_x.htm http://computerworld.co.nz/news.nsf/0/FD9D3F1F2E04EC92CC2570FE0025DF44 http://www.cnn.com/2006/TECH/internet/01/23/hacker.ap/index.html - - - - - - - - - - Teenage hacker facing court case for data theft A 17-year-old high-school student identified only by his surname Hung (!x) has been named as one of the masterminds behind the nation's three main hacker groups, local media reported yesterday. http://www.taipeitimes.com/News/front/archives/2006/01/22/2003290158 - - - - - - - - - - Microsoft Praises Bulgaria for Arresting Phishing Gang Microsoft Corp. has commended the Bulgarian law- enforcement National Services to Combat Organized Crime (NSCOC) agency for investigations leading to the arrest of an organized ring of eight individuals who allegedly operated an international "phishing" operation. Microsoft supported the NSCOC by providing investigative and technical support in the case. http://www.itnewsonline.com/showstory.php?storyid=2488 http://www.vnunet.com/vnunet/news/2149051/microsoft-nabs-bulgarian - - - - - - - - - - Secret Service probes prank e-mail A prestigious private school in Washington brought in the Secret Service to solve a computer caper. The Smoking Gun, also known as thesmokinggun.com, obtained a search warrant affidavit and other documents involving the instance of apparent computer hacking at the Georgetown Day School. http://www.upi.com/NewsTrack/view.php?StoryID=20060119-041238-9321r - - - - - - - - - - Half-million PCs infected by e-mail virus A mass-mailing computer virus that is coded to delete files on February 3 may have spread to more than 500,000 servers, if evidence from a Web counter can be trusted. Known as the Blackmal.E or Nyxem.E virus, the program travels as an attachment to e-mail messages with suggestive subject lines such as "School girl fantasies gone bad" and "Re: Sex Video". The virus will completely compromise systems whose users open the attachment, attempting to disable security software and making extensive changes to the registry. http://www.securityfocus.com/brief/113 http://computerworld.com/securitytopics/security/virus/story/0,10801,107971,00.html http://news.zdnet.com/2100-1009_22-6030129.html - - - - - - - - - - Four new Trojans on the loose Four new Trojans are on the loose, three aimed at mobile phones and a fourth at PCs, anti-virus companies have warned. The mobile phone worms are disguised as legitimate applications and spread via Bluetooth or multimedia messages and affect phones running Symbian. The computer worm spreads via e-mail and purports to offer pornography. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5219 - - - - - - - - - - Symbian threats multiply The overall threat for mobiles is still very low, despite new pieces of malware emerging. Several Trojan horses that target mobile phones have been discovered since the start of the year, but the threat level remains low. http://news.zdnet.co.uk/internet/security/0,39020375,39248514,00.htm - - - - - - - - - - KDE flaw opens Linux systems to attack Brief: A JavaScript error could allow the commandeering of systems using KDE A serious vulnerability has been found in the popular KDE open source software bundle. The flaw, deemed "critical" by the research outfit FrSIRT, could allow a remote attacker to gain control over vulnerable systems. http://news.zdnet.co.uk/software/linuxunix/0,39020390,39248515,00.htm - - - - - - - - - - Trojan blitz poses as credit card warning New year, new job? Click here for thousands of tech vacancies. New year, new job? Click here for thousands of tech vacancies. UK businesses faced a barrage of 115,000 emails containing a new Trojan on Friday, 22 January before anti-virus vendors scrambled out an update, according to email filtering firm BlackSpider Technologies. The Trojan downloader malware - called Agent-ADO - comes in the payload to a message that poses as a warning about a user's credit card limits been exceeded. http://www.theregister.co.uk/2006/01/23/trojan_blitz/ - - - - - - - - - - F-Secure issues security warning about itself FINNISH security outfit F-Secure has had to issue a security warning about its own products. In a security bulletin here, F-Secure said a flaw in its software meant that an attacker could run any code they like on affected systems by using ZIP and RAR files to hide any malware. http://www.theinquirer.net/?article=29121 - - - - - - - - - - FBI publishes 2005 computer crime survey The FBI has published their 2005 computer crime survey, with responses from over 2,000 public and private organizations located across four U.S. states. http://www.securityfocus.com/brief/109 Computer crime costs $67 billion, FBI says http://news.com.com/2100-7349_3-6028946.html - - - - - - - - - - IBM Predicts 2006 Security Threat Trends IBM recorded more than 1 billion suspicious computer security events in 2005, despite a leveling off in the amount of spam e-mail and a decrease in major Internet worm and virus outbreaks. http://www.eweek.com/article2/0,1759,1913864,00.asp http://www.vnunet.com/vnunet/news/2149052/ibm-sees-cyber-criminals-turn http://computerworld.com/securitytopics/security/story/0,10801,107992,00.html - - - - - - - - - - Fear of fraud hampers UK online banking The UK's Financial Services Authority (FSA) has warned banks that they must do more to help consumers to deal with online banking fraud, warning that consumer confidence in internet banking is currently very fragile. http://www.theregister.co.uk/2006/01/23/online_banking_fraud_fears/ - - - - - - - - - - Congress, regulators target those selling private phone records Disclosures that companies are selling private phone records have lawmakers and federal regulators moving to try to halt the practice. Senate Majority Leader Bill Frist, R-Tenn., said in a statement Monday that he will work with the head of the Senate Commerce Committee, Sen. Ted Stevens, R-Alaska, on a bill to criminalize the practice. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13693688.htm - - - - - - - - - - CDT files complaint against 180solutions The Center for Democracy & Technology (CDT) has filed two complaints with the U.S. Federal Trade Commission on illegal and deceptive practices of adware and spyware developer 180solutions Inc., and one of its affiliates. The company is thought to be one of the world's largest purveyors of nuisance adware and spyware, software which is often installed on a user's computer without shis knowledge. http://www.securityfocus.com/brief/114 - - - - - - - - - - Don't get hooked by 'phishing' scam You have probably heard about identity theft, in which people steal other people's personal information to use for illegal purposes. In a new scheme called "phishing," ID thieves trick people into providing their Social Security numbers, financial account numbers, pin numbers, mother's maiden name and other personal information by pretending to be someone they're not. http://www.southbendtribune.com/apps/pbcs.dll/article?AID=/20060122/News01/601220441/CAT=News01 - - - - - - - - - - The Brain virus turns 20 The Brain computer virus started spreading among IBM PC systems 20 years ago this month, but the self-propagating program was not the first computer virus. http://www.securityfocus.com/brief/112 - - - - - - - - - - Sunbelt Hires Anti-Spyware Expert Howes Security vendor Sunbelt Software has snapped up anti-spyware expert Eric Howes to head up its team of malware researchers. Howes, well-known in security circles for his forensic work on spyware and its malicious mechanisms, has been named director of malware research and will be based in Sunbelt's headquarters in Clearwater, Fla. http://www.eweek.com/article2/0,1759,1912305,00.asp - - - - - - - - - - Coalition objects to RFID chips for drivers licenses A coalition of conservative groups and privacy advocates is urging the Homeland Security Department not to include the use of radio frequency identification contactless chips in its regulations for implementing the Real ID Act for state drivers licenses. http://www.gcn.com/vol1_no1/daily-updates/38073-1.html - - - - - - - - - - IronPort to rate Web links in spam fight As spam evolves, so do spam filters. IronPort Systems is now rating Web links in e-mail to better filter out junk messages, including those with links to malicious sites. http://news.zdnet.com/2100-1009_22-6030185.html - - - - - - - - - - No snoozing as mids battle hackers' plot to take out system For four days, 24 hours a day, an academy team manned posts in Michelson Hall, guarding against National Security Agency computer hackers. When Tom Hendricks, National Security Agency visiting professor in the computer science department, talks about red cells and white cells, he's not talking about blood. http://www.dcmilitary.com/navy/trident/10_48/local_news/39232-1.html - - - - - - - - - - Harder-to-Detect Oracle Rootkit on the Way A security expert working on a new version of an Oracle database rootkit says the programs are easy to create and could soon be as common as those that target operating systems like Windows. http://www.eweek.com/article2/0,1759,1914465,00.asp - - - - - - - - - - Kaspersky boss debunks security myths Russian antivirus guru Eugene Kaspersky has hit out at some of the myths that cloud what he sees as the real issues facing the IT security industry. Speaking in Moscow, the head of Kaspersky Lab said companies' own agendas and some well-worn stereotypes about cybercrime stand in the way of reasoned discussion. He also criticized those who put too much faith in statistics which, taken out of context, are often dangerously misleading. http://news.zdnet.com/2100-1009_22-6029792.html - - - - - - - - - - Can video iPod trigger DMCA reform? Apple Computer's video iPod may not be the first portable movie player, but it is by far the best. The one serious flaw in this svelte little device is how difficult it is to load with video. Apple's otherwise handy iTunes application flatly refuses to transfer a legally purchased DVD to the iPod. http://news.zdnet.com/2100-9595_22-6029916.html - - - - - - - - - - When Data Goes Missing: Will You Even Know? Recent reports of company-compiled personal data gone missing (such as Marriott losing many thousands of vacation club records), while clearly important, is really just the tip of the iceberg. What customers really need to ask of companies is, What other data has been lost? http://www.computerworld.com/securitytopics/security/story/0,10801,107967,00.html - - - - - - - - - - Expert Calls for Increased E-voting Security Herbert Thompson, director of research at Wilmington, Mass.-based Security Innovation Inc., is a co-author of several books, including How to Break Software Security (Addison Wesley, 2003). He volunteered last May and again last month in Leon County, Fla., to hack an optical scan system made by Diebold Elections Systems Inc., after county officials voiced fears about the system's accuracy and security. Thompson recently discussed the result of the test hacks in an interview with Computerworld. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,107950,00.html - - - - - - - - - - Endpoint Security Without the Pain It isn't often that users are happy when their IT manager installs security software on their notebooks. Usually, more security means more passwords to remember, more restrictions on what software they can run and more hoops to jump through to get their jobs done. http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,107887,00.html - - - - - - - - - - The Worst-Case Hack Scenario Today's CIOs are more keyed in than ever on the risks that hackers pose, said Paul Stamp, an analyst at Forrester Research. That focus has strengthened the defenses around company perimeters and shifted focus somewhat to threats from within. http://www.newsfactor.com/story.xhtml?story_id=11300002REXZ - - - - - - - - - - Investigation of warrantless eavesdropping program urged Legal experts, privacy advocates and Democratic lawmakers on Friday called for congressional and independent investigations into whether the Bush administration broke the law by authorizing a secret program to eavesdrop on U.S. citizens without a court order. http://www.govexec.com/story_page.cfm?articleid=33211&sid=28 - - - - - - - - - - NSA spy program hinges on state-of-the-art technology The furor over the National Security Agency's domestic eavesdropping, authorized by President Bush, has focused largely on legal questions -- whether the NSA has the authority to spy on Americans inside the United States and whether the commander-in-chief can order the agency to do so. http://www.govexec.com/story_page.cfm?articleid=33212&sid=28 - - - - - - - - - - Eavesdroppers must now sort through bits In the past, intercepting communications meant just that -- copying a telegram mid-route, steaming open an envelope or attaching alligator clips to the copper wires that connected every telephone in the world. http://www.cnn.com/2006/TECH/01/23/wiretap.tech.ap/index.html - - - - - - - - - - Unfurling the Flag Editorial: The Department of Homeland Security's decision to spend over $1 million on a project designed to improve the security of open-source software is a red flag. http://www.computerworld.com/securitytopics/security/story/0,10801,107894,00.html - - - - - - - - - - Phone calls, e-mails, and now search data. Where will Bush stop? First, it was in the interests of national security. Now, it's in the interest of childrens' rights (particularly those that could be the victims of child pornography). Already in the midst of a controversy over the way the President authorized eavesdropping on international phone calls and e-mails (see CNN's coverage of Vice President Dick Cheney's defense of domestic spying), the Bush Administration has subpoenaed search giants AOL, Google, Microsoft, and Yahoo for a "random sampling" of the search data they keep as a result of the usage of their search engines. http://blogs.zdnet.com/BTL/?p=2454 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.