NewsBits for January 26, 2006 ************************************************************ Feds arrest alleged Internet ID thief A California man who allegedly duped America Online customers into disclosing their credit card information over the Web was arrested on wire fraud and other charges Thursday. According to the charges, Jeffrey Brett Goodin of Azusa, Calif., used the fraudulently obtained information to make unauthorized charges using the credit and debit cards of his victims. http://news.zdnet.com/2100-1009_22-6031924.html - - - - - - - - - - Spyware arrest follows internet bank thefts Japanese man detained over missing yen... A Japanese man has been arrested for allegedly creating and distributing malicious code which was designed to steal internet banking passwords. http://software.silicon.com/security/0,39024655,39155949,00.htm - - - - - - - - - - ChoicePoint to pay $15 million over data leak Data broker ChoicePoint will pay $15 million to settle Federal Trade Commission charges that its lax procedures violated consumer protection laws, the agency said Thursday. Under the settlement, the Atlanta-based company agreed to hand over $10 million in civil penalties to the FTC, the largest civil fine in the agency's history. It will also provide $5 million to recompense consumers who suffered as a result of ChoicePoint's actions. http://news.zdnet.com/2100-1009_22-6031629.html http://www.usatoday.com/tech/news/computersecurity/2006-01-26-ftc-choicepoint_x.htm http://www.vnunet.com/vnunet/news/2149263/choicepoint-fined-15m-lacking - - - - - - - - - - AOL Wins $5.6-Million Award Against Spammer America Online won a $5.6-million award against a Minnesota man who sent billions of spam e-mails over the Internet service in 2003 and whose case helped spawn anti-spamming legislation. Christopher William Smith, 25, was ordered to pay $5.3 million, or $25,000 for every day he sent out spam e-mails, plus $287,059 for America Online's legal fees, U.S. District Judge Claude Hilton in Alexandria, Va., ruled. http://www.usatoday.com/tech/news/computersecurity/2006-01-26-aol-spam-case_x.htm http://www.latimes.com/technology/la-fi-briefs26.2jan26,1,7628641.story - - - - - - - - - - Ameriprise notifying 226,000 customers, advisers of data theft A stolen laptop contained names, account numbers and Social Security numbers. Financial services company Ameriprise Financial Inc. is notifying some 158,000 customers and 68,000 financial advisers this week that a laptop containing personal information about them -- including names, account numbers or Social Security numbers -- was stolen late last month. http://www.computerworld.com/securitytopics/security/story/0,10801,108071,00.html - - - - - - - - - - Thief nabs backup data on 365,000 patients About 365,000 hospice and home health care patients in Oregon and Washington are being notified about the theft of computer backup data disks and tapes late last month that included personal information and confidential medical records. In an announcement yesterday, Providence Home Services, a division of Seattle-based Providence Health Systems, said the records and other data were on several disks and tapes stolen from the car of a Providence employee at his home. The incident was reported by the employee on Dec. 31, according to the health care system. http://computerworld.com/securitytopics/security/privacy/story/0,10801,108101,00.html - - - - - - - - - - Internet activists help get lawyer for woman accused of piracy Patricia Santangelo just wanted to save money, but the mother of five quickly realized that acting as her own lawyer against the music companies accusing her of illegal downloading was a big-time money-burner. Fortunately, for her, it didn't take long for the Internet crowd to help her out. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13720240.htm http://www.msnbc.msn.com/id/11048815/ - - - - - - - - - - Kama Sutra worm set to bite next week Businesses have been warned to brace themselves for a possible traffic spike next week caused by the Kama Sutra worm. The virus, dubbed Nyxem.E among other names, was first reported on Jan. 16. It is thought to have infected more than half a million PCs. Security vendor IronPort warned Thursday that these machines are now hard-coded to propagate the virus on Feb. 3. http://news.zdnet.com/2100-1009_22-6031881.html http://news.zdnet.co.uk/0,39020330,39249363,00.htm http://www.newsfactor.com/story.xhtml?story_id=12200002ZQHM - - - - - - - - - - States call for more cybersecurity cash Cybersecurity weaknesses persist in state and local governments because of insufficient money and aid from the U.S. Department of Homeland Security, a recent survey suggested. The seven- page report, which was released Wednesday by the National Association of State Chief Information Officers, recommends that the Department of Homeland Security pay for fellowships for state and local employees in the agency's National Cybersecurity Division, better define and market what federal resources exist for combating cyberthreats, and hand over more funding for local training programs. http://news.zdnet.com/2100-1009_22-6031641.html - - - - - - - - - - CMA to get backdoor update An update to the UK's cybercrime laws is coming bundled with updates on truancy and the police's stop-and-search powers. Cybercriminals in the UK face the prospect of tougher sentences and modernised laws to ensure a greater number of convictions for computer-related crimes. http://news.zdnet.co.uk/internet/security/0,39020375,39249167,00.htm U.K. cybercriminals threatened with 10-year term Cybercriminals in the United Kingdom face the prospect of tougher sentences and modernized laws to ensure a greater number of convictions for computer-related crimes. A Police and Justice Bill introduced Wednesday by the Home Office includes sections relating specifically to the modernization of U.K. law to better deal with those who have committed Internet-related crime. http://news.zdnet.com/2100-1009_22-6031435.html Security professionals back tougher laws for hackers Now let's pass the bill and then police it... The IT security industry has almost unanimously given its backing to government plans to update the Computer Misuse Act (CMA) and introduce more severe custodial sentences for cyber criminals. And many are urging the government to now 'go the distance' and ensure the bill is passed and the new laws come into effect as soon as possible - and are policed effectively. http://software.silicon.com/security/0,39024655,39155961,00.htm Home Office pushes tough anti-hacker law http://www.theregister.co.uk/2006/01/26/uk_computer_crime_revamp/ - - - - - - - - - - Congress to investigate Google's China decision Google, Microsoft and Yahoo will be the subjects of a US congressional committee over agreements to censor internet services to Chinese citizens. Chris Smith, chairman of the house subcommittee that oversees global human rights, has announced that he will hold a hearing on 16 February to investigate the conduct of US technology firms in China. http://www.vnunet.com/vnunet/news/2149230/congress-investigate-google - - - - - - - - - - France: Online betting issues The Court rules on a judgment of the First Instance Court of Paris which was rendered on 8 July 2005, an appeal having been lodged by ZeTurf Society (Societe ZETURF) , on 22 November, 2005. In this judgment, it will only be recalled that the bookmaker, ZeTurf duly registered and incorporated in Malta, provides French internet users the possibility to bet on horse races, whereas this type of gambling services falls under the exclusive right of the PMU (Pari Mutual Urbain). http://www.crime-research.org/news/01.26.2006/1780/ - - - - - - - - - - Piece by piece, information can yield secrets when put together These days modems come built into computers and Internet access many times is cheaper than regular telephone service. It seems everyone has a license to cruise the information super highway. There are a variety of ways for people to interact across the globe, such as e-mail, chat rooms and instant messaging services. However, some of this interaction may not be on the level. http://www.af.mil/news/story.asp?storyID=123015769 - - - - - - - - - - Lax mobile security leaves UK.biz at risk Confusion and lack of leadership is leaving many UK businesses exposed to mobile security risks, according to a new study. Four in five (80 per cent) of 2,035 IT pros surveyed by market analyst firm Quocirca, say ordinary workers constitute the main mobile security threat. http://www.theregister.co.uk/2006/01/26/mobile_security_survey/ - - - - - - - - - - Cybercrime concerns affecting Net use You are more likely to be victims of cybercrime than physical crime - that is the belief of US citizens, according to a new survey commissioned by IBM. The result is that people are more cautious online to the extent that they limit their Internet activities, the survey claims. The survey of 700 adults revealed 75 percent of them are taking measures to protect their data and personal information when they are online because they are afraid of identity theft (43 percent), loss of money (24 percent) and harm to credit scores (13 percent). http://www.techworld.com/security/news/index.cfm?NewsID=5245 - - - - - - - - - - Researchers: Rootkits headed for BIOS Insider attacks and industrial espionage could become more stealthy by hiding malicious code in the core system functions available in a motherboard's flash memory, researchers said on Wednesday at the Black Hat Federal conference. http://www.securityfocus.com/news/11372 - - - - - - - - - - Phone flooding A discovery by a Cambridge professor this week highlights an easy to perform denial of service attack using VoIP as a wrapper for the malicious traffic. As a growing amount of VoIP traffic is passed across the internet, concern is being raised that bot networks could be orchestrated to overlay VoIP on their attacks, thereby preventing detection of the source. http://www.securityfocus.com/brief/119 - - - - - - - - - - CA software poses "critical" security risk Yes it DoS, says FrSIRT. A security vulnerability in CA's iTechnology iGateway service could put systems running the software at risk of serious attacks, experts have warned. A remote attacker could gain complete control over systems on Windows platforms, and other platforms may allow for a denial of service attack, according to an advisory posted on Tuesday by security intelligence company the French Security Incident Response Team (FrSIRT). The FrSIRT rates the issue "critical". http://software.silicon.com/security/0,39024655,39155945,00.htm - - - - - - - - - - Cisco issues patches to authorization feature, VPN platform Weaknesses in command check system, 3000-series concentrators covered. Cisco Systems Inc. has issued patches over the past two days for vulnerabilities in an authorization feature in its Internetwork Operating System and for a weakness that might enable a distributed denial-of-service (DDoS) attack on certain VPN concentrators. http://www.computerworld.com/securitytopics/security/story/0,10801,108076,00.html - - - - - - - - - - Avaya, Juniper team up for secure VoIP Avaya and Juniper have promised to work together on improved security for VoIP. Avaya will resell Juniper security products alongside its own IP telephony gear and offer integration and support for both. Large companies are phasing in IP telephony, but security is the number one concern of sysadmins, according to Frank Dzubeck, president of consultancy Communications Network Architects. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5247 - - - - - - - - - - NIST preapproves first PIV-II smart card The National Institute of Standards and Technology has issued the first preapproval for a smart card that meets Homeland Security Presidential Directive 12, Federal Information Processing Standard 201. On their Personal Identity Verification program Web site, NIST listed Oberthur Card Systems of Rancho Dominguez, Calf., as having its Cosmo 64 v5 Smart Card with PIV II v.1.03 JavaCard applet meeting the FIPS-201 conformance test. http://www.gcn.com/vol1_no1/daily-updates/38103-1.html - - - - - - - - - - Information warfare: The need to know your enemy When terroristsor another nationlaunch a cyberattack against the U.S. infrastructure, it probably wont be with a zero-day exploit, security experts say. There is enough low-hanging fruit already out there that works, security analyst Tom Parker said at the Black Hat Federal Briefings in Alexandria, Va. There is no reason to expose a perfectly good new vulnerability and exploit. http://www.gcn.com/vol1_no1/daily-updates/38107-1.html - - - - - - - - - - The Shadowcrew - organized, but Organized Crime? The mainstream and IT trade press is replete with references to 'organized crime' getting into cybercrime. Is this designation correct? And how significant are the successes of law enforcement in this area? US prosecutors yanked a major ring of online ID thieves, the Shadowcrew, from the shadiness of the web into an American court spotlight that achieved guilty pleas in November 2005. http://www.infosecurity-magazine.com/news/060119_shadowcrew.htm - - - - - - - - - - Beware of fake job offers, internet scam The world famous Nigerian Advance fee fraud known as 419 Scam, used to send e-mails or postal letters offering to move a billion of US dollar funds in the victims account and pledged a huge chunk of share from that fund. Many people went behind the bars from across the world including Pakistan for being involved in this scam but majority of them belonged to Nigeria and other African countries. http://www.crime-research.org/news/01.26.2006/1781/ - - - - - - - - - - What to watch out for with Wi-Fi Wi-Fi networks use short-range radio frequencies to communicate between devices, eliminating the necessity for running cable. While operating without wires is an advantage, users and IT personnel need to be aware that Wi-Fi networks do not recognize walls as barriers. The challenge is that Wi-Fi networks extend outside of approved areas, leaving users with leaky Wi-Fi and in the position where someone else's Wi-Fi network may be present and beckoning. http://www.computerworld.com/securitytopics/security/story/0,10801,108074,00.html - - - - - - - - - - Spreading the Secret Source Code Sauce IANAEL (I Am Not a European Lawyer) but I think that if Microsoft goes about its source code license the right way, its European legal issues are over. But why now and not years ago? Microsoft has, for many years, licensed the source code for Windows to a variety of partners, large customers, educational institutions and others. http://www.eweek.com/article2/0,1759,1915296,00.asp - - - - - - - - - - The Art of Intrusion The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers I'm not that keen on the word hacker in the modern, pejorative sense (I remember when it meant a good UNIX programmer) and I'm generally not that that impressed by hackers either - mostly they're not particularly clever and just got lucky. http://www.theregister.co.uk/2006/01/26/art_intrusion/ - - - - - - - - - - Cellphone sex a success in Europe; will it play in U.S.? It may never be quite that easy. But cellphone pornography is a fast-growing business that analysts expect will generate about $2 billion in global revenue by 2009. And porn-on-the-go was sthe focus of a two-day Mobile Adult Content Congress that wrapped up in Miami Thursday amid expectations, according to at least some participants, that it will soon catch on in the United States. http://www.usatoday.com/tech/wireless/2006-01-26-cellphone-porn_x.htm *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2006, NewsBits.net, Campbell, CA.